Itérer les sous-éléments Ansible avec des sous-éléments

2020-06-02 ansible

Avoir une tâche qui copie la clé de chaque utilisateur

- name: SSH Keys
  authorized_key:
    user: "{{ item.0.name }}"
    key: "{{ item.0.ssh_key.0.key }}"
    state: "{{ item.0.ssh_key.0.state }}"
  when: 
    - item.1 == 'all' or item.1 in group_names or item.1 == inventory_hostname
  with_subelements:
    - "{{ users }}"
    - servers

Liste Var:

users:
  - name: user1
    ssh_key:
      - key: 
        - "key1.user1"
        - "key2.user1"
        - "key3.user1"
        state: present
    servers:
      - server1
  - name: user2
    ssh_key:
      - key: 
        - "key1.user2"
        - "key2.user2"
        state: present
    servers:
      - all

QUESTION: Comment pouvons-nous permettre aux utilisateurs de copier plusieurs clés? Sans supprimer les serveurs de with_subelements. Au démarrage de la tâche, la dernière clé ou un tableau avec des clés est copié, selon la façon dont nous l'écrivons dans la liste var. Dans ce format, copie de la dernière clé.

- key: "key1.user1"
- key: "key2.user1"
- key: "key3.user1"

Dans ce tableau.

- key:
  - "key1"
  - "key2"

Answers

Adaptons la structure des données à cet effet. Par exemple,

users:
  - name: user1
    ssh_key:
      - "key1.user1"
      - "key2.user1"
      - "key3.user1"
    state: present
    servers:
      - server1
...

Il est possible de boucler include_tasks . Par exemple, créez la tâche (testez-la d'abord avec le debug )

shell> cat conf_authorized_key.yml
- name: SSH Keys
# authorized_key:
  debug:
    msg:
      - "user: {{ item.0.name }}"
      - "state: {{ item.0.state }}"
      - "key: {{ iitem }}"
  loop: "{{ item.0.ssh_key }}"
  loop_control:
    loop_var: iitem

Ensuite, incluez-le dans le playbook

shell> cat playbook.yml
- hosts: localhost

  vars:
    users:
      - name: user1
        ssh_key:
          - "key1.user1"
          - "key2.user1"
          - "key3.user1"
        state: present
        servers:
          - server1
      - name: user2
        ssh_key:
          - "key1.user2"
          - "key2.user2"
        state: present
        servers:
          - all

  tasks:
    - name: Loop include_task
      include_tasks: conf_authorized_key.yml
      loop: "{{ users|subelements('servers') }}"
      loop_control:
        label: "{{ item.1 }}"
      when: (item.1 == 'all') or
            (item.1 in group_names) or
            (item.1 == inventory_hostname)

donne

shell> ansible-playbook playbook.yml

PLAY [localhost] ****

TASK [Loop include_task] ****
skipping: [localhost] => (item=server1) 
included: /export/scratch/tmp/conf_authorized_key.yml for localhost

TASK [SSH Keys] ****
ok: [localhost] => (item=key1.user2) => {
    "msg": [
        "user: user2",
        "state: present",
        "key: key1.user2"
    ]
}
ok: [localhost] => (item=key2.user2) => {
    "msg": [
        "user: user2",
        "state: present",
        "key: key2.user2"
    ]
}

PLAY RECAP ****
localhost: ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Related