仅当满足条件时才在 Ansible 循环中处理项目并在 Ansible Playbook 中重新启动 SSH 服务
Process item in Ansible loop only if condition is met and restarting SSH service in Ansible Playbook
我在 Ansible 剧本中有几个简单的任务:
tasks:
- name: Reset firewall
action: shell ufw --force reset
- name: Manage firewall ports
ufw: rule=allow port={{ item }} proto=tcp
with_items:
- "{{ ssh_port }}"
- "{{ 80 if myvar == 'yes' else '' }}"
- "{{ 8080 if myvar == 'no' else '' }}"
- name: Enable firewall
ufw: state=enabled
notify: restart ssh
handlers:
- name: restart ssh
service:
name=sshd
state=restarted
enabled=yes
以及关于此任务的 2 个简单问题:
- 如果条件不满足,是否可以完全忽略上面循环中的
item
?
- 如何在使用
ufw
管理端口后 "properly" 使用 Ansible 重新启动 sshd
服务(因为在我的情况下,我可以理解地在尝试重新启动时收到 Ansible 的连接错误 sshd
)
is it possible to completely ignore item in above loop if condition is not met?
我只想将其更改为:
- name: Manage firewall ports
ufw: rule=allow port={{ item }} proto=tcp
with_items:
- "{{ ssh_port }}"
- "{{ 80 if myvar == 'yes' else 8080 }}"
...这会得到相同的结果。在其他情况下,您可以使用 when
限定符控制哪些项目触发操作:
- debug: msg="using item {{item}}"
with_items:
- one
- two
- three
when: "'o' in item"
这导致:
TASK: [debug msg="using item {{item}}"] ***************************************
ok: [localhost] => (item=one) => {
"item": "one",
"msg": "using item one"
}
ok: [localhost] => (item=two) => {
"item": "two",
"msg": "using item two"
}
skipping: [localhost] => (item=three)
how to "properly" restart sshd service with Ansible after
managing ports with ufw (since in my case I understandably get an
Ansible's connection error when trying to restart sshd)
重新启动 sshd
服务不应中断现有的 ssh 会话。如果它阻止来自 ansible 的后续连接,您可以使用 Ansible 的 wait_for
模块来延迟,直到 ssh 准备好接受连接。
我在 Ansible 剧本中有几个简单的任务:
tasks:
- name: Reset firewall
action: shell ufw --force reset
- name: Manage firewall ports
ufw: rule=allow port={{ item }} proto=tcp
with_items:
- "{{ ssh_port }}"
- "{{ 80 if myvar == 'yes' else '' }}"
- "{{ 8080 if myvar == 'no' else '' }}"
- name: Enable firewall
ufw: state=enabled
notify: restart ssh
handlers:
- name: restart ssh
service:
name=sshd
state=restarted
enabled=yes
以及关于此任务的 2 个简单问题:
- 如果条件不满足,是否可以完全忽略上面循环中的
item
? - 如何在使用
ufw
管理端口后 "properly" 使用 Ansible 重新启动sshd
服务(因为在我的情况下,我可以理解地在尝试重新启动时收到 Ansible 的连接错误sshd
)
is it possible to completely ignore item in above loop if condition is not met?
我只想将其更改为:
- name: Manage firewall ports
ufw: rule=allow port={{ item }} proto=tcp
with_items:
- "{{ ssh_port }}"
- "{{ 80 if myvar == 'yes' else 8080 }}"
...这会得到相同的结果。在其他情况下,您可以使用 when
限定符控制哪些项目触发操作:
- debug: msg="using item {{item}}"
with_items:
- one
- two
- three
when: "'o' in item"
这导致:
TASK: [debug msg="using item {{item}}"] ***************************************
ok: [localhost] => (item=one) => {
"item": "one",
"msg": "using item one"
}
ok: [localhost] => (item=two) => {
"item": "two",
"msg": "using item two"
}
skipping: [localhost] => (item=three)
how to "properly" restart sshd service with Ansible after managing ports with ufw (since in my case I understandably get an Ansible's connection error when trying to restart sshd)
重新启动 sshd
服务不应中断现有的 ssh 会话。如果它阻止来自 ansible 的后续连接,您可以使用 Ansible 的 wait_for
模块来延迟,直到 ssh 准备好接受连接。