Ansible: ansible_become_user를 확인하는 방법 및 사용자 입력 프롬프트가 누락된 경우(여러 호스트)

tag-icon tag-icon prompt ansible
Ansible: ansible_become_user를 확인하는 방법 및 사용자 입력 프롬프트가 누락된 경우(여러 호스트)

여러 호스트를 사용하고 있으며 ansible_become_user 및 ansible_become_password가 매니페스트 또는 플레이북에 설정되지 않은 경우 사용자에게 sudo 사용자 이름과 비밀번호를 묻는 메시지를 표시하고 싶습니다.

나는 다음을 사용합니다 :

재고 파일:

os:
  children:
    centos:
      hosts:
        clean_centos_1:
          vars:
          ansible_become_user: root
          ansible_become_password: root
    rocky:
      hosts:
        clean_rocky_1:
    ubuntu:
      hosts:
        clean_ubuntu_1:
    debian:
      hosts:
        clean_debian_1:
    alpine:
      hosts:
        clean_alpine_1:
          vars:
          ansible_become_user: root
          ansible_become_password: root
  vars:
    ansible_user: test 
    ansible_password: test

스크립트

- name: "PLAY1"
  hosts: all
  gather_facts: no

  tasks:
## Identify ansible_become_user if present
#------------------------------------------------------
  - name: "Test if ansible_become_user is empty" 
    debug:
      var: ansible_become_user
    register: result
    when: ansible_become_user | length > 0
    ignore_errors: yes

  - name: "Set status_ansible_become_user"
    set_fact:
      status_ansible_become_user: "{{ status_ansible_become_user|default({}) | combine( { ansible_host: 'absent' if result.failed is true else 'present' }) }}"


## Get user input
#------------------------------------------------------
  - name: "User-input: <ansible_become_user>"
    pause:
      prompt: "\nEnter root username or sudo username for host: {{ansible_host}}"
    when: item == 'absent'
    loop: "{{status_ansible_become_user.values()}}"

  - set_fact:
      ansible_become_user: "{{ result.user_input }}"
    when: result.failed is false


  - debug:
      var: item == 'absent'
    loop: "{{status_ansible_become_user.values()}}"

위의 예에서는 clean_centos_1이 줄의 첫 번째에 위치하고 ansible_become_user 및 ansible_become_passwor가 설정되어 있으므로 아래와 같이 다른 호스트는 건너뛰게 되며 프롬프트가 표시되지 않습니다.

TASK [User-input: <ansible_become_user>] **********************************************************************************************************************************************************************************************************************************
skipping: [clean_centos_1] => (item=present)

TASK [set_fact] ***********************************************************************************************************************************************************************************************************************************************************
fatal: [clean_centos_1]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'user_input'\n\nThe error appears to be in '/git/ansible/role/rar.pkg.python/playbook/test.yml': line 28, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n  - set_fact:\n    ^ here\n"}
skipping: [clean_rocky_1]
skipping: [clean_debian_1]
skipping: [clean_ubuntu_1]
fatal: [clean_alpine_1]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'user_input'\n\nThe error appears to be in '/git/ansible/role/rar.pkg.python/playbook/test.yml': line 28, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n  - set_fact:\n    ^ here\n"}

질문:
ansible_become_user 및 ansible_become_password가 설정되었는지 올바르게 확인하려면 어떻게 해야 하며, 그렇지 않은 경우 호스트마다 다를 수 있는 ansible_become_user 및 ansible_become_password를 사용하라는 메시지를 어떻게 표시합니까?

답변1

예를 들어, 다음 스크립트에서

- hosts: all
  gather_facts: false
  vars:
    ab: "{{ hostvars|dict2items|json_query(_query) }}"
    _query: "[].{host: key,
                 ansible_become_user: value.ansible_become_user,
                 ansible_become_password: value.ansible_become_password}"
    ab_hosts: "{{ ab|map(attribute='host')|list }}"
    ab_dict: "{{ dict(ab_hosts|zip(ab)) }}"
  tasks:
    - block:
        - include_tasks: enter_ansible_become.yml
          loop: "{{ ab }}"
        - set_fact:
            ab_dict: "{{ ab_dict|combine(ab_update, recursive=True) }}"
      run_once: true
    - add_host:
        groups: test
        hostname: "{{ item.key }}"
        ansible_become_user: "{{ item.value.ansible_become_user }}"
        ansible_become_password: "{{ item.value.ansible_become_password }}"
      loop: "{{ ab_dict|dict2items }}"

- hosts: test
  gather_facts: false
  tasks:
    - debug:
        msg: |-
          ansible_become_user: {{ ansible_become_user }}
          ansible_become_password: {{ ansible_become_password }}

호스트와 변수의 목록과 사전 생성

  ab:
  - ansible_become_password: root
    ansible_become_user: root
    host: clean_centos_1
  - ansible_become_password: null
    ansible_become_user: null
    host: clean_rocky_1
  - ansible_become_password: null
    ansible_become_user: null
    host: clean_ubuntu_1
  - ansible_become_password: null
    ansible_become_user: null
    host: clean_debian_1
  - ansible_become_password: root
    ansible_become_user: root
    host: clean_alpine_1

  ab_dict:
    clean_alpine_1:
      ansible_become_password: root
      ansible_become_user: root
      host: clean_alpine_1
    clean_centos_1:
      ansible_become_password: root
      ansible_become_user: root
      host: clean_centos_1
    clean_debian_1:
      ansible_become_password: null
      ansible_become_user: null
      host: clean_debian_1
    clean_rocky_1:
      ansible_become_password: null
      ansible_become_user: null
      host: clean_rocky_1
    clean_ubuntu_1:
      ansible_become_password: null
      ansible_become_user: null
      host: clean_ubuntu_1

한 번 실행하여 블록의 목록을 반복하고 파일의 작업을 포함합니다.Enter_ansible_become.yml

shell> cat enter_ansible_become.yml
- block:
    - pause:
        prompt: "[{{ item.host }}] Enter ansible_become_user"
      register: result
    - set_fact:
        ab_update: "{{ ab_update|d({})|combine(update, recursive=True) }}"
      vars:
        update: "{{ {item.host: {'ansible_become_user': result.user_input}} }}"
  when: not item.ansible_become_user

- block:
    - pause:
        prompt: "[{{ item.host }}] Enter ansible_become_password"
      register: result
    - set_fact:
        ab_update: "{{ ab_update|d({})|combine(update, recursive=True) }}"
      vars:
        update: "{{ {item.host: {'ansible_become_password': result.user_input}} }}"
  when: not item.ansible_become_password

(선택 사항) echo: false비밀번호를 숨기도록 매개변수를 설정합니다. 기본값은 다음과 같습니다.진짜. 바라보다에코.

예를 들어 누락된 변수의 값을 입력합니다.

TASK [pause] *********************************************************************************
[pause]
[clean_rocky_1] Enter ansible_become_user:
admin1^Mok: [clean_centos_1]

TASK [set_fact] ******************************************************************************
ok: [clean_centos_1]

TASK [pause] *********************************************************************************
[pause]
[clean_rocky_1] Enter ansible_become_password:
123^Mok: [clean_centos_1]

TASK [set_fact] ******************************************************************************
ok: [clean_centos_1]

TASK [pause] *********************************************************************************
[pause]
[clean_ubuntu_1] Enter ansible_become_user:
admin2^Mok: [clean_centos_1]

TASK [set_fact] ******************************************************************************
ok: [clean_centos_1]

TASK [pause] *********************************************************************************
[pause]
[clean_ubuntu_1] Enter ansible_become_password:
456^Mok: [clean_centos_1]

TASK [set_fact] ******************************************************************************
ok: [clean_centos_1]

TASK [pause] *********************************************************************************
[pause]
[clean_debian_1] Enter ansible_become_user:
admin3^Mok: [clean_centos_1]

TASK [set_fact] ******************************************************************************
ok: [clean_centos_1]

TASK [pause] *********************************************************************************
[pause]
[clean_debian_1] Enter ansible_become_password:
789^Mok: [clean_centos_1]

TASK [set_fact] ******************************************************************************
ok: [clean_centos_1]

이렇게 하면 사전이 생성됩니다.ab_update

  ab_update:
    clean_debian_1:
      ansible_become_password: '789'
      ansible_become_user: admin3
    clean_rocky_1:
      ansible_become_password: '123'
      ansible_become_user: admin1
    clean_ubuntu_1:
      ansible_become_password: '456'
      ansible_become_user: admin2

여전히 블록에 있으며 사전을 결합합니다.

  ab_dict:
    clean_alpine_1:
      ansible_become_password: root
      ansible_become_user: root
      host: clean_alpine_1
    clean_centos_1:
      ansible_become_password: root
      ansible_become_user: root
      host: clean_centos_1
    clean_debian_1:
      ansible_become_password: '789'
      ansible_become_user: admin3
      host: clean_debian_1
    clean_rocky_1:
      ansible_become_password: '123'
      ansible_become_user: admin1
      host: clean_rocky_1
    clean_ubuntu_1:
      ansible_become_password: '456'
      ansible_become_user: admin2
      host: clean_ubuntu_1

다음 작업에서 모듈을 사용하세요호스트 추가동적 그룹을 생성하고시험. 다음 게임에서 이 그룹을 사용하세요. 변수는 올바르게 선언되어야 합니다.

PLAY [test] **********************************************************************************

TASK [debug] *********************************************************************************
ok: [clean_centos_1] => 
  msg: |-
    ansible_become_user: root
    ansible_become_password: root
ok: [clean_rocky_1] => 
  msg: |-
    ansible_become_user: admin1
    ansible_become_password: 123
ok: [clean_ubuntu_1] => 
  msg: |-
    ansible_become_user: admin2
    ansible_become_password: 456
ok: [clean_debian_1] => 
  msg: |-
    ansible_become_user: admin3
    ansible_become_password: 789
ok: [clean_alpine_1] => 
  msg: |-
    ansible_become_user: root
    ansible_become_password: root

관련 정보