Python 无法通过Ansible作为Jinja模板部署云形成
我的角色,main.yml如下所示Python 无法通过Ansible作为Jinja模板部署云形成,python,ansible,jinja2,amazon-cloudformation,aws-systems-manager,Python,Ansible,Jinja2,Amazon Cloudformation,Aws Systems Manager,我的角色,main.yml如下所示 cat ansible/playbooks/roles/patching-cf-ssm/tasks/main.yml --- - include_vars: "{{playbook_dir}}/vars/patching-config.yml" ignore_errors: yes - name: Create a Cloudformation Stack Windows cloudformation: stack_nam
cat ansible/playbooks/roles/patching-cf-ssm/tasks/main.yml
---
- include_vars: "{{playbook_dir}}/vars/patching-config.yml"
ignore_errors: yes
- name: Create a Cloudformation Stack Windows
cloudformation:
stack_name: "something pleasant-static"
state: "present"
region: "{{ AWS_REGION }}"
disable_rollback: true
template_body: "{{ lookup('template', '../../cloudformation/patching/PatchBaseline.yaml.j2') }}"
#when: OStype == "WINDOWS"
with_items: "{{ my_os_baseline }}"
[ansible@ip-172-31-40-59 awsManagedServiceInstance]$ cat ansible/playbooks/vars/patching-config.yml
---
AWS_REGION: ap-southeast-2
my_os_baseline:
- OS: "WINDOWS"
PatchGroup:
- "WinProdLastFri09PM01"
- "WinProdLastSat09PM01"
- "WinNonProdDayOne09PM01"
- "WinNonProdDayTwo09PM01"
ApproveAfterDays: 7
SEVERITY: "MSRC_SEVERITY"
ComplianceLevel: "CRITICAL"
CLASSIFICATION_Values: |
- SecurityUpdates
- Updates
- ServicePacks
- UpdateRollups
- CriticalUpdates
- DefinitionUpdates
- Drivers
- FeaturePacks
- Tools
- UpdateRollups
- Updates
- Upgrades
PatchFilters_Values: |
- Critical
- Important
- OS: "REDHAT_ENTERPRISE_LINUX"
PatchGroup:
- "RHELProdLastFri09PM01"
- "RHELProdLastSat09PM01"
- "RHELNonProdDayOne09PM01"
- "RHELNonProdDayTwo09PM01"
ApproveAfterDays: 7
ComplianceLevel: "CRITICAL"
SEVERITY: "SEVERITY"
CLASSIFICATION_Values: |
- Security
- Bugfix
- Enhancement
- Recommended
- Newpackage
PatchFilters_Values: |
- Critical
- Important
- Moderate
- OS: "UBUNTU"
PatchGroup:
- "UBUNTUProdLastFri09PM01"
- "UBUNTUProdLastSat09PM01"
- "UBUNTUNonProdDayOne09PM01"
- "UBUNTUNonProdDayTwo09PM01"
ApproveAfterDays: 7
ComplianceLevel: "CRITICAL"
SEVERITY: "SEVERITY"
CLASSIFICATION_Values: |
- Security
- Bugfix
- Enhancement
- Recommended
- Newpackage
PatchFilters_Values: |
- Critical
- Important
- Moderate
- OS: "CENTOS"
PatchGroup:
- "CENTOSProdLastFri09PM01"
- "CENTOSProdLastSat09PM01"
- "CENTOSNonProdDayOne09PM01"
- "CENTOSNonProdDayTwo09PM01"
ApproveAfterDays: 7
ComplianceLevel: "CRITICAL"
SEVERITY: "SEVERITY"
CLASSIFICATION_Values: |
- Security
- Bugfix
- Enhancement
- Recommended
- Newpackage
PatchFilters_Values: |
- Critical
- Important
- Moderate
- OS: "AMAZON_LINUX_2"
PatchGroup:
- "AMAZON_LINUX_2ProdLastFri09PM01"
- "AMAZON_LINUX_2ProdLastSat09PM01"
- "AMAZON_LINUX_2NonProdDayOne09PM01"
- "AMAZON_LINUX_2NonProdDayTwo09PM01"
ApproveAfterDays: 7
ComplianceLevel: "CRITICAL"
SEVERITY: "SEVERITY"
CLASSIFICATION_Values: |
- Security
- Bugfix
- Enhancement
- Recommended
- Newpackage
PatchFilters_Values: |
- Critical
- Important
- Moderate
my_windows_maintenance:
- name: "Create-Patching-Schedule"
tag_value: "myProdA"
rebootSetting: "never"
PatchGroup: "WinProdLastFri09PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 ? * 6L *)"
- name: "Create-Patching-Schedule"
tag_value: "myProdB"
rebootSetting: "never"
PatchGroup: "WinProdLastSat09PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 ? * 7L *)"
- name: "Create-Patching-Schedule"
tag_value: "myWinNonProd"
rebootSetting: "never"
PatchGroup: "WinNonProdDayOne09PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 1 * ? *)"
- name: "Create-Patching-Schedule"
OS: "WINDOWS"
tag_value: "myWinNonProdOneTime"
rebootSetting: "never"
PatchGroup: "WinNonProdDayTwo09PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 2 * ? *)"
my_linux_maintenance:
- name: "Create-Patching-Schedule"
OS: "REDHAT_ENTERPRISE_LINUX"
tag_value: "myLinuxProdA"
rebootSetting: "never"
PatchGroup: "RHELProdLastFri09PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 ? * 6L *)"
- name: "Create-Patching-Schedule"
OS: "REDHAT_ENTERPRISE_LINUX"
tag_value: "myLinuxProdB"
rebootSetting: "never"
PatchGroup: "RHELProdLastSat09PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 ? * 7L *)"
- name: "Create-Patching-Schedule"
OS: "REDHAT_ENTERPRISE_LINUX"
tag_value: "myLinuxNonProd"
rebootSetting: "never"
PatchGroup: "RHELNonProdDayOne9PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 1 * ? *)"
- name: "Create-Patching-Schedule"
OS: "REDHAT_ENTERPRISE_LINUX"
tag_value: "myLinuxNonProdOneTime"
rebootSetting: "never"
PatchGroup: "RHELNonProdDayTwo09PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 2 * ? *)"
- name: "Create-Patching-Schedule"
OS: "UBUNTU"
tag_value: "myLinuxProdA"
rebootSetting: "never"
PatchGroup: "UBUNTUProdLastFri09PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 ? * 6L *)"
- name: "Create-Patching-Schedule"
OS: "UBUNTU"
tag_value: "myLinuxProdB"
rebootSetting: "never"
PatchGroup: "UBUNTUProdLastSat09PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 ? * 7L *)"
- name: "Create-Patching-Schedule"
OS: "UBUNTU"
tag_value: "myLinuxNonProd"
rebootSetting: "never"
PatchGroup: "UBUNTUNonProdDayOne9PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 1 * ? *)"
- name: "Create-Patching-Schedule"
OS: "UBUNTU"
tag_value: "myLinuxNonProdOneTime"
rebootSetting: "never"
PatchGroup: "UBUNTUNonProdDayTwo9PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 2 * ? *)"
- name: "Create-Patching-Schedule"
OS: "CENTOS"
tag_value: "myLinuxProdA"
rebootSetting: "never"
PatchGroup: "RHELProdLastFri09PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 ? * 6L *)"
- name: "Create-Patching-Schedule"
OS: "CENTOS"
tag_value: "myLinuxProdB"
rebootSetting: "never"
PatchGroup: "RHELProdLastSat09PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 ? * 7L *)"
- name: "Create-Patching-Schedule"
OS: "CENTOS"
tag_value: "myLinuxNonProd"
rebootSetting: "never"
PatchGroup: "RHELNonProdDayOne9PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 1 * ? *)"
- name: "Create-Patching-Schedule"
OS: "CENTOS"
tag_value: "myLinuxNonProdOneTime"
rebootSetting: "never"
PatchGroup: "RHELNonProdDayTwo9PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 2 * ? *)"
- name: "Create-Patching-Schedule"
OS: "AMAZON_LINUX_2"
tag_value: "myLinuxProdA"
rebootSetting: "never"
PatchGroup: "RHELProdLastFri09PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 ? * 6L *)"
- name: "Create-Patching-Schedule"
OS: "AMAZON_LINUX_2"
tag_value: "myLinuxProdB"
rebootSetting: "never"
PatchGroup: "RHELProdLastSat09PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 ? * 7L *)"
- name: "Create-Patching-Schedule"
OS: "AMAZON_LINUX_2"
tag_value: "myLinuxNonProd"
rebootSetting: "never"
PatchGroup: "RHELNonProdDayOne9PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 1 * ? *)"
- name: "Create-Patching-Schedule"
OS: "AMAZON_LINUX_2"
tag_value: "myLinuxNonProdOneTime"
rebootSetting: "never"
PatchGroup: "RHELNonProdDayTwo9PM01"
startDate: "2020-07-01T00:00:00Z"
expiryDate: "2020-07-31T23:59:59Z"
duration: 6
cutoff: 2
timeZone: "Australia/Sydney"
schedule: "cron(0 0 21 2 * ? *)"
...
[ansible@ip-172-31-40-59 awsManagedServiceInstance]$ cat cloudformation/patching/PatchBaseline.yaml.j2
---
Resources:
WindowsBaseline:
Type: AWS::SSM::PatchBaseline
Properties:
Name: My-Managed-{{item.OS}}-Baseline
Description: {{item.OS}} Baseline for {{item.SEVERITY}} with Rating {{item.PatchFilters_Values}}
OperatingSystem: {{ item.OS }}
PatchGroups:
- {{ item.PatchGroup | indent( width=7, indentfirst=True ) }}
# - WinProdLastFri09PM01
# - WinProdLastSat09PM01
# - WinNonProdDayOne09PM01
# - WinNonProdDayTwo09PM01
ApprovalRules:
PatchRules:
- PatchFilterGroup:
PatchFilters:
- Values:
{{ item.PatchFilters_Values | indent( width=14, indentfirst=True ) }}
Key: {{ item.SEVERITY }}
- Values:
{{ item.CLASSIFICATION_Values | indent( width=14, indentfirst=True ) }}
Key: CLASSIFICATION
- Values:
- APPLICATION
Key: PATCH_SET
ApproveAfterDays: 7
ComplianceLevel: CRITICAL
fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'template'. Error was a <type 'exceptions.AttributeError'>, original message: 'list' object has no attribute 'splitlines'"}
fatal:[localhost]:失败!=>{“msg”:“运行查找插件“template”时发生未处理的异常。错误是,原始消息:“list”对象没有属性“splitlines”}
列表-调试:
msg:“{{[“alpha”,“beta”]|缩进(宽度=7,缩进第一个=True)}”
列表
-调试:
msg:“{[“alpha”,“beta”]| join(“\n”)| indent(width=7,indentfirst=True)}”
这当然对我有所帮助,但我又遇到了另一个问题:(
- {{ item.PatchGroup | indent( width=7, indentfirst=True ) }}