Red Hat Training

A Red Hat training course is available for RHEL 8

91.4. ipadnsconfig ansible-freeipa 模块中的 action: member 选项

使用 ansible-freeipa ipadnsconfig 模块在身份管理(IdM)中排除全局转发器,除了使用 state: absent 选项外,还需要使用 action: member 选项。如果您只使用 playbook 中的 state: absent,而没有使用 action: member,则 playbook 将失败。因此,要删除所有全局转发器,您必须在 playbook 中单独指定它们。相反,state: present 选项不需要 action: member

下表 提供了添加和删除 DNS 全局转发器的配置示例,其演示了 action: member 选项的正确使用。表中每一行显示了:

  • 执行 playbook 前配置的全局转发器
  • playbook 摘录
  • 执行 playbook 后配置的全局转发器

表 91.1. 全局转发器的 ipadnsconfig 管理

之前的转发器Playbook 摘录之后的转发器

8.8.6.6

[...]
tasks:
- name: Ensure the presence of DNS global forwarder 8.8.6.7
  ipadnsconfig:
    forwarders:
      - ip_address: 8.8.6.7
    state: present

8.8.6.7

8.8.6.6

[...]
tasks:
- name: Ensure the presence of DNS global forwarder 8.8.6.7
  ipadnsconfig:
    forwarders:
      - ip_address: 8.8.6.7
    action: member
    state: present

8.8.6.6, 8.8.6.7

8.8.6.6, 8.8.6.7

[...]
tasks:
- name: Ensure the absence of DNS global forwarder 8.8.6.7
  ipadnsconfig:
    forwarders:
      - ip_address: 8.8.6.7
    state: absent

尝试执行 playbook 会导致错误。原始配置 - 8.8.6.6、8.8.6.7 - 保持不变。

8.8.6.6, 8.8.6.7

[...]
tasks:
- name: Ensure the absence of DNS global forwarder 8.8.6.7
  ipadnsconfig:
    forwarders:
      - ip_address: 8.8.6.7
    action: member
    state: absent

8.8.6.6