仅当满足条件时才在 Ansible 循环中处理项目并在 Ansible Playbook 中重新启动 SSH 服务

Process item in Ansible loop only if condition is met and restarting SSH service in Ansible Playbook

我在 Ansible 剧本中有几个简单的任务:

tasks:

  - name: Reset firewall
    action: shell ufw --force reset

  - name: Manage firewall ports
    ufw: rule=allow port={{ item }} proto=tcp
    with_items:
      - "{{ ssh_port }}"
      - "{{ 80 if myvar == 'yes' else '' }}"
      - "{{ 8080 if myvar == 'no' else '' }}"

  - name: Enable firewall
    ufw: state=enabled
    notify: restart ssh

handlers:

  - name: restart ssh
    service:
      name=sshd
      state=restarted
      enabled=yes

以及关于此任务的 2 个简单问题:

is it possible to completely ignore item in above loop if condition is not met?

我只想将其更改为:

- name: Manage firewall ports
  ufw: rule=allow port={{ item }} proto=tcp
  with_items:
    - "{{ ssh_port }}"
    - "{{ 80 if myvar == 'yes' else 8080 }}"

...这会得到相同的结果。在其他情况下,您可以使用 when 限定符控制哪些项目触发操作:

- debug: msg="using item {{item}}"
  with_items:
  - one
  - two
  - three
  when: "'o' in item"

这导致:

TASK: [debug msg="using item {{item}}"] *************************************** 
ok: [localhost] => (item=one) => {
    "item": "one",
    "msg": "using item one"
}
ok: [localhost] => (item=two) => {
    "item": "two",
    "msg": "using item two"
}
skipping: [localhost] => (item=three)

how to "properly" restart sshd service with Ansible after managing ports with ufw (since in my case I understandably get an Ansible's connection error when trying to restart sshd)

重新启动 sshd 服务不应中断现有的 ssh 会话。如果它阻止来自 ansible 的后续连接,您可以使用 Ansible 的 wait_for 模块来延迟,直到 ssh 准备好接受连接。