# 可复用:HTTP curl 重试 + 可选响应头精确匹配(OC 友好日志:[OC-ASSERT])。 # # 必填之一:verify_http_url(整 URL)或 verify_http_entry_base(与 verify_http_path 拼接,path 默认 /)。 # 可选:verify_http_host_header(Host:)、verify_http_response_header_name/_value(需同时设才校验)、 # verify_http_expected_code(默认 200)、verify_http_retries(默认 10)、verify_http_retry_sleep(默认 2)、 # verify_http_connect_timeout(默认 3)、verify_http_max_time(默认 8)、 # verify_http_tls_insecure(默认 false;true 时对 curl 加 -k,用于自签/实验室 HTTPS)、 # verify_http_assertion_label(默认 http_expect,用于稳定命名)。 - name: Resolve effective URL for http-curl-expect ansible.builtin.set_fact: _vhttp_url: >- {%- if verify_http_url is defined and verify_http_url | trim | length > 0 -%} {{- verify_http_url | trim -}} {%- elif verify_http_entry_base is defined and verify_http_entry_base | trim | length > 0 -%} {{- (verify_http_entry_base | trim | regex_replace('/+$', '')) ~ '/' ~ (verify_http_path | default('/') | trim | regex_replace('^/+', '')) -}} {%- else -%} {%- endif -%} - name: Assert http-curl-expect has a target URL ansible.builtin.assert: that: - _vhttp_url is defined - (_vhttp_url | default('') | trim | length) > 0 fail_msg: "verify_common http-curl-expect:需设置 verify_http_url 或 verify_http_entry_base" # 可选 verify_http_delegate:例如 localhost = 在控制端 curl(适合节点本机 curl 不通入口 IP 时) - name: HTTP curl retry with optional response header (verify_common) ansible.builtin.shell: | set -euo pipefail url={{ _vhttp_url | quote }} assertion={{ (verify_http_assertion_label | default('http_expect')) | quote }} retries={{ verify_http_retries | default(10) | int }} sleep_s={{ verify_http_retry_sleep | default(2) | int }} connect={{ verify_http_connect_timeout | default(3) | int }} maxt={{ verify_http_max_time | default(8) | int }} expect_code="{{ verify_http_expected_code | default(200) | string }}" host={{ (verify_http_host_header | default('') | trim) | quote }} hdr_name={{ (verify_http_response_header_name | default('') | trim) | quote }} hdr_val={{ (verify_http_response_header_value | default('') | trim) | quote }} {% if verify_http_tls_insecure | default(false) | bool %} tls_insecure=1 {% else %} tls_insecure=0 {% endif %} ok=0 i=1 while [ "$i" -le "$retries" ]; do kflag="" if [ "$tls_insecure" = "1" ] && echo "$url" | grep -q '^https://'; then kflag="-k" fi if [ -n "$host" ]; then code=$(curl $kflag -s -o /dev/null -w "%{http_code}" -H "Host: ${host}" --connect-timeout "$connect" --max-time "$maxt" "$url" 2>/dev/null || echo "000") else code=$(curl $kflag -s -o /dev/null -w "%{http_code}" --connect-timeout "$connect" --max-time "$maxt" "$url" 2>/dev/null || echo "000") fi echo "[OC-ASSERT] assertion=${assertion} phase=http probe=status_code try=${i}/${retries} url=${url} host=${host:-} http_code=${code}" if [ "$code" = "$expect_code" ]; then ok=1; break; fi sleep "$sleep_s" i=$((i+1)) done test "$ok" = "1" if [ -n "$hdr_name" ]; then if [ -n "$host" ]; then resp_hdr=$(curl $kflag -sS -D - -o /dev/null -H "Host: ${host}" --connect-timeout "$connect" --max-time "$maxt" "$url" 2>/dev/null | awk -v h="$hdr_name" -F': ' 'BEGIN{hl=tolower(h)} tolower($1)==hl {print $2; exit}' | tr -d '\r') else resp_hdr=$(curl $kflag -sS -D - -o /dev/null --connect-timeout "$connect" --max-time "$maxt" "$url" 2>/dev/null | awk -v h="$hdr_name" -F': ' 'BEGIN{hl=tolower(h)} tolower($1)==hl {print $2; exit}' | tr -d '\r') fi echo "[OC-ASSERT] assertion=${assertion} phase=http probe=response_header name=${hdr_name} value=${resp_hdr:-} expected=${hdr_val}" test "$resp_hdr" = "$hdr_val" fi args: executable: /bin/bash changed_when: false