我正在尝试使用 ansible 更改权限，但效果不佳

Question

我有这本运行良好的剧本，但不是我需要的，我找不到问题所在。 剧本应该允许我递归地更改文件系统或特定文件的权限。

- name: Playbook to change file and directory permissions
  hosts: '{{ target_hosts }}'
  vars:
    PATH: '{{ target_path }}'
    PERMISSIONS: '{{ number }}'
    OWNER: '{{ target_owner }}'
    GROUP: '{{ target_group }}'
  tasks:
    - name: Checking that it is not a system mount point
      fail: 
        msg: "Changing permissions on system fs is not allowed"
      when: PATH in ["/etc", "/var", "/tmp", "/usr", "/", "/opt", "/home", "/boot"]

    - name: Checking if the path is a file or a filesystem
      stat: 
        path: '{{ PATH }}'
      register: path_status

    - name: Applying permissions on the filesystem
      block:
        - name: Report if directory exists 
          debug: 
            msg: "Directory {{ PATH }} is present on the server"
          when: path_status.stat.exists

        - name: Applying permissions recursively
          file: 
            path: '{{ PATH }}'
            mode: '0{{ PERMISSIONS }}'
            owner: '{{ OWNER }}'
            group: '{{ GROUP }}'
            recurse: yes
      when: path_status.stat.isdir is defined and path_status.stat.isdir

    - name: Applying permissions on the file
      block:
        - name: Report if file exists
          debug:
            msg: "File {{ PATH }} is present on the server" 
          when: path_status.stat.exists

        - name: Applying permissions
          file: 
            path: '{{ PATH }}'
            state: file
            mode: '0{{ PERMISSIONS }}'
            owner: '{{ OWNER }}'
            group: '{{ GROUP }}'
      when: path_status.stat.isreg is defined and path_status.stat.isreg

前2个任务

• 确认它不是系统文件系统
• 使用 Ansible stat 模块，我注册了正在访问的路径 作为 PATH 变量的参数传递

当我执行时只传递一个文件系统，如下例所示

ansible-playbook change_fs_permissions.yml -e "target_hosts=centoslabs target_path=/etc number=755 target_owner=root target_group=testing"

执行结束，因为它是一个系统挂载点。 （我期待什么）

但是如果我输入类似 /tmp/somefile.txt 的内容作为 PATH 变量的参数，我的想法是剧本将再次失败，因为它无法更改任何内容在该文件系统中，但它不会继续执行并更改权限。

他们会看到我使用了 BLOCK 模块，因为在我看来它是最好的，所以如果将文件系统传递给它，它会执行那些任务，如果它是一个文件，它会执行其他任务。

你能给我一些解决这个问题的想法吗？

Answer 1

简化条件

  when: path_status.stat.isdir is defined and path_status.stat.isdir
  when: path_status.stat.isreg is defined and path_status.stat.isreg

不要测试该属性是否已定义，而是将默认值设置为 false。这将跳过 PATH 既不是目录也不是常规文件的情况。

  when: path_status.stat.isdir|default(false)
  when: path_status.stat.isreg|default(false)

在这种情况下，您也可以省略测试 PATH 是否存在，因为如果它不存在，则无论如何都会跳过该块

  when: path_status.stat.exists

---

试试这个

    - name: Applying permissions on the filesystem
      block:
        - name: Report if directory exists
          debug:
            msg: "Directory {{ PATH }} is present on the server"

        - name: Applying permissions recursively
          file:
            path: '{{ PATH }}'
            mode: '0{{ PERMISSIONS }}'
            owner: '{{ OWNER }}'
            group: '{{ GROUP }}'
            recurse: true
      when: path_status.stat.isdir|default(false)

    - name: Applying permissions on the file
      block:
        - name: Report if file exists
          debug:
            msg: "File {{ PATH }} is present on the server"

        - name: Applying permissions
          file:
            path: '{{ PATH }}'
            state: file
            mode: '0{{ PERMISSIONS }}'
            owner: '{{ OWNER }}'
            group: '{{ GROUP }}'
      when: path_status.stat.isreg|default(false)

Answer 2

我做到了，现在可以使用了。 我所做的是改变这部分：

  - name: Checking that it is not a system mount point
  fail: 
    msg: "Changing permissions on system fs is not allowed"
  when: PATH in ["/etc", "/var", "/tmp", "/usr", "/", "/opt", "/home", "/boot"]

对于：

  - name: Checking that it is not a system mount point
  fail: 
    msg: "Changing permissions on system fs is not allowed"
  when: PATH.split('/')[1] in ["/etc", "/var", "/tmp", "/usr", "/", "/opt", "/home", "/boot"]