在Ansible中,我需要执行一组任务并从第三方(已处理此部分)获取密码,然后使用这些SSH凭据进行连接。
问题是当我这样做时,遍历清单的最佳方法似乎是包括任务列表,这很棒。主要问题是,仅当我在main.yml剧本中将主机指定为localhost时,才能获得此权限。 (或设置为服务器组的名称并指定连接:local),这会使命令模块在本地执行,这违背了目的。
我尝试查看SSH模块,但似乎没有注册以使我检测到no_action。我知道我可能会忽略一些明显的问题。
稍后我将发布更接近确切的代码,但是我现在所拥有的是
main.yml
---
- hosts: localhost
tasks:
- name: subplay
include: secondary.yml
vars:
user:myUser
address:"{{hostvars[item].address}}"
with_items: hostvars['mygroup']
secondary.yml
---
- name: fetch password
[...fethchMyPassword, it works]
register: password
- name:
[...Need to connect with fetched user for this task and this task only..]
command: /my/local/usr/task.sh
我想在那里连接并执行脚本,但是无论我尝试执行什么,它要么根本无法执行,要么在本地执行。
另外,我可能会注意到我签出了https://docs.ansible.com/ansible/latest/plugins/connection/paramiko_ssh.html, https://docs.ansible.com/ansible/latest/plugins/connection/ssh.html,但必须做错了事
答案 0 :(得分:1)
在我看来,只有您的提取任务才需要委派给localhost,其余事务都应委派给localhost,而当您拥有所有连接信息时,可以通过将值设置为ansible_ {user,ssh_pass,password}来建立与set_facts的连接。试试这个:
main.yml
---
- hosts: mygroup # inventory_hostname will loop through all your hosts in my_group
tasks:
- name: subplay
include: secondary.yml
vars:
user:myUser
address:"{{hostvars[inventory_hostname].address}}"
secondary.yml
---
- name: fetch password
[...fethchMyPassword, it works]
delegate_to: localhost # this task is only run on localhost
register: password
- set_fact: # use registered password and vars to setup connection
ansible_user: "{{ user}}"
ansible_ssh_pass: "{{ password }}"
ansible_host: "{{ address }}"
- name: Launch task # this task is run on each hosts of my_group
[...Need to connect with fetched user for this task and this task only..]
command: /my/local/usr/task.sh
通过
启动ansible-playbook main.yml
尝试与secondary.yml一起编写角色,并与main.yml一起编写剧本