小贝子编程

如何检查字典嵌套列表中的项目是否存在于另一个字典列表中?



你好开发者社区!

这是我在这里的第一篇文章:-(我对 Ansible 相对较新,希望获得有关以下内容的帮助。我正在尝试创建一些脚本来管理Citrix NetScaler VPX上的功能。在此特定情况下,我想部署一个包含定义的 SSL 密码的 SSL 密码组。 我在 YAML 文件中定义了以下数据结构:

nsapp_sslciphergroup:
- ciphergroupname:                   "TEST_1"
sslcipher:
- ciphername:                    "TLS1.3-AES256-GCM-SHA384"
cipherpriority:                "1"
- ciphername:                    "TLS1.3-CHACHA20-POLY1305-SHA256"
cipherpriority:                "2"
- ciphername:                    "TLS1.3-AES128-GCM-SHA256"
cipherpriority:                "3"
- ciphergroupname:                   "TEST_2"
sslcipher:
- ciphername:                    "TLS1.2-ECDHE-RSA-AES256-GCM-SHA384"
cipherpriority:                "1"
- ciphername:                    "TLS1.2-ECDHE-RSA-AES128-GCM-SHA256"
cipherpriority:                "2"
- ciphername:                    "TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384"
cipherpriority:                "3"

NetScaler 本身不允许再次将同一密码绑定到给定的密码组中,因此在进行任何更改之前,我需要以某种方式检查密码组及其绑定是否已存在。因此,第一次运行是可以的,但任何连续运行都会失败,因为给定的密码名已经绑定到密码组。 当前代码如下:

- name: "Add SSL ciphergroup binding(s)"
netscaler_nitro_request:
<<: *nitro_login
operation: add
resource: sslcipher_sslciphersuite_binding
name: ""
attributes:
ciphergroupname: "{{ item.0.ciphergroupname }}"
ciphername: "{{ item.1.ciphername }}"
cipherpriority: "{{ item.1.cipherpriority }}"
register: add_sslcipher_sslciphersuite_binding_result
with_subelements:
- "{{ nsapp_sslciphergroup }}"
- "sslcipher"
- skip_missing: true

为了在再次运行脚本之前检查当前配置是什么,我有以下代码:

- name: "Check if SSL ciphergroup binding(s) are already defined"
netscaler_nitro_request:
<<: *nitro_login
operation: get
resource: sslcipher_sslciphersuite_binding
name: "{{ item.ciphergroupname }}"
attributes:
ciphergroupname: "{{ item.ciphergroupname }}"
register: get_sslcipher_sslciphersuite_binding_result
with_items: "{{ nsapp_sslciphergroup }}"

如果密码组已使用其绑定定义,则此代码将产生以下结果(在"get_sslcipher_sslciphersuite_binding_result"变量中注册( (并且对"TEST_2"组也有类似的输出,也带有 ist 各自的绑定(:

"nitro_object": [
{
"ciphergroupname": "TEST_1", 
"ciphername": "TLS1.3-AES256-GCM-SHA384", 
"cipherpriority": "1", 
"description": "TLSv1.3 Kx=any      Au=any  Enc=AES-GCM(256) Mac=AEAD   HexCode=0x1302", 
"peflags": "4", 
"stateflag": "512"
}, 
{
"ciphergroupname": "TEST_1", 
"ciphername": "TLS1.3-CHACHA20-POLY1305-SHA256", 
"cipherpriority": "2", 
"description": "TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD   HexCode=0x1303", 
"peflags": "4", 
"stateflag": "512"
}, 
{
"ciphergroupname": "TEST_1", 
"ciphername": "TLS1.3-AES128-GCM-SHA256", 
"cipherpriority": "3", 
"description": "TLSv1.3 Kx=any      Au=any  Enc=AES-GCM(128) Mac=AEAD   HexCode=0x1301", 
"peflags": "4", 
"stateflag": "512"
}
],

我正在尝试在"with_subelements"部分之后添加一个"when"子句,但脚本的添加部分总是想要运行。

任何人都可以建议检查"get_sslcipher_sslciphersuite_binding_result"变量是否包含给定密码组的给定密码名称的正确方法是什么?

提前非常感谢!

刚刚破解了它:-( "指定的密码已绑定更高优先级"的NS错误代码为3741。只需将其添加到failed_when条件下即可。

- name: "Add SSL ciphergroup binding(s) if they do *NOT* exist"
netscaler_nitro_request:
<<: *nitro_login
operation: add
resource: sslcipher_sslciphersuite_binding
name: ""
attributes:
ciphergroupname: "{{ item.0.ciphergroupname }}"
ciphername: "{{ item.1.ciphername }}"
cipherpriority: "{{ item.1.cipherpriority }}"
register: add_sslcipher_sslciphersuite_binding_result
until: ( add_sslcipher_sslciphersuite_binding_result is succeeded )
retries: 6
delay: 5
with_subelements:
- "{{ nsapp_sslciphergroup }}"
- "sslcipher"
- skip_missing: true
failed_when: ( (add_sslcipher_sslciphersuite_binding_result.nitro_errorcode != 0) and (add_sslcipher_sslciphersuite_binding_result.nitro_errorcode != 3741) )
- debug: 
var: add_sslcipher_sslciphersuite_binding_result
tags: [ never, debug ]
- assert:
that: ( (add_sslcipher_sslciphersuite_binding_result.results[{{ item }}].nitro_errorcode == 0) or (add_sslcipher_sslciphersuite_binding_result.results[{{ item }}].nitro_errorcode == 3741) )
fail_msg: "[ERROR] Operation failed!"
success_msg: "[OK] Operation successful." 
loop: "{{ nsapp_sslciphergroup }}" 
loop_control:
index_var: item

解决方案是让模块报告失败并测试错误代码

failed_when: 
- add_sslcipher_sslciphersuite_binding_result.nitro_errorcode != 0
- add_sslcipher_sslciphersuite_binding_result.nitro_errorcode != 3741

鉴于模块在成功更新资源时返回"0",则可能使其幂等

changed_when:
- add_sslcipher_sslciphersuite_binding_result.nitro_errorcode == 0

不是幂等的。

问:NetScaler 本身不允许将同一密码再次绑定到给定的密码组中,因此在进行任何更改之前,我需要以某种方式检查密码组及其绑定是否已存在。因此,第一次运行是可以的,但任何连续运行都会失败,因为给定的密码名已经绑定到密码组。当前代码如下:

- name: "Add SSL ciphergroup binding(s)"
netscaler_nitro_request:
<<: *nitro_login
operation: add
resource: sslcipher_sslciphersuite_binding
name: ""
attributes:
ciphergroupname: "{{ item.0.ciphergroupname }}"
ciphername: "{{ item.1.ciphername }}"
cipherpriority: "{{ item.1.cipherpriority }}"
register: add_sslcipher_sslciphersuite_binding_result
with_subelements:
- "{{ nsapp_sslciphergroup }}"
- "sslcipher"
- skip_missing: true

大多数 NetScaler REST API 查询都以这种方式工作,完全没有幂等性。

答:幂等性是 Ansible 的关键特性。引用自词汇表

幂等性:如果执行一次操作的结果与在没有任何干预操作的情况下重复执行操作的结果完全相同,则该操作是幂等的。

文档中没有迹象表明模块netscaler_nitro_request可能不是幂等的。

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium