在我的 Ansible playbook 中,我需要更改很多文件的权限,但少数子目录需要读写权限,而大多数需要只读权限。根据超级用户的另一个建议,我有这个解决方案:
- name: A few directories need group-write permissions
file:
path: "{{item}}"
mode: "u+rwX,g+rwX,o+rX,o-w"
recurse: True
with_items:
- /opt/myapp/path1/excludeddir1
- /opt/myapp/path1/excludeddir2
- /opt/myapp/path2/excludeddir1
- /opt/myapp/path2/excludeddir2
- name: For performance, set a lot of directories directly
file:
path: "{{item}}"
mode: "u+rwX,go+rX,go-w"
recurse: True
with_items:
- /opt/myapp/path1/readonlydir1
- /opt/myapp/path1/readonlydir2
#############################################
# This step generates a very large list
- name: Find all files in my directory
find:
paths:
- "/opt/myapp/path1"
- "/opt/myapp/path2"
recurse: True
file_type: any
follow: False
register: filestochange
#############################################
# This step is painfully slow
- name: Clear group-write permissions where needed
file:
path: "{{ item.path }}"
mode: "u+rwX,go+rX,go-w"
follow: False
when:
- not item.islnk
- "'/opt/myapp/path1/excludeddir1' not in item.path"
- "'/opt/myapp/path1/excludeddir2' not in item.path"
- "'/opt/myapp/path2/excludeddir1' not in item.path"
- "'/opt/myapp/path2/excludeddir2' not in item.path"
- "'/opt/myapp/path1/readonlydir1' not in item.path
- "'/opt/myapp/path1/readonlydir2' not in item.path
loop: "{{ filestochange.files }}"
loop_control:
label: "{{ item.path }}"
涉及的子目录总共有大约 10 万个文件。
上面的代码可以工作,但毫不奇怪,速度非常慢。最初的大多数天真的实现连续运行了两天。
我的第一个优化是为几个不需要任何异常的子目录设置权限,然后在循环中跳过它们。这在一定程度上有所帮助;现在时间缩短到一两个小时。
作为下一个优化,我想从 find 模块生成的列表中删除那些相同的条目,然后再将其送入循环,但我还没有找到这样做的方法。
file 模块确实有一个 exclude 属性,但这似乎只匹配文件名,而不是目录名。
所以我正在寻找一种方法来从匹配某些通配符模式的列表中删除项目。
当然,我也愿意接受任何其他关于如何进一步优化这一点的建议。
注意:这个简单的实现不起作用,因为它会重置,然后设置权限。
- name: Set everything to G read-only
file:
path: "{{item}}"
mode: "u+rwX,go+rX,go-w"
recurse: True
with_items:
- /opt/myapp/path1
- /opt/myapp/path2
- name: A few directories need group-write permissions
file:
path: "{{item}}"
mode: "u+rwX,g+wrX,o+rX,o-w"
recurse: True
with_items:
- /opt/myapp/path1/excludeddir1
- /opt/myapp/path1/excludeddir2
- /opt/myapp/path2/excludeddir1
- /opt/myapp/path2/excludeddir2
小智 6
您可以尝试拒绝过滤器,例如:
set_fact:
new_list: "{{ old_list | reject('search', 'SOME WORD') | list }}"
| 归档时间: |
|
| 查看次数: |
6276 次 |
| 最近记录: |