时间戳

首页 > 解决方案 > Ansible,将某些元素从变量写入文件

ansible - Ansible,将某些元素从变量写入文件

问题描述

我的 Ansible 剧本当前正在将即将到期的证书打印到屏幕上。这些是我的剧本:

- name: Setting cert facts.
      set_fact:
        certData: "{{ certs.json | json_query('items[*].{expires: validityEnd, cn: cn, serial: serialHex, id: id}') }}"
      no_log: true

- name: Certs expiring within {{ expireDays }} days.
      debug:
        msg:
          - "Following certs have expired or are expiring within {{ expireDays }} days"
          - "ID: {{ item.id }}"
          - "CN: {{ item.cn }}"
          - "Serial: {{ item.serial }}"
          - "Expiration Date: {{ item.expires }}"
          - "Expiring in:  {{ expire_days }} days."
      vars:
        expire_days: "{{ (( item.expires | regex_replace('\\+00:00') | to_datetime('%Y-%m-%dT%H:%M:%S')) - (ansible_date_time.iso8601 | to_datetime('%Y-%m-%dT%H:%M:%SZ')) ).days }}"
      loop: "{{ certData }}"
      loop_control:
        label: "{{ item.cn }}  expires: {{ (item.expires | regex_replace('\\+00:00') | to_datetime('%Y-%m-%dT%H:%M:%S') - (ansible_date_time.iso8601 | to_datetime('%Y-%m-%dT%H:%M:%SZ')) ).days }} days."
      when: expire_days | int <= expireDays
      register: expired_certs

然后我只想将“cn”值打印到文件中,最好以逗号分隔或换行符分隔格式。

我尝试这样做,但它不会在文件中打印任何内容:

- name: Create file with expiring certs.
      copy:
        dest: "./cert_expiring.txt"
        content: "{{ expired_certs.results | json_query('item[*].{id: id, cn: cn}') }}"

这是一个元素的{{ expired_certs }}样子:

"msg": {
    "changed": false,
    "msg": "All items completed",
    "results": [{
        "ansible_loop_var": "item",
        "changed": false,
        "failed": false,
        "item": {
            "cn": "node1.corp.com",
            "expires": "2020-11-05T15:20:18+00:00",
            "id": 705,
            "serial": "1111"
        },
        "msg": [
            "Following certs have expired or are expiring within 90 days",
            "ID: 705",
            "CN: node1.corp.com",
            "Serial: 1111",
            "Expiration Date: 2020-11-05T15:20:18+00:00",
            "Expiring in:  -195 days."
        ]
    }]
}

标签: ansible

解决方案

我相信我可能已经找到了实现这一目标的方法。我更改了“证书将在 {{ expireDays }} 天内到期”。玩这个:

- name: Certs expiring within {{ expireDays }} days.
      lineinfile:
        dest: "./cert_expiring.txt"
        line: "{{ item.cn }}"
        state: present
        create: yes
      vars:
        expire_days: "{{ (( item.expires | regex_replace('\\+00:00') | to_datetime('%Y-%m-%dT%H:%M:%S')) - (ansible_date_time.iso8601 | to_datetime('%Y-%m-%dT%H:%M:%SZ')) ).days }}"
      loop: "{{ certData }}"
      loop_control:
        label: "{{ item.cn }}  expires: {{ (item.expires | regex_replace('\\+00:00') | to_datetime('%Y-%m-%dT%H:%M:%S') - (ansible_date_time.iso8601 | to_datetime('%Y-%m-%dT%H:%M:%SZ')) ).days }} days."
      when: expire_days | int <= expireDays

这似乎是每行打印一个 CN。

推荐阅读