无法运行安息书，

Question

我创建了一个ansible-playbook来执行一些系统配置，但是当我在我的集​​群上运行它时，它会引发错误，如：

  [WARNING]: Host file not found: /etc/ansible/hosts
  [WARNING]: provided hosts list is empty, only localhost is available
  ERROR! Syntax Error while loading YAML.
  The error appears to have been in '/home/ansible/goblin/roles/prepare-sys/tasks/main.yml': line 50, column 3, but maybe elsewhere in the file depending on the exact syntax problem.
  The offending line appears to be:
  mode=0644}
  when: selinux_status !=0
  ^ here

由于我只通过简单的命令行运行ansible，这是我第一次编写结构化的playbook。谁能告诉我我在这里犯的错误。

我的剧本结构是：

＆＃13;

＆＃13;

├── group_vars
├── host_vars
├── prepare-sys
├── prepare-sys.yml
├── roles
│   └── prepare-sys
│       ├── defaults
│       │   └── main.yml
│       ├── files
│       │   ├── hosts
│       │   ├── ntp
│       │   │   └── ntp.conf
│       │   ├── selinux
│       │   └── umask
│       ├── handlers
│       │   └── main.yml
│       ├── logs
│       ├── tasks
│       │   └── main.yml
│       └── templates
│           ├── disk.j2
│           └── ntp.conf.slave.j2
└── site.yml

＆＃13;

＆＃13;

＆＃13; master playbook site.yml：     ---     #goblin / site.yml     #master playbook包含所有子剧本

- include: prepare-sys.yml

playbook prepare-sys.yml：

 ---
 # file - playbook prepare-sys
 - hosts: prepare-sys
   roles:
    - prepare-sys

库存文件：prepare-sys

＆＃13;

＆＃13;

[cluster]
10.254.2.160 
10.254.2.92  
10.254.2.93  
10.254.2.94 
[group1]
10.254.2.160

[group2]
10.254.2.93

[ansible_server]
127.0.0.1

[all:vars]
ansible_ssh_user= "root"
ansible_ssh_pass= "qwe123"

＆＃13;

＆＃13;

＆＃13;

＆＃13;

＆＃13;

---
# goblin/roles/task/prepare.yml
# At the very beginning, we shall create a tmp dir on each remote nodes for sake of info collection
- name: Make Directory For latter Use
  file: path=/tmp/ansible/mounts_log state=directory mode=0777
- name: copy local modified config files to DIR files
#  list:
#    - /etc/hosts
#    - /etc/selinux/config
#    - /etc/ntp.conf
#    - /etc/bashrc
#    - /etc/csh.cshrc
#    - /etc/profile   
  local_action: copy src={{item.src}} dest={{item.dest}}
  with_items: 
      - { src: "/etc/hosts", dest: "$GOBLIN_HOME/roles/prepare-sys/files/hosts/hosts" }
      - { src: "/etc/selinux/config", dest: "$GOBLIN_HOME/roles/prepare-sys/files/selinux/config" }
      - { src: "/etc/ntp.conf", dest: "$GOBLIN_HOME/roles/prepare-sys/files/ntp/ntp.conf" }
      - { src: "/etc/bashrc", dest: "$GOBLIN_HOME/roles/prepare-sys/files/umask/bashrc"}
      - { src: "/etc/csh.cshrc", dest: "$GOBLIN_HOME/roles/prepare-sys/files/umask/csh.cshrc"}
      - { src: "/etc/profile", dest: "$GOBLIN_HOME/roles/prepare-sys/files/umask/profile"}
# OS Distribution and regarding Version need to be verified as present BC products flows better on Redhat/CentOS 6.5
- name: Check OS Distribution
  fail: msg="inappropriate Operation System Distribution {{ansible_distribution}}"
  when: (ansible_distribution != "CentOS") or (ansible_distribution != "Redhat")
- name: Check OS Version
  fail: msg="inappropriate Operation System Version {{ansible_distribution_version}}"
  when: ansible_distribution_version != 6.5

# Firewalls (iptables & selinux) must in off mode 
- name: Turnoff Iptables
  service: {
    name: iptables,
    state: stopped,
    enabled: no
  }
- name: Check selinux
  shell: "getenforce"
  register: selinux_status
- name: Turnoff selinux
  selinux: state=disable
  when: (selinux_status != 0)
- name: swap selinux file
  copy:{
      src="$GOBLIN_HOME/roles/prepare-sys/files/selinux/config",
      dest=/etc/selinux/config,
      owner=root,
      group=root,
      mode=0644
  }
  when: selinux_status !=0

# Ensuring data storage disks are at correct mount point, defualt format: /data1 -- /dataN   or /chunk1 -- /chunkN
- name: Collect mount and fstype info 
  template: {
    src="$GOBLIN_HOME/roles/prepare-sys/templates/disk.j2",
    dest=/tmp/ansible/mounts_log/{{ansible_hostname}}.log
  }
  with_items: ansible_mounts
- name: fetch remote facts logs
  fetch: {
    src: "/tmp/ansible/mounts_log/{{ansible_hostname}}.log",
    dest: "$GOBLIN_HOME/roles/prepare-sys/logs/",
    flate: yes
  }
  # once the mount log has been fetched to dir logs/ , comparing this {{ansible_hostname}}.log file
  # with a template file in files/mount_check_templates/ 
  # there might be couple of templates prepared due to various situations
#- name: compare current operated remote server"s mounts_log with template mount_log
  
   


 
## Ensuring cluster"s clocks are in sync with appropriate ntp server with correct time zone(Asian/Shanghai)
# - name: set time zone
#   timezone: name=Asian/Shanghai
# - name: set ntp service
#   yum: name=ntp state=stopped
#   notify:
#    - set ntp configuration file
#   tags: ntp  
# - name: set ntp_server"s configuration file
#   copy: src=file 
#   when: inventory_hostname in groups["ntp_server"]
###################################
- name: Check umask status
  shell: "umask"
  register: umask_status
- name: set umask
  copy: {
    src: "{{item.src}}",
    dest: "{{item.dest}}"
  }  
  with_items:
   - {src: "$GOBLIN_HOME/roles/prepare-sys/files/umask/bashrc" , dest: "/etc/bashrc" }
   - {src: "$GOBLIN_HOME/roles/prepare-sys/files/umask/csh.cshrc", dest: "/etc/csh.cshrc"}
   - {src: "$GOBLIN_HOME/roles/prepare-sys/files/umask/profile", dest: "/etc/profile"}
  when: (umask_status != 0022 ) or (umask_status != 0002)

- name: set ulimit nofile use_max
  pam_limits: domain=* limit_item=nofile limit_type=- use_max=yes
- name: set ulimit nproc use_max
  pam_limits: {
   domain=*,
   limit_item=nproc,
   limit_type=-, 
   value=unlimited, 
   use_max=yes, 
   dest=/etc/security/limits.d/90-nproc.conf
  }

- name: update openssl
  yum: name=openssl state=latest

- name: update hosts file
  copy: {
    src=files/hosts/hosts,
    dest=/etc/hosts,
    owner=root,
    group=root,
    mode=0644 
  }
# - name: update yum repository
#    yum_repol:

...

＆＃13;

＆＃13;

＆＃13;

我更正了我的剧本的语法，并运行--syntax-check，它会抛出错误，如：

＆＃13;

＆＃13;

ERROR! 'file' is not a valid attribute for a Play

The error appears to have been in '/home/ansible/goblin/roles/prepare-sys/tasks/main.yml': line 7, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- name: Make Directory For latter Use
  ^ here

＆＃13;

＆＃13;

＆＃13;

更新了剧本：

＆＃13;

＆＃13;

---
# goblin/roles/task/prepare.yml
# At the very beginning, we shall create a tmp dir on each remote nodes for sake of info collection
# - name: read local environment varible
  

- name: Make Directory For latter Use
  file: path=/tmp/ansible/mounts_log
        state=directory
        mode=0777
- name: copy local modified config files to DIR files
#  list:
#    - /etc/hosts
#    - /etc/selinux/config
#    - /etc/ntp.conf
#    - /etc/bashrc
#    - /etc/csh.cshrc
#    - /etc/profile   
  local_action: copy src={{item.src}} dest={{item.dest}}
  with_items: 
    - { src: "/etc/hosts", dest: "$GOBLIN_HOME/roles/prepare-sys/files/hosts/hosts" }
    - { src: "/etc/selinux/config", dest: "$GOBLIN_HOME/roles/prepare-sys/files/selinux/config" }
    - { src: "/etc/ntp.conf", dest: "$GOBLIN_HOME/roles/prepare-sys/files/ntp/ntp.conf" }
    - { src: "/etc/bashrc", dest: "$GOBLIN_HOME/roles/prepare-sys/files/umask/bashrc"}
    - { src: "/etc/csh.cshrc", dest: "$GOBLIN_HOME/roles/prepare-sys/files/umask/csh.cshrc"}
    - { src: "/etc/profile", dest: "$GOBLIN_HOME/roles/prepare-sys/files/umask/profile"}
# OS Distribution and regarding Version need to be verified as present BC products flows better on Redhat/CentOS 6.5
#- name: Check OS Distribution
#  fail: msg="inappropriate Operation System Distribution {{ansible_distribution}}"
#  when: (ansible_distribution != "CentOS") or (ansible_distribution != "Redhat")
#- name: Check OS Version
#  fail: msg="inappropriate Operation System Version {{ansible_distribution_version}}"
#  when: ansible_distribution_version != 6.5

# Firewalls (iptables & selinux) must in off mode 
- name: Turnoff Iptables
  service: name=iptables
           state=stopped
           enabled=no
- name: Check selinux
  shell: "getenforce"
  register: selinux_status
- name: Turnoff selinux
  selinux: state=disable
  when: (selinux_status != 0)
- name: swap selinux file
  copy: src="$GOBLIN_HOME/roles/prepare-sys/files/selinux/config"
        dest=/etc/selinux/config
        owner=root
        group=root
        mode=0644
  when: selinux_status !=0

# Ensuring data storage disks are at correct mount point, defualt format: /data1 -- /dataN   or /chunk1 -- /chunkN
- name: Collect mount and fstype info 
  template: 
    src="$GOBLIN_HOME/roles/prepare-sys/templates/disk.j2"
    dest="/tmp/ansible/mounts_log/{{ansible_hostname}}.log"
  with_items: ansible_mounts
- name: fetch remote facts logs
  fetch: src="/tmp/ansible/mounts_log/{{ansible_hostname}}.log"
         dest="$GOBLIN_HOME/roles/prepare-sys/logs/"
         flate=yes
  # once the mount log has been fetched to dir logs/ , comparing this {{ansible_hostname}}.log file
  # with a template file in files/mount_check_templates/ 
  # there might be couple of templates prepared due to various situations
#- name: compare current operated remote server"s mounts_log with template mount_log
  
   


 
## Ensuring cluster"s clocks are in sync with appropriate ntp server with correct time zone(Asian/Shanghai)
# - name: set time zone
#   timezone: name=Asian/Shanghai
# - name: set ntp service
#   yum: name=ntp state=stopped
#   notify:
#    - set ntp configuration file
#   tags: ntp  
# - name: set ntp_server"s configuration file
#   copy: src=file 
#   when: inventory_hostname in groups["ntp_server"]
###################################
- name: Check umask status
  shell: "umask"
  register: umask_status
- name: set umask
  copy: src="{{item.src}}"
        dest="{{item.dest}}"
  with_items:
    - {src: "$GOBLIN_HOME/roles/prepare-sys/files/umask/bashrc" , dest: "/etc/bashrc" }
    - {src: "$GOBLIN_HOME/roles/prepare-sys/files/umask/csh.cshrc", dest: "/etc/csh.cshrc"}
    - {src: "$GOBLIN_HOME/roles/prepare-sys/files/umask/profile", dest: "/etc/profile"}
  when: (umask_status != 0022 ) or (umask_status != 0002)

- name: set ulimit nproc use_max
  pam_limits: domain=*
              limit_item=nproc
              limit_type=-
              value=unlimited
              use_max=yes 
              dest=/etc/security/limits.d/90-nproc.conf
- name: update openssl
  yum: name=openssl state=latest

- name: update hosts file
  copy: src=files/hosts/hosts
        dest=/etc/hosts
        owner=root
        group=root
        mode=0644 
...

＆＃13;

＆＃13;

＆＃13;

我用Google搜索了这个错误，说错误是由于错误缩进造成的，但我尝试在YAMLlint上运行，它显示脚本有效。所以我想知道ansible yaml语法和普通yaml语法之间是否存在一些差异

Answer 1

你在Ansible抱怨的任务中遇到语法错误（虽然它指向不同的行）。

在/home/ansible/goblin/roles/prepare-sys/tasks/main.yml更改：

copy:{

要：

copy: {

Answer 2

你的剧本语法存在缺陷 此代码是dict和字符串参数传递的混合，即使您修复了拼写错误（:和{之间的空格），也无法正常工作。

# THIS CODE IS WRONG
- name: swap selinux file
  copy:{
      src="$GOBLIN_HOME/roles/prepare-sys/files/selinux/config",
      dest=/etc/selinux/config,
      owner=root,
      group=root,
      mode=0644
  }
  when: selinux_status !=0

您应该使用param=value单个字符串传递参数，如下所示：

- name: swap selinux file
  copy: src="$GOBLIN_HOME/roles/prepare-sys/files/selinux/config"
        dest=/etc/selinux/config
        owner=root
        group=root
        mode=0644
  when: selinux_status !=0

参数src=... dest=... ...的刺痛实际上是一行，我只是使用YAML技巧将一行拆分为多行。
但是如果你有复杂的参数，我们鼓励你使用dict风格的参数传递：

- name: swap selinux file
  copy: {
      src: "$GOBLIN_HOME/roles/prepare-sys/files/selinux/config",
      dest: /etc/selinux/config,
      owner: root,
      group: root,
      mode: 0644
  }
  when: selinux_status !=0

你可以用更多的YAML方式编写相同的dict（没有大括号和逗号）：

- name: swap selinux file
  copy:
    src: "$GOBLIN_HOME/roles/prepare-sys/files/selinux/config"
    dest: /etc/selinux/config
    owner: root
    group: root
    mode: 0644
  when: selinux_status !=0

所以请记住这条规则，纠正你所有的剧本 然后使用ansible-playbook --syntax-check myplaybook.yml检查语法，您就可以了。