为什么 Ansible 不会在 stdout 条件中使此字符串失败?

Why is Ansible not failing this string in stdout conditional?

我在 Centos7 上使用 network_cli 连接方法 运行ning Ansible 版本 2.7。

我有一本剧本:

无论我给出什么 md5 值,它总是 运行 任务块。

条件语句为:

when: '"new_ios_md5" | string in md5_result.stdout'

这是完整的剧本:

- name: UPGRADE SUP8L-E SWITCH FIRMWARE
  hosts: switches
  connection: network_cli
  gather_facts: no

  vars_prompt:
   - name: "compliant_ios_version"
     prompt: "What is the compliant IOS version?"
     private: no

   - name: "new_ios_bin"
     prompt: "What is the name of the new IOS file?"
     private: no

   - name: "new_ios_md5"
     prompt: "What is the MD5 value of the new IOS file?"
     private: no

   - name: "should_reboot"
     prompt: "Do you want Ansible to reboot the hosts? (YES or NO)"
     private: no

  tasks:
    - name: GATHER SWITCH FACTS
      ios_facts:

    - name: UPGRADE IOS IMAGE IF NOT COMPLIANT
      block:
      - name: COPY OVER IOS IMAGE
        ios_command:
           commands:
              - command: "copy tftp://X.X.X.X/45-SUP8L-E/{{ new_ios_bin }} bootflash:"
                prompt: '[{{ new_ios_bin }}]'
              answer: "\r"
        vars:
          ansible_command_timeout: 1800

      - name: CHECK MD5 HASH
        ios_command:
           commands:
              - command: "verify /md5 bootflash:{{ new_ios_bin }}"
        register: md5_result
        vars:
          ansible_command_timeout: 300

      - name: CONTINUE UPGRADE IF MD5 HASH MATCHES
        block:
        - name: SETTING BOOT IMAGE
          ios_config:
            lines:
            - no boot system
            - boot system flash bootflash:{{ new_ios_bin }}
            match: none
            save_when: always

        - name: REBOOT SWITCH IF INSTRUCTED
          block:
          - name: REBOOT SWITCH
            ios_command:
               commands:
                  - command: "reload"
                    prompt: '[confirm]'
                    answer: "\r"
            vars:
              ansible_command_timeout: 30

          - name: WAIT FOR SWITCH TO RETURN
            wait_for:
              host: "{{inventory_hostname}}"
              port: 22
              delay: 60
              timeout: 600
            delegate_to: localhost

          - name: GATHER ROUTER FACTS FOR VERIFICATION
            ios_facts:

          - name: ASSERT THAT THE IOS VERSION IS CORRECT
            assert:
              that:
                - compliant_ios_version == ansible_net_version
              msg: "New IOS version matches compliant version. Upgrade successful."

          when: should_reboot == "YES"

        when: '"new_ios_md5" | string in md5_result.stdout'

      when: ansible_net_version != compliant_ios_version
...

剧本中的其他两个条件按预期工作。我不知道如何让 ansible 失败 when: '"new_ios_md5" | md5_result.stdout' 中的字符串条件,如果 md5 值错误则停止播放。

当你 运行 调试输出时,stdout 的值为:

    "stdout": [
".............................................................................................................................................Done!", 
                "verify /md5 (bootflash:cat4500es8-universalk9.SPA.03.10.02.E.152-6.E2.bin) = c1af921dc94080b5e0172dbef42dc6ba"
            ]

您可以在字符串中清楚地看到计算出的 md5,但我的条件似乎并不关心任何一种方式。

有人有什么建议吗?

当你写:

when: '"new_ios_md5" | string in md5_result.stdout'

您正在寻找变量 md5_result.stdout 中的 文字字符串 "new_ios_md5"。由于您实际上想引用新的 new_ios_md5 变量,因此您需要删除它周围的引号:

when: 'new_ios_md5 | string in md5_result.stdout'

归功于 reddit 上的 zoredache 以获得最终解决方案:

顺便说一句,您知道大多数不同的网络命令 ios_command 结果会以列表的形式返回,对吗?因此,您需要根据您 运行.

的命令对列表进行索引

说你有这个。任务

ios_command:
    commands:
      - command: "verify /md5 bootflash:{{ new_ios_bin }}"
      - command: show version
      - command: show config
register: results

你会在列表中有这样的输出。

# results.stdout[0] = verify
# results.stdout[1] = show version
# results.stdout[2] = show config

所以正确的条件语句应该是:

when: 'new_ios_md5 in md5_result.stdout[0]'