python - Unable to deploy Cloud Formation via Ansible as Jinja templates

Question

My role, main.yml is like below

cat ansible/playbooks/roles/patching-cf-ssm/tasks/main.yml
---
- include_vars: "{{playbook_dir}}/vars/patching-config.yml"
  ignore_errors: yes

- name: Create a Cloudformation Stack Windows
  cloudformation:
    stack_name: "something pleasant-static"
    state: "present"
    region: "{{ AWS_REGION }}"
    disable_rollback: true
    template_body: "{{ lookup('template', '../../cloudformation/patching/PatchBaseline.yaml.j2') }}"
  #when: OStype == "WINDOWS"
  with_items: "{{ my_os_baseline }}"

My patching configuration file is as below

[ansible@ip-172-31-40-59 awsManagedServiceInstance]$ cat ansible/playbooks/vars/patching-config.yml
---
AWS_REGION: ap-southeast-2
my_os_baseline:
  - OS: "WINDOWS"
    PatchGroup:
      - "WinProdLastFri09PM01"
      - "WinProdLastSat09PM01"
      - "WinNonProdDayOne09PM01"
      - "WinNonProdDayTwo09PM01"
    ApproveAfterDays: 7
    SEVERITY: "MSRC_SEVERITY"
    ComplianceLevel: "CRITICAL"
    CLASSIFICATION_Values: |
      - SecurityUpdates
      - Updates
      - ServicePacks
      - UpdateRollups
      - CriticalUpdates
      - DefinitionUpdates
      - Drivers
      - FeaturePacks
      - Tools
      - UpdateRollups
      - Updates
      - Upgrades
    PatchFilters_Values: |
      - Critical
      - Important

  - OS: "REDHAT_ENTERPRISE_LINUX"
    PatchGroup:
      - "RHELProdLastFri09PM01"
      - "RHELProdLastSat09PM01"
      - "RHELNonProdDayOne09PM01"
      - "RHELNonProdDayTwo09PM01"
    ApproveAfterDays: 7
    ComplianceLevel: "CRITICAL"
    SEVERITY: "SEVERITY"
    CLASSIFICATION_Values: |
      - Security
      - Bugfix
      - Enhancement
      - Recommended
      - Newpackage
    PatchFilters_Values: |
      - Critical
      - Important
      - Moderate

  - OS: "UBUNTU"
    PatchGroup:
      - "UBUNTUProdLastFri09PM01"
      - "UBUNTUProdLastSat09PM01"
      - "UBUNTUNonProdDayOne09PM01"
      - "UBUNTUNonProdDayTwo09PM01"
    ApproveAfterDays: 7
    ComplianceLevel: "CRITICAL"
    SEVERITY: "SEVERITY"
    CLASSIFICATION_Values: |
      - Security
      - Bugfix
      - Enhancement
      - Recommended
      - Newpackage
    PatchFilters_Values: |
      - Critical
      - Important
      - Moderate

  - OS: "CENTOS"
    PatchGroup:
      - "CENTOSProdLastFri09PM01"
      - "CENTOSProdLastSat09PM01"
      - "CENTOSNonProdDayOne09PM01"
      - "CENTOSNonProdDayTwo09PM01"
    ApproveAfterDays: 7
    ComplianceLevel: "CRITICAL"
    SEVERITY: "SEVERITY"
    CLASSIFICATION_Values: |
      - Security
      - Bugfix
      - Enhancement
      - Recommended
      - Newpackage
    PatchFilters_Values: |
      - Critical
      - Important
      - Moderate

  - OS: "AMAZON_LINUX_2"
    PatchGroup:
      - "AMAZON_LINUX_2ProdLastFri09PM01"
      - "AMAZON_LINUX_2ProdLastSat09PM01"
      - "AMAZON_LINUX_2NonProdDayOne09PM01"
      - "AMAZON_LINUX_2NonProdDayTwo09PM01"
    ApproveAfterDays: 7
    ComplianceLevel: "CRITICAL"
    SEVERITY: "SEVERITY"
    CLASSIFICATION_Values: |
      - Security
      - Bugfix
      - Enhancement
      - Recommended
      - Newpackage
    PatchFilters_Values: |
      - Critical
      - Important
      - Moderate

my_windows_maintenance:
  - name: "Create-Patching-Schedule"
    tag_value: "myProdA"
    rebootSetting: "never"
    PatchGroup: "WinProdLastFri09PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 ? * 6L *)"

  - name: "Create-Patching-Schedule"
    tag_value: "myProdB"
    rebootSetting: "never"
    PatchGroup: "WinProdLastSat09PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 ? * 7L *)"

  - name: "Create-Patching-Schedule"
    tag_value: "myWinNonProd"
    rebootSetting: "never"
    PatchGroup: "WinNonProdDayOne09PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 1 * ? *)"

  - name: "Create-Patching-Schedule"
    OS: "WINDOWS"
    tag_value: "myWinNonProdOneTime"
    rebootSetting: "never"
    PatchGroup: "WinNonProdDayTwo09PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 2 * ? *)"

my_linux_maintenance:
  - name: "Create-Patching-Schedule"
    OS: "REDHAT_ENTERPRISE_LINUX"
    tag_value: "myLinuxProdA"
    rebootSetting: "never"
    PatchGroup: "RHELProdLastFri09PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 ? * 6L *)"

  - name: "Create-Patching-Schedule"
    OS: "REDHAT_ENTERPRISE_LINUX"
    tag_value: "myLinuxProdB"
    rebootSetting: "never"
    PatchGroup: "RHELProdLastSat09PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 ? * 7L *)"

  - name: "Create-Patching-Schedule"
    OS: "REDHAT_ENTERPRISE_LINUX"
    tag_value: "myLinuxNonProd"
    rebootSetting: "never"
    PatchGroup: "RHELNonProdDayOne9PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 1 * ? *)"

  - name: "Create-Patching-Schedule"
    OS: "REDHAT_ENTERPRISE_LINUX"
    tag_value: "myLinuxNonProdOneTime"
    rebootSetting: "never"
    PatchGroup: "RHELNonProdDayTwo09PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 2 * ? *)"

  - name: "Create-Patching-Schedule"
    OS: "UBUNTU"
    tag_value: "myLinuxProdA"
    rebootSetting: "never"
    PatchGroup: "UBUNTUProdLastFri09PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 ? * 6L *)"

  - name: "Create-Patching-Schedule"
    OS: "UBUNTU"
    tag_value: "myLinuxProdB"
    rebootSetting: "never"
    PatchGroup: "UBUNTUProdLastSat09PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 ? * 7L *)"

  - name: "Create-Patching-Schedule"
    OS: "UBUNTU"
    tag_value: "myLinuxNonProd"
    rebootSetting: "never"
    PatchGroup: "UBUNTUNonProdDayOne9PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 1 * ? *)"

  - name: "Create-Patching-Schedule"
    OS: "UBUNTU"
    tag_value: "myLinuxNonProdOneTime"
    rebootSetting: "never"
    PatchGroup: "UBUNTUNonProdDayTwo9PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 2 * ? *)"

  - name: "Create-Patching-Schedule"
    OS: "CENTOS"
    tag_value: "myLinuxProdA"
    rebootSetting: "never"
    PatchGroup: "RHELProdLastFri09PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 ? * 6L *)"

  - name: "Create-Patching-Schedule"
    OS: "CENTOS"
    tag_value: "myLinuxProdB"
    rebootSetting: "never"
    PatchGroup: "RHELProdLastSat09PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 ? * 7L *)"

  - name: "Create-Patching-Schedule"
    OS: "CENTOS"
    tag_value: "myLinuxNonProd"
    rebootSetting: "never"
    PatchGroup: "RHELNonProdDayOne9PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 1 * ? *)"

  - name: "Create-Patching-Schedule"
    OS: "CENTOS"
    tag_value: "myLinuxNonProdOneTime"
    rebootSetting: "never"
    PatchGroup: "RHELNonProdDayTwo9PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 2 * ? *)"

  - name: "Create-Patching-Schedule"
    OS: "AMAZON_LINUX_2"
    tag_value: "myLinuxProdA"
    rebootSetting: "never"
    PatchGroup: "RHELProdLastFri09PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 ? * 6L *)"

  - name: "Create-Patching-Schedule"
    OS: "AMAZON_LINUX_2"
    tag_value: "myLinuxProdB"
    rebootSetting: "never"
    PatchGroup: "RHELProdLastSat09PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 ? * 7L *)"

  - name: "Create-Patching-Schedule"
    OS: "AMAZON_LINUX_2"
    tag_value: "myLinuxNonProd"
    rebootSetting: "never"
    PatchGroup: "RHELNonProdDayOne9PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 1 * ? *)"

  - name: "Create-Patching-Schedule"
    OS: "AMAZON_LINUX_2"
    tag_value: "myLinuxNonProdOneTime"
    rebootSetting: "never"
    PatchGroup: "RHELNonProdDayTwo9PM01"
    startDate: "2020-07-01T00:00:00Z"
    expiryDate: "2020-07-31T23:59:59Z"
    duration: 6
    cutoff: 2
    timeZone: "Australia/Sydney"
    schedule: "cron(0 0 21 2 * ? *)"
...

Lastly, the Jinja template is below:

[ansible@ip-172-31-40-59 awsManagedServiceInstance]$ cat cloudformation/patching/PatchBaseline.yaml.j2
---
Resources:
  WindowsBaseline:
    Type: AWS::SSM::PatchBaseline
    Properties:
      Name: My-Managed-{{item.OS}}-Baseline
      Description: {{item.OS}} Baseline for {{item.SEVERITY}} with Rating {{item.PatchFilters_Values}}
      OperatingSystem: {{ item.OS }}
      PatchGroups:
        - {{ item.PatchGroup | indent( width=7, indentfirst=True ) }}
        # - WinProdLastFri09PM01
        # - WinProdLastSat09PM01
        # - WinNonProdDayOne09PM01
        # - WinNonProdDayTwo09PM01
      ApprovalRules:
        PatchRules:
          - PatchFilterGroup:
              PatchFilters:
                - Values:
                  {{ item.PatchFilters_Values | indent( width=14, indentfirst=True ) }}
                  Key: {{ item.SEVERITY }}
                - Values:
                  {{ item.CLASSIFICATION_Values | indent( width=14, indentfirst=True ) }}
                  Key: CLASSIFICATION
                - Values:
                    - APPLICATION
                  Key: PATCH_SET
            ApproveAfterDays: 7
            ComplianceLevel: CRITICAL

Unfortunately, I am getting an error like below:

fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'template'. Error was a <type 'exceptions.AttributeError'>, original message: 'list' object has no attribute 'splitlines'"}

No idea what it means in the first place and how to resolve it.

score 1 · Accepted Answer

    - {{ item.PatchGroup | indent( width=7, indentfirst=True ) }}

您正在将 a 发送到需要换行符分隔字符串list的函数中

您可以轻松地重现该爆炸：

- debug:
    msg: '{{ ["alpha", "beta"] | indent( width=7, indentfirst=True ) }}'

然后同样微不足道的解决方法join是list

- debug:
    msg: '{{ ["alpha", "beta"] | join("\n") | indent( width=7, indentfirst=True ) }}'

python - Unable to deploy Cloud Formation via Ansible as Jinja templates

1 回答 1

Related

Reference