即使使用正确的语法,Ansible 任务也会失败

Ansible task is failing even with the right syntax

我正在学习 ansible,我已经编写了一个用于 LDAP 验证的任务。但是,当我 运行 剧本时,即使验证正确,任务也会失败。

下面是检查 LDAP 密码最长期限的可靠任务

- name: LDAP Validation
      shell: /usr/bin/ldapsearch -w admin  -H ldap://localhost:10389 -x -D "cn=manager,dc=apache,dc=com" -b "cn=default,ou=pwpolicies,dc=apache,dc=com" | grep 'pwdMaxAge'
      register: output


- name: LDAP password age check 
  fail:
    msg: "Password MaxAge not set to 0"
  when: output.stdout != "pwdMaxAge: 0"

下面是 ansible 在更新任务后抛出的新语法错误。

ERROR! Syntax Error while loading YAML.
  mapping values are not allowed here

The error appears to have been in '/etc/ansible/server/roles/LDAP/tasks/ldap.yml': line 40, column 36, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

    msg: "Password MaxAge not set to 0"
  when: output.stdout != "pwdMaxAge: 0"
                                   ^ here

变量output是一个字典;将它与字符串进行比较没有意义:比较将 永远不会 相等。查看 the documentation 以了解 shell 模块返回的值。

例如,您最终可能会像这样检查 stdout 属性:

- name: LDAP password age check 
  fail:
    msg: "Password MaxAge not set to 0"
  when: 'output.stdout != "pwdMaxAge: 0"'

正如@PatrickForget 所建议的,您可以使用 debug 任务来检查您注册的变量:

- name: show output variable
  debug:
    var: output