Go to Qiita Advent Calendar 2024 Top
LoginSignup
0
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@axcm

Ansible ネットワーク情報をiptablesで指定できる形で取り出す

Last updated at Posted at 2017-04-02
- set_fact:
    interfaces: "{{ansible_interfaces | map('regex_search', 'en.+') | select('string') | list}}"

- set_fact:
    network: "{{vars['ansible_' + item]['ipv4']['network']}}/{{vars['ansible_' + item]['ipv4']['netmask']}}"
  with_items: "{{interfaces}}"
  register: networks

- set_fact:
    networks: "{{networks.results | map(attribute='ansible_facts.network') | list}}"

- debug:
    msg: "{{networks}}"

- shell: iptables -A INPUT -s {{item}} -j ACCEPT
  with_items: "{{networks}}"



TASK [set_fact] *******************************************************
ok: [127.0.0.1]

TASK [set_fact] *******************************************************
ok: [127.0.0.1] => (item=enp0s3)
ok: [127.0.0.1] => (item=enp0s8)

TASK [set_fact] *******************************************************
ok: [127.0.0.1]

TASK [debug] **********************************************************
ok: [127.0.0.1] => {
    "msg": [
        "192.168.1.0/255.255.255.0",
        "192.168.2.0/255.255.255.0"
    ]
}

TASK [command] ********************************************************
changed: [127.0.0.1] => (item=192.168.1.0/255.255.255.0)
changed: [127.0.0.1] => (item=192.168.2.0/255.255.255.0)

ポイントは2つ

変数名が動的な変数を取得する

Ansibleのインターフェースの変数名は
ansible_enp0s3のように動的なので
ansible_interfacesからインターフェース名を取り出して
変数名を組み立てます。

vars['ansible_' + 変数名]

で取り出せます。

ループの実行結果を取得する

- set_fact:
    network: "{{vars['ansible_' + item]['ipv4']['network']}}/{{vars['ansible_' + item]['ipv4']['netmask']}}"
  with_items: "{{interfaces}}"
  register: networks

registerを設定することで、set_factの実行結果を取得できます。

registerした変数netwotkの中身
"changed": false,
"msg": "All items completed",
"results": [
    {
        "_ansible_item_result": true,
        "_ansible_no_log": false,
        "ansible_facts": {
            "network": "192.168.1.0/255.255.255.0"
        },
        "changed": false,
        "invocation": {
            "module_args": {
                "network": "192.168.1.0/255.255.255.0"
            },
            "module_name": "set_fact"
        },
        "item": "enp0s3"
    },
    {
        "_ansible_item_result": true,
        "_ansible_no_log": false,
        "ansible_facts": {
            "network": "192.168.2.0/255.255.255.0"
        },
        "changed": false,
        "invocation": {
            "module_args": {
                "network": "192.168.2.0/255.255.255.0"
            },
            "module_name": "set_fact"
        },
        "item": "enp0s8"
    }
]

resultsに各結果があります。
それをループで回して
ansible_factsのnetwork(set_factで指定した変数名)以下の内容をmapで抽出します。

- set_fact:
    networks: "{{networks.results | map(attribute='ansible_facts.network') | list}}"

最終的に

[
        "192.168.1.0/255.255.255.0",
        "192.168.2.0/255.255.255.0"
]

を得られます。

0
2
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?