Ansible-跳过字典中未定义的变量 [英] Ansible - skip undefined variable in dict
问题描述
我正在使用ipa_user模块设置用户.有可变的密码可以强制输入新密码.对于某些用户(当var不在dict中时),我想在迭代中跳过它,但是它总是失败.
I`m using ipa_user module to setup users. There is variable passsword which force new password. For some users (when var is not in dict) I would like to skip it in iteration, but it always fail.
这是我的剧本的摘录.Ansible版本是2.7
This is snippet from my playbook. Ansible version is 2.7
任务:
- name: adding ipa users
ipa_user:
name: "{{ item.value.login }}"
state: "{{ item.value.state }}"
givenname: "{{ item.value.givenname }}"
sn: "{{ item.value.surname }}"
mail: "{{ item.value.mail }}"
telephonenumber: "{{ item.value.telephonenumber }}"
title: "{{ item.value.title }}"
password: "{{ item.value.password }}" <<- to be skipped if not found
ipa_host: ipa.gdi.telekom.de
ipa_user: admin
ipa_pass: "{{ ipa_pass }}"
with_dict: "{{ipausers}}"
when: item.key in ipausers.keys()
register: output_ipa_users
日志:
fatal: [localhost]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'password'\n\nThe error appears to have been in '/builds/gitlab/infra/user-management/roles/free-ipa/tasks/main.yml': line 13, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: adding ipa users\n ^ here\n"}
注意:我尝试过:
with_dict: "{{ipausers|default({})}}"
ignore_errors: yes
没有成功
推荐答案
不确定目前是否对您有很大帮助,但对于其他人,除了偶然发现这篇文章外,我遇到了类似的问题,如下所示.我正在使用Ansible 2.7.8.
Not sure if it'll be much help to you now but for others than stumble on this post, I ended up with something like below for a similar problem. I'm using Ansible 2.7.8.
- name: Creating user accounts...
user:
name: "{{ item.name }}"
state: "{{ item.state }}"
comment: "{{ item.comment | default(omit) }}"
group: "{{ item.groups is defined | ternary((item.groups|default([]))[0], omit) }}"
groups: "{{ item.groups | default(omit) }}"
password: "{{ item.password_hash | default(omit) }}"
uid: "{{ item.uid | default(omit) }}"
with_items: "{{ managed_users }}"
解决方法是 group:"{{item.groups已定义|三元((item.groups | default([]))[0],省略)}}"
如果 groups 不在 item 中,则Ansible将忽略此任务的分组部分,但jinja2将评估 item.groups [0] 无论如何.因此,为此,我们必须使用 item.groups | default([]),以便jinja2在未定义组时使用一个空列表,而不是抛出一个'dict object'没有属性错误.省略部分类似于 default(omit)过滤器,其中Ansible只是忽略了任务中的选项.
If groups isn't in item then Ansible will omit the group part of this tasks but jinja2 will evaluate item.groups[0] anyway. So to allow for this we have to use item.groups|default([]) so jinja2 uses an empty list when groups isn't defined instead of throwing a 'dict object' has no attribute error. The omit part is similar to the default(omit) filter where Ansible simply omits the option from the task.
Lubo的问题要简单一些,因此仅使用default(omit)过滤器即可.话虽如此,但由于需要密码,因此应在有条件的情况下跳过整个任务.
Lubo's problem is a little simpler so using just default(omit) filter should work. That said as password is required so the entire task should be skipped with a conditional.
- name: adding ipa users
ipa_user:
name: "{{ item.value.login }}"
state: "{{ item.value.state }}"
givenname: "{{ item.value.givenname }}"
sn: "{{ item.value.surname }}"
mail: "{{ item.value.mail }}"
telephonenumber: "{{ item.value.telephonenumber }}"
title: "{{ item.value.title }}"
password: "{{ item.value.password | default(omit) }}" #<-- would be omitted
ipa_host: ipa.gdi.telekom.de
ipa_user: admin
ipa_pass: "{{ ipa_pass }}"
with_dict: "{{ipausers}}"
when: item.key in ipausers.keys() and item.key.password is defined #<-- second check for when password is not defined.
register: output_ipa_users
这篇关于Ansible-跳过字典中未定义的变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
