Ansible - 在字典中跳过未定义的变量 [英] Ansible - skip undefined variable in dict
问题描述
我正在使用 ipa_user 模块来设置用户.有强制新密码的可变密码.对于某些用户(当 var 不在 dict 中时)我想在迭代中跳过它,但它总是失败.
I`m using ipa_user module to setup users. There is variable passsword which force new password. For some users (when var is not in dict) I would like to skip it in iteration, but it always fail.
这是我的剧本的片段.Ansible 版本是 2.7
This is snippet from my playbook. Ansible version is 2.7
任务:
- name: adding ipa users
ipa_user:
name: "{{ item.value.login }}"
state: "{{ item.value.state }}"
givenname: "{{ item.value.givenname }}"
sn: "{{ item.value.surname }}"
mail: "{{ item.value.mail }}"
telephonenumber: "{{ item.value.telephonenumber }}"
title: "{{ item.value.title }}"
password: "{{ item.value.password }}" <<- to be skipped if not found
ipa_host: ipa.gdi.telekom.de
ipa_user: admin
ipa_pass: "{{ ipa_pass }}"
with_dict: "{{ipausers}}"
when: item.key in ipausers.keys()
register: output_ipa_users
日志:
fatal: [localhost]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'password'\n\nThe error appears to have been in '/builds/gitlab/infra/user-management/roles/free-ipa/tasks/main.yml': line 13, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: adding ipa users\n ^ here\n"}
注意:我尝试过:
with_dict: "{{ipausers|default({})}}"
ignore_errors: yes
没有成功
推荐答案
现在不确定它是否对您有很大帮助,但对于其他人而不是偶然发现这篇文章,我最终遇到了类似问题的类似问题.我使用的是 Ansible 2.7.8.
Not sure if it'll be much help to you now but for others than stumble on this post, I ended up with something like below for a similar problem. I'm using Ansible 2.7.8.
- name: Creating user accounts...
user:
name: "{{ item.name }}"
state: "{{ item.state }}"
comment: "{{ item.comment | default(omit) }}"
group: "{{ item.groups is defined | ternary((item.groups|default([]))[0], omit) }}"
groups: "{{ item.groups | default(omit) }}"
password: "{{ item.password_hash | default(omit) }}"
uid: "{{ item.uid | default(omit) }}"
with_items: "{{ managed_users }}"
解决办法是group: "{{ item.groups 定义 | 三元((item.groups|default([]))[0], omit) }}"
如果 groups 不在 item 中,那么 Ansible 将忽略此任务的组部分,但 jinja2 将评估 item.groups[0] 反正.因此,为了实现这一点,我们必须使用 item.groups|default([]) 以便 jinja2 在未定义组时使用空列表,而不是抛出 'dict object' has no属性 错误.省略部分类似于 default(omit) 过滤器,其中 Ansible 简单地从任务中省略选项.
If groups isn't in item then Ansible will omit the group part of this tasks but jinja2 will evaluate item.groups[0] anyway. So to allow for this we have to use item.groups|default([]) so jinja2 uses an empty list when groups isn't defined instead of throwing a 'dict object' has no attribute error. The omit part is similar to the default(omit) filter where Ansible simply omits the option from the task.
Lubo 的问题稍微简单一些,所以只使用 default(omit) 过滤器应该可以工作.也就是说,因为需要密码,所以应该用条件跳过整个任务.
Lubo's problem is a little simpler so using just default(omit) filter should work. That said as password is required so the entire task should be skipped with a conditional.
- name: adding ipa users
ipa_user:
name: "{{ item.value.login }}"
state: "{{ item.value.state }}"
givenname: "{{ item.value.givenname }}"
sn: "{{ item.value.surname }}"
mail: "{{ item.value.mail }}"
telephonenumber: "{{ item.value.telephonenumber }}"
title: "{{ item.value.title }}"
password: "{{ item.value.password | default(omit) }}" #<-- would be omitted
ipa_host: ipa.gdi.telekom.de
ipa_user: admin
ipa_pass: "{{ ipa_pass }}"
with_dict: "{{ipausers}}"
when: item.key in ipausers.keys() and item.key.password is defined #<-- second check for when password is not defined.
register: output_ipa_users
这篇关于Ansible - 在字典中跳过未定义的变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
