Ansible 如何使用'；列表'；此任务中的变量_Ansible

Ansible 如何使用'；列表'；此任务中的变量

ansible

Ansible 如何使用'；列表'；此任务中的变量,ansible,Ansible,我是Ansible的新手，目前正在编写一个剧本，使用以下模块部署一些Palo Alto配置：我做这件事已经一个星期了，现在我想弄清楚为什么这个“清单”不起作用。总之，此代码连接到防火墙，创建新的地址对象，如果存在表示http或https的“服务”变量，则会将此对象添加到现有的防火墙地址组问题在于添加了防火墙组。完成此任务的任务似乎覆盖了组中的现有对象，而不是附加到组中为了尝试和解决这个问题，我有一项任务是“发现”现有对象（结果在一个字典中，然后我将其转换为一个列表变量。这个变量+新的服务

我是Ansible的新手，目前正在编写一个剧本，使用以下模块部署一些Palo Alto配置：

我做这件事已经一个星期了，现在我想弄清楚为什么这个“清单”不起作用。总之，此代码连接到防火墙，创建新的地址对象，如果存在表示http或https的“服务”变量，则会将此对象添加到现有的防火墙地址组

问题在于添加了防火墙组。完成此任务的任务似乎覆盖了组中的现有对象，而不是附加到组中

为了尝试和解决这个问题，我有一项任务是“发现”现有对象（结果在一个字典中，然后我将其转换为一个列表变量。这个变量+新的服务器变量然后在“static_value”作业中用于更新地址组。这似乎不起作用，看起来好像它超过了字符限制，就像它是一个字符串一样

我还尝试自行重新添加现有对象，但这也失败，原因如下：

"msg": "Failed apply:  DevUKST-Web-Servers -> static '['UKST1MXWEB002D-NAT-EFW-01', 'UKST1MXWEB003D-NAT-EFW-01']' is not a valid reference\n DevUKST-Web-Servers -> static is invalid"
}

我能让它以某种方式工作的一次是，在“将EFW对象添加到地址组if 80/443”任务中使用“with_items”循环来填充静态_值。它循环查找对象任务中的“result”并在末尾添加新的地址对象“efwone”。问题是每次都会用每个结果覆盖它它循环

这是我正在运行的剧本

---

 - hosts: localhost
   connection: local
   gather_facts: false

   roles:
    - role: PaloAltoNetworks.paloaltonetworks

  vars_prompt:
    - name: "username"
      prompt: "Enter Username"
    - name: "password"
      prompt: "Enter Password"

  vars:
     cli:
         ip_address: x.x.x.x
         username: "{{ username }}"
         password: "{{ password }}"
         port: 443  

     objects: []
     efwone: "{{ hostname }}-NAT-EFW-01"

  tasks: 
    - name: include variables (free-form)
      tags: [dev, prod]
      include_vars: vars.yml   
      no_log: 'false'

 # Configure Address Objects

    - name: Create object "NAT-EFW-01"
      tags: [dev, prod]
      panos_address_object:
         provider: "{{ cli }}"
         name: "{{ hostname }}-NAT-EFW-01"
         value: "{{ efw01_serviceip }}"
         description: "{{ service_name }} - Public LB Backend pool IP"
         commit: false

    - name: Create object "Server Object"
      tags: [dev, prod]
      panos_address_object:
          provider: "{{ cli }}"
          name: "{{ hostname }}"
          value: "{{ serverip }}"
          description: "{{ service_name }} - {{ service_type }}"
          commit: false

 # Find existing objects in webserver address group

    - name: Find objects in address group
      tags: dev
      when: service == "http" or service == "https"
      panos_object_facts:
       provider: "{{ cli }}"
       name: "{{ dgshort }}-Web-Servers"
       object_type: "address-group"
      register: output

    - name: Display Output
      tags: [dev, prod]
      debug: msg="{{ output.results.static_value }}"

    - name: Display efwone
      tags: [dev, prod]
      debug: var=efwone


    - name: Populate list with address objects
      tags: [dev, prod]
      set_fact: 
         objects: "{{ output.results.static_value + [ efwone ] }}"

    - name: Display new object list
      tags: [dev, prod]
      debug: var=objects

# Add EFW objects to address group if 80/443

    - name: Update Web-Servers group dev
      tags: dev
      when: service == "http" or service == "https"
      panos_address_group:
       provider: "{{ cli }}"
       name: "{{ dgshort }}-Web-Servers"
       static_value: [ "{{ objects }}" ]
       commit: false

这些是结果

ok: [localhost] => {
    "changed": false, 
    "invocation": {
        "module_args": {
            "api_key": null, 
            "device_group": "shared", 
            "ip_address": null, 
            "name": "DevUKST-Web-Servers", 
            "name_regex": null, 
            "object_type": "address-group", 
            "password": null, 
            "port": 443, 
            "provider": {
                "api_key": null, 
                "ip_address": "x.x.x.x", 
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
                "port": 443, 
                "serial_number": null, 
                "username": "xxxx"
            }, 
            "username": "admin", 
            "vsys": "vsys1"
        }
    }, 
    "objects": [
        {
            "description": null, 
            "dynamic_value": null, 
            "name": "DevUKST-Web-Servers", 
            "static_value": [
                "UKST1MXWEB002D-NAT-EFW-01", 
                "UKST1MXWEB003D-NAT-EFW-01"
            ], 
            "tag": null
        }
    ], 
    "results": {
        "description": null, 
        "dynamic_value": null, 
        "name": "DevUKST-Web-Servers", 
        "static_value": [
            "UKST1MXWEB002D-NAT-EFW-01", 
            "UKST1MXWEB003D-NAT-EFW-01"
        ], 
        "tag": null
    }
}

TASK [Display Output] **********************************************************************************************************************************************************
task path: /etc/ansible/playbooks/NETOPS/AZURE/PALO/deployserviceparams.yml:91
ok: [localhost] => {
    "msg": [
        "UKST1MXWEB002D-NAT-EFW-01", 
        "UKST1MXWEB003D-NAT-EFW-01"
    ]
}

TASK [Display efwone] **********************************************************************************************************************************************************
task path: /etc/ansible/playbooks/NETOPS/AZURE/PALO/deployserviceparams.yml:95
ok: [localhost] => {
    "efwone": "Test-NAT-EFW-01"
}

TASK [Populate list with address objects] **************************************************************************************************************************************
task path: /etc/ansible/playbooks/NETOPS/AZURE/PALO/deployserviceparams.yml:100
ok: [localhost] => {
    "ansible_facts": {
        "objects": [
            "UKST1MXWEB002D-NAT-EFW-01", 
            "UKST1MXWEB003D-NAT-EFW-01", 
            "Test-NAT-EFW-01"
        ]
    }, 
    "changed": false
}

TASK [Display new object list] *************************************************************************************************************************************************
task path: /etc/ansible/playbooks/NETOPS/AZURE/PALO/deployserviceparams.yml:105
ok: [localhost] => {
    "objects": [
        "UKST1MXWEB002D-NAT-EFW-01", 
        "UKST1MXWEB003D-NAT-EFW-01", 
        "Test-NAT-EFW-01"
    ]
}

fatal: [localhost]: FAILED! => {
    "changed": false, 
    "invocation": {
        "module_args": {
            "api_key": null, 
            "commit": false, 
            "description": null, 
            "device_group": "shared", 
            "dynamic_value": null, 
            "ip_address": null, 
            "name": "DevUKST-Web-Servers", 
            "password": null, 
            "port": 443, 
            "provider": {
                "api_key": null, 
                "ip_address": "x.x.x.x", 
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
                "port": 443, 
                "serial_number": null, 
                "username": "xxxxx"
            }, 
            "state": "present", 
            "static_value": [
                [
                    "UKST1MXWEB002D-NAT-EFW-01", 
                    "UKST1MXWEB003D-NAT-EFW-01", 
                    "Test-NAT-EFW-01"
                ]
            ], 
            "tag": null, 
            "username": "admin", 
            "vsys": "vsys1"
        }
    }, 
    "msg": "Failed apply:  DevUKST-Web-Servers -> static Node can be at most 63 characters, but current length: 77 value: ['UKST1MXWEB002D-NAT-EFW-01', 'UKST1MXWEB003D-NAT-EFW-01', 'Test-NAT-EFW-01']...\n DevUKST-Web-Servers -> static is invalid"

<强>免责声明< /强>这是一个完全盲目的调试，因为我不能从原始帖子中复制任何东西。总是考虑是否有可能。

文件中明确说明它正在等待“地址对象”列表：

static_value:
    description:
        - List of address objects to be included in the group.
    type: list

注意：我在你文章的其余部分盲目地假设字符串是一个有效的地址对象

在您的跑步输出中，我们可以看到您发送的不是地址对象的列表，而是地址对象的列表

    "static_value": [
                [
                    "UKST1MXWEB002D-NAT-EFW-01", 
                    "UKST1MXWEB003D-NAT-EFW-01", 
                    "Test-NAT-EFW-01"
                ]
            ]

导致这种情况的剧本中有问题的一行出现在您的最后一项任务中：

static_value: [ "{{ objects }}" ]

你的最后一个任务应该是（注意括号）