我正在尝试过滤 YAML 配置文件并根据密钥折叠它们。
对于 ansible playbook,我使用以下配置
virtual_hosts:
- vname: example
server_name: "www.example.com example.com"
port: 443
ssl:
cert: "star_example"
- name: example_star
server_name: "*.example.com"
port: 443
ssl:
cert: "star_example"
- name: foo
server_name: "www.foo.com foo.com"
port: 443
ssl:
cert: "foo"
我已经绑定使用模板
- name: Certs Template
set_fact:
vhost_certs: "{{ lookup('template', './cert.yml') | from_yaml }}"
使用以下 cert.yml
{% if virtual_hosts is defined %}
{% for host in virtual_hosts %}
{% if host.ssl is defined %}
- name: "{{host.ssl.cert}}"
private: " ... PRIV KEY ...."
public: " ... PUB KEY ...."
{% endif %}
{% endfor %}
{% endif %}
问题是这vhost_certs将包含star_example两次。实际上 cert.yml 使用 Ansible 插件进行查找以获取私钥和公钥,因此我只想查找一次。
我想一个更好的方法是解析virtual_hosts创建一个新对象,其中主键将是ssl.cert添加所有对和键server_names进行实际查找,然后检查证书是否对所有项目都有效privatepublicserver_name
例如
vhost_certs:
- name: star_example
server_names:
- "www.example.com"
- "example.com"
- "*.example.com"
- name: foo
server_names:
- "www.foo.com"
- "foo.com"
Ansible 中有没有办法做到这一点?
更新:
我设法创建了列表:
{{ virtual_hosts | json_query('[?ssl.cert].{cert: ssl.cert, domains: server_name }') | list }}
这确实提供了一个list
item: {
"cert" : "star_example"
"domains" "www.example.com example.com"
}
item: {
"cert" : "star_example"
"domains" "*.example.com"
}
item: {
"cert" : "foo"
"domains" "www.foo.com foo.com"
}
我只需要以某种方式将其折叠到
item: {
"cert" : "star_example"
"domains"
- "*.example.com"
- "www.example.com example.com"
}