获取Ansible控制机器IP地址的最佳方法 [英] Best way to get the IP address of the Ansible control machine

问题描述

我正在使用Ansible和ufw在服务器上设置防火墙.作为ufw规则的一部分，我希望允许来自Ansible控制计算机的SSH，但不允许来自其他任何地方的SSH.我的问题是-获取控制机器本身的IP地址的最佳方法是什么，以便我可以将其放入规则中?

I am using Ansible and ufw to setup a firewall on my servers. As part of the ufw rules I would like to allow SSH from the Ansible control machine, but not from anywhere else. My question is - what is the best way to get the IP address of the control machine itself so I can put it into the rule?

我知道我可以使用事实获取正在运行该剧本的计算机的IP地址，但是我看不到任何简单的方法可以自动为运行ansible的计算机获取它.

I'm aware that I can use facts to get the IP address of the machine I am running the playbook on, but I don't see any easy way to get it automatically for the machine that is running ansible.

如果可能的话，我想避免添加一个新变量来表示此变量，因为如果可以自动发现它就很好了，尽管如果这是唯一已知的最佳方法，那么我只会这样做.

I'd like to avoid adding a new variable to represent this if possible since it would be nice if it was automatically discoverable, though if that's the only known best way to do it then I will just do that.

我发现了这个重复的问题与我的相同，但是也没有答案，因此请稍等片刻.

I found this duplicate question which is the same as mine, however it also is unanswered so will leave this open for a bit.

推荐答案

{{ ansible_env['SSH_CLIENT'].split() | first }}

可行，但是您必须从默认用户收集有关连接变量的事实，因此，第八点:

works, but you have to gather facts about connection variables from default user, so eighter:

• 在剧本级别上设置«gather_facts:yes»和 not «become:yes»
• 更可靠:运行«setup»任务(不使用«become:yes»，并且在使用«ansible_env»之前，最好在«pre_tasks»部分使用).

• Set «gather_facts: yes» and not «become: yes» on playbook level
• More reliable: run «setup» task (without «become: yes» and before this «ansible_env» usage — better on «pre_tasks» section).

如果使用"become"运行"gather/setup"，则稍后将获得一个或多个未定义的变量:'dict object'没有属性'SSH_CLIENT'»(这是因为sudoed的" setup»只能捕获很小的变量一组变量).

If you run «gather/setup» with «become», you will later get «One or more undefined variables: 'dict object' has no attribute 'SSH_CLIENT'» (this is becase sudoed «setup» can catch only small set of variables).

这篇关于获取Ansible控制机器IP地址的最佳方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！