第五章、Ansible变量配置与机密
文章目录
- 1、ansible变量的由来
- 2、vars命令行定义变量
- 3、Vars_files文件定义变量
- 4、register注册变量
- 5、set_fact定义变量(事实变量也就是本机自带的变量)
- 6、 主机清单中的变量
- 7、 内置变量ansible_version(版本)
- 8、内置变量inventory_hostname(定义主机)
- 9、内置变量play_hosts
- 10、内置变量groups
- 11、内置变量group_names
- 12、内置变量inventory_dir
- 13、With_items叠加变量—可以给一个变量赋予多个值
- 13、管理机密
- 红帽CE模拟题(一)
有些事你会觉得很难,但经历过一切皆记忆
1、ansible变量的由来
Ansible支持利用变量来存储值,并在Ansible项目的所有文件中重复使用这些值。这可以简化项目的创建和维护,并减少错误的数量。
通过变量,可以轻松地在Ansible项目中管理给定环境的动态值。例如,变量可能包含下面这些值:
• 要创建的用户
• 要安装的软件包
• 要重新启动的服务
• 要删除的文件
• 要从互联网检索的存档
定义变量规则:由字母/数字/下划线(必须有其中的两组)组成,变量需要以字母开头,ansible内置的关键字不能作为变量名
变量中的优先级:
ansible中,可以将变量简化为三个范围优先级
- Global范围(高):从命令行和ansible配置设置的变量,也就是在命令中自定义变量或者在ansible配置文件设置的变量
例:
//定义的aa变量
vars:
- aa: 11
//使用变量输出
debug:
msg: "{{ aa }}"
- play范围(中):在play和相关结构中设置的变量,在文件中提前定义好方便我们直接使用
[student@server ansible]$ cat bl.yml
- aa: 11
- bb: 22
- cc:
a1: c31
a2: c32
- Host范围(低):inventory(主机清单中)、facts或register(注册表将输出的结果在循环到另一个值)的变量,在主机组和个别主机上设置的变量
//类似于这种
[student@server ansible]$ cat inventory
node1
node2
node3
==三个范围的变量优先级依次降低,如果变量重复定义,则以优先级高的为准 ==
注册和定义变量的各种方式
ansible中定义变量的方式有很多种,大致有:
(1) 将模块的执⾏结果注册为变量;(注册变量)
(2) 直接定义字典类型的变量;
(3) role中⽂件内定义变量;
(4) 命令⾏传递变量;(在执行playbook的时候自定义变量)
(5) 借助with_items(循环中的多个结果)迭代将多个task的结果赋值给⼀个变量;
(6) inventory中的主机或主机组变量;
(7) 内置变量。
2、vars命令行定义变量
[student@server ansible]$ cat test.yml
---
- name: test
hosts: node1
vars:
aa: 11
bb: 22
cc:
c1: 33
c2: 44
tasks:
- name: debug1
debug:
msg: "{{ aa }}"
- name: debug2
debug:
msg: "{{ bb }}"
- name: debug3
debug:
msg: "{{ cc }}"
- name: debug4
debug:
msg: "{{ cc.c1 }}"
- name: debug5
debug:
msg: "{{ cc.c2 }}"
//测试语法是否有错误。
[student@server ansible]$ ansible-playbook --syntax-check test.yml
playbook: test.yml
//结果
[student@server ansible]$ ansible-playbook test.yml
PLAY [test] ***************************************************************************
TASK [Gathering Facts] ****************************************************************
ok: [node1]
TASK [debug1] *************************************************************************
ok: [node1] => {
"msg": 11
}
TASK [debug2] *************************************************************************
ok: [node1] => {
"msg": 22
}
TASK [debug3] *************************************************************************
ok: [node1] => {
"msg": {
"c1": 33,
"c2": 44
}
}
TASK [debug4] *************************************************************************
ok: [node1] => {
"msg": "33"
}
TASK [debug5] *************************************************************************
ok: [node1] => {
"msg": "44"
}
PLAY RECAP ****************************************************************************
node1 : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
3、Vars_files文件定义变量
//自定义文件
[student@server ansible]$ cat var.yml
aa: 11
bb: 22
cc:
c1: 33
c2: 44
[student@server ansible]$ cat test.yml
---
- name: test
hosts: node1
vars_files: //指定变量文件位置
- /home/student/ansible/var.yml
tasks:
- name: debug1
debug:
msg: "{{ aa }}"
- name: debug2
debug:
msg: "{{ bb }}"
- name: debug3
debug:
msg: "{{ cc }}"
- name: debug4
debug:
msg: "{{ cc.c1 }}"
- name: debug5
debug:
msg: "{{ cc.c2 }}"
//6处ok没问题了
[student@server ansible]$ ansible-playbook test.yml
PLAY RECAP ****************************************************************************
node1 : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
4、register注册变量
使⽤register选项,可以将当前task的输出结果赋值给⼀个变量。
[root@server ansible]# cat test.yaml
---
- name: test a playbook
hosts: node1
tasks:
- name: shell
shell: "cat /tmp/zz" //此时查看/tmp/zz内容
register: zz //前面执行成功则返回“zz”作为变量
- name: create debug
debug:
var: zz //将此作为变量输出结果
[root@server ansible]# ansible-playbook test.yaml
PLAY [test a playbook] *********************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [shell] *******************************************************************
changed: [node1]
TASK [create debug] ************************************************************
ok: [node1] => { //显示使用变量/zz这个文件的详细信息
"zz": {
"changed": true,
"cmd": "cat /tmp/zz",
"delta": "0:00:00.005195",
"end": "2020-07-29 10:06:17.704232",
"failed": false,
"rc": 0,
"start": "2020-07-29 10:06:17.699037",
"stderr": "",
"stderr_lines": [],
"stdout": "zz",
"stdout_lines": [
"zz"
]
}
}
PLAY RECAP *********************************************************************
node1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
其中name: create debug
debug:
var: zz 也可以使用msg:"{{ zz.rc }}"来指定想看的某一项
[root@server ansible]# cat test.yaml
---
- name: test a playbook
hosts: node1
tasks:
- name: shell
shell: "cat /tmp/zz"
register: zz
- name: create debug
debug:
msg: "{{ zz.rc }}"
[root@server ansible]# ansible-playbook test.yaml
PLAY [test a playbook] *********************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [shell] *******************************************************************
changed: [node1]
TASK [create debug] ************************************************************
ok: [node1] => {
"msg": "0"
}
PLAY RECAP *********************************************************************
node1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
5、set_fact定义变量(事实变量也就是本机自带的变量)
set_fact和register的功能很相似,也是将值赋值给变量。它更像shell中变量的赋值⽅式,可以将某个变量的值赋值给另⼀个变量,也可以将字符串赋值给变量
通过ansible node1 -m setup 可以查询node1主机所有的事实变量
[student@server ansible]$ ansible node1 -m setup | wc -l
854
[student@server ansible]$ ansible node1 -m setup > a
[student@server ansible]$ vim a
node1 | SUCCESS => { //标识属于第一个大标题
"ansible_facts": {
"ansible_all_ipv4_addresses": [ //属于第一个变量的值
"192.168.47.20" //变量所表示的内容
],
而一般我们所找的合格域名,有以下几个:
- IP地址:
/address进行搜索
//这里是主机通信指向变量,可以以`ipv4.address` 为变量
"hw_timestamp_filters": [],
"ipv4": {
"address": "192.168.47.20",
"broadcast": "192.168.47.255",
"netmask": "255.255.255.0",
"network": "192.168.47.0"
//在往上翻找到属于自己的子变量(也就是自己的网卡)
"ansible_ens32": {
"active": true,
"device": "ens32",
调用时就可写成变量 ansible_ens160.ipv4.address
但是需要注意一个事,当我们拥有多个客户端进行通信时每个客户端网卡不一样,依靠这样找岂不是很费力
可以使用网卡的默认变量:
ansible_default_ipv4.address
不过还是得注意下里面的内容,防止空值
- fqdn(完全合格域名,主机名称和域名):
ansible_fqdn - hostname:ansible_hostname
- bios(版本):ansible_bios_version
- mem(内存大小): ansible_memtotal_mb
- sda(查找磁盘大小): ansible_devices.sda.size
查找事实变量方法:
//模拟域名
[root@server ansible]# cat test.yaml
---
- name: test a playbook
hosts: node1
tasks:
- name: hostname
debug:
msg: "{{ ansible_fqdn }}"
[root@server ansible]# ansible-playbook test.yaml
PLAY [test a playbook] *********************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [hostname] ****************************************************************
ok: [node1] => {
"msg": "node1.example.com"
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
//模拟网卡变量
Vim cy.yml
---
- name: abc
hosts: node1
tasks:
- name: test
debug:
msg: the ipv4 address of {{ansible_nodename}} is {{ansible_ens160.ipv4.address}}
[root@server ansible]# ansible-playbook cy.yml
PLAY [abc] *********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [test] ********************************************************************
ok: [node1] => {
"msg": "the ipv4 address of node1.example.com is 172.16.30.10"
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
通过命令传入变量
[root@server ansible]# cat d.yml
---
- name: test4
hosts: node1
tasks:
- name: create debug
debug:
msg: my name is {{name1}}
- name: create debug2
debug:
msg: my name is {{name2}}
[root@server ansible]# ansible-playbook d.yml -e 'name1=tom name2=marry'
PLAY [test4] *******************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [create debug] ************************************************************
ok: [node1] => {
"msg": "my name is tom"
}
TASK [create debug2] ***********************************************************
ok: [node1] => {
"msg": "my name is marry"
}
PLAY RECAP *********************************************************************
node1 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
6、 主机清单中的变量
[root@server ansible]# Vim /etc/ansible/hosts
node1
node2
[net] //代表可以访问两台node
node1
node2
[net:vars] //定义变量时
vars1= 'hello'
vars2= 'hi'
Vim /etc/ansible/e.yml
---
- name: test5
hosts: node1
tasks:
- name: create debug1
debug:
msg: say "{{ vars1 }}"
- name: create debug2
debug:
msg: say "{{ vars2 }}"
[root@server ansible]# ansible-playbook e.yml
PLAY [test5] *******************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [create debug1] ***********************************************************
ok: [node1] => {
"msg": "say hello"
}
TASK [create debug2] ***********************************************************
ok: [node1] => {
"msg": "say hi"
}
PLAY RECAP *********************************************************************
node1 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
除了可以在主机清单里定义变量外,还可以在/etc/ansible目录下创建group_vars和host_vars目录下定义变量
例子:
//创建两个存在的主机文件,判断其谁更优先
[root@server ansible]# cd /etc/ansible/
[root@server ansible]# Mkdir host_vars
[root@server ansible]# cd host_vars
[root@server ansible]# Vim node1
Vars1: groupvars1
Vars2: groupvars2
[root@server ansible]# Vim node1.yml
Vars1: abc
Vars2: bcd
[root@server ansible]# Cd /etc/ansible/
Vim b.yml
---
- name: test
hosts: node1
tasks:
- name: create debug
debug:
msg: my name is {{vars1}}
- name: create debug2
debug:
msg: my name is {{vars2}}
~
[root@server ansible]# ansible-playbook b.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [create debug] ************************************************************
ok: [node1] => {
"msg": "my name is groupvars1"
}
TASK [create debug2] ***********************************************************
ok: [node1] => {
"msg": "my name is groupvars2"
}
PLAY RECAP *********************************************************************
node1 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
删除/etc/ansible/host_vars/node1 保留/etc/ansible/host_vars/node1.yml,再次执行playbook
[root@server ansible]# ansible-playbook b.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [create debug] ************************************************************
ok: [node1] => {
"msg": "my name is abc"
}
TASK [create debug2] ***********************************************************
ok: [node1] => {
"msg": "my name is bcd"
}
PLAY RECAP *********************************************************************
node1 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
由此验证得知:在/etc/ansible/host_vars目录中,node1文件名以主机命名,还可以命名为node1.yml,如果node1与node1.yml同时存在,则node1的优先级更高
7、 内置变量ansible_version(版本)
Vim a.yml
---
- name: test
hosts: node1
tasks:
- name: create debug
debug:
msg: "{{ansible_version}}"
[root@server ansible]# ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [create debug] ************************************************************
ok: [node1] => {
"msg": {
"full": "2.9.18",
"major": 2,
"minor": 9,
"revision": 18,
"string": "2.9.18"
}
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
8、内置变量inventory_hostname(定义主机)
清单里面写的是什么匹配的就是什么内容。
---
- name: test
hosts: node1
tasks:
- name: create debug
debug:
msg: "{{inventory_hostname}}"
[root@server ansible]# ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [create debug] ************************************************************
ok: [node1] => {
"msg": "node1"
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
9、内置变量play_hosts
变量将会自动匹配主机组的主机值
[student@server ansible]$ vim a
[net]
node1
node2
[root@server ansible]# cat a.yml
```sql
---
- name: test
hosts: net
tasks:
- name: create debug
debug:
msg: "{{play_hosts}}"
[root@server ansible]# ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
ok: [node2]
TASK [create debug] ************************************************************
ok: [node1] => {
"msg": [
"node1",
"node2"
]
}
ok: [node2] => {
"msg": [
"node1",
"node2"
]
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
10、内置变量groups
将主机清单中所有组匹配出来
---
- name: test
hosts: node1
tasks:
- name: create debug
debug:
msg: "{{ groups }}"
[root@server ansible]# ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [create debug] ************************************************************
ok: [node1] => {
"msg": {
"all": [
"node1",
"node2"
],
"net": [
"node1",
"node2"
],
"ungrouped": []
}
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
11、内置变量group_names
匹配出受控主机的主机名
---
- name: test
hosts: node1
tasks:
- name: create debug
debug:
msg: "{{group_names}}"
[root@server ansible]# ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [create debug] ************************************************************
ok: [node1] => {
"msg": [
"net"
]
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
12、内置变量inventory_dir
查找主机清单的路径
---
- name: test
hosts: node1
tasks:
- name: create debug
debug:
msg: "{{ inventory_dir }}"
[root@server ansible]# ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [create debug] ************************************************************
ok: [node1] => {
"msg": "/etc/ansible"
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
13、With_items叠加变量—可以给一个变量赋予多个值
//就是批量对多个值输出内容
//第一个小测试
Vim d.yml
- name: abc
shell:
cmd: echo "{{ item }}"
with_items:
- haha
- heihei
- hehe
register: hi_var
- name: debug1
debug:
msg: "{{ hi_var }}"
[root@server ansible]# ansible-playbook d.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [abc] *********************************************************************
changed: [node1] => (item=haha)
changed: [node1] => (item=heihei)
changed: [node1] => (item=hehe)
TASK [debug1] ******************************************************************
ok: [node1] => {
"msg": {
"changed": true,
"msg": "All items completed",
"results": [ //这里所输出三个数据保存的父值是在这里的
{
"ansible_loop_var": "item",
"changed": true,
"cmd": "echo \"haha\"",
"delta": "0:00:00.003206",
"end": "2021-04-09 00:36:52.433624",
"failed": false,
"invocation": {
"module_args": {
"_raw_params": "echo \"haha\"",
"_uses_shell": true,
"argv": null,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"stdin_add_newline": true,
"strip_empty_ends": true,
"warn": true
}
},
"item": "haha",
"rc": 0,
"start": "2021-04-09 00:36:52.430418",
"stderr": "",
"stderr_lines": [],
"stdout": "haha",
"stdout_lines": [
"haha"
]
},
{
"ansible_loop_var": "item",
"changed": true,
"cmd": "echo \"heihei\"",
"delta": "0:00:00.002276",
"end": "2021-04-09 00:36:52.676159",
"failed": false,
"invocation": {
"module_args": {
"_raw_params": "echo \"heihei\"",
"_uses_shell": true,
"argv": null,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"stdin_add_newline": true,
"strip_empty_ends": true,
"warn": true
}
},
"item": "heihei",
"rc": 0,
"start": "2021-04-09 00:36:52.673883",
"stderr": "",
"stderr_lines": [],
"stdout": "heihei",
"stdout_lines": [
"heihei"
]
},
{
"ansible_loop_var": "item",
"changed": true,
"cmd": "echo \"hehe\"",
"delta": "0:00:00.002589",
"end": "2021-04-09 00:36:52.920442",
"failed": false,
"invocation": {
"module_args": {
"_raw_params": "echo \"hehe\"",
"_uses_shell": true,
"argv": null,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"stdin_add_newline": true,
"strip_empty_ends": true,
"warn": true
}
},
"item": "hehe",
"rc": 0,
"start": "2021-04-09 00:36:52.917853",
"stderr": "",
"stderr_lines": [],
"stdout": "hehe",
"stdout_lines": [
"hehe"
]
}
]
}
}
PLAY RECAP *********************************************************************
node1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
//给数值做指定变量
Vim c.yml
- name: test
hosts: node1
tasks:
- name: abc
shell:
cmd: echo "{{ item }}" //使用循环则用item
with_items:
- haha
- heihei
- hehe
register: hi_var //hi_var做返回值
- name: debug1 //截取变量
debug:
var: hi_var.results[0].stdout //0代表输出第一个值
- name: debug2
debug:
var: hi_var.results[1].stdout
- name: debug3
debug:
var: hi_var.results[2].stdout
[root@server ansible]# ansible-playbook c.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [abc] *********************************************************************
changed: [node1] => (item=haha)
changed: [node1] => (item=heihei)
changed: [node1] => (item=hehe)
TASK [debug1] ******************************************************************
ok: [node1] => {
"hi_var.results[0].stdout": "haha"
}
TASK [debug2] ******************************************************************
ok: [node1] => {
"hi_var.results[1].stdout": "heihei"
}
TASK [debug3] ******************************************************************
ok: [node1] => {
"hi_var.results[2].stdout": "hehe"
}
PLAY RECAP *********************************************************************
node1 : ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
13、管理机密
- Ansible可能需要访问密码或者API密钥等敏感数据,以便配置受控主机。通常,此信息可能以纯文本形式存储在清单变量或其他ansible文件中。但若如此,任何有权访问ansible文件的用户或者存储这些ansible文件的版本控制系统都能够访问此敏感数据。这显然存在安全风险。
- 使用ansible随附的ansible-vault 可以加密和解密任何由ansible使用的结构化数据文件。若要使用ansible-vault,可通过一个名为ansible-vault的命令行工具创建、编辑、加密、解密和查看文件。Ansible-vault可以加密任何由ansible使用的结构化数据文件。这可能包括清单变量、playbook中含有的变量文件、在执行playbook时作为参数传递的变量文件,或者ansible角色中定义的变量。
创建加密的文件,直接创建一个
使用ansible-vault create 命令(自定义创建一个)
ansible-vault create test.yml
默认使用vi编辑,需注意的是里面的格式需要自己手写
[student@server ansible]$ ansible-vault create test.yml
输入密码:redhat
确认密码:redhat
--- //直接进来
- name: test1
hosts: node1
tasks:
- name: create user2
user:
name: user2
state: present
默认使用ansile-playbook test.yml会执行失败
[root@server ansible]# ansible-playbook test.yml
ERROR! Attempting to decrypt but no vault secrets found
需要添加 `view`查看加密的文件
```sql
[root@server ansible]# ansible-vault view test.yml
Vault password: 输入设置的密码redhat
---
- name: test1
hosts: node1
tasks:
- name: create user2
user:
name: user2
state: present
编辑现有的加密文件
[root@server ansible]# ansible-vault edit test.yml
加密现有的文件,也就是自己手动提前添加的在进行加密,这样就不会对格式有限制
[root@server ansible]# Ansible-vault encrypt a.yml
输入密码:redhat
确认密码:redhat
解密现有的文件
现有的加密文件可以通过ansible-vault decrypt filename命令永久解密。在解密单个文件时,可使用--output选项以其他名称保存解密文件。
1、直接解密,
[root@server ansible]# ansible-vault decrypt test.yml
2、解密文件并存放为其他名称,原文件仍然处于加密状态(其中原文件a.yml仍处于加密状态,a-secret.yml处于解密状态)
[root@server ansible]# ansible-vault decrypt a.yml --output=a-secret.yml
重置密码
更改加密文件的密码
ansible-vault rekey filename命令可以修改
[root@server ansible]# ansible-vault rekey a.yml
输入旧密码
输入新密码
确认新密码
前面说到了加密后的文件直接用playbook执行会报错,那么该使用什么命令呢?
使用选项--vault-id @prompt或者--ask-vault-pass都可以
//一种方法
[root@server ansible]# ansible-playbook --vault-id @prompt a.yml
Vault password (default):
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [create user1] ************************************************************
changed: [node1]
PLAY RECAP *********************************************************************
node1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
//二种方法
[root@server ansible]# ansible-playbook --ask-vault-pass a.yml -C
Vault password:
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [create user1] ************************************************************
changed: [node1]
PLAY RECAP *********************************************************************
node1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
最简单
还可以将密码手动添加的配置文件中,运行时直接调用里面的文件,可以自动匹配
[root@server ansible]# vim pass
redhat
//给与权限
chmod 600 pass
//使用`--vault-id`对其加密并将密钥保存到`pass文件中`
[root@server ansible]# ansible-vault encrypt a.yml --vault-id pass
//在此执行则不用输入密码了
[root@server ansible]# ansible-playbook a.yml --vault-id pass
红帽CE模拟题(一)
- 在ansible节点中新建/home/student/ansible/hwreport.empty的文件,文件内容为
hostname: inventory_hostname
mem: memory_in_MB
bios: BIOS_version
sda: disk_sda_size
[student@server ansible]$ cat hweeport.empty
hostname: inventory_hostname
men: memory_in_MB
bios: BIOS_version
sda: disk_sda_size
- 创建一个名为 /home/student/ansible/hwreport.yml的
playbook,它将在所有受管节点上生成含有以下信息的输出文件 /root/hwreport.txt:
输出文件中的每一行含有一个 key=value 对。
您的 playbook 应当:
从 ansible节点中复制hwreport.empty文件到每台受控主机,并将它保存为/root/hwreport.txt
使用正确的值修改 /root/hwreport.txt
然后将/home/student/ansible/hwreport.yml这个playbook进行加密,加密的密码保存在/home/student/ansible/pass文件中,密码为abcdefg
执行该playbook,实现需求
[root@server ~]# for i in node1 node2 node3
> do scp hwreport.txt root@$i:/root/.
> done
hwreport.txt 100% 0 0.0KB/s 00:00
hwreport.txt 100% 0 0.0KB/s 00:00
hwreport.txt 100% 0 0.0KB/s 00:00
//定义的主机清单变量
[student@server ansible]$ cat hweeport.empty
hostname: inventory_hostname
men: memory_in_MB
bios: BIOS_version
sda: disk_sda_size
//编写,使用replace文本正则表达式替换数据
[student@server ansible]$ cat hwreport.yml
---
- name: get file
hosts: all
tasks:
- name: get inventory_hostname
replace:
path: /root/hwreport.txt
regexp: inventory_hostname
replace: "{{ inventory_hostname }}"
- name: get mem
replace:
path: /root/hwreport.txt
regexp: 'memory_in_MB'
replace: "{{ ansible_memtotal_mb }}"
- name: get bios
replace:
path: /root/hwreport.txt
regexp: 'BIOS_version'
replace: "{{ ansible_bios_version }}"
- name: get sda
replace:
path: /root/hwreport.txt
regexp: 'disk_sda_size'
replace: "{{ ansible_devices.sda.size }}"
//创建密钥
[student@server ansible]$ cat pass
abcdefg
//设为只允许该用户读
[student@server ansible]$ chmod 600 pass
//指定加密运行时只指定pass中
[student@server ansible]$ ansible-vault encrypt hwreport.yml --vault-id pass
Encryption successful
//验证所有的主机通过变量是否验证成功
[student@server ansible]$ ansible-playbook hwreport.yml --vault-id pass
PLAY [get file] ****************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
ok: [node3]
ok: [node2]
TASK [get inventory_hostname] **************************************************
ok: [node1]
ok: [node3]
ok: [node2]
TASK [get mem] *****************************************************************
[WARNING]: The value 3704 (type int) in a string field was converted to '3704'
(type string). If this does not look like what you expect, quote the entire
value to ensure it does not change.
ok: [node1]
[WARNING]: The value 1785 (type int) in a string field was converted to '1785'
(type string). If this does not look like what you expect, quote the entire
value to ensure it does not change.
ok: [node3]
[WARNING]: The value 777 (type int) in a string field was converted to '777'
(type string). If this does not look like what you expect, quote the entire
value to ensure it does not change.
ok: [node2]
TASK [get bios] ****************************************************************
ok: [node1]
ok: [node3]
ok: [node2]
TASK [get sda] *****************************************************************
ok: [node1]
ok: [node3]
ok: [node2]
PLAY RECAP *********************************************************************
node1 : ok=5 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node2 : ok=5 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node3 : ok=5 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
552
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
