chchang/hugo_backup
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

hugo daily push 2019-07-23 22:00:01

Browse Source
This commit is contained in:
Eric Chang
2019-07-23 22:00:02 +08:00
parent f9bd72c653
commit 1142353e1e
93 changed files with 2060 additions and 962 deletions
Download Patch File Download Diff File Expand all files Collapse all files

506
public/post/ansible-run-task-depends-on-ipaddr/index.html Normal file
View File

@@ -0,0 +1,506 @@
<!doctype html>
<html class="no-js" lang="tw">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="author" content="Eric Chang">
<meta name="description" content="Whats the Worst That Could Happen?">
<meta name="keywords" content="linux,blog,responsive,search,font awesome,pages,posts,multilingual,highlight.js,syntax highlighting,premium,shortcuts">
<meta name="generator" content="Hugo 0.50" />
<title> [ansible] 用 ip 位置判斷是否要執行task /ansible run task depends on ipaddr | MCの飄狂山莊㊣</title>
<meta name="description" content="[ansible] 用 ip 位置判斷是否要執行task /ansible run task depends on ipaddr - Whats the Worst That Could Happen?">
<meta itemprop="name" content="[ansible] 用 ip 位置判斷是否要執行task /ansible run task depends on ipaddr">
<meta itemprop="description" content="[ansible] 用 ip 位置判斷是否要執行task /ansible run task depends on ipaddr - Whats the Worst That Could Happen?">
<meta property="og:title" content="[ansible] 用 ip 位置判斷是否要執行task /ansible run task depends on ipaddr">
<meta property="og:description" content="[ansible] 用 ip 位置判斷是否要執行task /ansible run task depends on ipaddr - Whats the Worst That Could Happen?">
<meta property="og:image" content="https://h.cowbay.org/images/post-default-7.jpg">
<meta property="og:url" content="https://h.cowbay.org/post/ansible-run-task-depends-on-ipaddr/">
<meta property="og:site_name" content="MCの飄狂山莊㊣">
<meta property="og:type" content="article">
<link rel="icon" type="image/png" href="https://h.cowbay.org/favicon-32x32.png" sizes="32x32">
<link rel="icon" type="image/png" href="https://h.cowbay.org/favicon-16x16.png" sizes="16x16">
<link rel="stylesheet" href="https://h.cowbay.org/sass/combined.min.a89dfa577f701bffe9659f476ef61241cb2a3452b913e793463b0074a10c0a59.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
</head>
<body class="bilberry-hugo-theme">
<nav class="permanentTopNav">
<div class="container">
<ul class="topnav">
</ul>
<div id="search-box" class="search">
<i class="fa fa-search"></i>
<input id="search" type="text" placeholder="">
</div>
</div>
</nav>
<header>
<div class="container">
<div class="logo">
<a href="/" class="logo">
<img src="https://www.gravatar.com/avatar/e4eb1f8e016ffb73e9889f87d16e15f0?d=mm&size=200" alt="">
<span class="overlay"><i class="fa fa-home"></i></span>
</a>
</div>
<div class="titles">
<h3 class="title"><a href="/">MCの飄狂山莊㊣</a></h3>
<span class="subtitle">Whats the Worst That Could Happen?</span>
</div>
<div class="toggler permanentTopNav">
<i class="fa fa-bars" aria-hidden="true"></i>
</div>
</div>
</header>
<div class="main container">
<div class="article-wrapper u-cf single">
<a class="bubble" href="/post/ansible-run-task-depends-on-ipaddr/">
<i class="fa fa-fw fa-pencil"></i>
</a>
<article class="default article">
<div class="featured-image">
<a href="/post/ansible-run-task-depends-on-ipaddr/">
<img src="/images/post-default-7.jpg" alt="">
</a>
</div>
<div class="content">
<h3><a href="/post/ansible-run-task-depends-on-ipaddr/">[ansible] 用 ip 位置判斷是否要執行task /ansible run task depends on ipaddr</a></h3>
<div class="meta">
<span class="date moment">2019-07-23</span>
<span class="categories">
<a href="/categories/ansible">ansible</a>
</span>
<span class="author"><a href="/author/eric-chang">Eric Chang</a></span>
</div>
<p>因為工作上的需要要修改client端的 /etc/environment 檔案</p>
<p>在有權限使用proxy 服務的user的環境中加入proxy 的設定</p>
<p>原本的清單中有host/user/ip 這幾個值可以拿來判斷</p>
<p>proxy server 那邊是採用ip 來控制,所以這邊也跟著用 ip 來判斷要不要修改 /etc/environment</p>
<p>
原本的想法是這樣</p>
<p>在playbook中有兩個 task</p>
<p>當user ip (ansible_default_ipv4.address) 在清單內 ( {{ iuser_list }} )時</p>
<p>會去加入一些文字到 /etc/environment</p>
<p>反之,則取消這一段文字</p>
<pre><code>- name: get internet user list
set_fact:
iuser_list: &quot;{{ ch['client_hosts']['abc.com'] |selectattr('iuser', 'defined')| list }}&quot;
- name: add proxy to /etc/environment
blockinfile:
path: /etc/environment
marker: &quot;#{mark} ANSIBLE MANAGED BLOCK#&quot;
block: |
all_proxy=&quot;{{ proxy_env }}&quot;
http_proxy=&quot;{{ proxy_env }}&quot;
https_proxy=&quot;{{ proxy_env }}&quot;
no_proxy=&quot;localhost,127.0.0.1,192.168.1.1/16,.abc.com,.def.com&quot;
when: item.ipv4 == ansible_default_ipv4.address
with_items: &quot;{{ iuser_list }}&quot;
# remove proxy when user not in iuser_list
- name: removeproxy from /etc/environment
blockinfile:
path: /etc/environment
marker: &quot;#{mark} ANSIBLE MANAGED BLOCK#&quot;
block: &quot;&quot;
when: ansible_default_ipv4.address not in &quot;item.ipv4&quot;
with_items: &quot;{{ iuser_list }}&quot;
</code></pre>
<p>先做出一個可以上internet 的 user list</p>
<p>內容大概長這樣</p>
<pre><code>hwaddress: f4:4d:30:45:ee:6f', host: pc114', ipv4: 192.168.1.114', user: [liwa'], iuser: True
hwaddress: f4:4d:30:45:ef:aa', host: pc120', ipv4: 192.168.1.120', user: [wany'], iuser: True
</code></pre>
<p>然後判斷當client ip 在這個清單中時,就去修改,反之就刪除修改的部份</p>
<p>有權限上internet的電腦在一開始跑就卡關了這兩個task 都會被執行到</p>
<p>不應該是這樣才對呀光看when 條件,會覺得這兩個條件應該是互斥的,怎麼會同時成立呢?</p>
<p>後來想想</p>
<p>在第一個task中因為是用 item.ipv4 == ansible_default_ipv4.address 去做比對所以很正常的一直比對到有符合的資料然後開始進行task</p>
<p>但是在第二個task中用的是ansible_default_ipv4.address not in item.ipv4 於是第一筆資料就符合條件於是也開始執行task</p>
<p>在邏輯上,這樣的判斷沒有錯,錯的是我那打結的頭腦&hellip;.</p>
<p>那怎麼解決呢?</p>
<p>把原本清單中的 ipv4 另外整理成一個list 然後再去比對client ip 有沒有在這個list 中</p>
<p>就會變成這樣</p>
<pre><code>- name: get internet user ip list
set_fact:
iuser_ip_list: &quot;{{ ch['client_hosts']['konwen.com'] |selectattr('iuser', 'defined')| map(attribute='ipv4')|list }}&quot;
- name: add proxy to /etc/environment
blockinfile:
path: /etc/environment
marker: &quot;#{mark} ANSIBLE MANAGED BLOCK#&quot;
block: |
all_proxy=&quot;{{ proxy_env }}&quot;
http_proxy=&quot;{{ proxy_env }}&quot;
https_proxy=&quot;{{ proxy_env }}&quot;
no_proxy=&quot;localhost,127.0.0.1,192.168.1.1/16,.def.com.tw,.abc.com&quot;
when: ansible_default_ipv4.address in iuser_ip_list
# remove proxy when user not in iuser_list
- name: remove proxy from /etc/environment
blockinfile:
path: /etc/environment
marker: &quot;#{mark} ANSIBLE MANAGED BLOCK#&quot;
block: &quot;&quot;
when: ansible_default_ipv4.address not in iuser_ip_list
</code></pre>
<p>因為只比對 ip 所以結果就是一翻兩瞪眼有在裡面就跑第一個task ,沒有就跑第二個</p>
<hr />
<p>不過呢, proxy server 那邊的playbook 也弄好了, client 這邊也知道怎麼跑了</p>
<p>但是讓user可以透過proxy server 存取internet 的簽呈還是一直沒有下來 &hellip;.</p>
<p>都什麼年代了還有半數以上的client 無法存取internet</p>
<p>我實在是想不透啊..</p>
</div>
<div class="footer">
<div class="tags">
<i class="fa fa-tags"></i>
<div class="links">
<a href="/tags/ansible">ansible</a>
</div>
</div>
</div>
</article>
</div>
<div id="disqus_thread"></div>
<script type="application/javascript">
var disqus_config = function () {
};
(function() {
if (["localhost", "127.0.0.1"].indexOf(window.location.hostname) != -1) {
document.getElementById('disqus_thread').innerHTML = 'Disqus comments not available by default when the website is previewed locally.';
return;
}
var d = document, s = d.createElement('script'); s.async = true;
s.src = '//' + "h-cowbay-org-1" + '.disqus.com/embed.js';
s.setAttribute('data-timestamp', +new Date());
(d.head || d.body).appendChild(s);
})();
</script>
<noscript>Please enable JavaScript to view the <a href="https://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
<a href="https://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>
</div>
<footer>
<div class="container">
<div class="recent-posts">
<strong></strong>
<ul>
<li>
<a href="/post/ansible-run-task-depends-on-ipaddr/">[ansible] 用 ip 位置判斷是否要執行task /ansible run task depends on ipaddr</a>
</li>
<li>
<a href="/post/ansible-selectattr-from-list-in-dictionary/">[ansible] 引用事先定義好的yaml檔裡面的變數 - Ansible Selectattr From List in Dictionary file</a>
</li>
<li>
<a href="/post/remote-management-system-meshcentral/">linux底下遠端遙控&amp;管理的好用系統 Meshcentral / Remote Management &amp; control system Meshcentral</a>
</li>
<li>
<a href="/post/install-asus-10g-nic-in-proxmox/">Install Asus 10G NIC XG-C100C in Proxmox</a>
</li>
<li>
<a href="/post/change-timezone-in-docker/">[筆記] 修改 docker 容器內的時區 - Change Timezone in Docker</a>
</li>
<li>
<a href="/post/transfer-file-content-using-xclip-in-terminal/">Transfer File Content Using Xclip in Terminal</a>
</li>
<li>
<a href="/post/inx-collect-detail-hardware-info/">[筆記] inxi 蒐集詳盡的硬體資訊 / inxi Collect Detail Hardware Info</a>
</li>
</ul>
</div>
<div class="categories">
<a href="/categories/"><strong></strong></a>
<ul>
<li>
<a href="/categories/%E7%AD%86%E8%A8%98">筆記 (20)</a>
</li>
<li>
<a href="/categories/ansible">Ansible (2)</a>
</li>
<li>
<a href="/categories/linux">Linux (1)</a>
</li>
<li>
<a href="/categories/proxmox">Proxmox (1)</a>
</li>
<li>
<a href="/categories/ps">Ps (1)</a>
</li>
<li>
<a href="/categories/%E7%A2%8E%E5%BF%B5">碎念 (1)</a>
</li>
<li>
<a href="/categories/%E7%BE%A4%E6%9A%89">群暉 (1)</a>
</li>
</ul>
</div>
<div class="right">
<div class="external-profiles">
<strong></strong>
<a href="https://www.facebook.com/mariahchang" target="_blank"><i class="fa fa-facebook-adblock-proof"></i></a>
<a href="https://twitter.com/changchichung" target="_blank"><i class="fa fa-twitter-adblock-proof"></i></a>
<a href="https://github.com/changchichung" target="_blank"><i class="fa fa-github"></i></a>
<a href="https://www.yapee.tw/mvc/onlinePay/webLink?key=lMC74kucH21JChCR77-wJ80ZZ-Poh11amP24BwiDdHw" target="_blank"><img border="0" src="https://www.yapee.tw/mvc/file/publicFile?pathType=data/linkLogo/B0S0F0002585.jpg"></img></a>
</div>
</div>
</div>
</footer>
<div class="credits">
<div class="container">
<div class="copyright">
<a href="https://github.com/Lednerb" target="_blank">
&copy;
2017
by Lednerb
</a>
</div>
<div class="author">
<a href="https://www.yapee.tw/mvc/onlinePay/webLink?key=lMC74kucH21JChCR77-wJ80ZZ-Poh11amP24BwiDdHw" target="_blank">Bilberry Hugo Theme</a>
</div>
</div>
</div>
<script type="application/javascript">
var doNotTrack = false;
if (!doNotTrack) {
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-138954876-1', 'auto');
ga('send', 'pageview');
}
</script>
<script async src='https://www.google-analytics.com/analytics.js'></script>
<script type="text/javascript" src="https://h.cowbay.org/js/externalDependencies.39c47e10e241eae2947b3fe21809c572.js" integrity="md5-OcR&#43;EOJB6uKUez/iGAnFcg=="></script>
<script type="text/javascript" src="https://h.cowbay.org/js/theme.ff50ae6dc1bfc220b23bf69dbb41b54e.js" integrity="md5-/1CubcG/wiCyO/adu0G1Tg=="></script>
<script>
$(".moment").each(function() {
$(this).text(
moment( $(this).text() )
.locale( "tw" )
.format('LL')
);
});
$(".footnote-return sup").html("");
</script>
<script>
var client = algoliasearch("2XL0P8XDCY", "4ef65b37b627bb886b46c34a10e63aa6");
var index = client.initIndex("h_cowbay_org");
$('#search').autocomplete({ hint: false, autoselect: true, debug: false },
[
{
source: $.fn.autocomplete.sources.hits(index, { hitsPerPage: 10 }),
displayKey: function(suggestion) {
return suggestion.title || suggestion.author
},
templates: {
suggestion: function(suggestion) {
return "<span class='entry " + suggestion.type + "'>"
+ "<span class='title'>" + suggestion.title + "</span>"
+ "<span class='fa fa-fw " + suggestion.iconClass + "'></span>"
+ "</span>"
;
},
empty: function() {
return "<span class='empty'></span>"
},
footer: function() {
return '<div class="branding">Powered by <img src="https:\/\/h.cowbay.org\/dist\/algolia-logo-light.svg" /></div>'
}
},
}
])
.on('autocomplete:selected', function(event, suggestion, dataset) {
window.location = (suggestion.url);
})
.keypress(function (event, suggestion) {
if (event.which == 13) {
window.location = (suggestion.url);
}
});
</script>
</body>
</html>