chchang
/
hugo_backup
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd051f60e02'
${ noResults }
hugo_backup/public/post/ansible-run-task-depends-on.../index.html

672 lines
21 KiB
Raw Blame History Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<!DOCTYPE html>
<html lang="en-us">
<head><meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<script type="application/ld+json">
{
"@context" : "http://schema.org",
"@type" : "BlogPosting",
"mainEntityOfPage": {
"@type": "WebPage",
"@id": "https:\/\/h.cowbay.org"
},
"articleSection" : "post",
"name" : "[ansible] 用 ip 位置判斷是否要執行task \/ansible run task depends on ipaddr",
"headline" : "[ansible] 用 ip 位置判斷是否要執行task \/ansible run task depends on ipaddr",
"description" : "\u003cp\u003e因為工作上的需要要修改client端的 \/etc\/environment 檔案\u003c\/p\u003e\n\u003cp\u003e在有權限使用proxy 服務的user的環境中加入proxy 的設定\u003c\/p\u003e\n\u003cp\u003e原本的清單中有host\/user\/ip 這幾個值可以拿來判斷\u003c\/p\u003e\n\u003cp\u003eproxy server 那邊是採用ip 來控制,所以這邊也跟著用 ip 來判斷要不要修改 \/etc\/environment\u003c\/p\u003e",
"inLanguage" : "en",
"author" : "Eric Chang",
"creator" : "Eric Chang",
"publisher": "Eric Chang",
"accountablePerson" : "Eric Chang",
"copyrightHolder" : "Eric Chang",
"copyrightYear" : "2019",
"datePublished": "2019-07-23 15:06:37 \u002b0800 CST",
"dateModified" : "2019-07-23 15:06:37 \u002b0800 CST",
"url" : "https:\/\/h.cowbay.org\/post\/ansible-run-task-depends-on-ipaddr\/",
"wordCount" : "256",
"image" : "https://h.cowbay.orghttps://h.cowbay.org/images/post-default-7.jpg"",
"keywords" : [ ""ansible"","Blog" ]
}
</script>
<title>[ansible] 用 ip 位置判斷是否要執行task /ansible run task depends on ipaddr </title>
<meta name="description" content="some articles about job,food,passion sisters" />
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="all,follow">
<meta name="googlebot" content="index,follow,snippet,archive">
<link rel="stylesheet" id="ct-tracks-google-fonts-css" href="https://fonts.googleapis.com/css?family=Raleway%3A400%2C700&amp;subset=latin%2Clatin-ext&amp;ver=4.7.2" type="text/css" media="all">
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.3.1/css/all.css" integrity="sha384-mzrmE5qonljUremFsqc01SB46JvROS7bZs3IO2EmfFsd15uHvIt+Y8vEf7N7fWAU" crossorigin="anonymous">
<link href="https://h.cowbay.org/css/style.css?v=1646187614" rel="stylesheet" id="theme-stylesheet" type='text/css' media='all'>
<link href="https://h.cowbay.org/css/custom.css?v=1646187614" rel="stylesheet" type='text/css' media='all'>
<link rel="shortcut icon" href="https://h.cowbay.org/img/favicon.ico" type="image/x-icon">
<link rel="icon" href="https://h.cowbay.org/img/favicon.ico" type="image/x-icon">
<script type="application/javascript">
var doNotTrack = false;
if (!doNotTrack) {
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-138954876-1', 'auto');
ga('send', 'pageview');
}
</script>
<script async src='https://www.google-analytics.com/analytics.js'></script>
</head>
<body class="post-template-default single single-post single-format-standard ct-body singular singular-post not-front standard">
<div id="overflow-container" class="overflow-container">
<a class="skip-content" href="#main">Skip to content</a>
<header id="site-header" class="site-header" role="banner">
<div class='top-navigation'>
<div class='container'>
<div id="menu-secondary" class="menu-container menu-secondary" role="navigation">
<button id="toggle-secondary-navigation" class="toggle-secondary-navigation"><i class="fas fa-plus"></i></button>
<div class="menu">
<ul id="menu-secondary-items" class="menu-secondary-items">
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/ansible">ansible</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/linux">linux</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/proxmox">proxmox</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/ps">ps</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/%E7%A2%8E%E5%BF%B5">碎念</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/%E7%AD%86%E8%A8%98">筆記</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/%E7%BE%A4%E6%9A%89">群暉</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/%E9%9B%9C%E5%BF%B5">雜念</a>
</li>
</ul>
</div>
</div>
<ul class="social-media-icons">
<li>
<a href="full%20Social%20profile%20url%20in%20facebook" data-animate-hover="pulse" class="facebook" target="_blank">
<i class="fab fa-facebook-square" title="facebook"></i>
<span class="screen-reader-text">facebook</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20googleplus" data-animate-hover="pulse" class="gplus" target="_blank">
<i class="fab fa-google-plus-g" title="googleplus"></i>
<span class="screen-reader-text">googleplus</span>
</a>
</li>
<li>
<a href="chang0206" data-animate-hover="pulse" class="twitter" target="_blank">
<i class="fab fa-twitter-square" title="twitter"></i>
<span class="screen-reader-text">twitter</span>
</a>
</li>
<li>
<a href="chang0206" data-animate-hover="pulse" class="instagram" target="_blank">
<i class="fab fa-instagram" title="instagram"></i>
<span class="screen-reader-text">instagram</span>
</a>
</li>
<li>
<a href="mailto:mc@hotshraingmy.info" data-animate-hover="pulse" class="email">
<i class="fas fa-envelope" title="email"></i>
<span class="screen-reader-text">email</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20linkedin" data-animate-hover="pulse" class="linkedin" target="_blank">
<i class="fab fa-linkedin-in" title="linkedin"></i>
<span class="screen-reader-text">linkedin</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20stackoverflow" data-animate-hover="pulse" class="stackoverflow" target="_blank">
<i class="fab fa-stack-overflow" title="stackoverflow"></i>
<span class="screen-reader-text">stackoverflow</span>
</a>
</li>
<li>
<a href="changchichung" data-animate-hover="pulse" class="github" target="_blank">
<i class="fab fa-github" title="github"></i>
<span class="screen-reader-text">github</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20pinterest" data-animate-hover="pulse" class="pinterest" target="_blank">
<i class="fab fa-pinterest" title="pinterest"></i>
<span class="screen-reader-text">pinterest</span>
</a>
</li>
<li>
<a href="https://h.cowbay.org/index.xml" data-animate-hover="pulse" class="rss" target="_blank">
<i class="fas fa-rss" title="rss"></i>
<span class="screen-reader-text">rss</span>
</a>
</li>
</ul></div>
</div>
<div class="container">
<div id="title-info" class="title-info">
<div id='site-title' class='site-title'>
<a href="/"> MC部落 </a>
</div>
</div>
<button id="toggle-navigation" class="toggle-navigation">
<i class="fas fa-bars"></i>
</button>
<div id="menu-primary-tracks" class="menu-primary-tracks"></div>
<div id="menu-primary" class="menu-container menu-primary" role="navigation">
<p class="site-description">Whats the Worst That Could Happen?</p>
<div class="menu">
<ul id="menu-primary-items" class="menu-primary-items">
<li class='menu-item menu-item-type-custom menu-item-object-custom '>
<a href="https://h.cowbay.org/">Home</a>
</li>
<li class='menu-item menu-item-type-post_type menu-item-object-page '>
<a href="https://h.cowbay.org/about/">About</a>
</li>
<li class='menu-item menu-item-type-post_type menu-item-object-page '>
<a href="https://h.cowbay.org/contact/">Get in touch</a>
</li>
</ul>
</div>
</div>
</div>
</header>
<div id="main" class="main" role="main">
<div id="loop-container" class="loop-container">
<div class="post type-post status-publish format-standard has-post-thumbnail hentry category-design tag-design tag-standard-2 tag-tagalicious tag-travel entry full-without-featured odd excerpt-1">
<div class='featured-image lazy lazy-bg-image' data-background="https://h.cowbay.org/images/post-default-7.jpg">
</div>
<div class="entry-meta">
<span class="date">23 July</span> <span> / </span>
<span class="author">
<a href="https://github.com/changchichung" title="Posts by Eric Chang" rel="author">Eric Chang</a>
</span>
<span class="category">
<span> / </span>
<a href="/categories/ansible">ansible</a>
</span>
</div>
<div class='entry-header'>
<h1 class='entry-title'> [ansible] 用 ip 位置判斷是否要執行task /ansible run task depends on ipaddr</h1>
</div>
<div class="entry-container">
<div class="entry-content">
<article>
<p>因為工作上的需要要修改client端的 /etc/environment 檔案</p>
<p>在有權限使用proxy 服務的user的環境中加入proxy 的設定</p>
<p>原本的清單中有host/user/ip 這幾個值可以拿來判斷</p>
<p>proxy server 那邊是採用ip 來控制,所以這邊也跟著用 ip 來判斷要不要修改 /etc/environment</p>
<p>原本的想法是這樣</p>
<p>在playbook中有兩個 task</p>
<p>當user ip (ansible_default_ipv4.address) 在清單內 ( {{ iuser_list }} )時</p>
<p>會去加入一些文字到 /etc/environment</p>
<p>反之,則取消這一段文字</p>
<pre><code>- name: get internet user list
set_fact:
iuser_list: &quot;{{ ch['client_hosts']['abc.com'] |selectattr('iuser', 'defined')| list }}&quot;
- name: add proxy to /etc/environment
blockinfile:
path: /etc/environment
marker: &quot;#{mark} ANSIBLE MANAGED BLOCK#&quot;
block: |
all_proxy=&quot;{{ proxy_env }}&quot;
http_proxy=&quot;{{ proxy_env }}&quot;
https_proxy=&quot;{{ proxy_env }}&quot;
no_proxy=&quot;localhost,127.0.0.1,192.168.1.1/16,.abc.com,.def.com&quot;
when: item.ipv4 == ansible_default_ipv4.address
with_items: &quot;{{ iuser_list }}&quot;
# remove proxy when user not in iuser_list
- name: removeproxy from /etc/environment
blockinfile:
path: /etc/environment
marker: &quot;#{mark} ANSIBLE MANAGED BLOCK#&quot;
block: &quot;&quot;
when: ansible_default_ipv4.address not in &quot;item.ipv4&quot;
with_items: &quot;{{ iuser_list }}&quot;
</code></pre><p>先做出一個可以上internet 的 user list</p>
<p>內容大概長這樣</p>
<pre><code>hwaddress: f4:4d:30:45:ee:6f', host: pc114', ipv4: 192.168.1.114', user: [liwa'], iuser: True
hwaddress: f4:4d:30:45:ef:aa', host: pc120', ipv4: 192.168.1.120', user: [wany'], iuser: True
</code></pre><p>然後判斷當client ip 在這個清單中時,就去修改,反之就刪除修改的部份</p>
<p>有權限上internet的電腦在一開始跑就卡關了這兩個task 都會被執行到</p>
<p>不應該是這樣才對呀光看when 條件,會覺得這兩個條件應該是互斥的,怎麼會同時成立呢?</p>
<p>後來想想</p>
<p>在第一個task中因為是用 item.ipv4 == ansible_default_ipv4.address 去做比對所以很正常的一直比對到有符合的資料然後開始進行task</p>
<p>但是在第二個task中用的是ansible_default_ipv4.address not in item.ipv4 於是第一筆資料就符合條件於是也開始執行task</p>
<p>在邏輯上,這樣的判斷沒有錯,錯的是我那打結的頭腦&hellip;.</p>
<p>那怎麼解決呢?</p>
<p>把原本清單中的 ipv4 另外整理成一個list 然後再去比對client ip 有沒有在這個list 中</p>
<p>就會變成這樣</p>
<pre><code>- name: get internet user ip list
set_fact:
iuser_ip_list: &quot;{{ ch['client_hosts']['kw.com'] |selectattr('iuser', 'defined')| map(attribute='ipv4')|list }}&quot;
- name: add proxy to /etc/environment
blockinfile:
path: /etc/environment
marker: &quot;#{mark} ANSIBLE MANAGED BLOCK#&quot;
block: |
all_proxy=&quot;{{ proxy_env }}&quot;
http_proxy=&quot;{{ proxy_env }}&quot;
https_proxy=&quot;{{ proxy_env }}&quot;
no_proxy=&quot;localhost,127.0.0.1,192.168.1.1/16,.def.com.tw,.abc.com&quot;
when: ansible_default_ipv4.address in iuser_ip_list
# remove proxy when user not in iuser_list
- name: remove proxy from /etc/environment
blockinfile:
path: /etc/environment
marker: &quot;#{mark} ANSIBLE MANAGED BLOCK#&quot;
block: &quot;&quot;
when: ansible_default_ipv4.address not in iuser_ip_list
</code></pre><p>因為只比對 ip 所以結果就是一翻兩瞪眼有在裡面就跑第一個task ,沒有就跑第二個</p>
<hr>
<p>不過呢, proxy server 那邊的playbook 也弄好了, client 這邊也知道怎麼跑了</p>
<p>但是讓user可以透過proxy server 存取internet 的簽呈還是一直沒有下來 &hellip;.</p>
<p>都什麼年代了還有半數以上的client 無法存取internet</p>
<p>我實在是想不透啊..</p>
</article>
</div>
<div class='entry-meta-bottom'>
<div class="entry-categories"><p><span>Categories</span>
<a href="/categories/ansible" title="View all posts in ansible">ansible</a>
</p>
</div>
<div class="entry-tags"><p><span>Tags</span>
<a href="/tags/ansible" title="View all posts tagged ansible">ansible</a>
</p></div> </div>
<div class="author-meta">
<div class="author">
<img alt='Eric Chang' src="https://www.gravatar.com/avatar/23f8ed94e007297499ac8df1641b3ff5?s=100&d=identicon" class='avatar avatar-72 photo' height='72' width='72'>
<span>
Written by:<a href="https://github.com/changchichung" title="Posts by Eric Chang" rel="author">Eric Chang</a> </span>
</div>
<div class="bio">
<p>塵世裡一個迷途小書僮</p>
<a class="facebook" target="_blank"
href="full%20Social%20profile%20url%20in%20facebook">
<i class="fab fa-facebook-f"
title="facebook icon"></i>
</a>
<a class="googleplus" target="_blank"
href="full%20profile%20url%20in%20googleplus">
<i class="fab fa-google-plus-g"
title="googleplus icon"></i>
</a>
<a class="twitter" target="_blank"
href="chang0206">
<i class="fab fa-twitter-square"
title="twitter icon"></i>
</a>
<a class="linkedin" target="_blank"
href="full%20profile%20url%20in%20linkedin">
<i class="fab fa-linkedin"
title="linkedin icon"></i>
</a>
<a class="email" target="_blank"
href="mailto:mc@hotshraingmy.info">
<i class="fas fa-envelope"
title="email icon"></i>
</a>
<a class="instagram" target="_blank"
href="chang0206">
<i class="fab fa-instagram"
title="instagram icon"></i>
</a>
<a class="stackoverflow" target="_blank"
href="full%20profile%20url%20in%20stackoverflow">
<i class="fab fa-stack-overflow"
title="stackoverflow icon"></i>
</a>
<a class="github" target="_blank"
href="changchichung">
<i class="fab fa-github"
title="github icon"></i>
</a>
<a class="pinterest" target="_blank"
href="full%20profile%20url%20in%20pinterest">
<i class="fab fa-pinterest"
title="pinterest icon"></i>
</a>
</div>
</div>
</div>
</div>
<section id="comments" class="comments">
<div id="disqus_thread"></div>
<script type="application/javascript">
var disqus_config = function () {
};
(function() {
if (["localhost", "127.0.0.1"].indexOf(window.location.hostname) != -1) {
document.getElementById('disqus_thread').innerHTML = 'Disqus comments not available by default when the website is previewed locally.';
return;
}
var d = document, s = d.createElement('script'); s.async = true;
s.src = '//' + "h-cowbay-org-1" + '.disqus.com/embed.js';
s.setAttribute('data-timestamp', +new Date());
(d.head || d.body).appendChild(s);
})();
</script>
<noscript>Please enable JavaScript to view the <a href="https://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
<a href="https://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>
</section>
</div>
</div>
<footer id="site-footer" class="site-footer" role="contentinfo">
<h1>
<a href=""> MC部落 </a>
</h1>
<p class="site-description">Whats the Worst That Could Happen?</p>
<div id="menu-footer" class="menu-container menu-footer" role="navigation">
<div class="menu">
<ul id="menu-footer-items" class="menu-footer-items">
</ul>
</div> </div>
<ul class="social-media-icons">
<li>
<a class="facebook" target="_blank"
href="full%20Social%20profile%20url%20in%20facebook" >
<i class="fab fa-facebook-f" title="facebook"></i>
<span class="screen-reader-text">facebook</span>
</a>
</li>
<li>
<a class="googleplus" target="_blank"
href="full%20profile%20url%20in%20googleplus" >
<i class="fab fa-google-plus-g" title="googleplus"></i>
<span class="screen-reader-text">googleplus</span>
</a>
</li>
<li>
<a href="chang0206" class="twitter" target="_blank">
<i class="fab fa-twitter-square" title="twitter"></i>
<span class="screen-reader-text">twitter</span>
</a>
</li>
<li>
<a href="chang0206" class="instagram" target="_blank">
<i class="fab fa-instagram" title="instagram"></i>
<span class="screen-reader-text">instagram</span>
</a>
</li>
<li>
<a href="mailto:mc@hotshraingmy.info" class="email">
<i class="fas fa-envelope" title="email"></i>
<span class="screen-reader-text">email</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20linkedin" class="linkedin" target="_blank">
<i class="fab fa-linkedin-in" title="linkedin"></i>
<span class="screen-reader-text">linkedin</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20stackoverflow" class="stackoverflow" target="_blank">
<i class="fab fa-stack-overflow" title="stackoverflow"></i>
<span class="screen-reader-text">stackoverflow</span>
</a>
</li>
<li>
<a href="changchichung" class="github" target="_blank">
<i class="fab fa-github" title="github"></i>
<span class="screen-reader-text">github</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20pinterest" class="pinterest" target="_blank">
<i class="fab fa-pinterest" title="pinterest"></i>
<span class="screen-reader-text">pinterest</span>
</a>
</li>
<li>
<a href="https://h.cowbay.org/index.xml" data-animate-hover="pulse" class="rss" target="_blank">
<i class="fas fa-rss" title="rss"></i>
<span class="screen-reader-text">rss</span>
</a>
</li>
</ul> <div class="design-credit">
<p>© 2018 Göran Svensson</p>
<p>Nederburg Hugo Theme by <a href="https://appernetic.io">Appernetic</a>.</p>
<p>A port of Tracks by Compete Themes.</p>
</div>
</footer>
</div>
<script src="https://h.cowbay.org/js/jquery.min.js"></script>
<script src="https://h.cowbay.org/js/jquerymigrate.js"></script>
<script src="https://h.cowbay.org/js/production.min.js?v=1646187614"></script>
</body>
</html>
Reference in new issue View Git Blame Copy Permalink