Ansible 如何使用';列表';此任务中的变量
我是Ansible的新手,目前正在编写一个剧本,使用以下模块部署一些Palo Alto配置: 我做这件事已经一个星期了,现在我想弄清楚为什么这个“清单”不起作用。总之,此代码连接到防火墙,创建新的地址对象,如果存在表示http或https的“服务”变量,则会将此对象添加到现有的防火墙地址组 问题在于添加了防火墙组。完成此任务的任务似乎覆盖了组中的现有对象,而不是附加到组中 为了尝试和解决这个问题,我有一项任务是“发现”现有对象(结果在一个字典中,然后我将其转换为一个列表变量。这个变量+新的服务器变量然后在“static_value”作业中用于更新地址组。这似乎不起作用,看起来好像它超过了字符限制,就像它是一个字符串一样 我还尝试自行重新添加现有对象,但这也失败,原因如下:Ansible 如何使用';列表';此任务中的变量,ansible,Ansible,我是Ansible的新手,目前正在编写一个剧本,使用以下模块部署一些Palo Alto配置: 我做这件事已经一个星期了,现在我想弄清楚为什么这个“清单”不起作用。总之,此代码连接到防火墙,创建新的地址对象,如果存在表示http或https的“服务”变量,则会将此对象添加到现有的防火墙地址组 问题在于添加了防火墙组。完成此任务的任务似乎覆盖了组中的现有对象,而不是附加到组中 为了尝试和解决这个问题,我有一项任务是“发现”现有对象(结果在一个字典中,然后我将其转换为一个列表变量。这个变量+新的服务
"msg": "Failed apply: DevUKST-Web-Servers -> static '['UKST1MXWEB002D-NAT-EFW-01', 'UKST1MXWEB003D-NAT-EFW-01']' is not a valid reference\n DevUKST-Web-Servers -> static is invalid"
}
---
- hosts: localhost
connection: local
gather_facts: false
roles:
- role: PaloAltoNetworks.paloaltonetworks
vars_prompt:
- name: "username"
prompt: "Enter Username"
- name: "password"
prompt: "Enter Password"
vars:
cli:
ip_address: x.x.x.x
username: "{{ username }}"
password: "{{ password }}"
port: 443
objects: []
efwone: "{{ hostname }}-NAT-EFW-01"
tasks:
- name: include variables (free-form)
tags: [dev, prod]
include_vars: vars.yml
no_log: 'false'
# Configure Address Objects
- name: Create object "NAT-EFW-01"
tags: [dev, prod]
panos_address_object:
provider: "{{ cli }}"
name: "{{ hostname }}-NAT-EFW-01"
value: "{{ efw01_serviceip }}"
description: "{{ service_name }} - Public LB Backend pool IP"
commit: false
- name: Create object "Server Object"
tags: [dev, prod]
panos_address_object:
provider: "{{ cli }}"
name: "{{ hostname }}"
value: "{{ serverip }}"
description: "{{ service_name }} - {{ service_type }}"
commit: false
# Find existing objects in webserver address group
- name: Find objects in address group
tags: dev
when: service == "http" or service == "https"
panos_object_facts:
provider: "{{ cli }}"
name: "{{ dgshort }}-Web-Servers"
object_type: "address-group"
register: output
- name: Display Output
tags: [dev, prod]
debug: msg="{{ output.results.static_value }}"
- name: Display efwone
tags: [dev, prod]
debug: var=efwone
- name: Populate list with address objects
tags: [dev, prod]
set_fact:
objects: "{{ output.results.static_value + [ efwone ] }}"
- name: Display new object list
tags: [dev, prod]
debug: var=objects
# Add EFW objects to address group if 80/443
- name: Update Web-Servers group dev
tags: dev
when: service == "http" or service == "https"
panos_address_group:
provider: "{{ cli }}"
name: "{{ dgshort }}-Web-Servers"
static_value: [ "{{ objects }}" ]
commit: false
ok: [localhost] => {
"changed": false,
"invocation": {
"module_args": {
"api_key": null,
"device_group": "shared",
"ip_address": null,
"name": "DevUKST-Web-Servers",
"name_regex": null,
"object_type": "address-group",
"password": null,
"port": 443,
"provider": {
"api_key": null,
"ip_address": "x.x.x.x",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 443,
"serial_number": null,
"username": "xxxx"
},
"username": "admin",
"vsys": "vsys1"
}
},
"objects": [
{
"description": null,
"dynamic_value": null,
"name": "DevUKST-Web-Servers",
"static_value": [
"UKST1MXWEB002D-NAT-EFW-01",
"UKST1MXWEB003D-NAT-EFW-01"
],
"tag": null
}
],
"results": {
"description": null,
"dynamic_value": null,
"name": "DevUKST-Web-Servers",
"static_value": [
"UKST1MXWEB002D-NAT-EFW-01",
"UKST1MXWEB003D-NAT-EFW-01"
],
"tag": null
}
}
TASK [Display Output] **********************************************************************************************************************************************************
task path: /etc/ansible/playbooks/NETOPS/AZURE/PALO/deployserviceparams.yml:91
ok: [localhost] => {
"msg": [
"UKST1MXWEB002D-NAT-EFW-01",
"UKST1MXWEB003D-NAT-EFW-01"
]
}
TASK [Display efwone] **********************************************************************************************************************************************************
task path: /etc/ansible/playbooks/NETOPS/AZURE/PALO/deployserviceparams.yml:95
ok: [localhost] => {
"efwone": "Test-NAT-EFW-01"
}
TASK [Populate list with address objects] **************************************************************************************************************************************
task path: /etc/ansible/playbooks/NETOPS/AZURE/PALO/deployserviceparams.yml:100
ok: [localhost] => {
"ansible_facts": {
"objects": [
"UKST1MXWEB002D-NAT-EFW-01",
"UKST1MXWEB003D-NAT-EFW-01",
"Test-NAT-EFW-01"
]
},
"changed": false
}
TASK [Display new object list] *************************************************************************************************************************************************
task path: /etc/ansible/playbooks/NETOPS/AZURE/PALO/deployserviceparams.yml:105
ok: [localhost] => {
"objects": [
"UKST1MXWEB002D-NAT-EFW-01",
"UKST1MXWEB003D-NAT-EFW-01",
"Test-NAT-EFW-01"
]
}
fatal: [localhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"api_key": null,
"commit": false,
"description": null,
"device_group": "shared",
"dynamic_value": null,
"ip_address": null,
"name": "DevUKST-Web-Servers",
"password": null,
"port": 443,
"provider": {
"api_key": null,
"ip_address": "x.x.x.x",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 443,
"serial_number": null,
"username": "xxxxx"
},
"state": "present",
"static_value": [
[
"UKST1MXWEB002D-NAT-EFW-01",
"UKST1MXWEB003D-NAT-EFW-01",
"Test-NAT-EFW-01"
]
],
"tag": null,
"username": "admin",
"vsys": "vsys1"
}
},
"msg": "Failed apply: DevUKST-Web-Servers -> static Node can be at most 63 characters, but current length: 77 value: ['UKST1MXWEB002D-NAT-EFW-01', 'UKST1MXWEB003D-NAT-EFW-01', 'Test-NAT-EFW-01']...\n DevUKST-Web-Servers -> static is invalid"
<强>免责声明< /强>这是一个完全盲目的调试,因为我不能从原始帖子中复制任何东西。总是考虑是否有可能。
文件中明确说明它正在等待“地址对象”列表:
static_value:
description:
- List of address objects to be included in the group.
type: list
"static_value": [
[
"UKST1MXWEB002D-NAT-EFW-01",
"UKST1MXWEB003D-NAT-EFW-01",
"Test-NAT-EFW-01"
]
]
static_value: [ "{{ objects }}" ]
<强>免责声明< /强>这是一个完全盲目的调试,因为我不能从原始帖子中复制任何东西。总是考虑是否有可能。
文件中明确说明它正在等待“地址对象”列表:
static_value:
description:
- List of address objects to be included in the group.
type: list
"static_value": [
[
"UKST1MXWEB002D-NAT-EFW-01",
"UKST1MXWEB003D-NAT-EFW-01",
"Test-NAT-EFW-01"
]
]
static_value: [ "{{ objects }}" ]
我真不敢相信这有多简单!非常感谢。我从来没有注意到这是一个列表中的一个列表,直到你指出它。现在看看结果,这两组[]。如果这解决了你的问题,你应该接受答案,让其他人知道有一个实际的解决方案。我不敢相信这有多简单!非常感谢。我甚至从未注意到这是一个列表中的一个列表,直到你指出它。现在看这两组[]的结果其实很明显。如果这解决了您的问题,您应该接受答案,让其他人知道有实际的解决方案。