我的vars /目录中有以下字典。
vars_dict.yml
getGraphics我在vars /中也有这些支持变量的文件:
credentials.yml
null和fw.yml
---
ruleset:
rule1:
rule_name: testrule1
description: Test Rule number 1
source_zone: trust
destination_zone: untrust
source_ip: 1.2.3.4
source_user: any
destination_ip: 4.5.6.7
action: allow
disabled: FALSE
location: top
log_end: TRUE
tag_name: superimportant
vsys: vsys1
state: present
commit: TRUE
rule2:
rule_name: testrule2
description: Test Rule number 2
source_zone: trust
destination_zone: untrust
source_ip: 1.2.3.5
source_user: any
destination_ip: 4.5.6.8
action: allow
disabled: FALSE
location: bottom
log_end: TRUE
tag_name: superimportant
vsys: vsys1
state: present
commit: TRUE
...
我想遍历每组数据,以使用此剧本向防火墙发送命令:
fw_username: test
fw_password: test
我期望从ansible获得的输出是循环遍历并为每个数据块产生这样的输出:
fw_ip_address: 192.168.1.1
我得到的错误是
---
- hosts: localhost
connection: local
roles:
- role: PaloAltoNetworks.paloaltonetworks
tasks:
- name: include variables
include_vars:
dir: vars
- name: Add superimportant rules to the firewall
panos_security_rule:
ip_address: '{{ fw_ip_address }}'
username: '{{ fw_username }}'
password: '{{ fw_password }}'
rule_name: '{{ ruleset.rule_name }}'
description: '{{ ruleset.description }}'
source_zone: ['{{ ruleset.source_zone }}']
destination_zone: ['{{ ruleset.destination_zone }}']
source_ip: ['{{ ruleset.source_ip }}']
source_user: ['{{ ruleset.source_user }}']
destination_ip: ['{{ ruleset.destination_ip }}']
action: '{{ ruleset.action }}'
disabled: '{{ ruleset.disabled }}'
location: '{{ ruleset.location }}'
log_end: '{{ ruleset.log_end }}'
tag_name: '{{ ruleset.tag_name }}'
vsys: '{{ ruleset.vsys }}'
state: '{{ ruleset.state }}'
commit: '{{ ruleset.commit }}'
with_dict:
- "{{ ruleset }}"
...
我一直在阅读文档和帖子,并且尝试过重新格式化字典文件的格式,并使用with_items,with_dict并包含在“ {{}}”中,并且没有括号,我似乎完全被卡住了。
我在这里错过了一些简单的东西吗?
答案 0 :(得分:1)
有一些调整可以解决您的问题。
首先,使用列表而不是字典来定义角色。两者都可以,但是列表的代码更简洁。
第二个with_dict表示法必须缩进到与任务相同的级别,而不是缩进与任务参数相同的级别。
最后,您的问题使用ruleset作为循环变量。默认情况下,该值为item,它与要迭代的list / dict变量必须有所不同。
示例: vars_dict.yml
---
ruleset:
- rule_name: testrule1
description: Test Rule number 1
source_zone: trust
destination_zone: untrust
source_ip: 1.2.3.4
source_user: any
destination_ip: 4.5.6.7
action: allow
disabled: FALSE
location: top
log_end: TRUE
tag_name: superimportant
vsys: vsys1
state: present
commit: TRUE
- rule_name: testrule2
description: Test Rule number 2
source_zone: trust
destination_zone: untrust
source_ip: 1.2.3.5
source_user: any
destination_ip: 4.5.6.8
action: allow
disabled: FALSE
location: bottom
log_end: TRUE
tag_name: superimportant
vsys: vsys1
state: present
commit: TRUE
剧本: --- -主机:localhost 连接:本地
roles:
- role: PaloAltoNetworks.paloaltonetworks
tasks:
- name: include variables
include_vars:
dir: vars
- name: Add superimportant rules to the firewall
panos_security_rule:
ip_address: '{{ fw_ip_address }}'
username: '{{ fw_username }}'
password: '{{ fw_password }}'
rule_name: '{{ item.rule_name }}'
description: '{{ item.description }}'
source_zone: ['{{ item.source_zone }}']
destination_zone: ['{{ item.destination_zone }}']
source_ip: ['{{ item.source_ip }}']
source_user: ['{{ item.source_user }}']
destination_ip: ['{{ item.destination_ip }}']
action: '{{ item.action }}'
disabled: '{{ item.disabled }}'
location: '{{ item.location }}'
log_end: '{{ item.log_end }}'
tag_name: '{{ item.tag_name }}'
vsys: '{{ item.vsys }}'
state: '{{ item.state }}'
commit: '{{ item.commit }}'
with_items:
- "{{ ruleset }}"