我最近开始将越来越多的Ansible,尤其是AWX用于简单的重复性任务。以下是通过Bash脚本下载,安装和配置日志记录的剧本。该脚本用于两个主机:Ubuntu 20.04和CentOS 7.6,而对于后者,需要对SELinux进行一些更改。
问题是,为什么我只为Ubuntu而不是CentOS遇到错误?
这是剧本:
# Download an run Nagios Log Server configuration script
---
- name: nagios-log configure
hosts: all
remote_user: root
tasks:
- name: Distribution
debug: msg="{{ ansible_distribution }}"
- name: Download setup-linux.sh
get_url:
url: http://10.10.10.10/nagioslogserver/scripts/setup-linux.sh
validate_certs: no
dest: /tmp/setup-linux.sh
- name: Change script permission
file: dest=/tmp/setup-linux.sh mode=a+x
- name: Run setup-linux.sh
shell: /tmp/setup-linux.sh -s 10.10.10.10 -p 5544
register: ps
failed_when: "ps.rc not in [ 0, 1 ]"
- name: Install policycoreutils if needed
yum:
name:
- policycoreutils
- policycoreutils-python
state: latest
when: ansible_distribution == 'CentOS'
- name: Check if policy file exists
stat:
path: /etc/selinux/targeted/active/ports.local
register: result
when: ansible_distribution == 'CentOS'
- name: Check whether line exists
find:
paths: /etc/selinux/targeted/active/ports.local
contains: '5544'
register: found
when: result.stat.exists == True
- name: Add SELinux policy exception if missing
command: semanage port -a -t syslogd_port_t -p udp 5544
when: found.matched > 0
- name: Restart rsyslog
systemd:
name: rsyslog
state: restarted
enabled: yes
这是在AWX上运行剧本时的错误输出:
TASK [Check whether line exists] ***********************************************
fatal: [Ubuntu.domain.corp]: FAILED! => {"msg": "The conditional check 'result.stat.exists == True' failed. The error was: error while evaluating conditional (result.stat.exists == True): 'dict object' has no attribute 'stat'\n\nThe error appears to be in '/tmp/awx_154_1811rny6/project/nagios-log.yml': line 39, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: Check whether line exists\n ^ here\n"}
ok: [Centos.domain.corp]
出于我无法理解的原因,CentOS服务器很好,但是Ubuntu出现了一个我不理解的奇怪错误。我尝试了其他方法来实现与when命令相同的逻辑。
答案 0 :(得分:2)
您收到此错误,因为在{p>中注册了变量result
- name: Check if policy file exists
stat:
path: /etc/selinux/targeted/active/ports.local
register: result
when: ansible_distribution == 'CentOS'
但是由于when: ansible_distribution == 'CentOS',它无法在Ubuntu上运行,因此在Ubuntu上运行剧本时,变量result不存在。
要解决此问题(并仅在CentOS上也使用result运行任务),可以将其更改为:
- name: Check whether line exists
find:
paths: /etc/selinux/targeted/active/ports.local
contains: '5544'
register: found
when:
- ansible_distribution == 'CentOS'
- result.stat.exists == True
- name: Add SELinux policy exception if missing
command: semanage port -a -t syslogd_port_t -p udp 5544
when:
- ansible_distribution == 'CentOS'
- found.matched > 0
或者您可以像这样将所有CentOS特定任务放在block中:
- name: CentOS specific tasks
block:
- name: Install policycoreutils if needed
yum:
name:
- policycoreutils
- policycoreutils-python
state: latest
- name: Check if policy file exists
stat:
path: /etc/selinux/targeted/active/ports.local
register: result
- name: Check whether line exists
find:
paths: /etc/selinux/targeted/active/ports.local
contains: '5544'
register: found
when: result.stat.exists == True
- name: Add SELinux policy exception if missing
command: semanage port -a -t syslogd_port_t -p udp 5544
when: found.matched > 0
when: ansible_distribution == 'CentOS'
或者您可以将它们放在自己的文件中,然后include that file。实际上,有很多方法可以做到这一点。