Anisble中的任务执行控制_ansible在debug的时候怎么控制changed为 false

tasks:
- name: file module
file:
name: /mnt/{{item}}
state: present

  loop:
    - westos_file1
    - westos_file2

#2.循环散列或字典列表#

• name: create file
  hosts: 172.25.0.254
  tasks:
  • name: file module
    service:
    name: “{{ item.name}}”
    state: “{{ item.state }}”
    loop:
    • name: httpd
      state: started
    • name: vsftpd
      state: stopped

 脚本练习：


在系统中完成以下用户操作


1.建立用户组shengchan，caiwu，jishu并满足以下要  
 \* shengchan组id为8000  
 \* caiwu组id为8001  
 \* jishu组id为8002


2.建立westosuser,linux,lee,westosadmin等用户完成以下要求  
 \* westosuser用户的附加组为shengchan和jishu  
 \* lee的主组为caiwu附加组为技术，lee的uid和gid必须一致  
 \* linux为系统账号不能直接被操作者使用  
 \* westosamdin用户不属于以上三个部门，但是可以在系统中自由的管理用户


3.  
 \* 以上用户密码均为westos,并要求用户首次登陆时强制修改密码  
 \* 设定以上用户密码必须在30天内进行休改，并在过期前2天发出警告求

---

• name: create file
  hosts: list1
  tasks:
  • name: create group
    group:
    name: “{{item.name}}”
    gid: “{{item.gid}}”
    state: present
    loop:
    • name: shengchan
      gid: 8000
    • name: caiwu
      gid: 8001
    • name: jishu
      gid: 8002
    • name: westosuser
      gid: 8003
    • name: linux
      gid: 8004
    • name: westosadmin
      gid: 8005
  • name: create user
    user:
    name: “{{item.name}}”
    groups: “{{item.groups}}”
    group: “{{item.group}}”
    shell: “{{item.shell}}”
    uid: “{{item.uid}}”
    password: ‘$6$4RBSjfuYIt694mEi$KetzruRtGRzZIPA4B/hDCimIWCalsOkzCH2GEoHvRTZpDXWL1xf.0.SYDg.SQ6KwtMUDKsNIcH0MAd3AHBRET0’
    loop:
    • name: westosuser
      groups: shengchan, jishu
      group: 8003
      shell: /bin/bash
      uid: 8003
    • name: lee
      groups: jishu
      group: caiwu
      shell: /bin/bash
      uid: 8001
    • name: linux
      groups: linux
      group: linux
      shell: /sbin/nologin
      uid: 8004
    • name: westosadmin
      groups: westosadmin
      group: westosadmin
      shell: /bin/bash
      uid: 8005
  • name: westosadmin
    lineinfile:
    path: /etc/sudoers
    regexp: “^root”
    insertafter: “^root”
    line: “westosadmin {{ansible_facts[‘fqdn’]}}=(root) NOPASSWD: /sbin/useradd, /sbin/userdel, /sbin/usermod”
  • name: configure password messages
    shell: chage -d 0 -M 30 -W 2 “{{item}}”
    loop:
    • westosuser
    • lee
    • westosadmin
      …

#### 二、条件

when:

• 条件1
• 条件2

#条件判断#
= value == “字符串”,value == 数字
< value < 数字

  	value >  数字

<= value <= 数字

= value >= 数字
!= value != 数字
is defined value value is defined 变量存在
is not defined value is not defined 变量不存在
bool变量 为true value value的值为true
bool变量 false not value value的值为false
value in value2 value的值在value2列表中
#多条条件组合#
when：
条件1 and 条件2

• 条件1
• 条件2

when:
条件1 or 条件2

when: >
条件1
or
条件2

测试题：


\*建立大小为1500M名为exam\_lvm的 lvm在westos组中


\*如果westos不存在请输入：


vg westos is not exist


\*如果westos大小不足1500M清输出：


vg westos is less then 1500M


并建立800M大小的lvm


三、触发器

notify: 触发器当遇到更改是触发handlers

handlers： 触发器触发后执行的动作

#实例#

• name: create virtualhost for web server
  hosts: 172.25.0.254
  vars_files:
  ./vhost_list.yml
  tasks:

  • name: create document
    file:
    path: “{{web2.document}}”
    state: directory
  • name: create vhost.conf
    copy:
    dest: /etc/httpd/conf.d/vhost.conf
    content:
    “<VirtualHost *:{{web1.port}}>\n\tServerName {{web1.name}}\n\tDocumentRoot {{web1.document}}\n\tCustomLog logs/{{web1.name}}.log combined\n\n\n<VirtualHost *:{{web2.port}}>\n\tServerName {{web2.name}}\n\tDocumentRoot {{web2.document}}\n\tCustomLog logs/{{web2.name}}.log combined\n”
    notify:
    restart apache

  handlers:

  • name: restart apache
    service:
    name: httpd
    state: restarted

脚本练习：


搭建一个vsftpd服务

---

• name: creat vsftpd
  hosts: all
  tasks:

  • name: install vsftpd
    dnf:
    name: vsftpd
    state: present

  • name: config vsftpd.conf
    template:
    src: ~/ansible/vsftpd.conf.j2
    dest: /etc/vsftpd/vsftpd.conf
    notify: restart vsftpd

  • name: config ftpdir
    file:
    path: /var/ftp/pub
    group: ftp
    mode: ‘0775’
    setype: “public_content_rw_t”

  • name: set sebool
    seboolean:
    name: ftpd_anon_write
    state: yes
    persistent: yes

  • firewalld:
    zone: public
    service: ftp
    permanent: yes
    state: enabled
    immediate: yes

  handlers:

  • name: restart vsftpd
    service:
    name: vsftpd
    state: restarted
    …

#### 四、处理失败任务


1.ignore\_errors#  
 #作用：  
 当play遇到任务失败是会终止  
 ignore\_errors: yes    将会忽略任务失败使下面的任务继续运行


#实例#

---

• name: test
  hosts: all
  tasks:
  • name: test
    dnf:
    name: sun
    state: present
    ignore_errors: yes
  • name: create file
    file:
    path: /mnt/sun
    state: touch

…

测试效果：


![](https://img-blog.csdnimg.cn/20201227122518104.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1N1bl9fcw==,size_16,color_FFFFFF,t_70)


2.force\_handlers#  
 #作用：  
 #当任务失败后play被终止也会调用触发器进程


#示例#

---

• name: apache change port
  hosts: all
  force_handlers: yes
  vars:
  http_port: 8080
  tasks:

  • name: configure apache conf file
    lineinfile:
    path: /etc/httpd/conf/httpd.conf
    regexp: “^Listen”
    line: “Listen {{ http_port }}”
    notify: restart apache

  • name: install error
    dnf:
    name: westos
    state: latest

  handlers:

  • name: restart apache
    service:
    name: httpd
    state: restarted
    enabled: yes
    …

验证：


![](https://img-blog.csdnimg.cn/20201227123116632.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1N1bl9fcw==,size_16,color_FFFFFF,t_70)


3.changed\_when#  
 #作用：  
 #控制任务在何时报告它已进行更改

---

• name: apache change port
  hosts: all
  force_handlers: yes
  vars:
  http_port: 80
  tasks:
  • name: configure apache conf file
    lineinfile:
    path: /etc/httpd/conf/httpd.conf