Ansible:(意外)hostvars 项目总是在任务循环期间被组中最后一个主机的值覆盖
Ansible: (unexpected) hostvars items always overwritten by values for last host in group during task loop
我正在尝试编写一个 Ansible 剧本,它运行一些任务来配置 Cisco IOS 路由器。其中一些任务需要遍历在主机变量文件级别定义的列表变量。例如,给定一个或多个接口,在该接口上配置 x。或者,给定一个或多个 fvrf,为每个 fvrf 配置名称服务器。接口和 fvrfs 的数量是动态的。在 playbook 角色中有多个任务具有这样的动态列表值。
我遇到的问题 运行 是每个路由器具有唯一值的主机变量总是被设置为为组中最后一个路由器定义的值。对于作为字符串的变量和作为字符串列表的变量,会发生这种情况。换句话说,清单组中最后一个路由器之前的路由器的主机变量总是被为最后一个路由器定义的主机变量覆盖。
Ansible 运行时:
$ ansible --version
ansible 2.7.0
config file = /opt/ansible/ansible.cfg
configured module search path = [u'/home/<redacted>/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /home/<redacted>/mypython/lib/python2.7/site-packages/ansible
executable location = /home/<redacted>/mypython/bin/ansible
python version = 2.7.15 (default, Oct 22 2018, 15:22:25) [GCC 4.4.7 20120313 (Red Hat 4.4.7-18)]
(A) (mypython) <redacted>@<redacted_hostname> /opt/ansible
$ ansible-playbook --version
ansible-playbook 2.7.0
config file = /opt/ansible/ansible.cfg
configured module search path = [u'/home/<redacted>/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /home/<redacted>/mypython/lib/python2.7/site-packages/ansible
executable location = /home/<redacted>/mypython/bin/ansible-playbook
python version = 2.7.15 (default, Oct 22 2018, 15:22:25) [GCC 4.4.7 20120313 (Red Hat 4.4.7-18)]
目录结构:
+-- ansible.cfg
+-- inventory
| +-- lab-g2
| | +-- group_vars
| | | +-- lab-g2-crs-2900
| | | +-- host_vars
| | | | +-- 10.74.0.71.yml
| | | | +-- 10.74.0.73.yml
| | | +-- vars
| | +-- inventory
+-- library
+-- playbooks
| +-- roles -> /opt/ansible/roles
| +-- set-nameservers.yml
+-- README.md
+-- roles
| +-- set-nameservers
| +-- tasks
| +-- main.yml
playbook.yml:
---
- name: CONFIGURE NAMESERVERS ON ROUTER
hosts: all
gather_facts: no
connection: network_cli
roles:
- set-nameservers
库存文件:
[lab-g2-crs-2900]
10.74.0.71
10.74.0.73
[all:children]
lab-g2-crs-2900
组变量文件:
---
ansible_connection: network_cli
ansible_network_os: ios
主机变量文件:
10.74.0.71.yml:
fvrf: ["WAN1", "WAN2"]
umbrella_out: ["GigabitEthernet0/0"]
10.74.0.73.yml:
fvrf: ["WAN3", "WAN4"]
umbrella_out: ["GigabitEthernet0/1"]
roles/set-nameservers/tasks/main.yml
---
- name: CONFIGURE NAMESERVERS
ios_config:
lines:
- "ip name-server vrf {{ item }} 208.67.220.220 208.67.222.222"
with_items: "{{ fvrf }}"
- name: DEBUG
debug:
msg: "fvrf name is {{ item }}"
with_items: "{{ fvrf }}"
- name: CONFIGURE UMBRELLA OUTBOUND INTERFACE
ios_config:
lines:
- "description Outbound umbrella interface"
parents: interface {{ item }}
with_items: "{{ umbrella_out }}"
- name: DEBUG
debug:
msg: "Outbound Umbrella interface is {{ item }}"
with_items: "{{ umbrella_out }}"
预期结果
PLAY [CONFIGURE NAMESERVERS ON ROUTER] ***************************************************************************************************************************************
TASK [set-nameservers : CONFIGURE NAMESERVERS] *******************************************************************************************************************************
changed: [10.74.0.73] => (item=WAN3)
changed: [10.74.0.71] => (item=WAN1)
changed: [10.74.0.73] => (item=WAN4)
changed: [10.74.0.71] => (item=WAN2)
TASK [set-nameservers : DEBUG] ***********************************************************************************************************************************************
ok: [10.74.0.71] => (item=WAN3) => {
"msg": "fvrf name is WAN1"
}
ok: [10.74.0.71] => (item=WAN4) => {
"msg": "fvrf name is WAN2"
}
ok: [10.74.0.73] => (item=WAN3) => {
"msg": "fvrf name is WAN3"
}
ok: [10.74.0.73] => (item=WAN4) => {
"msg": "fvrf name is WAN4"
}
TASK [set-nameservers : CONFIGURE UMBRELLA OUTBOUND INTERFACE] ***************************************************************************************************************
changed: [10.74.0.73] => (item=GigabitEthernet0/0)
changed: [10.74.0.71] => (item=GigabitEthernet0/1)
TASK [set-nameservers : DEBUG] ***********************************************************************************************************************************************
ok: [10.74.0.71] => (item=GigabitEthernet0/1) => {
"msg": "Outbound Umbrella interface is GigabitEthernet0/0"
}
ok: [10.74.0.73] => (item=GigabitEthernet0/1) => {
"msg": "Outbound Umbrella interface is GigabitEthernet0/1"
}
PLAY RECAP *******************************************************************************************************************************************************************
10.74.0.71 : ok=4 changed=2 unreachable=0 failed=0
10.74.0.73 : ok=4 changed=2 unreachable=0 failed=0
实际结果
PLAY [CONFIGURE NAMESERVERS ON ROUTER] ***************************************************************************************************************************************
TASK [set-nameservers : CONFIGURE NAMESERVERS] *******************************************************************************************************************************
changed: [10.74.0.73] => (item=WAN3)
changed: [10.74.0.71] => (item=WAN3)
changed: [10.74.0.73] => (item=WAN4)
changed: [10.74.0.71] => (item=WAN4)
TASK [set-nameservers : DEBUG] ***********************************************************************************************************************************************
ok: [10.74.0.71] => (item=WAN3) => {
"msg": "fvrf name is WAN3"
}
ok: [10.74.0.71] => (item=WAN4) => {
"msg": "fvrf name is WAN4"
}
ok: [10.74.0.73] => (item=WAN3) => {
"msg": "fvrf name is WAN3"
}
ok: [10.74.0.73] => (item=WAN4) => {
"msg": "fvrf name is WAN4"
}
TASK [set-nameservers : CONFIGURE UMBRELLA OUTBOUND INTERFACE] ***************************************************************************************************************
changed: [10.74.0.73] => (item=GigabitEthernet0/1)
changed: [10.74.0.71] => (item=GigabitEthernet0/1)
TASK [set-nameservers : DEBUG] ***********************************************************************************************************************************************
ok: [10.74.0.71] => (item=GigabitEthernet0/1) => {
"msg": "Outbound Umbrella interface is GigabitEthernet0/1"
}
ok: [10.74.0.73] => (item=GigabitEthernet0/1) => {
"msg": "Outbound Umbrella interface is GigabitEthernet0/1"
}
PLAY RECAP *******************************************************************************************************************************************************************
10.74.0.71 : ok=4 changed=2 unreachable=0 failed=0
10.74.0.73 : ok=4 changed=2 unreachable=0 failed=0
正如您从输出结果中看到的那样,10.74.0.73 的主机文件中的变量被用于两个主机,尽管 10.74.0.71 在单独的文件中定义了自己唯一的变量值。在具有相同结构和 16 个路由器的单独剧本中,它显示了相同的行为......使用组中最后一个路由器的 hostvars 为所有 16 个路由器(哎呀!)
我已经在网上搜索了几个小时,并浏览了 Ansible 文档和此处有关循环、变量和变量优先级的大量讨论。我还没有弄清楚问题是什么。我认为最有可能的罪魁祸首是我误解了 with_items 操作的工作原理,但我不知道如何修改任务以确保每个主机都有唯一变量列表的预期结果。这可能是错误行为吗?
非常感谢对此问题的任何帮助!
感谢您发布目录输出,这是关键。导致问题的不是 with_items,而是 group_vars.
中的嵌套 host_vars
如果您将 host_vars 从 group_vars 目录中拉出,它将再次开始正常运行。我还没有深入研究分配规则以找出 确切地 在什么时候被取代,但 tl;dr 是顶部桶 不是 特定于主机,即使底部桶 是 ,因此:
hostvars["10.74.0.71"] = # the correct thing
vars["lab-g2-crs-2900"] = {}
for h in ["10.74.0.71", ...etc...]:
vars["lab-g2-crs-2900"].update(hostvars[h])
# and now the value in the group_vars "masks off" the host-specific one
# because they appear to be applied in reverse-depth-first order
您可以自己确认 运行 整个剧本,只需使用 ansible-inventory --list 并查看 _meta
中的 hostvars
我正在尝试编写一个 Ansible 剧本,它运行一些任务来配置 Cisco IOS 路由器。其中一些任务需要遍历在主机变量文件级别定义的列表变量。例如,给定一个或多个接口,在该接口上配置 x。或者,给定一个或多个 fvrf,为每个 fvrf 配置名称服务器。接口和 fvrfs 的数量是动态的。在 playbook 角色中有多个任务具有这样的动态列表值。
我遇到的问题 运行 是每个路由器具有唯一值的主机变量总是被设置为为组中最后一个路由器定义的值。对于作为字符串的变量和作为字符串列表的变量,会发生这种情况。换句话说,清单组中最后一个路由器之前的路由器的主机变量总是被为最后一个路由器定义的主机变量覆盖。
Ansible 运行时:
$ ansible --version
ansible 2.7.0
config file = /opt/ansible/ansible.cfg
configured module search path = [u'/home/<redacted>/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /home/<redacted>/mypython/lib/python2.7/site-packages/ansible
executable location = /home/<redacted>/mypython/bin/ansible
python version = 2.7.15 (default, Oct 22 2018, 15:22:25) [GCC 4.4.7 20120313 (Red Hat 4.4.7-18)]
(A) (mypython) <redacted>@<redacted_hostname> /opt/ansible
$ ansible-playbook --version
ansible-playbook 2.7.0
config file = /opt/ansible/ansible.cfg
configured module search path = [u'/home/<redacted>/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /home/<redacted>/mypython/lib/python2.7/site-packages/ansible
executable location = /home/<redacted>/mypython/bin/ansible-playbook
python version = 2.7.15 (default, Oct 22 2018, 15:22:25) [GCC 4.4.7 20120313 (Red Hat 4.4.7-18)]
目录结构:
+-- ansible.cfg
+-- inventory
| +-- lab-g2
| | +-- group_vars
| | | +-- lab-g2-crs-2900
| | | +-- host_vars
| | | | +-- 10.74.0.71.yml
| | | | +-- 10.74.0.73.yml
| | | +-- vars
| | +-- inventory
+-- library
+-- playbooks
| +-- roles -> /opt/ansible/roles
| +-- set-nameservers.yml
+-- README.md
+-- roles
| +-- set-nameservers
| +-- tasks
| +-- main.yml
playbook.yml:
---
- name: CONFIGURE NAMESERVERS ON ROUTER
hosts: all
gather_facts: no
connection: network_cli
roles:
- set-nameservers
库存文件:
[lab-g2-crs-2900]
10.74.0.71
10.74.0.73
[all:children]
lab-g2-crs-2900
组变量文件:
---
ansible_connection: network_cli
ansible_network_os: ios
主机变量文件:
10.74.0.71.yml:
fvrf: ["WAN1", "WAN2"]
umbrella_out: ["GigabitEthernet0/0"]
10.74.0.73.yml:
fvrf: ["WAN3", "WAN4"]
umbrella_out: ["GigabitEthernet0/1"]
roles/set-nameservers/tasks/main.yml
---
- name: CONFIGURE NAMESERVERS
ios_config:
lines:
- "ip name-server vrf {{ item }} 208.67.220.220 208.67.222.222"
with_items: "{{ fvrf }}"
- name: DEBUG
debug:
msg: "fvrf name is {{ item }}"
with_items: "{{ fvrf }}"
- name: CONFIGURE UMBRELLA OUTBOUND INTERFACE
ios_config:
lines:
- "description Outbound umbrella interface"
parents: interface {{ item }}
with_items: "{{ umbrella_out }}"
- name: DEBUG
debug:
msg: "Outbound Umbrella interface is {{ item }}"
with_items: "{{ umbrella_out }}"
预期结果
PLAY [CONFIGURE NAMESERVERS ON ROUTER] ***************************************************************************************************************************************
TASK [set-nameservers : CONFIGURE NAMESERVERS] *******************************************************************************************************************************
changed: [10.74.0.73] => (item=WAN3)
changed: [10.74.0.71] => (item=WAN1)
changed: [10.74.0.73] => (item=WAN4)
changed: [10.74.0.71] => (item=WAN2)
TASK [set-nameservers : DEBUG] ***********************************************************************************************************************************************
ok: [10.74.0.71] => (item=WAN3) => {
"msg": "fvrf name is WAN1"
}
ok: [10.74.0.71] => (item=WAN4) => {
"msg": "fvrf name is WAN2"
}
ok: [10.74.0.73] => (item=WAN3) => {
"msg": "fvrf name is WAN3"
}
ok: [10.74.0.73] => (item=WAN4) => {
"msg": "fvrf name is WAN4"
}
TASK [set-nameservers : CONFIGURE UMBRELLA OUTBOUND INTERFACE] ***************************************************************************************************************
changed: [10.74.0.73] => (item=GigabitEthernet0/0)
changed: [10.74.0.71] => (item=GigabitEthernet0/1)
TASK [set-nameservers : DEBUG] ***********************************************************************************************************************************************
ok: [10.74.0.71] => (item=GigabitEthernet0/1) => {
"msg": "Outbound Umbrella interface is GigabitEthernet0/0"
}
ok: [10.74.0.73] => (item=GigabitEthernet0/1) => {
"msg": "Outbound Umbrella interface is GigabitEthernet0/1"
}
PLAY RECAP *******************************************************************************************************************************************************************
10.74.0.71 : ok=4 changed=2 unreachable=0 failed=0
10.74.0.73 : ok=4 changed=2 unreachable=0 failed=0
实际结果
PLAY [CONFIGURE NAMESERVERS ON ROUTER] ***************************************************************************************************************************************
TASK [set-nameservers : CONFIGURE NAMESERVERS] *******************************************************************************************************************************
changed: [10.74.0.73] => (item=WAN3)
changed: [10.74.0.71] => (item=WAN3)
changed: [10.74.0.73] => (item=WAN4)
changed: [10.74.0.71] => (item=WAN4)
TASK [set-nameservers : DEBUG] ***********************************************************************************************************************************************
ok: [10.74.0.71] => (item=WAN3) => {
"msg": "fvrf name is WAN3"
}
ok: [10.74.0.71] => (item=WAN4) => {
"msg": "fvrf name is WAN4"
}
ok: [10.74.0.73] => (item=WAN3) => {
"msg": "fvrf name is WAN3"
}
ok: [10.74.0.73] => (item=WAN4) => {
"msg": "fvrf name is WAN4"
}
TASK [set-nameservers : CONFIGURE UMBRELLA OUTBOUND INTERFACE] ***************************************************************************************************************
changed: [10.74.0.73] => (item=GigabitEthernet0/1)
changed: [10.74.0.71] => (item=GigabitEthernet0/1)
TASK [set-nameservers : DEBUG] ***********************************************************************************************************************************************
ok: [10.74.0.71] => (item=GigabitEthernet0/1) => {
"msg": "Outbound Umbrella interface is GigabitEthernet0/1"
}
ok: [10.74.0.73] => (item=GigabitEthernet0/1) => {
"msg": "Outbound Umbrella interface is GigabitEthernet0/1"
}
PLAY RECAP *******************************************************************************************************************************************************************
10.74.0.71 : ok=4 changed=2 unreachable=0 failed=0
10.74.0.73 : ok=4 changed=2 unreachable=0 failed=0
正如您从输出结果中看到的那样,10.74.0.73 的主机文件中的变量被用于两个主机,尽管 10.74.0.71 在单独的文件中定义了自己唯一的变量值。在具有相同结构和 16 个路由器的单独剧本中,它显示了相同的行为......使用组中最后一个路由器的 hostvars 为所有 16 个路由器(哎呀!)
我已经在网上搜索了几个小时,并浏览了 Ansible 文档和此处有关循环、变量和变量优先级的大量讨论。我还没有弄清楚问题是什么。我认为最有可能的罪魁祸首是我误解了 with_items 操作的工作原理,但我不知道如何修改任务以确保每个主机都有唯一变量列表的预期结果。这可能是错误行为吗?
非常感谢对此问题的任何帮助!
感谢您发布目录输出,这是关键。导致问题的不是 with_items,而是 group_vars.
host_vars
如果您将 host_vars 从 group_vars 目录中拉出,它将再次开始正常运行。我还没有深入研究分配规则以找出 确切地 在什么时候被取代,但 tl;dr 是顶部桶 不是 特定于主机,即使底部桶 是 ,因此:
hostvars["10.74.0.71"] = # the correct thing
vars["lab-g2-crs-2900"] = {}
for h in ["10.74.0.71", ...etc...]:
vars["lab-g2-crs-2900"].update(hostvars[h])
# and now the value in the group_vars "masks off" the host-specific one
# because they appear to be applied in reverse-depth-first order
您可以自己确认 运行 整个剧本,只需使用 ansible-inventory --list 并查看 _meta
hostvars