Ansible:如果主机无法访问,则中止执行

时间:2015-07-04 13:29:27

标签: ansible ansible-playbook

摘要:如果任何主机无法访问,则立即中止ansible playbook的更好方法。

如果任何一个主机无法访问,有没有办法中止Ansible playbook。我发现,如果它无法到达主机,它仍将继续执行并执行剧本中的所有播放/任务。

我的所有剧本我指定max_fail_percentage为0,但在这种情况下,ansible不会抱怨,因为所有可访问的主机都可以执行所有播放。

目前我有一个简单而又狡猾的解决方案,但看看是否有更好的答案。

我目前的解决方案:

自从第一步作为运行剧本的一部分以来,ansible收集了所有主持人的事实。如果主机无法访问,则无法访问。我在剧本的最开始写了一个简单的剧本,它将使用一个事实。如果主机无法访问,该任务将失败,并且#34;未定义的变量错误"。该任务只是一个虚拟任务,如果所有主机都可以访问,它将始终通过。

见下面我的例子:

- name: Check Ansible connectivity to all hosts
  hosts: host_all
  user: "{{ remote_user }}"
  sudo: "{{ sudo_required }}"
  sudo_user: root
  connection: ssh # or paramiko
  max_fail_percentage: 0
  tasks:
    - name: check connectivity to hosts (Dummy task)
      shell: echo " {{ hostvars[item]['ansible_hostname'] }}"
      with_items: groups['host_all']
      register: cmd_output

    - name: debug ...
      debug: var=cmd_output

如果主机无法访问,您将收到如下错误:

TASK: [c.. ***************************************************** 
fatal: [172.22.191.160] => One or more undefined variables: 'dict object'    has no attribute 'ansible_hostname' 
fatal: [172.22.191.162] => One or more undefined variables: 'dict object' has no attribute 'ansible_hostname'

FATAL: all hosts have already failed -- aborting

5 个答案:

答案 0 :(得分:2)

或者,这看起来更简单,更富有表现力

- hosts: myservers
  become: true

  pre_tasks:
    - name: Check ALL hosts are reacheable before doing the release
      assert:
        that:
          - ansible_play_hosts == groups.myservers
        fail_msg: 1 or more host is UNREACHABLE
        success_msg: ALL hosts are REACHABLE, go on
      run_once: yes

  roles:
    - deploy

https://github.com/ansible/ansible/issues/18782#issuecomment-319409529

答案 1 :(得分:1)

你可以更明确地检查一下:

- fail: Abort if hosts are unreachable
  when: "'ansible_hostname' not in hostvars[item]"
  with_items: groups['all']

我认为你可以制作callback plugin来实现这一目标。类似的东西:

class CallbackModule(object):
    def runner_on_unreachable(self, host, res):
        raise Exception("Aborting due to unreachable host " + host)

除了我找不到从该回调中止整个剧本的任何好方法(例外不起作用,返回值被忽略,虽然你可能滥用self.playbook来阻止事情,但是没有公开API我可以看到。)

答案 2 :(得分:1)

您可以将any_errors_fatal: true max_fail_percentage: 0gather_facts: false合并,然后运行一个任务,如果主机是离线。在剧本顶部的这样的东西应该做你需要的:

- hosts: all
  gather_facts: false
  max_fail_percentage: 0
  tasks:
    - action: ping

奖励是,这也适用于限制匹配主机的-l SUBSET选项。

答案 3 :(得分:1)

我发现有一种方法可以在gather_facts完成后立即使用回调来中止播放。

通过将_play_hosts设置为空集,没有主机可以继续播放。

class CallbackModule(object):

    def runner_on_unreachable(self, host, res):
        # Truncate the play_hosts to an empty set to fail quickly
        self.play._play_hosts = []

结果如下:

PLAY [test] *******************************************************************

GATHERING FACTS ***************************************************************
fatal: [haderp] => SSH Error: ssh: Could not resolve hostname haderp: nodename nor servname provided, or not known
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
ok: [derp]

TASK: [set a fact] ************************************************************
FATAL: no hosts matched or all hosts have already failed -- aborting


PLAY RECAP ********************************************************************
       to retry, use: --limit @/Users/jkeating/foo.yaml.retry

derp                       : ok=1    changed=0    unreachable=0    failed=0
haderp                     : ok=0    changed=0    unreachable=1    failed=0

答案 4 :(得分:0)

从其他答案中得到启发。

使用ansible-playbook 2.7.8。

对于每个所需的主机来说,检查是否有ansible_facts都是对我来说更明确的

# my-playbook.yml
- hosts: myservers
  tasks:
    - name: Check ALL hosts are reacheable before doing the release
      fail:
        msg: >
          [REQUIRED] ALL hosts to be reachable, so flagging {{ inventory_hostname }} as failed,
          because host {{ item }} has no facts, meaning it is UNREACHABLE.
      when: "hostvars[item].ansible_facts|list|length == 0"
      with_items: "{{ groups.myservers }}"

    - debug:
        msg: "Will only run if all hosts are reacheable"
$ ansible-playbook -i my-inventory.yml my-playbook.yml

PLAY [myservers] *************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************************************************************************************
fatal: [my-host-03]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname my-host-03: Name or service not known", "unreachable": true}
fatal: [my-host-04]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname my-host-04: Name or service not known", "unreachable": true}
ok: [my-host-02]
ok: [my-host-01]

TASK [Check ALL hosts are reacheable before doing the release] ********************************************************************************************************************************************************************************************************************
failed: [my-host-01] (item=my-host-03) => {"changed": false, "item": "my-host-03", "msg": "[REQUIRED] ALL hosts to be reachable, so flagging my-host-01 as failed, because host my-host-03 has no facts, meaning it is UNREACHABLE."}
failed: [my-host-01] (item=my-host-04) => {"changed": false, "item": "my-host-04", "msg": "[REQUIRED] ALL hosts to be reachable, so flagging my-host-01 as failed, because host my-host-04 has no facts, meaning it is UNREACHABLE."}
failed: [my-host-02] (item=my-host-03) => {"changed": false, "item": "my-host-03", "msg": "[REQUIRED] ALL hosts to be reachable, so flagging my-host-02 as failed, because host my-host-03 has no facts, meaning it is UNREACHABLE."}
failed: [my-host-02] (item=my-host-04) => {"changed": false, "item": "my-host-04", "msg": "[REQUIRED] ALL hosts to be reachable, so flagging my-host-02 as failed, because host my-host-04 has no facts, meaning it is UNREACHABLE."}
skipping: [my-host-01] => (item=my-host-01)
skipping: [my-host-01] => (item=my-host-02)
skipping: [my-host-02] => (item=my-host-01)
skipping: [my-host-02] => (item=my-host-02)
        to retry, use: --limit @./my-playbook.retry

PLAY RECAP *********************************************************************************************************************************************************************************************************************
my-host-01 : ok=1    changed=0    unreachable=0    failed=1
my-host-02 : ok=1    changed=0    unreachable=0    failed=1
my-host-03 : ok=0    changed=0    unreachable=1    failed=0
my-host-04 : ok=0    changed=0    unreachable=1    failed=0