我让最终用户提供用户名,即dest_user,其ssh密钥已在Linux上为所有目标主机(即dest_host(设置。
以下是我如何为无密码用户设置动态清单
- add_host:
name: "{{ item }}"
groups: dest_nodes
ansible_user: "{{ dest_user }}"
with_items: "{{ dest_host.split() }}"
when: dest_user != ""
一切都很好。第二种情况是,当用户没有提供任何dest_user时,他的SSO用户名(我从他们的Jenkins登录中得到(和密码,即他手动输入的dest_pass,应该用于动态清单中的所有主机。
如何构建dest_nodes组以同时容纳无密码登录的用户名和SSO登录的用户名密码?
您可以使用pause模块有条件地提示输入变量,并使用特殊变量omit使ansible_password在add_host任务中可选。
注意:由于您似乎对从Jenkins获得用户的方法有一个很好的想法,我假设它在变量dest_user_from_jenkins中,在这里
这将是两项任务:
- pause:
prompt: Please enter your password
echo: no
register: dest_pass
when: dest_user | default('') == ''
- add_host:
name: "{{ item }}"
groups: dest_nodes
ansible_user: "{{ dest_user | default(dest_user_from_jenkins) }}"
ansible_password: "{{ dest_pass.user_input | default(omit) }}"
loop: "{{ dest_host.split() }}"
给定剧本:
- hosts: localhost
gather_facts: no
vars:
dest_host: foo bar
dest_user_from_jenkins: dest_user_not_set
tasks:
- pause:
prompt: Please enter your password
echo: no
register: dest_pass
when: dest_user | default('') == ''
- add_host:
name: "{{ item }}"
groups: dest_nodes
ansible_user: "{{ dest_user | default(dest_user_from_jenkins) }}"
ansible_password: "{{ dest_pass.user_input | default(omit) }}"
loop: "{{ dest_host.split() }}"
- debug:
msg: |
user: {{ hostvars[item].ansible_user }}
password: {{
hostvars[item].ansible_password
| default('password has not been set!')
}}
loop: "{{ groups['dest_nodes'] }}"
我们最终有两条可能的途径:
- 在没有任何额外参数的情况下运行时,会产生:
TASK [pause] *********************************************************** [pause] Please enter your password (output is hidden): ok: [localhost] TASK [add_host] ******************************************************** ok: [localhost] => (item=foo) ok: [localhost] => (item=bar) TASK [debug] *********************************************************** ok: [localhost] => (item=foo) => msg: |- user: dest_user_not_set password: password ok: [localhost] => (item=bar) => msg: |- user: dest_user_not_set password: password - 使用
--extra-vars "dest_user=dest_user_set"运行时,会产生:TASK [pause] *********************************************************** skipping: [localhost] TASK [add_host] ******************************************************** ok: [localhost] => (item=foo) ok: [localhost] => (item=bar) TASK [debug] *********************************************************** ok: [localhost] => (item=foo) => msg: |- user: dest_user_set password: password has not been set! ok: [localhost] => (item=bar) => msg: |- user: dest_user_set password: password has not been set!