79 lines
4.0 KiB
YAML
79 lines
4.0 KiB
YAML
# 可复用:HTTP curl 重试 + 可选响应头精确匹配(OC 友好日志:[OC-ASSERT])。
|
||
#
|
||
# 必填之一:verify_http_url(整 URL)或 verify_http_entry_base(与 verify_http_path 拼接,path 默认 /)。
|
||
# 可选:verify_http_host_header(Host:)、verify_http_response_header_name/_value(需同时设才校验)、
|
||
# verify_http_expected_code(默认 200)、verify_http_retries(默认 10)、verify_http_retry_sleep(默认 2)、
|
||
# verify_http_connect_timeout(默认 3)、verify_http_max_time(默认 8)、
|
||
# verify_http_tls_insecure(默认 false;true 时对 curl 加 -k,用于自签/实验室 HTTPS)、
|
||
# verify_http_assertion_label(默认 http_expect,用于稳定命名)。
|
||
|
||
- name: Resolve effective URL for http-curl-expect
|
||
ansible.builtin.set_fact:
|
||
_vhttp_url: >-
|
||
{%- if verify_http_url is defined and verify_http_url | trim | length > 0 -%}
|
||
{{- verify_http_url | trim -}}
|
||
{%- elif verify_http_entry_base is defined and verify_http_entry_base | trim | length > 0 -%}
|
||
{{- (verify_http_entry_base | trim | regex_replace('/+$', '')) ~ '/' ~ (verify_http_path | default('/') | trim | regex_replace('^/+', '')) -}}
|
||
{%- else -%}
|
||
|
||
{%- endif -%}
|
||
|
||
- name: Assert http-curl-expect has a target URL
|
||
ansible.builtin.assert:
|
||
that:
|
||
- _vhttp_url is defined
|
||
- (_vhttp_url | default('') | trim | length) > 0
|
||
fail_msg: "verify_common http-curl-expect:需设置 verify_http_url 或 verify_http_entry_base"
|
||
|
||
# 可选 verify_http_delegate:例如 localhost = 在控制端 curl(适合节点本机 curl 不通入口 IP 时)
|
||
- name: HTTP curl retry with optional response header (verify_common)
|
||
ansible.builtin.shell: |
|
||
set -euo pipefail
|
||
url={{ _vhttp_url | quote }}
|
||
assertion={{ (verify_http_assertion_label | default('http_expect')) | quote }}
|
||
retries={{ verify_http_retries | default(10) | int }}
|
||
sleep_s={{ verify_http_retry_sleep | default(2) | int }}
|
||
connect={{ verify_http_connect_timeout | default(3) | int }}
|
||
maxt={{ verify_http_max_time | default(8) | int }}
|
||
expect_code="{{ verify_http_expected_code | default(200) | string }}"
|
||
host={{ (verify_http_host_header | default('') | trim) | quote }}
|
||
hdr_name={{ (verify_http_response_header_name | default('') | trim) | quote }}
|
||
hdr_val={{ (verify_http_response_header_value | default('') | trim) | quote }}
|
||
{% if verify_http_tls_insecure | default(false) | bool %}
|
||
tls_insecure=1
|
||
{% else %}
|
||
tls_insecure=0
|
||
{% endif %}
|
||
|
||
ok=0
|
||
i=1
|
||
while [ "$i" -le "$retries" ]; do
|
||
kflag=""
|
||
if [ "$tls_insecure" = "1" ] && echo "$url" | grep -q '^https://'; then
|
||
kflag="-k"
|
||
fi
|
||
if [ -n "$host" ]; then
|
||
code=$(curl $kflag -s -o /dev/null -w "%{http_code}" -H "Host: ${host}" --connect-timeout "$connect" --max-time "$maxt" "$url" 2>/dev/null || echo "000")
|
||
else
|
||
code=$(curl $kflag -s -o /dev/null -w "%{http_code}" --connect-timeout "$connect" --max-time "$maxt" "$url" 2>/dev/null || echo "000")
|
||
fi
|
||
echo "[OC-ASSERT] assertion=${assertion} phase=http probe=status_code try=${i}/${retries} url=${url} host=${host:-<none>} http_code=${code}"
|
||
if [ "$code" = "$expect_code" ]; then ok=1; break; fi
|
||
sleep "$sleep_s"
|
||
i=$((i+1))
|
||
done
|
||
test "$ok" = "1"
|
||
|
||
if [ -n "$hdr_name" ]; then
|
||
if [ -n "$host" ]; then
|
||
resp_hdr=$(curl $kflag -sS -D - -o /dev/null -H "Host: ${host}" --connect-timeout "$connect" --max-time "$maxt" "$url" 2>/dev/null | awk -v h="$hdr_name" -F': ' 'BEGIN{hl=tolower(h)} tolower($1)==hl {print $2; exit}' | tr -d '\r')
|
||
else
|
||
resp_hdr=$(curl $kflag -sS -D - -o /dev/null --connect-timeout "$connect" --max-time "$maxt" "$url" 2>/dev/null | awk -v h="$hdr_name" -F': ' 'BEGIN{hl=tolower(h)} tolower($1)==hl {print $2; exit}' | tr -d '\r')
|
||
fi
|
||
echo "[OC-ASSERT] assertion=${assertion} phase=http probe=response_header name=${hdr_name} value=${resp_hdr:-} expected=${hdr_val}"
|
||
test "$resp_hdr" = "$hdr_val"
|
||
fi
|
||
args:
|
||
executable: /bin/bash
|
||
changed_when: false
|