試圖在Ansible

Question

我的文件夾結構，包括從劇本的任務列表：

首先我給你這個，所以你可以看到這是如何佈局，並引用它閱讀下面的內容時：

/environments 
    /development 
    hosts // Inventory file 
    /group_vars 
     proxies.yml 
    /custom_tasks 
     firewall_rules.yml // File I'm trying to bring in 

playbook.yml // Root playbook, just brings in the plays 
rev-proxy.yml // Reverse-proxy playbook, included by playbook.yml 

playbook.yml：

--- 
- include: webserver.yml 
- include: rev-proxy.yml 

proxies.yml只包含firewall_custom_include_file: custom_tasks/firewall_rules.yml

個

firewall_rules.yml：

tasks: 
- name: "Allowing traffic from webservers on 80" 
    ufw: src=10.10.10.3, port=80, direction=in, rule=allow 
- name: "Allowing traffic all on 443" 
    ufw: port=443, rule=allow 

終於rev-proxy.yml玩法：

--- 
- hosts: proxies 
    become: yes 
    roles: 
    - { role: firewall } 
    - { role: geerlingguy.nginx } 
    pre_tasks: 
    # jessie-backports for nginx-extras 1.10 
    - name: "Adding jessie-backports repo" 
    copy: content="deb http://ftp.debian.org/debian jessie-backports main" dest="/etc/apt/sources.list.d/jessie-backports.list" 
    - name: Updating apt-cache. 
    apt: update_cache="yes" 
    - name: "Installing htop" 
    apt: 
     name: htop 
     state: present 
    - name: "Coopying SSL certificates" 
    copy: src=/vagrant/ansible/files/ssl/ dest=/etc/ssl/certs force=no 
    tasks: 
    - name: "Including custom firewall rules." 
    include: "{{ inventory_dir }}/{{ firewall_custom_include_file }}.yml" 
    when: firewall_custom_include_file is defined 
    vars_files: 
    - ./vars/nginx/common.yml 
    - ./vars/nginx/proxy.yml 

我想要做的事：用

Ansible 2.2.1.0

我試圖包含一個將在變量中運行的任務列表已設置。該名單是由做"{{ inventory_dir }}/{{ firewall_custom_include_file }}.yml"相對於庫存目錄包括 - 在這種情況下該工程以/vagrant/ansible/environments/development/custom_tasks/firewall_rules.yml

基本上這裏的想法是，我需要有不同的防火牆規則來執行基於我在什麼樣的環境，和正在提供哪些主機。

舉一個簡單的例子：我可能想在生產Web服務器上將數據庫服務器IP白名單，但不是在反向代理上，也不在我的開發框中。

問題：

每當我有firewall_rules.yml像上面，它告訴我：

TASK [Including custom firewall rules.] **************************************** 
fatal: [proxy-1]: FAILED! => {"failed": true, "reason": "included task files must contain a list of tasks"} 

我不知道它的期待，我試圖在開始時取出tasks:該文件，使其：

- name: "Allowing traffic from webservers on 80" 
    ufw: src=10.10.10.3, port=80, direction=in, rule=allow 
- name: "Allowing traffic all on 443" 
    ufw: port=443, rule=allow 

但它然後給我的錯誤：

root@ansible-control:/vagrant/ansible# ansible-playbook -i environments/development playbook.yml 
ERROR! Attempted to execute "/vagrant/ansible/environments/development/custom_tasks/firewall_rules.yml" as inventory script: problem running /vagrant/ansible/environments/development/custom_tasks/firewall_rules.yml --list ([Errno 8] Exec format error) 
Attempted to read "/vagrant/ansible/environments/development/custom_tasks/firewall_rules.yml" as YAML: 'AnsibleSequence' object has no attribute 'keys' 
Attempted to read "/vagrant/ansible/environments/development/custom_tasks/firewall_rules.yml" as ini file: /vagrant/ansible/environments/development/custom_tasks/firewall_rules.yml:2: Expected key=value host variable assignment, got: name: 

在這一點上，我真的不知道什麼它包含文件尋找，我似乎無法真正找到這個清晰的文檔，或者有這個問題其他人。

Answer 1

嘗試使用-i environments/development/hosts而不是目錄執行。

但我敢打賭，在庫存內存儲任務文件遠非最佳實踐。

您可能希望將自定義規則列表定義爲庫存變量，例如，：和

custom_rules: 
    - src: 10.10.10.3 
    port: 80 
    direction: in 
    rule: allow 
    - port: 443 
    rule: allow 

而是包括任務，做出這樣的事情：

- ufw: 
    port: "{{ item.port | default(omit) }}" 
    rule: "{{ item.rule | default(omit) }}" 
    direction: "{{ item.direction | default(omit) }}" 
    src: "{{ item.src | default(omit) }}" 
    with_items: "{{ custom_rules }}"