如果未在变量中定义密码,则任务是生成密码。它适用于ansible< 2.3,但现在我看到了警告。
任务:
- debug: var={{item}}
when:
- "{{item}} is not defined"
with_items:
- XXX_PASSWORD
- YYY_PASSWORD
结果:
TASK [bootstrap : debug] ****************************************************************************
[WARNING]: when statements should not include jinja2 templating delimiters such as {{ }} or {% %}.
Found: {{item}} is not defined
ok: [example.com] => (item=XXX_PASSWORD) => {
"XXX_PASSWORD": "VARIABLE IS NOT DEFINED!",
"item": "XXX_PASSWORD"
}
ok: [example.com] => (item=YYY_PASSWORD) => {
"YYY_PASSWORD": "VARIABLE IS NOT DEFINED!",
"item": "YYY_PASSWORD"
}
我应该如何避免此警告并保持任务正常工作?
答案: 这段代码回答了我的问题:
- set_fact:
XXX_PASSWORD: "{% if XXX_PASSWORD | default('') == '' %}{{ lookup('pipe','openssl rand -hex 16') }}{% else %}{{ XXX_PASSWORD }}{% endif %}"
YYY_PASSWORD: "{% if YYY_PASSWORD | default('') == '' %}{{ lookup('pipe','openssl rand -hex 16') }}{% else %}{{ YYY_PASSWORD }}{% endif %}"
ZZZ_PASSWORD: "{% if ZZZ_PASSWORD | default('') == '' %}{{ lookup('pipe','openssl rand -hex 16') }}{% else %}{{ ZZZ_PASSWORD }}{% endif %}"
...
and so on...
似乎" with_items"不能在我的情况下使用ansible> = 2.3
答案 0 :(得分:0)
为什么不使用default过滤器?
set_fact:
XXX_PASSWORD: "{{ XXX_PASSWORD | default('change_me' | shuffle | join) }}"
如果XXX_PASSWORD执行时设置set_fact,则保留XXX_PASSWORD,如果{"Code":"1","message":"true"}
未定义,则生成新密码。