Ansible - 使用键列表过滤字典

Question

我有一个list实际上是 a 的键列表dict。我想得到一个连接字符串，并dict在这个list键上过滤并在模块选项中使用它。

我在这里的用例是拥有公钥名称列表的用户生成一个authorized_keys 文件。

 1 ---
 2 - hosts: localhost
 3   become: false
 4   vars:
 5     pub_keys:
 6       key01: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ[…]5/ someuser@somehost
 7       key02: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ[…]ea otheruser@somewher
 8       key03: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ[…]dN anyser@anyhost
 9     users:
10       root:
11         home: /root
12         shell: /bin/bash
13         authorized_keys:
14           - key01
15       mgmtusr:
16         home: /home/mgmtusr
17         shell: /bin/bash
18         authorized_keys:
19           - key01
20           - key02
21           - key03
22
23   tasks:
24     - name: Debug Authorized Keys
25       debug:
26         msg: "USER:{{ item.key }} AUTHKEYSLIST:{{ pub_keys|selectattr(item.authorized_keys) }}"
27       with_dict: "{{ users }}"
28
29     - name: Manage users Authorized Keys
30       authorized_key:
31         user: "{{ item.key }}"
32         key: "{{ pub_keys|selectattr(item.authorized_keys) }}"
33         exclusive: yes
34       with_dict: "{{ users }}"
35

正如你在这里看到的，我试了一下，dict|selectattr(list)但它失败了。

进入<generator object select_or_reject at 0x…>调试模块，当然也invalid key specified进入authorized_key 模块。

TASK [调试授权密钥] ******************************************** ****************************************************** ****************************************************** ****************************************************** ****************************************************
ok: [localhost] => (item={'key': u'mgmtusr', 'value': {u'home': u'/home/mgmtusr', u'shell': u'/bin/bash' , u'authorized_keys': [u'key01', u'key02', u'key03']}}) => {
    “物品”： {
        "key": "mgmtusr",
        “价值”： {
            “authorized_keys”：[
                "key01",
                "key02",
                “key03”
            ],
            "home": "/home/mgmtusr",
            "shell": "/bin/bash"
        }
    },
    "msg": "USER:mgmtusr AUTHKEYSLIST:"
}
ok: [localhost] => (item={'key': u'root', 'value': {u'home': u'/root', u'shell': u'/bin/bash', u 'authorized_keys': [u'key01']}}) => {
    “物品”： {
        "key": "root",
        “价值”： {
            “authorized_keys”：[
                “key01”
            ],
            "home": "/root",
            "shell": "/bin/bash"
        }
    },
    "msg": "USER:root AUTHKEYSLIST:"
}

TASK [管理用户授权密钥] ************************************************ ****************************************************** ****************************************************** ****************************************************** **********************************************
失败: [localhost] (item={'key': u'mgmtusr', 'value': {u'home': u'/home/mgmtusr', u'shell': u'/bin/bash', u 'authorized_keys': [u'key01', u'key02', u'key03']}}) => {"changed": false, "failed": true, "item": {"key": "mgmtusr" , "value": {"authorized_keys": ["key01", "key02", "key03"], "home": "/home/mgmtusr", "shell": "/bin/bash"}}, "msg ": "无法查找用户 mgmtusr: 'getpwnam(): name not found: mgmtusr'"}
失败: [localhost] (item={'key': u'root', 'value': {u'home': u'/root', u'shell': u'/bin/bash', u'authorized_keys ': [u'key01']}}) => {"changed": false, "failed": true, "item": {"key": "root", "value": {"authorized_keys": [" key01"], "home": "/root", "shell": "/bin/bash"}}, "msg": "指定的无效密钥："}

像其他尝试一样 ( with_subelements, lookup('template', ...)selectattr似乎不是解决方案。有什么提议吗？

Answer 1

Here you go:

- name: Manage users Authorized Keys
  authorized_key:
    user: "{{ item.key }}"
    key: "{{ item.value.authorized_keys | map('extract',pub_keys) | list | join('\n') }}"
    exclusive: yes
  with_dict: "{{ users }}"

See extract filter usage.

Also when you use map you should almost always typecast it to list to prevent generator object value.