hugo_backup/public/post/ansible-run-task-depends-on-ipaddr/index.html

<!doctype html>
<html class="no-js" lang="tw">
    <head>
        <meta charset="utf-8">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <meta name="author" content="Eric Chang">
        <meta name="description" content="What’s the Worst That Could Happen?">
        <meta name="keywords" content="linux,blog,responsive,search,font awesome,pages,posts,multilingual,highlight.js,syntax highlighting,premium,shortcuts">
        <meta content="" name="keywords">
        <meta name="generator" content="Hugo 0.50" />
        <title> [ansible] 用 ip 位置判斷是否要執行task /ansible run task depends on ipaddr | MCの飄狂山莊㊣</title>
        <meta name="description" content="[ansible] 用 ip 位置判斷是否要執行task /ansible run task depends on ipaddr - What’s the Worst That Could Happen?">
        <meta itemprop="name" content="[ansible] 用 ip 位置判斷是否要執行task /ansible run task depends on ipaddr">
        <meta itemprop="description" content="[ansible] 用 ip 位置判斷是否要執行task /ansible run task depends on ipaddr - What’s the Worst That Could Happen?">
        <meta property="og:title" content="[ansible] 用 ip 位置判斷是否要執行task /ansible run task depends on ipaddr">
        <meta property="og:description" content="[ansible] 用 ip 位置判斷是否要執行task /ansible run task depends on ipaddr - What’s the Worst That Could Happen?">
        <meta property="og:image" content="https://h.cowbay.org/images/post-default-7.jpg">
        <meta property="og:url" content="https://h.cowbay.org/post/ansible-run-task-depends-on-ipaddr/">
        <meta property="og:site_name" content="MCの飄狂山莊㊣">
        <meta property="og:type" content="article">
        <link rel="icon" type="image/png" href="https://h.cowbay.org/favicon-32x32.png" sizes="32x32">
        <link rel="icon" type="image/png" href="https://h.cowbay.org/favicon-16x16.png" sizes="16x16">

	

        
        
        
        
        <link rel="stylesheet" href="https://h.cowbay.org/sass/combined.min.a89dfa577f701bffe9659f476ef61241cb2a3452b913e793463b0074a10c0a59.css">

        

        
            
                <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
            
        
    </head>
    <body class="bilberry-hugo-theme">
        
<nav class="permanentTopNav">

    <div class="container">
        <ul class="topnav">
            
        </ul>

        
            <div id="search-box" class="search">
                <i class="fa fa-search"></i>
                <input id="search" type="text" placeholder="">
            </div>
        
    </div>
</nav>


        <header>
    <div class="container">
        <div class="logo">
            <a href="/" class="logo">
                
                    <img src="https://www.gravatar.com/avatar/e4eb1f8e016ffb73e9889f87d16e15f0?d=mm&size=200" alt="">
                

                <span class="overlay"><i class="fa fa-home"></i></span>
            </a>
        </div>
        <div class="titles">
            <h3 class="title"><a href="/">MCの飄狂山莊㊣</a></h3>
            
                <span class="subtitle">What’s the Worst That Could Happen?</span>
            
        </div>

    

        
        <div class="toggler permanentTopNav">
        
            <i class="fa fa-bars" aria-hidden="true"></i>
        </div>
    </div>
</header>


        <div class="main container">
            
     
    <div class="article-wrapper u-cf single">
        
            <a class="bubble" href="/post/ansible-run-task-depends-on-ipaddr/">
    <i class="fa fa-fw fa-pencil"></i>
</a>

<article class="default article">
    
    <div class="featured-image">
        <a href="/post/ansible-run-task-depends-on-ipaddr/">
            <img src="/images/post-default-7.jpg" alt="">
        </a>
    </div>


    <div class="content">
    <h3><a href="/post/ansible-run-task-depends-on-ipaddr/">[ansible] 用 ip 位置判斷是否要執行task /ansible run task depends on ipaddr</a></h3>
    <div class="meta">
        
            
                <span class="date moment">2019-07-23</span>
            
        

        

        
            <span class="categories">
                
                    <a href="/categories/ansible">ansible</a>
                
            </span>
        

        
            <span class="author"><a href="/author/eric-chang">Eric Chang</a></span>
        
    </div>

    
        <p>因為工作上的需要，要修改client端的 /etc/environment 檔案</p>

<p>在有權限使用proxy 服務的user的環境中，加入proxy 的設定</p>

<p>原本的清單中，有host/user/ip 這幾個值可以拿來判斷</p>

<p>proxy server 那邊是採用ip 來控制，所以這邊也跟著用 ip 來判斷要不要修改 /etc/environment</p>

<p>
原本的想法是這樣</p>

<p>在playbook中，有兩個 task</p>

<p>當user ip (ansible_default_ipv4.address) 在清單內 ( {{ iuser_list }} )時</p>

<p>會去加入一些文字到 /etc/environment</p>

<p>反之，則取消這一段文字</p>

<pre><code>- name: get internet user list
  set_fact:
    iuser_list: &quot;{{ ch['client_hosts']['abc.com'] |selectattr('iuser', 'defined')| list }}&quot;

- name: add proxy to /etc/environment
  blockinfile:
    path: /etc/environment
    marker: &quot;#{mark} ANSIBLE MANAGED BLOCK#&quot;
    block: |
      all_proxy=&quot;{{ proxy_env }}&quot;
      http_proxy=&quot;{{ proxy_env }}&quot;
      https_proxy=&quot;{{ proxy_env }}&quot;
      no_proxy=&quot;localhost,127.0.0.1,192.168.1.1/16,.abc.com,.def.com&quot;
 when: item.ipv4 == ansible_default_ipv4.address
 with_items: &quot;{{ iuser_list }}&quot;

# remove proxy when user not in iuser_list 
- name: removeproxy from /etc/environment
  blockinfile:
    path: /etc/environment
  marker: &quot;#{mark} ANSIBLE MANAGED BLOCK#&quot;
    block: &quot;&quot;
  when: ansible_default_ipv4.address not in &quot;item.ipv4&quot;
  with_items: &quot;{{ iuser_list }}&quot;
</code></pre>

<p>先做出一個可以上internet 的 user list</p>

<p>內容大概長這樣</p>

<pre><code>hwaddress: f4:4d:30:45:ee:6f', host: pc114', ipv4: 192.168.1.114', user: [liwa'], iuser: True
hwaddress: f4:4d:30:45:ef:aa', host: pc120', ipv4: 192.168.1.120', user: [wany'], iuser: True
</code></pre>

<p>然後判斷當client ip 在這個清單中時，就去修改，反之就刪除修改的部份</p>

<p>有權限上internet的電腦在一開始跑就卡關了，這兩個task 都會被執行到</p>

<p>不應該是這樣才對呀，光看when 條件，會覺得這兩個條件應該是互斥的，怎麼會同時成立呢？</p>

<p>後來想想</p>

<p>在第一個task中，因為是用 item.ipv4 == ansible_default_ipv4.address 去做比對，所以很正常的一直比對到有符合的資料，然後開始進行task</p>

<p>但是在第二個task中，用的是ansible_default_ipv4.address not in item.ipv4 ，於是第一筆資料就符合條件，於是也開始執行task</p>

<p>在邏輯上，這樣的判斷沒有錯，錯的是我那打結的頭腦&hellip;.</p>

<p>那怎麼解決呢？</p>

<p>把原本清單中的 ipv4 另外整理成一個list ，然後再去比對client ip  有沒有在這個list 中</p>

<p>就會變成這樣</p>

<pre><code>- name: get internet user ip list
  set_fact:
    iuser_ip_list: &quot;{{ ch['client_hosts']['kw.com'] |selectattr('iuser', 'defined')| map(attribute='ipv4')|list }}&quot;

- name: add proxy to /etc/environment
  blockinfile:
    path: /etc/environment
    marker: &quot;#{mark} ANSIBLE MANAGED BLOCK#&quot;
    block: |
      all_proxy=&quot;{{ proxy_env }}&quot;
      http_proxy=&quot;{{ proxy_env }}&quot;
      https_proxy=&quot;{{ proxy_env }}&quot;
      no_proxy=&quot;localhost,127.0.0.1,192.168.1.1/16,.def.com.tw,.abc.com&quot;
  when: ansible_default_ipv4.address in iuser_ip_list

# remove proxy when user not in iuser_list 
- name: remove proxy from /etc/environment
  blockinfile:
    path: /etc/environment
    marker: &quot;#{mark} ANSIBLE MANAGED BLOCK#&quot;
    block: &quot;&quot;
  when: ansible_default_ipv4.address not in iuser_ip_list
</code></pre>

<p>因為只比對 ip ，所以結果就是一翻兩瞪眼，有在裡面就跑第一個task ，沒有就跑第二個</p>

<hr />

<p>不過呢， proxy server 那邊的playbook 也弄好了， client 這邊也知道怎麼跑了</p>

<p>但是，讓user可以透過proxy server 存取internet 的簽呈還是一直沒有下來 &hellip;.</p>

<p>都什麼年代了，還有半數以上的client 無法存取internet</p>

<p>我實在是想不透啊..</p>
    
</div>

    
<div class="footer">


    
        <div class="tags">
            <i class="fa fa-tags"></i>
            <div class="links">
                
                    <a href="/tags/ansible">ansible</a>
                
            </div>
        </div>
    

    
</div>

</article>

        
    </div>

    
        <div id="disqus_thread"></div>
<script type="application/javascript">
    var disqus_config = function () {
    
    
    
    };
    (function() {
        if (["localhost", "127.0.0.1"].indexOf(window.location.hostname) != -1) {
            document.getElementById('disqus_thread').innerHTML = 'Disqus comments not available by default when the website is previewed locally.';
            return;
        }
        var d = document, s = d.createElement('script'); s.async = true;
        s.src = '//' + "h-cowbay-org-1" + '.disqus.com/embed.js';
        s.setAttribute('data-timestamp', +new Date());
        (d.head || d.body).appendChild(s);
    })();
</script>
<noscript>Please enable JavaScript to view the <a href="https://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
<a href="https://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>
    

     

        </div>

        
<footer>
    <div class="container">

        
        <div class="recent-posts">
            <strong></strong>
                <ul>
                
                    <li>
                        <a href="/post/pgbarman-in-ubuntu-1804-postgresql-10-via-ssh/">[筆記] 在Ubuntu 18.04 下 透過 pgbarman rsync/ssh backup 備份 postgresql 10 / backup postgresql 10 with pgbarman via ssh/rsync in ubuntu 18.04</a>
                    </li>
                
                    <li>
                        <a href="/post/pgbarman-in-ubuntu-1804-postgresql-10/">[筆記] 在Ubuntu 18.04 下 透過 pgbarman streaming backup 備份 postgresql 10/ backup postgresql 10 with pgbarman straming backup in ubuntu 18.04</a>
                    </li>
                
                    <li>
                        <a href="/post/install-nvidia-driver-cuda-pgstrom-in-ubuntu-1804/">[筆記] 在ubuntu 18.04 下安裝nvidia 顯示卡驅動程式以及 pgstrom / Install Nvidia Driver Cuda Pgstrom in Ubuntu 1804</a>
                    </li>
                
                    <li>
                        <a href="/post/do-no-use-10-0-0-0-private-ipaddr-in-gcp/">[筆記] 在gcp 中用wireguard建立VPN時，不要用 10.0.0.0/16 網段/Do No Use 10 0 0 0 Private Ipaddr in GCP</a>
                    </li>
                
                    <li>
                        <a href="/post/multiple-site-to-site-vpn-using-wireguard/">[筆記] 透過 wireguard 建立多點 site to site VPN / Multiple Site to Site VPN Using Wireguard</a>
                    </li>
                
                    <li>
                        <a href="/post/site-to-site-vpn-using-wireguard-in-two-edgerouters/">[筆記] 在edgerouter上用wireguard 建立site to site VPN / Site to Site Vpn Using Wireguard in Two Edgerouters</a>
                    </li>
                
                    <li>
                        <a href="/post/another-way-to-keep-ansible-log/">[筆記] 為了保存log 用script 指令執行ansible / Another Way to Keep Ansible Log using script command</a>
                    </li>
                
                </ul>
        </div>
        

        
        <div class="categories">
            <a href="/categories/"><strong></strong></a>
                <ul>
                
                    <li>
                        <a href="/categories/%E7%AD%86%E8%A8%98">筆記 (27)</a>
                    </li>
                
                    <li>
                        <a href="/categories/ansible">Ansible (3)</a>
                    </li>
                
                    <li>
                        <a href="/categories/linux">Linux (1)</a>
                    </li>
                
                    <li>
                        <a href="/categories/proxmox">Proxmox (1)</a>
                    </li>
                
                    <li>
                        <a href="/categories/ps">Ps (1)</a>
                    </li>
                
                    <li>
                        <a href="/categories/%E7%A2%8E%E5%BF%B5">碎念 (1)</a>
                    </li>
                
                    <li>
                        <a href="/categories/%E7%BE%A4%E6%9A%89">群暉 (1)</a>
                    </li>
                
            </ul>
        </div>
        

        <div class="right">
            
            <div class="external-profiles">
                <strong></strong>

                
                    <a href="https://www.facebook.com/mariahchang" target="_blank"><i class="fa fa-facebook-adblock-proof"></i></a>
                
                
                    <a href="https://twitter.com/changchichung" target="_blank"><i class="fa fa-twitter-adblock-proof"></i></a>
                
                
                
                
                
                
                
                
                
                    <a href="https://github.com/changchichung" target="_blank"><i class="fa fa-github"></i></a>
                
                

                <a href="https://www.yapee.tw/mvc/onlinePay/webLink?key=lMC74kucH21JChCR77-wJ80ZZ-Poh11amP24BwiDdHw" target="_blank"><img border="0" src="https://www.yapee.tw/mvc/file/publicFile?pathType=data/linkLogo/B0S0F0002585.jpg"></img></a>
            </div>
            

            
        </div>
    </div>
</footer>


<div class="credits">
    <div class="container">
        <div class="copyright">
            <a href="https://github.com/Lednerb" target="_blank">
                &copy;
                
                    2017
                
                by Lednerb
            </a>
	    
        </div>
        <div class="author">
            <a href="https://www.yapee.tw/mvc/onlinePay/webLink?key=lMC74kucH21JChCR77-wJ80ZZ-Poh11amP24BwiDdHw" target="_blank">Bilberry Hugo Theme</a>
        </div>
    </div>
</div>


        
<script type="application/javascript">
var doNotTrack = false;
if (!doNotTrack) {
	window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
	ga('create', 'UA-138954876-1', 'auto');
	
	ga('send', 'pageview');
}
</script>
<script async src='https://www.google-analytics.com/analytics.js'></script>


        

        
        
        <script type="text/javascript" src="https://h.cowbay.org/js/externalDependencies.39c47e10e241eae2947b3fe21809c572.js" integrity="md5-OcR&#43;EOJB6uKUez/iGAnFcg=="></script>

        
        
        <script type="text/javascript" src="https://h.cowbay.org/js/theme.ff50ae6dc1bfc220b23bf69dbb41b54e.js" integrity="md5-/1CubcG/wiCyO/adu0G1Tg=="></script>

        <script>
            $(".moment").each(function() {
                $(this).text(
                    moment( $(this).text() )
                        .locale( "tw" )
                        .format('LL')
                );
            });

            $(".footnote-return sup").html("");
        </script>

        
            
        

        
            <script>
    var client = algoliasearch("2XL0P8XDCY", "4ef65b37b627bb886b46c34a10e63aa6");
    var index = client.initIndex("h_cowbay_org");

    $('#search').autocomplete({ hint: false, autoselect: true, debug: false },
      [
        {
          
            source: $.fn.autocomplete.sources.hits(index, { hitsPerPage: 10 }),
          
          displayKey: function(suggestion) {
            return suggestion.title || suggestion.author
          },
          templates: {
            suggestion: function(suggestion) {
                return "<span class='entry " + suggestion.type + "'>"
                      + "<span class='title'>" + suggestion.title + "</span>"
                      + "<span class='fa fa-fw " + suggestion.iconClass + "'></span>"
                  + "</span>"
                ;
            },
            empty: function() {
              return "<span class='empty'></span>"
            },
            footer: function() {
              return '<div class="branding">Powered by <img src="https:\/\/h.cowbay.org\/dist\/algolia-logo-light.svg" /></div>'
            }

          },
        }
      ])
      .on('autocomplete:selected', function(event, suggestion, dataset) {
        window.location = (suggestion.url);
      })
      .keypress(function (event, suggestion) {
        if (event.which == 13) {
          window.location = (suggestion.url);
        }
      });
</script>

        


    </body>
</html>