调试

调试

我编写了在 Linux 服务器上应用安全补丁的剧本,剩下的唯一部分是编写重新启动已打补丁的服务器的任务。

以下是应用补丁的任务内容

- name: Deploying Security Packages                              
  shell: "yum update --security -y"                              
  register: progress                                             
  when: deploypackages == "y"                                    
                                                                 
- name: Installed Packages                                       
  debug:                                                         
    msg: "{{ progress.stdout_lines | regex_search('complete') }}"
  #when: progress.changed | regex_search('complete')   

我正在寻找一个过滤器来在输出中查找注册变量中的单词(如果是),completed然后kernel重新启动服务器。

谢谢

尝试 1 - 失败

出于测试目的,我已更改kernelxz-libs,但达到条件时失败when

---
- name: Deploying Security Packages
  #shell: "yum update --security -y"
  yum:
    name: '*'
    state: latest
    security: yes
  register: yum_update
  when: deploypackages == "y"

- name: Installed Packages
  debug:
    msg: " Packages installed Successfully "
  when:
    - yum_update.changed
    - yum_update.stdout | regex_search('xz-libs', ignorecase=True ) is not none

它给出了这个错误

TASK [deploying_security_updates : Deploying Security Packages] **********************
changed: [192.168.8.26]

    TASK [deploying_security_updates : Installed Packages] *******************************
    fatal: [192.168.8.26]: FAILED! => {"msg": "The conditional check 'yum_update.stdout | regex_search('*xz-libs*', ignorecase=True ) is not none' failed. The error was: nothing to repeat\n\nThe error appears to be in '/home/sysadmin/ansible_files/play-security-update/roles/deploying_security_updates/tasks/main.yaml': line 11, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Installed Packages\n  ^ here\n"}

调试

- name: Deploying Security Packages                                                
  yum:                                                                             
    name: '*'                                                                      
    state: latest                                                                  
    security: yes                                                                  
  register: yum_update                                                             
  when: deploypackages == "y"                                                      
                                                                                   
- name: Installed Packages                                                         
  debug:                                                                           
    #msg: " Packages installed Successfully "                                      
    msg: " {{ yum_update.stdout | regex_search('xz-libs', ignorecase=True ) }}"    
  #when:                                                                           
  #  - yum_update.changed                                                          
  #  - yum_update.stdout | regex_search('*xz-libs*', ignorecase=True ) is not none 



Do you want to deploy Packages: y

PLAY [To Apply Security Patches on Linux Servers] *******************************************************************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************************************************************************************
ok: [192.168.8.26]

TASK [Condition Failed! Wrong User Input] ***************************************************************************************************************************************************************************************************
skipping: [192.168.8.26]

TASK [check_for_updates : Looking for Package Updates] **************************************************************************************************************************************************************************************
skipping: [192.168.8.26]

TASK [check_for_updates : Printing Available Updates] ***************************************************************************************************************************************************************************************
skipping: [192.168.8.26]

TASK [deploying_security_updates : Deploying Security Packages] *****************************************************************************************************************************************************************************
changed: [192.168.8.26]

TASK [deploying_security_updates : Installed Packages] **************************************************************************************************************************************************************************************
fatal: [192.168.8.26]: FAILED! => {"msg": "Unexpected templating type error occurred on ( {{ yum_update.stdout | regex_search('xz-libs', ignorecase=True ) }}): expected string or buffer"}

PLAY RECAP **********************************************************************************************************************************************************************************************************************************
192.168.8.26               : ok=2    changed=1    unreachable=0    failed=1    skipped=3    rescued=0    ignored=0

调试输出

ok: [192.168.8.26] => {
    "msg": {
        "changed": true,
        "changes": {
            "installed": [],
            "updated": [
                [
                    "xz",
                    "5.2.2-2.el7_9.x86_64 from rhel-remote"
                ],
                [
                    "xz-libs",
                    "5.2.2-2.el7_9.x86_64 from rhel-remote"
                ]
            ]
        },
        "failed": false,
        "msg": "",
        "rc": 0,
        "results": [
            "Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-\n              : manager\nThis system is not registered with an entitlement server. You can use subscription-manager to register.\n --> device-mapper-persistent-data-0.7.3-3.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> 7:device-mapper-event-1.02.170-6.el7_9.5.x86_64 from rhel-remote removed (updateinfo)\n --> libgnomekbd-3.26.0-3.el7.x86_64 from rhel-remote removed (updateinfo)\n --> cryptsetup-python-2.0.3-3.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> PackageKit-gstreamer-plugin-1.1.10-2.el7.x86_64 from rhel-remote removed (updateinfo)\n --> libstoragemgmt-1.6.2-4.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> PackageKit-gtk3-module-1.1.10-2.el7.x86_64 from rhel-remote removed (updateinfo)\n --> 7:device-mapper-event-1.02.149-8.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> setroubleshoot-plugins-3.0.67-3.el7.noarch from @anaconda/7.6 removed (updateinfo)\n --> libdrm-2.4.91-3.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> mesa-dri-drivers-18.3.4-12.el7_9.x86_64 from rhel-remote removed (updateinfo)\n --> subscription-manager-plugin-container-1.24.51-1.el7_9.x86_64 from rhel-remote removed (updateinfo)\n --> firewalld-0.6.3-13.el7_9.noarch from rhel-remote removed (updateinfo)\n --> gdb-7.6.1-114.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> grubby-8.28-26.el7.x86_64 from rhel-remote removed (updateinfo)\n --> hostname-3.13-3.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> 32:bind-libs-lite-9.11.4-26.P2.el7_9.9.x86_64 from rhel-remote removed (updateinfo)\n --> abrt-dbus-2.1.11-52.el7.x86_64 from @anaconda/7.6 removed (updateinfo)\n --> unzip-6.0-21.el7.x86_64 from @rhel-remote removed (updateinfo)\n
 Package xz-libs.x86_64 0:5.2.2-2.el7_9 will be an update\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package         Arch           Version               Repository           Size\n================================================================================\nUpdating:\n xz              x86_64         5.2.2-2.el7_9         rhel-remote         229 k\n xz-libs         x86_64         5.2.2-2.el7_9         rhel-remote         103 k\n\nTransaction Summary\n================================================================================\nUpgrade  2 Packages\n\nTotal download size: 332 k\nDownloading packages:\nNo Presto metadata available for rhel-remote\n--------------------------------------------------------------------------------\nTotal                                              1.3 MB/s | 332 kB  00:00     \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n  Updating   : xz-libs-5.2.2-2.el7_9.x86_64                                 1/4 \n  Updating   : xz-5.2.2-2.el7_9.x86_64                                      2/4 \n  Cleanup    : xz-5.2.2-1.el7.x86_64                                        3/4 \n  Cleanup    : xz-libs-5.2.2-1.el7.x86_64                                   4/4 \n  Verifying  : xz-libs-5.2.2-2.el7_9.x86_64                                 1/4 \n  Verifying  : xz-5.2.2-2.el7_9.x86_64                                      2/4 \n  Verifying  : xz-libs-5.2.2-1.el7.x86_64                                   3/4 \n  Verifying  : xz-5.2.2-1.el7.x86_64                                        4/4 \n\nUpdated:\n  xz.x86_64 0:5.2.2-2.el7_9            xz-libs.x86_64 0:5.2.2-2.el7_9           \n\nComplete!\n"
        ]
    }
}

PLAY RECAP **********************************************************************************************************************************************************************************************************************************
192.168.8.26               : ok=3    changed=1    unreachable=0    failed=0    skipped=3    rescued=0    ignored=0

答案1

请注意,不仅在安装新内核后可能需要重新启动,而且在更新微码、glibc、SSL 库等后也可能需要重新启动。因此,还有一些事件需要重新启动,也需要进行检查。

在 RHEL 中,有一些基于可用的本机操作系统包管理器的实用程序,例如yum-utils,其中包含一个needs-restarting脚本来查询在应用更新后是否有必要这样做。

例子(基于RHEL 7)

解决依赖关系后

- name: Install basic admin tools
  yum:
    name: yum-utils
    state: latest

检查很简单

- name: Check if reboot_required
  shell:
    cmd: "needs-restarting -r"
  changed_when: false
  failed_when: reboot_required.rc != 0 and reboot_required.rc != 1
  check_mode: false
  register: reboot_required

- name: Report reboot_required
  debug:
    msg: "{{  reboot_required.rc | bool }} "
  changed_when: reboot_required.rc == 1
  check_mode: false

并产生输出

TASK [Report reboot_required] **************************************************
ok: [test1.example.com] => {
    "msg": "True "
}
ok: [test2.example.com] => {
    "msg": "False "
}

用于检查是否需要重新启动的软件包也可用于其他发行版。

类似问答


此外,根据基础设施和环境,可以通过 cronjobs 让系统完全自动重启,例如

# Reboot cron job
# /etc/cron.d/

# mm hh dom mon dow user command
  59  0   *   *   * root needs-restarting -r || /usr/sbin/shutdown --no-wall -r +1

答案2

检查任务是否完成以及单词核心在输出中已经提到您将得到以下任务:

- name: "Deploying Security Packages"
  ansible.builtin.yum:
    name: '*'
    security: yes
    state: latest
  register: yum_update

- name: "Just debug for now"
  ansible.builtin.debug:
    msg: "This should be a reboot"
  when:
    - yum_update.changed
    - (yum_update.results[0] | regex_search('kernel')) is not none

两个-带有“when”的意思是一个逻辑,AND所以更新应该被更改并因此完成,否则会失败,并且在stdout的输出中应该有单词匹配kernel。如果该词不存在,检查将none根据以下内容输出文档

相关内容