【自动化运维神器Ansible】Playbook中的when条件判断：精细化控制任务执行

- name: 示例任务hosts: target_hoststasks:- name: 仅在特定条件下执行ansible.builtin.command: /path/commandwhen: condition_expression

• when后面的表达式可以是任何返回布尔值的表达式，当表达式为true时，任务才会执行；否则，任务将被跳过

- name: 系统更新任务hosts: allvars:is_development: truetasks:- name: 仅在生产环境更新系统ansible.builtin.apt:update_cache: yesupgrade: distwhen: not is_development

• 在这个示例中，只有当is_development为false时，系统更新任务才会执行

- name: 配置Web服务器hosts: webserversvars:enable_ssl: truessl_cert_path: /etc/ssl/certs/mycert.pemtasks:- name: 安装Nginxansible.builtin.apt:name: nginxstate: present- name: 配置SSL证书ansible.builtin.copy:src: files/cert.pemdest: "{{ ssl_cert_path }}"when: enable_ssl

• Ansible会自动收集目标主机的系统信息，称为"事实"(facts)。我们可以使用这些事实来编写条件判断

- name: 根据操作系统执行不同任务hosts: alltasks:- name: 更新APT缓存ansible.builtin.apt:update_cache: yeswhen: ansible_os_family == "Debian"- name: 更新YUM缓存ansible.builtin.yum:list: updateswhen: ansible_os_family == "RedHat"

• 我们可以使用逻辑运算符组合多个条件

- name: 复杂条件示例hosts: allvars:env: productionmaintenance: falsetasks:- name: 执行关键任务ansible.builtin.command: /path/to/critical_commandwhen: env == "production" and not maintenance

- name: 列表条件判断hosts: allvars:required_packages:- nginx- apache2- mysql-servertasks:- name: 安装必需软件包ansible.builtin.apt:name: "{{ item }}"state: presentloop: "{{ required_packages }}"when: item in ansible_facts.packages- name: 字典条件判断ansible.builtin.debug:msg: "服务已安装"when: ansible_facts.services["nginx"] is defined

- name: 使用正则表达式hosts: alltasks:- name: 处理特定主机ansible.builtin.debug:msg: "处理Web服务器"when: inventory_hostname | match("web.*")

• 复杂的条件表达式难以理解和维护。如果条件过于复杂，考虑将其分解为多个变量或使用过滤器

# 不推荐
- name: 复杂条件ansible.builtin.command: /path/to/commandwhen: (ansible_os_family == "Debian" and ansible_distribution_release in ["buster", "bullseye"]) or (ansible_os_family == "RedHat" and ansible_distribution_major_version >= "8")# 推荐
- name: 定义变量set_fact:is_supported_debian: "{{ ansible_os_family == 'Debian' and ansible_distribution_release in ['buster', 'bullseye'] }}"is_supported_redhat: "{{ ansible_os_family == 'RedHat' and ansible_distribution_major_version >= '8' }}"- name: 执行命令ansible.builtin.command: /path/to/commandwhen: is_supported_debian or is_supported_redhat

• Jinja2提供了丰富的过滤器，可以帮助我们更灵活地处理条件

- name: 使用Jinja2过滤器hosts: alltasks:- name: 检查版本是否大于等于1.0ansible.builtin.debug:msg: "版本符合要求"when: version is version('1.0', '>=')

• 复杂的计算应该在任务外部完成，以提高Playbook的可读性

# 不推荐
- name: 复杂计算ansible.builtin.command: /path/to/commandwhen: (ansible_facts['memory_mb']['real']['total'] / 1024 / 1024) > 4# 推荐
- name: 计算内存大小set_fact:memory_gb: "{{ ansible_facts['memory_mb']['real']['total'] / 1024 / 1024 }}"- name: 检查内存大小ansible.builtin.command: /path/to/commandwhen: memory_gb > 4

• 结合when和tags可以更灵活地控制Playbook的执行

- name: 带标签的任务hosts: alltasks:- name: 仅在生产环境执行ansible.builtin.command: /path/to/production_commandtags: productionwhen: env == "production"- name: 仅在开发环境执行ansible.builtin.command: /path/to/development_commandtags: developmentwhen: env == "development"

• 我们可以使用register关键字捕获任务的结果，然后在后续任务中使用when基于这些结果进行判断

- name: 检查服务状态hosts: alltasks:- name: 检查nginx是否运行ansible.builtin.systemd:name: nginxstate: startedregister: nginx_status- name: 重启nginxansible.builtin.systemd:name: nginxstate: restartedwhen: nginx_status.status.changed

• block允许我们将相关任务组织在一起，并可以对整个块应用条件

- name: 使用block和whenhosts: allvars:enable_maintenance: falsetasks:- name: 维护模式任务块block:- name: 停止应用服务ansible.builtin.systemd:name: myappstate: stopped- name: 执行维护任务ansible.builtin.command: /path/to/maintenance_script- name: 启动应用服务ansible.builtin.systemd:name: myappstate: startedwhen: enable_maintenance

• failed_when允许我们自定义任务失败的条件，可以与when结合使用实现更复杂的错误处理

- name: 错误处理示例hosts: alltasks:- name: 执行可能失败的任务ansible.builtin.command: /path/to/risky_commandregister: resultfailed_when: result.rc != 0 and not allow_failurechanged_when: result.rc == 0- name: 处理失败的任务ansible.builtin.debug:msg: "任务失败，但允许继续执行"when: result.rc != 0 and allow_failure

• 在不同环境中（开发、测试、生产）执行不同的配置任务

- name: 环境差异化配置hosts: allvars:env: "{{ lookup('env', 'ANSIBLE_ENV') | default('development') }}"tasks:- name: 开发环境配置ansible.builtin.copy:src: configs/dev.confdest: /etc/app/config.confwhen: env == "development"- name: 测试环境配置ansible.builtin.copy:src: configs/test.confdest: /etc/app/config.confwhen: env == "testing"- name: 生产环境配置ansible.builtin.copy:src: configs/prod.confdest: /etc/app/config.confwhen: env == "production"

• 根据系统需求或用户选择安装不同的软件包

- name: 条件性软件安装hosts: allvars:install_database: trueinstall_webserver: falsetasks:- name: 安装数据库ansible.builtin.apt:name: postgresqlstate: presentwhen: install_database- name: 安装Web服务器ansible.builtin.apt:name: nginxstate: presentwhen: install_webserver

• 根据主机在架构中的角色执行不同的配置

- name: 基于角色的配置hosts: alltasks:- name: 配置Web服务器ansible.builtin.copy:src: configs/nginx.confdest: /etc/nginx/nginx.confwhen: "'web_server' in group_names"- name: 配置数据库服务器ansible.builtin.copy:src: configs/postgresql.confdest: /etc/postgresql/12/main/postgresql.confwhen: "'db_server' in group_names"- name: 配置负载均衡器ansible.builtin.copy:src: configs/haproxy.cfgdest: /etc/haproxy/haproxy.cfgwhen: "'load_balancer' in group_names"

• 仅在配置文件更改时重启服务

- name: 条件性服务重启hosts: alltasks:- name: 更新配置文件ansible.builtin.copy:src: files/app.confdest: /etc/app/app.confregister: config_updated- name: 重启应用服务ansible.builtin.systemd:name: appstate: restartedwhen: config_updated.changed