我正在使用network_cli连接方法在Centos7上运行Ansible 2.7版。
我有一本剧本:
无论我提供什么md5值,它总是运行任务块。
条件语句为:
when: '"new_ios_md5" | string in md5_result.stdout'
这是完整的剧本:
- name: UPGRADE SUP8L-E SWITCH FIRMWARE
hosts: switches
connection: network_cli
gather_facts: no
vars_prompt:
- name: "compliant_ios_version"
prompt: "What is the compliant IOS version?"
private: no
- name: "new_ios_bin"
prompt: "What is the name of the new IOS file?"
private: no
- name: "new_ios_md5"
prompt: "What is the MD5 value of the new IOS file?"
private: no
- name: "should_reboot"
prompt: "Do you want Ansible to reboot the hosts? (YES or NO)"
private: no
tasks:
- name: GATHER SWITCH FACTS
ios_facts:
- name: UPGRADE IOS IMAGE IF NOT COMPLIANT
block:
- name: COPY OVER IOS IMAGE
ios_command:
commands:
- command: "copy tftp://X.X.X.X/45-SUP8L-E/{{ new_ios_bin }} bootflash:"
prompt: '[{{ new_ios_bin }}]'
answer: "\r"
vars:
ansible_command_timeout: 1800
- name: CHECK MD5 HASH
ios_command:
commands:
- command: "verify /md5 bootflash:{{ new_ios_bin }}"
register: md5_result
vars:
ansible_command_timeout: 300
- name: CONTINUE UPGRADE IF MD5 HASH MATCHES
block:
- name: SETTING BOOT IMAGE
ios_config:
lines:
- no boot system
- boot system flash bootflash:{{ new_ios_bin }}
match: none
save_when: always
- name: REBOOT SWITCH IF INSTRUCTED
block:
- name: REBOOT SWITCH
ios_command:
commands:
- command: "reload"
prompt: '[confirm]'
answer: "\r"
vars:
ansible_command_timeout: 30
- name: WAIT FOR SWITCH TO RETURN
wait_for:
host: "{{inventory_hostname}}"
port: 22
delay: 60
timeout: 600
delegate_to: localhost
- name: GATHER ROUTER FACTS FOR VERIFICATION
ios_facts:
- name: ASSERT THAT THE IOS VERSION IS CORRECT
assert:
that:
- compliant_ios_version == ansible_net_version
msg: "New IOS version matches compliant version. Upgrade successful."
when: should_reboot == "YES"
when: '"new_ios_md5" | string in md5_result.stdout'
when: ansible_net_version != compliant_ios_version
...
剧本中的其他两个条件按预期工作。我无法弄清楚如何在以下情况下失败:'“ new_ios_md5” | md5_result.stdout中有条件的字符串,如果md5值错误,则停止播放。
使用调试输出运行播放时,stdout的值为:
"stdout": [
".............................................................................................................................................Done!",
"verify /md5 (bootflash:cat4500es8-universalk9.SPA.03.10.02.E.152-6.E2.bin) = c1af921dc94080b5e0172dbef42dc6ba"
]
您可以在字符串中清楚地看到计算出的md5,但是我的条件似乎并不在意。
有人有什么建议吗?
答案 0 :(得分:1)
写时:
when: '"new_ios_md5" | string in md5_result.stdout'
您正在变量md5_result.stdout内查找文字字符串“ new_ios_md5”。由于您实际上想引用新的new_ios_md5变量,因此您必须删除它周围的引号:
when: 'new_ios_md5 | string in md5_result.stdout'
答案 1 :(得分:0)
信用归还给redredit的最终解决方案:
顺便说一句,您知道对于大多数各种联网命令ios_command,结果都会以列表形式返回吗?因此,您需要相对于您运行的命令索引到列表中。
说你有这个。任务
ios_command:
commands:
- command: "verify /md5 bootflash:{{ new_ios_bin }}"
- command: show version
- command: show config
register: results
您将在这样的列表中输出。
# results.stdout[0] = verify
# results.stdout[1] = show version
# results.stdout[2] = show config
因此正确的条件语句为:
when: 'new_ios_md5 in md5_result.stdout[0]'