Ansible playbook使用字典和循环时出现语法错误
我的vars/目录中有以下词典 vars_dict.ymlAnsible playbook使用字典和循环时出现语法错误,ansible,yaml,Ansible,Yaml,我的vars/目录中有以下词典 vars_dict.yml --- ruleset: rule1: rule_name: testrule1 description: Test Rule number 1 source_zone: trust destination_zone: untrust source_ip: 1.2.3.4 source_user: any destination_ip: 4.5.6.7 action:
---
ruleset:
rule1:
rule_name: testrule1
description: Test Rule number 1
source_zone: trust
destination_zone: untrust
source_ip: 1.2.3.4
source_user: any
destination_ip: 4.5.6.7
action: allow
disabled: FALSE
location: top
log_end: TRUE
tag_name: superimportant
vsys: vsys1
state: present
commit: TRUE
rule2:
rule_name: testrule2
description: Test Rule number 2
source_zone: trust
destination_zone: untrust
source_ip: 1.2.3.5
source_user: any
destination_ip: 4.5.6.8
action: allow
disabled: FALSE
location: bottom
log_end: TRUE
tag_name: superimportant
vsys: vsys1
state: present
commit: TRUE
...
---
ruleset:
- rule_name: testrule1
description: Test Rule number 1
source_zone: trust
destination_zone: untrust
source_ip: 1.2.3.4
source_user: any
destination_ip: 4.5.6.7
action: allow
disabled: FALSE
location: top
log_end: TRUE
tag_name: superimportant
vsys: vsys1
state: present
commit: TRUE
- rule_name: testrule2
description: Test Rule number 2
source_zone: trust
destination_zone: untrust
source_ip: 1.2.3.5
source_user: any
destination_ip: 4.5.6.8
action: allow
disabled: FALSE
location: bottom
log_end: TRUE
tag_name: superimportant
vsys: vsys1
state: present
commit: TRUE
我在vars/中还有这些支持变量文件:
凭证.yml
fw_username: test
fw_password: test
和fw.yml
fw_ip_address: 192.168.1.1
我想使用此剧本循环浏览每一组数据,向防火墙发送命令:
---
- hosts: localhost
connection: local
roles:
- role: PaloAltoNetworks.paloaltonetworks
tasks:
- name: include variables
include_vars:
dir: vars
- name: Add superimportant rules to the firewall
panos_security_rule:
ip_address: '{{ fw_ip_address }}'
username: '{{ fw_username }}'
password: '{{ fw_password }}'
rule_name: '{{ ruleset.rule_name }}'
description: '{{ ruleset.description }}'
source_zone: ['{{ ruleset.source_zone }}']
destination_zone: ['{{ ruleset.destination_zone }}']
source_ip: ['{{ ruleset.source_ip }}']
source_user: ['{{ ruleset.source_user }}']
destination_ip: ['{{ ruleset.destination_ip }}']
action: '{{ ruleset.action }}'
disabled: '{{ ruleset.disabled }}'
location: '{{ ruleset.location }}'
log_end: '{{ ruleset.log_end }}'
tag_name: '{{ ruleset.tag_name }}'
vsys: '{{ ruleset.vsys }}'
state: '{{ ruleset.state }}'
commit: '{{ ruleset.commit }}'
with_dict:
- "{{ ruleset }}"
...
我期望ansible的输出是循环并为每个数据块生成如下输出:
panos_security_rule:
ip_address: '192.168.1.1'
username: 'test'
password: 'test'
rule_name: 'Ansible test 1'
description: 'An Ansible test rule'
source_zone: ['trust']
destination_zone: ['untrust']
source_ip: ['1.2.3.4']
source_user: ['any']
destination_ip: ['any']
action: 'allow'
disabled: 'False'
location: 'top'
log_end: 'true'
tag_name: 'superimportant'
vsys: 'vsys1'
state: 'present'
commit: 'True'
我得到的错误是
TASK [include variables] *****************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "Syntax Error while loading YAML.\n mapping values are not allowed here\n\nThe error appears to have been in '/root/ansible/vars/vars.yml': line 3, column 16, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n rule_name: testrule1\n description: Test Rule number 1\n ^ here\n"}
to retry, use: --limit @/root/ansible/panos_dynamic.retry
我一直在阅读文档和帖子,我尝试重新格式化字典文件,并使用with_items,with_dict,用“{{}}”括起来,没有括号,我似乎完全被卡住了
我错过了一些简单的东西吗?这里有一些调整可以解决您的问题 首先,使用列表而不是dict来定义角色。这两种方法都有效,但列表稍微干净一些 其次,带dict的
符号需要缩进到与任务相同的级别,而不是任务参数
最后,您的问题使用规则集
作为循环变量。默认情况下,这将是item
,并且它需要与正在迭代的list/dict变量不同
例如:
vars_dict.yml
---
ruleset:
rule1:
rule_name: testrule1
description: Test Rule number 1
source_zone: trust
destination_zone: untrust
source_ip: 1.2.3.4
source_user: any
destination_ip: 4.5.6.7
action: allow
disabled: FALSE
location: top
log_end: TRUE
tag_name: superimportant
vsys: vsys1
state: present
commit: TRUE
rule2:
rule_name: testrule2
description: Test Rule number 2
source_zone: trust
destination_zone: untrust
source_ip: 1.2.3.5
source_user: any
destination_ip: 4.5.6.8
action: allow
disabled: FALSE
location: bottom
log_end: TRUE
tag_name: superimportant
vsys: vsys1
state: present
commit: TRUE
...
---
ruleset:
- rule_name: testrule1
description: Test Rule number 1
source_zone: trust
destination_zone: untrust
source_ip: 1.2.3.4
source_user: any
destination_ip: 4.5.6.7
action: allow
disabled: FALSE
location: top
log_end: TRUE
tag_name: superimportant
vsys: vsys1
state: present
commit: TRUE
- rule_name: testrule2
description: Test Rule number 2
source_zone: trust
destination_zone: untrust
source_ip: 1.2.3.5
source_user: any
destination_ip: 4.5.6.8
action: allow
disabled: FALSE
location: bottom
log_end: TRUE
tag_name: superimportant
vsys: vsys1
state: present
commit: TRUE
剧本:
---
-主机:本地主机
连接:本地
roles:
- role: PaloAltoNetworks.paloaltonetworks
tasks:
- name: include variables
include_vars:
dir: vars
- name: Add superimportant rules to the firewall
panos_security_rule:
ip_address: '{{ fw_ip_address }}'
username: '{{ fw_username }}'
password: '{{ fw_password }}'
rule_name: '{{ item.rule_name }}'
description: '{{ item.description }}'
source_zone: ['{{ item.source_zone }}']
destination_zone: ['{{ item.destination_zone }}']
source_ip: ['{{ item.source_ip }}']
source_user: ['{{ item.source_user }}']
destination_ip: ['{{ item.destination_ip }}']
action: '{{ item.action }}'
disabled: '{{ item.disabled }}'
location: '{{ item.location }}'
log_end: '{{ item.log_end }}'
tag_name: '{{ item.tag_name }}'
vsys: '{{ item.vsys }}'
state: '{{ item.state }}'
commit: '{{ item.commit }}'
with_items:
- "{{ ruleset }}"
错误与vars.yml
有关,但您在问题中没有提到该文件。你能澄清一下这是否与vars_dict.yml
相同吗?我更新了文件,但不幸的是,我仍然收到了一个错误。我更新了文件,但仍然收到了一个错误,但你先前关于vars.yml和yars_dict.yml的评论让我思考。原来我在目录中有两个文件(格式不同),这两个文件都破坏了我的输出!我删除了坏的一个,它现在正在工作!非常感谢你的帮助!我对yaml是全新的,我甚至使用了一个支持yaml的编辑器来避免间距问题(PyCharm),但这仍然让我难以接受!你有什么建议可以避免我以后遇到格式问题吗?