add auto fetch ssl certs
This commit is contained in:
@@ -13,7 +13,7 @@
|
||||
"articleSection" : "post",
|
||||
"name" : "[ansible] 用 ip 位置判斷是否要執行task \/ansible run task depends on ipaddr",
|
||||
"headline" : "[ansible] 用 ip 位置判斷是否要執行task \/ansible run task depends on ipaddr",
|
||||
"description" : "\x3cp\x3e因為工作上的需要,要修改client端的 \/etc\/environment 檔案\x3c\/p\x3e\n\n\x3cp\x3e在有權限使用proxy 服務的user的環境中,加入proxy 的設定\x3c\/p\x3e\n\n\x3cp\x3e原本的清單中,有host\/user\/ip 這幾個值可以拿來判斷\x3c\/p\x3e\n\n\x3cp\x3eproxy server 那邊是採用ip 來控制,所以這邊也跟著用 ip 來判斷要不要修改 \/etc\/environment\x3c\/p\x3e",
|
||||
"description" : "\x3cp\x3e因為工作上的需要,要修改client端的 \/etc\/environment 檔案\x3c\/p\x3e\n\x3cp\x3e在有權限使用proxy 服務的user的環境中,加入proxy 的設定\x3c\/p\x3e\n\x3cp\x3e原本的清單中,有host\/user\/ip 這幾個值可以拿來判斷\x3c\/p\x3e\n\x3cp\x3eproxy server 那邊是採用ip 來控制,所以這邊也跟著用 ip 來判斷要不要修改 \/etc\/environment\x3c\/p\x3e",
|
||||
"inLanguage" : "en",
|
||||
"author" : "Eric Chang",
|
||||
"creator" : "Eric Chang",
|
||||
@@ -45,9 +45,9 @@
|
||||
|
||||
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.3.1/css/all.css" integrity="sha384-mzrmE5qonljUremFsqc01SB46JvROS7bZs3IO2EmfFsd15uHvIt+Y8vEf7N7fWAU" crossorigin="anonymous">
|
||||
|
||||
<link href="https://h.cowbay.org/css/style.css?v=1626744134" rel="stylesheet" id="theme-stylesheet" type='text/css' media='all'>
|
||||
<link href="https://h.cowbay.org/css/style.css?v=1629951055" rel="stylesheet" id="theme-stylesheet" type='text/css' media='all'>
|
||||
|
||||
<link href="https://h.cowbay.org/css/custom.css?v=1626744134" rel="stylesheet" type='text/css' media='all'>
|
||||
<link href="https://h.cowbay.org/css/custom.css?v=1629951055" rel="stylesheet" type='text/css' media='all'>
|
||||
<link rel="shortcut icon" href="https://h.cowbay.org/img/favicon.ico" type="image/x-icon">
|
||||
<link rel="icon" href="https://h.cowbay.org/img/favicon.ico" type="image/x-icon">
|
||||
|
||||
@@ -81,10 +81,6 @@ if (!doNotTrack) {
|
||||
|
||||
<ul id="menu-secondary-items" class="menu-secondary-items">
|
||||
|
||||
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
|
||||
<a href="/categories/"></a>
|
||||
</li>
|
||||
|
||||
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
|
||||
<a href="/categories/ansible">ansible</a>
|
||||
</li>
|
||||
@@ -309,23 +305,14 @@ if (!doNotTrack) {
|
||||
<div class="entry-content">
|
||||
<article>
|
||||
<p>因為工作上的需要,要修改client端的 /etc/environment 檔案</p>
|
||||
|
||||
<p>在有權限使用proxy 服務的user的環境中,加入proxy 的設定</p>
|
||||
|
||||
<p>原本的清單中,有host/user/ip 這幾個值可以拿來判斷</p>
|
||||
|
||||
<p>proxy server 那邊是採用ip 來控制,所以這邊也跟著用 ip 來判斷要不要修改 /etc/environment</p>
|
||||
|
||||
<p>原本的想法是這樣</p>
|
||||
|
||||
<p>在playbook中,有兩個 task</p>
|
||||
|
||||
<p>當user ip (ansible_default_ipv4.address) 在清單內 ( {{ iuser_list }} )時</p>
|
||||
|
||||
<p>會去加入一些文字到 /etc/environment</p>
|
||||
|
||||
<p>反之,則取消這一段文字</p>
|
||||
|
||||
<pre><code>- name: get internet user list
|
||||
set_fact:
|
||||
iuser_list: "{{ ch['client_hosts']['abc.com'] |selectattr('iuser', 'defined')| list }}"
|
||||
@@ -350,36 +337,20 @@ if (!doNotTrack) {
|
||||
block: ""
|
||||
when: ansible_default_ipv4.address not in "item.ipv4"
|
||||
with_items: "{{ iuser_list }}"
|
||||
</code></pre>
|
||||
|
||||
<p>先做出一個可以上internet 的 user list</p>
|
||||
|
||||
</code></pre><p>先做出一個可以上internet 的 user list</p>
|
||||
<p>內容大概長這樣</p>
|
||||
|
||||
<pre><code>hwaddress: f4:4d:30:45:ee:6f', host: pc114', ipv4: 192.168.1.114', user: [liwa'], iuser: True
|
||||
hwaddress: f4:4d:30:45:ef:aa', host: pc120', ipv4: 192.168.1.120', user: [wany'], iuser: True
|
||||
</code></pre>
|
||||
|
||||
<p>然後判斷當client ip 在這個清單中時,就去修改,反之就刪除修改的部份</p>
|
||||
|
||||
</code></pre><p>然後判斷當client ip 在這個清單中時,就去修改,反之就刪除修改的部份</p>
|
||||
<p>有權限上internet的電腦在一開始跑就卡關了,這兩個task 都會被執行到</p>
|
||||
|
||||
<p>不應該是這樣才對呀,光看when 條件,會覺得這兩個條件應該是互斥的,怎麼會同時成立呢?</p>
|
||||
|
||||
<p>後來想想</p>
|
||||
|
||||
<p>在第一個task中,因為是用 item.ipv4 == ansible_default_ipv4.address 去做比對,所以很正常的一直比對到有符合的資料,然後開始進行task</p>
|
||||
|
||||
<p>但是在第二個task中,用的是ansible_default_ipv4.address not in item.ipv4 ,於是第一筆資料就符合條件,於是也開始執行task</p>
|
||||
|
||||
<p>在邏輯上,這樣的判斷沒有錯,錯的是我那打結的頭腦….</p>
|
||||
|
||||
<p>那怎麼解決呢?</p>
|
||||
|
||||
<p>把原本清單中的 ipv4 另外整理成一個list ,然後再去比對client ip 有沒有在這個list 中</p>
|
||||
|
||||
<p>就會變成這樣</p>
|
||||
|
||||
<pre><code>- name: get internet user ip list
|
||||
set_fact:
|
||||
iuser_ip_list: "{{ ch['client_hosts']['kw.com'] |selectattr('iuser', 'defined')| map(attribute='ipv4')|list }}"
|
||||
@@ -402,18 +373,11 @@ hwaddress: f4:4d:30:45:ef:aa', host: pc120', ipv4: 192.168.1.120', user: [wany']
|
||||
marker: "#{mark} ANSIBLE MANAGED BLOCK#"
|
||||
block: ""
|
||||
when: ansible_default_ipv4.address not in iuser_ip_list
|
||||
</code></pre>
|
||||
|
||||
<p>因為只比對 ip ,所以結果就是一翻兩瞪眼,有在裡面就跑第一個task ,沒有就跑第二個</p>
|
||||
|
||||
<hr />
|
||||
|
||||
</code></pre><p>因為只比對 ip ,所以結果就是一翻兩瞪眼,有在裡面就跑第一個task ,沒有就跑第二個</p>
|
||||
<hr>
|
||||
<p>不過呢, proxy server 那邊的playbook 也弄好了, client 這邊也知道怎麼跑了</p>
|
||||
|
||||
<p>但是,讓user可以透過proxy server 存取internet 的簽呈還是一直沒有下來 ….</p>
|
||||
|
||||
<p>都什麼年代了,還有半數以上的client 無法存取internet</p>
|
||||
|
||||
<p>我實在是想不透啊..</p>
|
||||
</article>
|
||||
</div>
|
||||
@@ -689,7 +653,7 @@ title="pinterest icon"></i>
|
||||
|
||||
</ul> <div class="design-credit">
|
||||
|
||||
<p>© 2018 Göran Svensson</p>
|
||||
<p>© 2018 Göran Svensson</p>
|
||||
|
||||
<p>Nederburg Hugo Theme by <a href="https://appernetic.io">Appernetic</a>.</p>
|
||||
|
||||
@@ -701,7 +665,7 @@ title="pinterest icon"></i>
|
||||
</div>
|
||||
<script src="https://h.cowbay.org/js/jquery.min.js"></script>
|
||||
<script src="https://h.cowbay.org/js/jquerymigrate.js"></script>
|
||||
<script src="https://h.cowbay.org/js/production.min.js?v=1626744134"></script>
|
||||
<script src="https://h.cowbay.org/js/production.min.js?v=1629951055"></script>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
||||
Reference in New Issue
Block a user