尝试在 Ansible 中包含剧本中的任务列表
Trying to include a list of tasks from an playbook in Ansible
我的文件夹结构:
首先我会给你这个,这样你就可以看到它是如何布局的,并在阅读下面时参考它:
/environments
/development
hosts // Inventory file
/group_vars
proxies.yml
/custom_tasks
firewall_rules.yml // File I'm trying to bring in
playbook.yml // Root playbook, just brings in the plays
rev-proxy.yml // Reverse-proxy playbook, included by playbook.yml
playbook.yml:
---
- include: webserver.yml
- include: rev-proxy.yml
proxies.yml 只包含 firewall_custom_include_file: custom_tasks/firewall_rules.yml
firewall_rules.yml:
tasks:
- name: "Allowing traffic from webservers on 80"
ufw: src=10.10.10.3, port=80, direction=in, rule=allow
- name: "Allowing traffic all on 443"
ufw: port=443, rule=allow
最后 rev-proxy.yml 播放:
---
- hosts: proxies
become: yes
roles:
- { role: firewall }
- { role: geerlingguy.nginx }
pre_tasks:
# jessie-backports for nginx-extras 1.10
- name: "Adding jessie-backports repo"
copy: content="deb http://ftp.debian.org/debian jessie-backports main" dest="/etc/apt/sources.list.d/jessie-backports.list"
- name: Updating apt-cache.
apt: update_cache="yes"
- name: "Installing htop"
apt:
name: htop
state: present
- name: "Coopying SSL certificates"
copy: src=/vagrant/ansible/files/ssl/ dest=/etc/ssl/certs force=no
tasks:
- name: "Including custom firewall rules."
include: "{{ inventory_dir }}/{{ firewall_custom_include_file }}.yml"
when: firewall_custom_include_file is defined
vars_files:
- ./vars/nginx/common.yml
- ./vars/nginx/proxy.yml
我想做什么:
使用 Ansible 2.2.1.0
我正在尝试包含一个任务列表,如果设置了变量 firewall_custom_include_file,这些任务将是 运行。通过 "{{ inventory_dir }}/{{ firewall_custom_include_file }}.yml" 相对于库存目录包含该列表 - 在本例中为 /vagrant/ansible/environments/development/custom_tasks/firewall_rules.yml
基本上这里的想法是,我需要根据我所处的环境以及正在配置的主机来执行不同的防火墙规则。
举个简单的例子:我可能想在生产网络服务器上将数据库服务器 IP 列入白名单,但不在反向代理上,也不在我的开发箱上。
问题:
每当我像上面那样包含 firewall_rules.yml 时,它会告诉我:
TASK [Including custom firewall rules.] ****************************************
fatal: [proxy-1]: FAILED! => {"failed": true, "reason": "included task files must contain a list of tasks"}
我不确定它在期待什么,我试着把文件开头的 tasks: 去掉,使它成为:
- name: "Allowing traffic from webservers on 80"
ufw: src=10.10.10.3, port=80, direction=in, rule=allow
- name: "Allowing traffic all on 443"
ufw: port=443, rule=allow
但是它给了我错误:
root@ansible-control:/vagrant/ansible# ansible-playbook -i environments/development playbook.yml
ERROR! Attempted to execute "/vagrant/ansible/environments/development/custom_tasks/firewall_rules.yml" as inventory script: problem running /vagrant/ansible/environments/development/custom_tasks/firewall_rules.yml --list ([Errno 8] Exec format error)
Attempted to read "/vagrant/ansible/environments/development/custom_tasks/firewall_rules.yml" as YAML: 'AnsibleSequence' object has no attribute 'keys'
Attempted to read "/vagrant/ansible/environments/development/custom_tasks/firewall_rules.yml" as ini file: /vagrant/ansible/environments/development/custom_tasks/firewall_rules.yml:2: Expected key=value host variable assignment, got: name:
在这一点上,我不太确定它在包含的文件中寻找什么,而且我似乎无法真正找到关于这个或其他有此问题的人的明确文档。
尝试使用 -i environments/development/hosts 而不是目录执行。
但我敢打赌,将任务文件存储在清单中远非最佳做法。
您可能希望将自定义规则列表定义为清单变量,例如:
custom_rules:
- src: 10.10.10.3
port: 80
direction: in
rule: allow
- port: 443
rule: allow
而不是包含任务,做这样的事情:
- ufw:
port: "{{ item.port | default(omit) }}"
rule: "{{ item.rule | default(omit) }}"
direction: "{{ item.direction | default(omit) }}"
src: "{{ item.src | default(omit) }}"
with_items: "{{ custom_rules }}"
我的文件夹结构:
首先我会给你这个,这样你就可以看到它是如何布局的,并在阅读下面时参考它:
/environments
/development
hosts // Inventory file
/group_vars
proxies.yml
/custom_tasks
firewall_rules.yml // File I'm trying to bring in
playbook.yml // Root playbook, just brings in the plays
rev-proxy.yml // Reverse-proxy playbook, included by playbook.yml
playbook.yml:
---
- include: webserver.yml
- include: rev-proxy.yml
proxies.yml 只包含 firewall_custom_include_file: custom_tasks/firewall_rules.yml
firewall_rules.yml:
tasks:
- name: "Allowing traffic from webservers on 80"
ufw: src=10.10.10.3, port=80, direction=in, rule=allow
- name: "Allowing traffic all on 443"
ufw: port=443, rule=allow
最后 rev-proxy.yml 播放:
---
- hosts: proxies
become: yes
roles:
- { role: firewall }
- { role: geerlingguy.nginx }
pre_tasks:
# jessie-backports for nginx-extras 1.10
- name: "Adding jessie-backports repo"
copy: content="deb http://ftp.debian.org/debian jessie-backports main" dest="/etc/apt/sources.list.d/jessie-backports.list"
- name: Updating apt-cache.
apt: update_cache="yes"
- name: "Installing htop"
apt:
name: htop
state: present
- name: "Coopying SSL certificates"
copy: src=/vagrant/ansible/files/ssl/ dest=/etc/ssl/certs force=no
tasks:
- name: "Including custom firewall rules."
include: "{{ inventory_dir }}/{{ firewall_custom_include_file }}.yml"
when: firewall_custom_include_file is defined
vars_files:
- ./vars/nginx/common.yml
- ./vars/nginx/proxy.yml
我想做什么:
使用 Ansible 2.2.1.0
我正在尝试包含一个任务列表,如果设置了变量 firewall_custom_include_file,这些任务将是 运行。通过 "{{ inventory_dir }}/{{ firewall_custom_include_file }}.yml" 相对于库存目录包含该列表 - 在本例中为 /vagrant/ansible/environments/development/custom_tasks/firewall_rules.yml
基本上这里的想法是,我需要根据我所处的环境以及正在配置的主机来执行不同的防火墙规则。
举个简单的例子:我可能想在生产网络服务器上将数据库服务器 IP 列入白名单,但不在反向代理上,也不在我的开发箱上。
问题:
每当我像上面那样包含 firewall_rules.yml 时,它会告诉我:
TASK [Including custom firewall rules.] ****************************************
fatal: [proxy-1]: FAILED! => {"failed": true, "reason": "included task files must contain a list of tasks"}
我不确定它在期待什么,我试着把文件开头的 tasks: 去掉,使它成为:
- name: "Allowing traffic from webservers on 80"
ufw: src=10.10.10.3, port=80, direction=in, rule=allow
- name: "Allowing traffic all on 443"
ufw: port=443, rule=allow
但是它给了我错误:
root@ansible-control:/vagrant/ansible# ansible-playbook -i environments/development playbook.yml
ERROR! Attempted to execute "/vagrant/ansible/environments/development/custom_tasks/firewall_rules.yml" as inventory script: problem running /vagrant/ansible/environments/development/custom_tasks/firewall_rules.yml --list ([Errno 8] Exec format error)
Attempted to read "/vagrant/ansible/environments/development/custom_tasks/firewall_rules.yml" as YAML: 'AnsibleSequence' object has no attribute 'keys'
Attempted to read "/vagrant/ansible/environments/development/custom_tasks/firewall_rules.yml" as ini file: /vagrant/ansible/environments/development/custom_tasks/firewall_rules.yml:2: Expected key=value host variable assignment, got: name:
在这一点上,我不太确定它在包含的文件中寻找什么,而且我似乎无法真正找到关于这个或其他有此问题的人的明确文档。
尝试使用 -i environments/development/hosts 而不是目录执行。
但我敢打赌,将任务文件存储在清单中远非最佳做法。
您可能希望将自定义规则列表定义为清单变量,例如:
custom_rules:
- src: 10.10.10.3
port: 80
direction: in
rule: allow
- port: 443
rule: allow
而不是包含任务,做这样的事情:
- ufw:
port: "{{ item.port | default(omit) }}"
rule: "{{ item.rule | default(omit) }}"
direction: "{{ item.direction | default(omit) }}"
src: "{{ item.src | default(omit) }}"
with_items: "{{ custom_rules }}"