06 实施任务控制
1. 编写循环和条件任务
1.1 利用循环迭代任务
1.1.1 简单循环
[root@localhost httpd]# vim test.yml --- - hosts: all tasks: - name: create user1 #创建用户1 user: name: user1 # 名字 state: present #状态创建 - name: create user2 user: name: user2 state: present [root@localhost httpd]# ansible-playbook test.yml # 运行 PLAY [all] ***************************************************************************************************** TASK [Gathering Facts] #找事实 ***************************************************************************************** ok: [web01.example.com] TASK [create user1] # 创建第一个******************************************************************************************** changed: [web01.example.com] TASK [create user2] # 创建第2个******************************************************************************************** changed: [web01.example.com] PLAY RECAP ***************************************************************************************************** web01.example.com : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 [root@web01 facts.d]# id user1 uid=1003(user1) gid=1003(user1) 组=1003(user1) # 受控主机查看新创建的2个用户 [root@web01 facts.d]# id user2 uid=1004(user2) gid=1004(user2) 组=1004(user2)
[root@localhost httpd]# vim test.yml --- - hosts: all gather_facts: no tasks: - name: create {{ item }} user: name: '{{ item }}' # item是循环 state: present loop: - user1 # 第一次循环是1 - user2 # 第二次循环是2 - user3 # 第三次循环是3 [root@localhost httpd]# ansible-playbook test.yml PLAY [all] ***************************************************************************************************** TASK [create {{ item }}] *************************************************************************************** ok: [web01.example.com] => (item=user1) # 创建1,2,3 ok: [web01.example.com] => (item=user2) changed: [web01.example.com] => (item=user3) PLAY RECAP ***************************************************************************************************** web01.example.com : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 [root@web01 facts.d]# id user1 # 受管主机查看 uid=1003(user1) gid=1003(user1) 组=1003(user1) [root@web01 facts.d]# id user2 uid=1004(user2) gid=1004(user2) 组=1004(user2) [root@web01 facts.d]# id user3 uid=1005(user3) gid=1005(user3) 组=1005(user3)
[root@localhost httpd]# vim test.yml --- - hosts: all vars: # 加一个变量 users: - user1 - user2 - user3 gather_facts: no tasks: - name: create {{ item }} user: name: '{{ item }}' state: present loop: "{{ users }}" # 循环这个变量 [root@localhost httpd]# ansible-playbook test.yml PLAY [all] ***************************************************************************************************** TASK [create {{ item }}] *************************************************************************************** ok: [web01.example.com] => (item=user1) # 成功创建 ok: [web01.example.com] => (item=user2) ok: [web01.example.com] => (item=user3) PLAY RECAP ***************************************************************************************************** web01.example.com : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
1.1.2 循环散列或字典列表
--- - hosts: all gather_facts: no tasks: - name: create {{ item }} user: name: '{{ item.name }}' # 取用户名字 uid: '{{ item.uid }}' # 取uid 值比较多就要item后面加.加上值 state: present loop: - name: user10 uid: 2000 - name: user20 uid: 2500 [root@localhost httpd]# ansible-playbook test.yml PLAY [all] ***************************************************************************************************** TASK [create {{ item }}] *************************************************************************************** changed: [web01.example.com] => (item={'name': 'user10', 'uid': 2000}) changed: [web01.example.com] => (item={'name': 'user20', 'uid': 2500}) # 用户和uid都创建成功 PLAY RECAP ***************************************************************************************************** web01.example.com : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 [root@web01 facts.d]# id user10 # 受管主机查看 uid=2000(user10) gid=2000(user10) 组=2000(user10) [root@web01 facts.d]# id user20 uid=2500(user20) gid=2500(user20) 组=2500(user20)
1.1.3 较早样式的循环关键字
循环关键字 | 描述 |
with_items | 行为与简单列表的loop关键字相同,例如字符串列表或散列/字典列表。 但与loop不同的是,如果为with_items提供了列表的列表, 它们将被扁平化为单级列表。循环变量item保存每次迭代过程中使用的列表项。 |
with_file | 此关键字需要控制节点文件名列表。循环变量item在每次迭代过程中保存文件列表中相应文件的内容。 |
with_sequence | 此关键字不需要列表,而是需要参数来根据数字序列生成值列表。 循环变量item在每次迭代过程中保存生成的序列中的一个生成项的值。 |
--- - hosts: all vars: # 定义变量 users: - user10 - user20 gather_facts: no tasks: - name: delete user # 删除用户 user: name: '{{ item }}' state: absent # 状态删除 with_items: - "{{ users }}" [root@localhost httpd]# vim test.yml [root@localhost httpd]# ansible-playbook test.yml PLAY [all] ***************************************************************************************************** TASK [delete user] ********************************************************************************************* changed: [web01.example.com] => (item=user10) changed: [web01.example.com] => (item=user20) PLAY RECAP ***************************************************************************************************** web01.example.com : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 [root@web01 ~]# id user10 id: “user10”:无此用户 [root@web01 ~]# id user20 id: “user20”:无此用户
1.1.4 将Register变量与Loop一起使用
--- - hosts: all gather_facts: no tasks: - name: print infomation shell: "echo This is my item: {{ item }}" # 打印 loop: #循环 - one # 打印这两个 - two [root@localhost httpd]# ansible-playbook test.yml PLAY [all] ***************************************************************************************************** TASK [print infomation] **************************************************************************************** changed: [web01.example.com] => (item=one) changed: [web01.example.com] => (item=two) #执行成功,但是看不到 PLAY RECAP ***************************************************************************************************** web01.example.com : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 [root@localhost httpd]# vim test.yml --- - hosts: all gather_facts: no tasks: - name: print infomation shell: "echo This is my item: {{ item }} >> /tmp/abc" # 如果想看到效果可以打印到/tmp/abc里面去,但是是要追加的方式 loop: - one - two [root@web01 ~]# cat /tmp/abc # 受管主机查看 This is an example of a long string, that will become a single sentence once folded. This is my item: one This is my item: two --- - hosts: all gather_facts: no tasks: - name: print infomation shell: "echo This is my item: {{ item }}" loop: - one - two register: result # 打印的结果注册成一个变量叫result - debug: var: result # 用debug模块打印这个变量 [root@localhost httpd]# ansible-playbook test.yml PLAY [all] ***************************************************************************************************** TASK [print infomation] **************************************************************************************** changed: [web01.example.com] => (item=one) changed: [web01.example.com] => (item=two) TASK [debug] *************************************************************************************************** ok: [web01.example.com] => { "result": { "changed": true, "msg": "All items completed", "results": [ { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "ansible_loop_var": "item", "changed": true, "cmd": "echo This is my item: one", "delta": "0:00:00.005557", "end": "2022-06-07 23:08:21.440667", "failed": false, "invocation": { "module_args": { "_raw_params": "echo This is my item: one", # 打印结果 "_uses_shell": true, "argv": null, "chdir": null, "creates": null, "executable": null, "removes": null, "stdin": null, "stdin_add_newline": true, "strip_empty_ends": true, "warn": false } }, "item": "one", "rc": 0, "start": "2022-06-07 23:08:21.435110", "stderr": "", "stderr_lines": [], "stdout": "This is my item: one", "stdout_lines": [ "This is my item: one" ] }, { "ansible_loop_var": "item", "changed": true, "cmd": "echo This is my item: two", "delta": "0:00:00.004377", "end": "2022-06-07 23:08:22.065807", "failed": false, "invocation": { "module_args": { "_raw_params": "echo This is my item: two", # 打印结果2 "_uses_shell": true, "argv": null, "chdir": null, "creates": null, "executable": null, "removes": null, "stdin": null, "stdin_add_newline": true, "strip_empty_ends": true, "warn": false } }, "item": "two", "rc": 0, "start": "2022-06-07 23:08:22.061430", "stderr": "", "stderr_lines": [], "stdout": "This is my item: two", "stdout_lines": [ "This is my item: two" ] } ] } } PLAY RECAP ***************************************************************************************************** web01.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
--- - hosts: all gather_facts: no tasks: - name: print infomation shell: "echo This is my item: {{ item }}" loop: - one - two register: result # 是上面打印出来的整体 - name: test debug: msg: "{{ item.stdout }}" # 打印stdout对应那句话 loop: "{{ result['results'] }}" # 循环result整体里面的results列表 [root@localhost httpd]# ansible-playbook test.yml PLAY [all] ***************************************************************************************************** TASK [print infomation] **************************************************************************************** changed: [web01.example.com] => (item=one) changed: [web01.example.com] => (item=two) TASK [test] **************************************************************************************************** ok: [web01.example.com] => (item={'cmd': 'echo This is my item: one', 'stdout': 'This is my item: one', 'stderr': '', 'rc': 0, 'start': '2022-06-07 23:27:42.609575', 'end': '2022-06-07 23:27:42.613838', 'delta': '0:00:00.004263', 'changed': True, 'invocation': {'module_args': {'_raw_params': 'echo This is my item: one', '_uses_shell': True, 'warn': False, 'stdin_add_newline': True, 'strip_empty_ends': True, 'argv': None, 'chdir': None, 'executable': None, 'creates': None, 'removes': None, 'stdin': None}}, 'stdout_lines': ['This is my item: one'], 'stderr_lines': [], 'ansible_facts': {'discovered_interpreter_python': '/usr/libexec/platform-python'}, 'failed': False, 'item': 'one', 'ansible_loop_var': 'item'}) => { "msg": "This is my item: one" # 第1个 } ok: [web01.example.com] => (item={'cmd': 'echo This is my item: two', 'stdout': 'This is my item: two', 'stderr': '', 'rc': 0, 'start': '2022-06-07 23:27:43.325210', 'end': '2022-06-07 23:27:43.329232', 'delta': '0:00:00.004022', 'changed': True, 'invocation': {'module_args': {'_raw_params': 'echo This is my item: two', '_uses_shell': True, 'warn': False, 'stdin_add_newline': True, 'strip_empty_ends': True, 'argv': None, 'chdir': None, 'executable': None, 'creates': None, 'removes': None, 'stdin': None}}, 'stdout_lines': ['This is my item: two'], 'stderr_lines': [], 'failed': False, 'item': 'two', 'ansible_loop_var': 'item'}) => { "msg": "This is my item: two" # 第2个 } PLAY RECAP ***************************************************************************************************** web01.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
1.2 有条件地运行任务
- 可以在变量中定义硬限制(如min_memory)并将它与受管主机上的可用内存进行比较。
- Ansible可以捕获并评估命令的输出,以确定某一任务在执行进一步操作前是否已经完成。例如,如果某一程序失败,则将路过批处理。
- 可以利用Ansible事实来确定受管主机网络配置,并决定要发送的模板文件(如,网络绑定或中继)。
- 可以评估CPU的数量,来确定如何正确调节某一Web服务器。
- 将注册的变量与预定义的变量进行比较,以确定服务是否已更改。例如,测试服务配置文件的MD5检验以和查看服务是否已更改。
1.2.1 条件任务语法
[root@localhost httpd]# vim test.yml --- - hosts: all vars: # 设置一个变量 power: false # 为假 gather_facts: no tasks: - name: print infomation dnf: name: httpd # 删除http state: absent when: power # 前提条件是设置的变量 [root@localhost httpd]# ansible-playbook test.yml # 运行 PLAY [all] ************************************************************************************ TASK [print infomation] *********************************************************************** skipping: [web01.example.com] # 跳过了,没执行,应为为假不执行 PLAY RECAP ************************************************************************************ web01.example.com : ok=0 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 --- - hosts: all vars: power: True # 改为真 gather_facts: no tasks: - name: print infomation dnf: name: httpd state: absent when: power [root@localhost httpd]# ansible-playbook test.yml PLAY [all] ************************************************************************************ TASK [print infomation] *********************************************************************** changed: [web01.example.com] # # 改为真执行了, PLAY RECAP ************************************************************************************ web01.example.com : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@localhost httpd]# vim test.yml --- - hosts: all vars: asdfasdf: httpd # 定义变量 gather_facts: no tasks: - name: install packages dnf: name: "{{ asdfasdf }}" state: present when: asdfasdf is not defined #条件判断没有定义就执行,定义了就不装 [root@localhost httpd]# ansible-playbook -C test.yml PLAY [all] ************************************************************************************ TASK [install packages] *********************************************************************** skipping: [web01.example.com] # 直接跳过了,条件不成立 PLAY RECAP ************************************************************************************ web01.example.com : ok=0 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
操作 | 示例 |
等于(值为字符串) | ansible_machine == "x86_64" |
等于(值为数字) | max_memory == 512 |
小于 | min_memory < 128 |
大于 | min_memory > 256 |
小于等于 | min_memory <= 256 |
大于等于 | min_memory >= 512 |
不等于 | min_memory != 512 |
变量存在 | min_memory is defined |
变量不存在 | min_memory is not defined |
布尔变量是True。1、True或yes的求值为True | memory_available |
布尔变量是False。0、False或no的求值为False | not memory_available |
第一个变量的值存在,作为第二个变量的列表中的值 | ansible_distribution in supported_distros |
[root@localhost httpd]# vim test.yml --- - hosts: all vars: # 定义变量 asdfasdf: # 列表里的内容 - 123 - 456 - 789 gather_facts: no tasks: - name: install packages debug: msg: "hello world" when: 123 in asdfasdf # 条件判断,如果123在asdfasdf列表里就打印,反之不打印 [root@localhost httpd]# ansible-playbook -C test.yml PLAY [all] ************************************************************************************ TASK [install packages] *********************************************************************** ok: [web01.example.com] => { "msg": "hello world" } PLAY RECAP ************************************************************************************ web01.example.com : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
在示例中,ansible_distribution变量是在Gathering Facts任务期间确定的事实,用于标识托管主机的操作系统分支。变量supported_distros由playbook创建,包含该playbook支持的操作系统分发列表。如果ansible_distribution的值在supported_distros列表中,则条件通过且任务运行。
--- - name: Demonstrale the "in" keyword hosts: gather_facts: yes vars: supported_distros: # 定义变量必须在这两个系统里运行 - RedHat - Fedora tasks: - name: Install httpd using yum, where supported yum: # 安装软件 name: httpd state: present when: ansible_distribution in supported_distros # 条件任务满足时才运行
1.2.2 测试多个条件
when: ansible_distribution == "Redhat" or ansible_distribution == "Fedora"
when: ansible_distribution_version == "7.5" and ansible_kernel == "3.10.0-327.el7.x86_64"
when: - ansible_distribution_version == "7.5" - ansible_kernel == "3.10.0-327.el7.x86_64"
这种格式提高了可读性,而可读性是良好编写Ansible Playbook的关键目标。
when: > ( ansible_distribution == "Redhat" and ansible_distribution_major_version == "7" ) or ( ansible_distribution == "Fedora" and ansible_distribution_major_version == "28" )
1.3 组合循环和有条件任务
- name: install mariadb-server if enough space on root yum: name: mariadb-server state: latest loop: "{{ ansible_mounts }}" # 循环 when: item.mount == "/" and item.size_available > 300000000 # 挂载点等于/就是要看/分区并且可用大小大于300000000
--- - name: Restart HTTPD if Postfix is Running hosts: tasks: - name: Get Postfix server status command: /usr/bin/systemctl is-active postfix # Postfix是否在运行? ignore_errors: yes # 如果没有运行,直接跳过 register: result # 将模块的结果信息保存在名为result的变量中 - name: Restart Apache HTTPD based on Postfix status service: name: httpd state: restarted # result的变量rc等于0 就重启apache when: result.rc == 0
2. 实施处理程序
2.1 ansible处理程序
处理程序可视为非活动任务,只有在使用notify语句显式调用时才会被触发。在下列代码片段中,只有配置文件更新并且通知了该任务,restart apache处理程序才会重启Apache服务器:
tasks: - name: copy demo.example.conf configuratioon template # 通知处理程序的任务 template: src: /var/lib/templates/demo.example.conf.template dest: /etc/httpd/conf.d/demo.example.conf notify: # notify语句,发生改变就触发,都是ok就不触发 - restart apache # 要运行的处理程序的名称 handlers: # handlers关键字表示处理程序任务列表的开头 - name: restart apache # 被任务调用的处理程序的名称 service: # 用于该处理程序的模块 name: httpd state: restarted
在上面的例子中,restart apache处理程序只有在template任务通知已发生更改时才会触发。一个任务可以在其notify部分中调用多个处理程序。Ansible将notify语句视为数组,并且迭代处理程序名称:
tasks: - name: copy demo.example.conf configuration template template: src: /var/lib/templates/demo.exammple.conf.template dest: /etc/httpd/conf.d/demo.example.conf notify: - restart mysql - restart apache handlers: - name: restart mysql service: name: mariadb state: restarted - name: restart apache service: name: httpd state: restarted
2.2 使用处理程序的好处
- 处理程序始终按照play的handlers部分指定的顺序运行。它们不按在任务中由notify语句列出的顺序运行,或按任务通知它们的顺序运行。
- 处理程序通常在相关play中的所有其他任务完成后运行。playbook的tasks部分中某一任务调用的处理程序,将等到tasks下的所有任务都已处理后才会运行。
- 处理程序名称存在于各play命名空间中。如果两个处理程序被错误地给予相同的名称,则仅会运行一个。
- 即使有多个任务通知处理程序,该处理程序依然仅运行一次。如果没有任务通知处理程序,它就不会运行。
- 如果包含notify语句的任务没有报告changed结果(例如,软件包已安装并且任务报告ok),则处理程序不会获得通知。处理程序将被跳过,直到有其他任务通知它。只有相关任务报告了changed状态,Ansible才会通知处理程序。
3. 处理任务失败
3.1 管理play中的任务错误
3.2 忽略任务失败
[root@localhost httpd]# vim test1.yml --- - hosts: all gather_facts: no tasks: - name: install a package # 第一个任务安装一个不存在的包 dnf: name: asdfasdf state: present - name: print info # 第二个任务打印以下内容 debug: msg: | Hello, How are you How old are you. [root@localhost httpd]# ansible-playbook test1.yml PLAY [all] ************************************************************************************ TASK [install a package] ********************************************************************** fatal: [web01.example.com]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"}, "changed": false, "failures": ["asdfasdf 未找到匹配的参数: asdfasdf"], "msg": "Failed to install some of the specified packages", "rc": 1, "results": []} # 报错说没有那个包,第二个打印的任务也没有执行了 PLAY RECAP ************************************************************************************ web01.example.com : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 --- - hosts: all gather_facts: no ignore_errors: yes # 加上跳过错误 tasks: - name: install a package dnf: name: asdfasdf state: present - name: print info debug: msg: | Hello, How are you How old are you. [root@localhost httpd]# ansible-playbook test1.yml PLAY [all] ************************************************************************************ TASK [install a package] ********************************************************************** fatal: [web01.example.com]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"}, "changed": false, "failures": ["asdfasdf 未找到匹配的参数: asdfasdf"], "msg": "Failed to install some of the specified packages", "rc": 1, "results": []} ...ignoring # 报错了但是跳过 TASK [print info] ***************************************************************************** ok: [web01.example.com] => { "msg": "Hello, How are you\nHow old are you.\n" # 执行了第二个任务 } PLAY RECAP ************************************************************************************ web01.example.com : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=1
3.3 任务失败后强制执行处理程序
通常而言,如果任务失败并且play在该主机上中止,则收到play中早前任务通知的处理程序将不会运行。如果在play中设置force_handlers: yes关键字,则即使play因为后续任务失败而中止也会调用被通知的处理程序。
--- - hosts: all gather_facts: no tasks: - name: print info # 打印以下内容 debug: msg: | Hello, How are you How old are you. notify: # 触发 - restart the apache # 重启apache - name: install a package # 设置的一个错误任务 dnf: name: asdfasdf state: present handlers: # 处理程序 - name: restart the apache service: name: httpd state: restarted [root@localhost httpd]# ansible-playbook test1.yml PLAY [all] ************************************************************************************ TASK [print info] ***************************************************************************** ok: [web01.example.com] => { "msg": "Hello, How are you\nHow old are you.\n" # 第一个任务执行成功 } TASK [install a package] ********************************************************************** fatal: [web01.example.com]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"}, "changed": false, "failures": ["asdfasdf 未找到匹配的参数: asdfasdf"], "msg": "Failed to install some of the specified packages", "rc": 1, "results": []} # 第二个任务失败,所以没有执行handlers PLAY RECAP ************************************************************************************ web01.example.com : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 [root@localhost httpd]# vim test1.yml --- - hosts: all force_handlers: yes # 加上强制执行handlers gather_facts: no tasks: - name: print info command: echo "hello world" #换一给任务,刚才那个已经执行过,由于幂等性不具备触发条件 notify: - restart the apache - name: install a package dnf: name: asdfasdf state: present handlers: - name: restart the apache service: name: httpd state: restarted [root@localhost httpd]# ansible-playbook test1.yml PLAY [all] ************************************************************************************ TASK [print info] ***************************************************************************** changed: [web01.example.com] TASK [install a package] ********************************************************************** fatal: [web01.example.com]: FAILED! => {"changed": false, "failures": ["asdfasdf 未找到匹配的参数: asdfasdf"], "msg": "Failed to install some of the specified packages", "rc": 1, "results": []} #任务失败 RUNNING HANDLER [restart the apache] ********************************************************** changed: [web01.example.com] # 还是执行了handlers PLAY RECAP ************************************************************************************ web01.example.com : ok=2 changed=2 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
3.4 指定任务失败条件
tasks: - name: Run user creation script # 运行一个脚本 shell: /usr/local/bin/create_users.sh # 一个sh的脚本 register: command_result # 把脚本的结果注册成一个变量 failed_when: "'Password missing' in command_result.stdout" # 看脚本里面有没有任务失败,来定义这个脚本成功或者失败 [root@web01 ~]# vi test.sh # 随便写一个脚本 #!/bin/bash ls date pwd cd sdadasfads # 错误的任务其他的都是正确的 pwd echo $PATH echo hehe [root@web01 ~]# chmod +x test.sh # 给执行权限 [root@web01 ~]# ls anaconda-ks.cfg test.sh [root@web01 ~]# ./test.sh #执行 anaconda-ks.cfg test.sh 2022年 06月 12日 星期日 01:23:19 CST /root ./test.sh:行7: sdadasfads: 未找到命令 /root /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin hehe [root@web01 ~]# echo $? # 有错误的任务但是还是显示成功了,它只一脚本最后一个任务的结果为结果,其实这个脚本时有问题的 0
tasks: - name: Run user creation script shell: /usr/local/bin/create_users.sh # 执行脚本 register: command_result # 注册结果 ignore_errors: yes # 忽略错误 - name: Report script failure # 打印 fail: msg: "The password is missing in the output" # 打印的信息 when: "'Password missing' in command_result.stdout" # 结果里有Password missing的时候打印
3.5 指定何时任务报告 “Changed” 结果
当任务对托管主机进行了更改时,会报告 changed 状态并通知处理程序。如果任务不需要进行更改,则会报告ok并且不通知处理程序。
changed_when关键字可用于控制任务在何时报告它已进行了更改。例如,下一示例中的shell模块将用于获取供后续任务使用的Kerberos凭据。它通常会在运行时始终报告changed。为抵制这种更改,应设置changed_when: false,以便它仅报告ok或failed。
- name: get Kerberos credentials as "admin" # 执行这个任务 shell: echo "{{ krb_admin_pass }}" | kinit -f admin changed_when: false # 设置changed_when: false,任务不会包好changed,只会报告ok或failed
tasks: - shell: cmd: /usr/local/bin/upgrade-database # 用shell模块执行这个任务 register: command_result changed_when: "'Success' in command_result.stdout" # 里面有Success说明执行成功,有改变 notify: - restart_database # 就执行这个 handlers: # 反之没有,处理程序就不运行 - name: restart_database service: name: mariadb state: restarted
3.6 Ansible块和错误处理
- name: block example hosts: tasks: - name: installing and configuring Yum versionlock plugin block: # 块 - name: package needed by yum yum: name: yum-plugin-versionlock # 安装软件包 state: present - name: lock version of tadata lineinfile: dest: /etc/yum/pluginconf.d/versionlock.list # 确保有这一行 line: tzdata-2020j-1 state: present # 要在红帽里执行 when: ansible_distribution == "Redhat" # when和block平级,它定义上面两个任务,如果没有block两个任务就要定义两个when
- block:定义要运行的主要任务
- rescue:定义要在block子句中定义的任务失败时运行的任务
- always:定义始终都独立运行的任务,不论block和rescue子句中定义的任务是成功还是失败
tasks: - name: Upgrade DB block: - name: upgrade the database shell: cmd: /usr/local/lib/upgrade-database rescue: # 如果block的任务失败rescue就执行,成功就rescue不执行,always不论上面两个成功与否都执行 - name: revert the database upgrade shell: cmd: /usr/local/lib/revert-database always: - name: always restart the database service: name: mariadb state: restarted
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· Manus爆火,是硬核还是营销?
· 终于写完轮子一部分:tcp代理 了,记录一下
· 别再用vector<bool>了!Google高级工程师:这可能是STL最大的设计失误
· 单元测试从入门到精通