Modules

set_fact (fact into ansible_fact by cacheable)

- name: Setting facts so that they will be persisted in the fact cache

set_fact:

one_fact: something

other_fact: "{{ local_var * 2 }}"

cacheable: yes

expect

- name: Case insensitive password string match

ansible.builtin.expect:

command: passwd username

responses:

(?i)password: "MySekretPa$$word"

# you don't want to show passwords in your logs

no_log: true

delegate_to

你可以委派任务给设备清单上的任意机器，下面是使用任务委派的一些场景：

在部署之前将一个主机从一个负载均衡集群中删除
当你要对一个主机做改变之前去掉相应dns的记录
当在一个存储设备上创建iscsi卷的时候
当使用外部的主机来检测网络出口是否正常的时候

block

用于在一个task中执行一系列的modules:

结合when定义启动条件

结合ignore_error忽略一系列的module中可能出现的error

结合rescue定义当出现error 并如何handling

结合always定义当无论出现error与否如何依然执行一个task

也可以结合 handler 来进行 error handling

tasks:

- name: Install, configure, and start Apache

block:

- name: install httpd and memcached

yum:

name:

- httpd

- memcached

state: present

- name: apply the foo config template

template:

src: templates/src.j2

dest: /etc/foo.conf

- name: i force a failure

command: /bin/false

- debug:

msg: 'I never execute, due to the above task failing, :-('

when: ansible_facts['distribution'] == 'CentOS'

become: true

become_user: root

ignore_errors: yes

rescue:

- debug:

msg: 'I caught an error'

- name: i force a failure in middle of recovery! >:-)

command: /bin/false

- debug:

msg: 'I also never execute :-('

always:

- debug:

msg: "This always executes"

handlers:

- name: run me even after an error

debug:

msg: 'This handler runs even on error'

ansible collections:

- name: community.general

files:

创建新的dir 和 file

- name: Create new file or dir

file: new_file

shell:

- name: shell command to compare two files

shell: diff “file_a” “file_a“

利用linux diff 命令，比较两个文档的差别difference

-i ignore Case
-y side-by-side
-W 使用-y时指定间隙
-u 统一输出格式
> 输出区别到文件

说明：

“|”表示前后2个文件内容有不同

“<”表示后面文件比前面文件少了1行内容

“>”表示后面文件比前面文件多了1行内容

lineinfile:

- lineinfile:

path: ./output/test.txt

line: |

" {{ping_output.stdout_lines | to_nice_json }} "

assert:

- name: After version 2.7 both 'msg' and 'fail_msg' can customize failing assertion message

assert:

that:

- my_param <= 100

- my_param >= 0

fail_msg: "'my_param' must be between 0 and 100"

success_msg: "'my_param' is between 0 and 100"

ios_logging:

- name: configure console logging level and facility

ios_logging:

dest: console

facility: local7

level: debugging

state: present

state：

present：添加

absent：移除

Ansible-Pan

Install the collection using ansible-galaxy:

ansible-galaxy collection install paloaltonetworks.panos

Then in your playbooks you can specify that you want to use the panos collection like so:

collections:

- paloaltonetworks.panos

https://ansible-pan.readthedocs.io/en/latest/modules/panos_software_module.html

- name: Download PAN-OS 9.0.1 and sync to HA peer

panos_software:

provider: '{{ provider }}'

version: '9.0.1'

sync_to_peer: true

install: false

restart: false

https://ansible-pan.readthedocs.io/en/latest/modules/panos_match_rule_module.html#panos-match-rule-module

- name: check security rules for Google DNS

panos_match_rule:

provider: '{{ provider }}'

source_ip: '10.0.0.0'

destination_ip: '8.8.8.8'

application: 'dns'

destination_port: '53'

protocol: '17'

register: result

- debug: msg='{{ result.rule }}'

Google Sites

Report abuse