Ansible组变量冲突
Ansible group variable conflict
我 运行 关注 中描述的问题(功能?),大概是因为我错误地构建了我的库存。
我们的想法是有两个任务,适用于清单中定义的所有 'routers' 或 'firewalls'。这部分工作正常 -- Ansible 正确解析库存并区分两者。
问题 是由于库存的解析方式,它对每个客户组使用相同的 ansible_user 和 ansible_password。根据文档,这显然是有道理的:
When groups of the same parent/child level are merged, it is done
alphabetically, and the last group loaded overwrites the previous
groups. For example, an a_group will be merged with b_group and
b_group vars that match will overwrite the ones in a_group.
任何人都可以告诉我应该如何纠正这个问题吗? 如果我将 'routers' 和 'firewalls' 子组更改为唯一的,例如 custA_routers, custB_routers,那么它的行为就如预期的那样。然而,我认为我必须编写针对每个子组的任务。请注意,所有主机都是唯一的 IP 地址。
剧本:
---
- name: Check routers
hosts: routers
tasks:
- name: Do stuff.
<commands>
- name: Check firewalls
hosts: firewalls
tasks:
- name: Do stuff.
<commands>
库存:
all:
vars:
ansible_connection: network_cli
ansible_network_os: ios
children:
customerOne:
vars:
ansible_user: userOne
ansible_password: <vaulted pass>
children:
routers:
hosts:
x.x.x.x
y.y.y.y
firewalls:
vars:
ansible_network_os: asa
hosts:
z.z.z.z
customerTwo:
vars:
ansible_user: userTwo
ansible_password: <vaulted pass>
children:
routers:
hosts:
x.x.x.x
y.y.y.y
firewalls:
vars:
ansible_network_os: asa
hosts:
z.z.z.z
我认为创建两个单独的库存是理想的,customerOneInventory.yaml 和 customerTwo.yaml 或 router.yaml 和 firewalls.yaml.. 取决于您的需要。您只需在 ansible playbook 运行 中指定所需的清单文件。
ansible-playbook heat-check-playbook.yaml -i customerOneInventory.yaml
可以简化库存
all:
vars:
ansible_connection: network_cli
ansible_network_os: ios
children:
routers:
hosts:
x.x.x.x
y.y.y.y
firewalls:
vars:
ansible_network_os: asa
hosts:
z.z.z.z
并将身份验证数据放入一个单独的变量中。把它放在最合适的地方。这可能是清单中的 'all: vars:' 部分,剧本中的 'vars:' 部分,'group_vars/all' 目录 ...
auth:
customerOne:
ansible_user: userOne
ansible_password: <vaulted pass>
customerTwo:
ansible_user: userTwo
ansible_password: <vaulted pass>
在playbook顶部添加一个play,根据外部变量赋值customer
- name: Read variables
gather_facts: false
hosts: routers
tasks:
- set_fact:
ansible_user: "{{ auth[customer].ansible_user }}"
ansible_password: "{{ auth[customer].ansible_password }}"
run_once: true
- name: Check routers
hosts: routers
tasks:
- name: Do stuff.
<commands>
运行 剧本并指定客户
ansible-playbook playbook.yml -e "customer=customerTwo"
我 运行 关注
我们的想法是有两个任务,适用于清单中定义的所有 'routers' 或 'firewalls'。这部分工作正常 -- Ansible 正确解析库存并区分两者。
问题 是由于库存的解析方式,它对每个客户组使用相同的 ansible_user 和 ansible_password。根据文档,这显然是有道理的:
When groups of the same parent/child level are merged, it is done alphabetically, and the last group loaded overwrites the previous groups. For example, an a_group will be merged with b_group and b_group vars that match will overwrite the ones in a_group.
任何人都可以告诉我应该如何纠正这个问题吗? 如果我将 'routers' 和 'firewalls' 子组更改为唯一的,例如 custA_routers, custB_routers,那么它的行为就如预期的那样。然而,我认为我必须编写针对每个子组的任务。请注意,所有主机都是唯一的 IP 地址。
剧本:
---
- name: Check routers
hosts: routers
tasks:
- name: Do stuff.
<commands>
- name: Check firewalls
hosts: firewalls
tasks:
- name: Do stuff.
<commands>
库存:
all:
vars:
ansible_connection: network_cli
ansible_network_os: ios
children:
customerOne:
vars:
ansible_user: userOne
ansible_password: <vaulted pass>
children:
routers:
hosts:
x.x.x.x
y.y.y.y
firewalls:
vars:
ansible_network_os: asa
hosts:
z.z.z.z
customerTwo:
vars:
ansible_user: userTwo
ansible_password: <vaulted pass>
children:
routers:
hosts:
x.x.x.x
y.y.y.y
firewalls:
vars:
ansible_network_os: asa
hosts:
z.z.z.z
我认为创建两个单独的库存是理想的,customerOneInventory.yaml 和 customerTwo.yaml 或 router.yaml 和 firewalls.yaml.. 取决于您的需要。您只需在 ansible playbook 运行 中指定所需的清单文件。
ansible-playbook heat-check-playbook.yaml -i customerOneInventory.yaml
可以简化库存
all:
vars:
ansible_connection: network_cli
ansible_network_os: ios
children:
routers:
hosts:
x.x.x.x
y.y.y.y
firewalls:
vars:
ansible_network_os: asa
hosts:
z.z.z.z
并将身份验证数据放入一个单独的变量中。把它放在最合适的地方。这可能是清单中的 'all: vars:' 部分,剧本中的 'vars:' 部分,'group_vars/all' 目录 ...
auth:
customerOne:
ansible_user: userOne
ansible_password: <vaulted pass>
customerTwo:
ansible_user: userTwo
ansible_password: <vaulted pass>
在playbook顶部添加一个play,根据外部变量赋值customer
- name: Read variables
gather_facts: false
hosts: routers
tasks:
- set_fact:
ansible_user: "{{ auth[customer].ansible_user }}"
ansible_password: "{{ auth[customer].ansible_password }}"
run_once: true
- name: Check routers
hosts: routers
tasks:
- name: Do stuff.
<commands>
运行 剧本并指定客户
ansible-playbook playbook.yml -e "customer=customerTwo"