Ansible 如何检查嵌套字典列表中的项是否存在于另一个字典列表中?
开发者社区大家好 这是我在这里的第一篇帖子:-)我对Ansible比较陌生,希望在以下方面得到一些帮助。我正在尝试创建一些脚本来管理Citrix NetScaler VPX上的功能。在本例中,我想部署一个包含已定义SSL密码的SSL密码组。 我在YAML文件中定义了以下数据结构:Ansible 如何检查嵌套字典列表中的项是否存在于另一个字典列表中?,ansible,citrix,netscaler,Ansible,Citrix,Netscaler,开发者社区大家好 这是我在这里的第一篇帖子:-)我对Ansible比较陌生,希望在以下方面得到一些帮助。我正在尝试创建一些脚本来管理Citrix NetScaler VPX上的功能。在本例中,我想部署一个包含已定义SSL密码的SSL密码组。 我在YAML文件中定义了以下数据结构: nsapp_sslciphergroup: - ciphergroupname: "TEST_1" sslcipher: - ciphername:
nsapp_sslciphergroup:
- ciphergroupname: "TEST_1"
sslcipher:
- ciphername: "TLS1.3-AES256-GCM-SHA384"
cipherpriority: "1"
- ciphername: "TLS1.3-CHACHA20-POLY1305-SHA256"
cipherpriority: "2"
- ciphername: "TLS1.3-AES128-GCM-SHA256"
cipherpriority: "3"
- ciphergroupname: "TEST_2"
sslcipher:
- ciphername: "TLS1.2-ECDHE-RSA-AES256-GCM-SHA384"
cipherpriority: "1"
- ciphername: "TLS1.2-ECDHE-RSA-AES128-GCM-SHA256"
cipherpriority: "2"
- ciphername: "TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384"
cipherpriority: "3"
NetScaler本身不允许将相同的密码再次绑定到给定的密码组中,因此在进行任何更改之前,我需要检查密码组及其绑定是否已经存在。所以第一次运行是可以的,但是任何连续运行都会失败,因为给定的密码名已经绑定到密码组。
当前代码如下所示:
- name: "Add SSL ciphergroup binding(s)"
netscaler_nitro_request:
<<: *nitro_login
operation: add
resource: sslcipher_sslciphersuite_binding
name: ""
attributes:
ciphergroupname: "{{ item.0.ciphergroupname }}"
ciphername: "{{ item.1.ciphername }}"
cipherpriority: "{{ item.1.cipherpriority }}"
register: add_sslcipher_sslciphersuite_binding_result
with_subelements:
- "{{ nsapp_sslciphergroup }}"
- "sslcipher"
- skip_missing: true
我正在尝试在“with_subelements”部分之后添加一个“when”子句,但是脚本的add部分总是希望运行
请任何人告诉我,检查“get\u sslcipher\u sslciphersuite\u binding\u result”变量是否包含给定密码组的给定密码名的正确方法是什么
非常感谢 解决方案是让模块报告故障并测试错误代码
failed_when:
- add_sslcipher_sslciphersuite_binding_result.nitro_errorcode != 0
- add_sslcipher_sslciphersuite_binding_result.nitro_errorcode != 3741
如果模块在成功更新资源时返回“0”,则可能可以使用
changed_when:
- add_sslcipher_sslciphersuite_binding_result.nitro_errorcode == 0
不是幂等的 问:NetScaler本身不允许将相同的密码再次绑定到给定的密码组中,因此在进行任何更改之前,我需要检查密码组及其绑定是否已经存在。因此,第一次运行是可以的,但是任何连续运行都会失败,因为给定的密码名已经绑定到密码组。当前代码如下所示:
- name: "Add SSL ciphergroup binding(s)"
netscaler_nitro_request:
<<: *nitro_login
operation: add
resource: sslcipher_sslciphersuite_binding
name: ""
attributes:
ciphergroupname: "{{ item.0.ciphergroupname }}"
ciphername: "{{ item.1.ciphername }}"
cipherpriority: "{{ item.1.cipherpriority }}"
register: add_sslcipher_sslciphersuite_binding_result
with_subelements:
- "{{ nsapp_sslciphergroup }}"
- "sslcipher"
- skip_missing: true
-name:“添加SSL密码组绑定”
netscaler\u nitro\u请求:
刚刚黑了它:-)
“指定密码已绑定更高优先级”的NS错误代码为3741。只是在失败的情况下添加了它
- name: "Add SSL ciphergroup binding(s) if they do *NOT* exist"
netscaler_nitro_request:
<<: *nitro_login
operation: add
resource: sslcipher_sslciphersuite_binding
name: ""
attributes:
ciphergroupname: "{{ item.0.ciphergroupname }}"
ciphername: "{{ item.1.ciphername }}"
cipherpriority: "{{ item.1.cipherpriority }}"
register: add_sslcipher_sslciphersuite_binding_result
until: ( add_sslcipher_sslciphersuite_binding_result is succeeded )
retries: 6
delay: 5
with_subelements:
- "{{ nsapp_sslciphergroup }}"
- "sslcipher"
- skip_missing: true
failed_when: ( (add_sslcipher_sslciphersuite_binding_result.nitro_errorcode != 0) and (add_sslcipher_sslciphersuite_binding_result.nitro_errorcode != 3741) )
- debug:
var: add_sslcipher_sslciphersuite_binding_result
tags: [ never, debug ]
- assert:
that: ( (add_sslcipher_sslciphersuite_binding_result.results[{{ item }}].nitro_errorcode == 0) or (add_sslcipher_sslciphersuite_binding_result.results[{{ item }}].nitro_errorcode == 3741) )
fail_msg: "[ERROR] Operation failed!"
success_msg: "[OK] Operation successful."
loop: "{{ nsapp_sslciphergroup }}"
loop_control:
index_var: item
-name:“如果SSL密码组绑定*不*存在,则添加它们”
netscaler\u nitro\u请求:
“任何连续运行都会失败,因为给定的密码名已绑定到密码组”?错误消息是什么?不幸的是,对于NetScaler,情况并非如此:-(大多数NetScaler REST API查询都是以这种方式工作的,完全没有幂等性。除此之外“changed_when”可能使它也成为幂等的。请参见下文。
- name: "Add SSL ciphergroup binding(s)"
netscaler_nitro_request:
<<: *nitro_login
operation: add
resource: sslcipher_sslciphersuite_binding
name: ""
attributes:
ciphergroupname: "{{ item.0.ciphergroupname }}"
ciphername: "{{ item.1.ciphername }}"
cipherpriority: "{{ item.1.cipherpriority }}"
register: add_sslcipher_sslciphersuite_binding_result
with_subelements:
- "{{ nsapp_sslciphergroup }}"
- "sslcipher"
- skip_missing: true
- name: "Add SSL ciphergroup binding(s) if they do *NOT* exist"
netscaler_nitro_request:
<<: *nitro_login
operation: add
resource: sslcipher_sslciphersuite_binding
name: ""
attributes:
ciphergroupname: "{{ item.0.ciphergroupname }}"
ciphername: "{{ item.1.ciphername }}"
cipherpriority: "{{ item.1.cipherpriority }}"
register: add_sslcipher_sslciphersuite_binding_result
until: ( add_sslcipher_sslciphersuite_binding_result is succeeded )
retries: 6
delay: 5
with_subelements:
- "{{ nsapp_sslciphergroup }}"
- "sslcipher"
- skip_missing: true
failed_when: ( (add_sslcipher_sslciphersuite_binding_result.nitro_errorcode != 0) and (add_sslcipher_sslciphersuite_binding_result.nitro_errorcode != 3741) )
- debug:
var: add_sslcipher_sslciphersuite_binding_result
tags: [ never, debug ]
- assert:
that: ( (add_sslcipher_sslciphersuite_binding_result.results[{{ item }}].nitro_errorcode == 0) or (add_sslcipher_sslciphersuite_binding_result.results[{{ item }}].nitro_errorcode == 3741) )
fail_msg: "[ERROR] Operation failed!"
success_msg: "[OK] Operation successful."
loop: "{{ nsapp_sslciphergroup }}"
loop_control:
index_var: item