1、Playbook中变量的设定方法及基本使用方式
变量的设定和使用方式
[root@foundation50 .ansible]# vim test.yml
---
- name: test
hosts: 172.25.254.100
vars: vars表示变量
NAME: westoslee
tasks:
- name: create user
user:
name: "{{NAME}}"
state: present
[root@foundation50 .ansible]# ansible-playbook test.yml 运行
[root@node1 ~]# id westoslee 用户建立成功
uid=6667(westoslee) gid=6667(westoslee) groups=6667(westoslee)
另一种变量书写方式:文件中指定变量
[root@foundation50 .ansible]# vim test.yml
---
- name: test
hosts: 172.25.254.100
vars_files: ./user.yml 指定变量文件
tasks:
- name: create user
user:
name: "{{NAME}}"
state: present
[root@foundation50 .ansible]# vim user.yml
---
NAME: westoslinux
[root@foundation50 .ansible]# ansible-playbook test.yml
[root@node1 ~]# id westoslinux
uid=6668(westoslinux) gid=6668(westoslinux) groups=6668(westoslinux) westoslinux建立成功
在清单里面指定变量
[root@foundation50 .ansible]# vim inventory
1 [test]
2 172.25.254.100
3
4 [westos]
5 172.25.254.100
6 172.25.254.200
7
8 [linux]
9 172.25.254.50
10 172.25.254.100
11
12
13 [test:vars]
14 NAME=westoslinux
root@foundation50 .ansible]# vim test.yml
---
- name: test
hosts: test test列表
tasks:
- name: create user
user:
name: "{{NAME}}" 表示变量的直 ,{{ }}表示变量
state: present
[root@foundation50 .ansible]# ansible-playbook test.yml 运行
[root@node1 ~]# id westoslinux
uid=6668(westoslinux) gid=6668(westoslinux) groups=6668(westoslinux) 建立成功
目录设定变量
group_vars: 清单变量,目录中文件名称与主机清单名称一致
hosts_vars: 主机变量,目录中的文件名称与主机名称一致
group_vars
[root@foundation50 .ansible]# cat inventory 清单列表
[test] test列表
172.25.254.100
[westos]
172.25.254.100
172.25.254.200
[linux]
172.25.254.50
172.25.254.100
[root@foundation50 .ansible]# vim test.yml
---
- name: test
hosts: test
tasks:
- name: create user
user:
name: "{{NAME}}"
state: present
[root@foundation50 .ansible]# mkdir group_vars 建立group_vars目录
[root@foundation50 .ansible]# cd group_vars/
[root@foundation50 group_vars]# vim test 目录中文件名称与主机清单列表名称一致,都是test
---
NAME: westoslinux1
[root@foundation50 .ansible]# ansible-playbook test.yml 运行
[root@node1 ~]# id westoslinux1 远程主机上建立成功
uid=6669(westoslinux1) gid=6669(westoslinux1) groups=6669(westoslinux1)
hosts_vars
[root@foundation50 .ansible]# mkdir host_vars 建立目录
[root@foundation50 .ansible]# cd host_vars/
[root@foundation50 host_vars]# vim 172.25.254.100 目录中的文件名称与主机名称一致
---
NAME: westoslinux3
[root@foundation50 .ansible]# ansible-playbook test.yml 运行
[root@node1 ~]# id westoslinux3
uid=6670(westoslinux3) gid=6670(westoslinux3) groups=6670(westoslinux3) 建立成功
[root@foundation50 .ansible]# ansible-playbook test.yml -e "NAME=westos" 用命令更改覆盖变量
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [172.25.254.100]
TASK [create user] *************************************************************
ok: [172.25.254.100] => {
"NAME": "westos"
}
2 、数组变量定义及使用
[root@foundation50 .ansible]# vim user.yml 定义变量文件
1 ---
2 USERLIST:
3 lee:
4 age:18
5 obj: linux
6
7 westos:
8 age: 20
9 obj: java
[root@foundation50 .ansible]# cat test.yml
---
- name: test
hosts: test
vars_files: ./user.yml
tasks:
- name: create user
debug:
var: USERLIST['lee']['age']
[root@foundation50 .ansible]# ansible-playbook test.yml 运行
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [172.25.254.100]
TASK [create user] *************************************************************
ok: [172.25.254.100] => {
"USERLIST['lee']['age']": "18" 18直取出来了
}
PLAY RECAP *********************************************************************
172.25.254.100 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@foundation50 .ansible]# vim test.yml
1 ---
2 - name: test
3 hosts: test
4 vars_files: ./user.yml
5 tasks:
6 - name: create user
7 debug:
8 var: USERLIST['lee']['age']
9
10 - debug:
11 msg: "{{USERLIST['westos']['obj']}}" 取变量直
[root@foundation50 .ansible]# ansible-playbook test.yml 运行
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [172.25.254.100]
TASK [create user] *************************************************************
ok: [172.25.254.100] => {
"USERLIST['lee']['age']": "18"
}
TASK [debug] *******************************************************************
ok: [172.25.254.100] => {
"msg": "java" 直已经取到了
}
PLAY RECAP *********************************************************************
172.25.254.100 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
3、变量注册
[root@foundation50 .ansible]# vim test.yml
1 ---
2 - name: test
3 hosts: 172.25.254.100
4 tasks:
5 - name: shell
6 shell:
7 date
[root@foundation50 .ansible]# ansible-playbook test.yml 运行
PLAY [test] *****************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************
ok: [172.25.254.100]
TASK [shell] ****************************************************************************************************************
changed: [172.25.254.100]
PLAY RECAP ******************************************************************************************************************
172.25.254.100 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@foundation50 .ansible]# ansible-playbook test.yml -v
Using /root/.ansible/ansible.cfg as config file
PLAY [test] *****************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************
ok: [172.25.254.100]
TASK [shell] ****************************************************************************************************************
changed: [172.25.254.100] => {"changed": true, "cmd": "date", "delta": "0:00:00.013348", "end": "2021-11-23 15:21:11.637197", "rc": 0, "start": "2021-11-23 15:21:11.623849", "stderr": "", "stderr_lines": [], "stdout": "Tue Nov 23 15:21:11 CST 2021", "stdout_lines": ["Tue Nov 23 15:21:11 CST 2021"]} 里面有不同的字典
但是执行结果捕捉不到,需要如下操作:
[root@foundation50 .ansible]# vim test.yml
1 ---
2 - name: test
3 hosts: 172.25.254.100
4 tasks:
5 - name: shell
6 shell:
7 date
8 register: WESTOS register表示把执行的所有输出定义组册到WESTOS变量上
9 - debug:
10 var: WESTOS['rc']
[root@foundation50 .ansible]# ansible-playbook test.yml 运行
PLAY [test] *****************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************
ok: [172.25.254.100]
TASK [shell] ****************************************************************************************************************
changed: [172.25.254.100]
TASK [debug] ****************************************************************************************************************
ok: [172.25.254.100] => {
"WESTOS['rc']": "0" 获取rc rc为0执行成功 rc为1执行失败
}
PLAY RECAP ******************************************************************************************************************
172.25.254.100 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0
[root@foundation50 .ansible]# vim test.yml
1 ---
2 - name: test
3 hosts: 172.25.254.100
4 tasks:
5 - name: shell
6 shell:
7 date
8 register: WESTOS
9
10 - debug:
11 var: WESTOS['stdout'] 获取时间
[root@foundation50 .ansible]# ansible-playbook test.yml
PLAY [test] *****************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************
ok: [172.25.254.100]
TASK [shell] ****************************************************************************************************************
changed: [172.25.254.100]
TASK [debug] ****************************************************************************************************************
ok: [172.25.254.100] => {
"WESTOS['stdout']": "Tue Nov 23 16:13:30 CST 2021" 时间获取
}
PLAY RECAP ******************************************************************************************************************
172.25.254.100 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
4、事实变量
[root@foundation50 .ansible]# vim test.yml
1 ---
2 - name: test
3 hosts: 172.25.254.100
4 tasks:
5 - debug:
6 var: ansible_facts['enp1s0']
[root@foundation50 .ansible]# ansible-playbook test.yml 运行,显示enp1s0这一块的内容
[root@foundation50 .ansible]# vim test.yml
1 ---
2 - name: test
3 hosts: 172.25.254.100
4 tasks:
5 - debug:
6 var: ansible_facts['enp1s0']['ipv4']['address'] 显示enp1s0这一块中的某一内容
[root@foundation50 .ansible]# ansible-playbook test.yml
PLAY [test] *****************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************
ok: [172.25.254.100]
TASK [debug] ****************************************************************************************************************
ok: [172.25.254.100] => {
"ansible_facts['enp1s0']['ipv4']['address']": "172.25.254.100"
}
PLAY RECAP ******************************************************************************************************************
172.25.254.100 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@foundation50 .ansible]# vim test.yml
1 ---
2 - name: test
3 hosts: 172.25.254.100
4 tasks:
5 - debug:
6 var: ansible_facts['fqdn'] 显示主机名 ansible_fqdn 只取fadn前面ansible_不要
[root@foundation50 .ansible]# ansible-playbook test.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [172.25.254.100]
TASK [debug] *******************************************************************
ok: [172.25.254.100] => {
"ansible_facts['fqdn']": "node1" 主机名已经显示出来了
}
PLAY RECAP *********************************************************************
172.25.254.100 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@foundation50 .ansible]# vim test.yml
1 ---
2 - name: test
3 hosts: 172.25.254.100
4 tasks:
5 - lineinfile:
6 path: /mnt/hostanme
7 line: "{{ansible_facts['fqdn']}}" 变量没有定义,也可以执行
8 create: yes
[root@foundation50 .ansible]# ansible-playbook test.yml 运行
[root@node1 ~]# cat /mnt/hostanme
node1 执行成功 没有定义变量也可以执行成功,这种就叫事实变量
原理就是ansible-playbook test.yml 在运行时首先会执行Gathering Facts,就是会执行setup模块
如何让他不先执行setup模块了??
[root@foundation50 .ansible]# vim test.yml
1 ---
2 - name: test
3 hosts: 172.25.254.100
4 gather_facts: no 加上gather_facts: no 就表示系统不会首先执行setup,这样事实变量就不能用了,执行事实变量必须 gather_facts: yes
5 tasks:
6 - lineinfile:
7 path: /mnt/hostanme
8 line: "{{ansible_facts['fqdn']}}"
9 create: yes
5、魔法变量
ansible 软件的内部信息
[root@foundation50 .ansible]# ansible localhost -m debug -a "var=hostvars" localhost表示本机 ,var=hostvars 表示这台主机的所有内部变量
[root@foundation50 .ansible]# ansible 172.25.254.100 -m debug -a "var=group_names" 表示当前受管主机所在组的清单
172.25.254.100 | SUCCESS => {
"group_names": [
"linux",
"test",
"westos"
]
}
[root@foundation50 .ansible]# ansible localhost -m debug -a "var=groups" var=groups表示列出所有清单列表
172.25.254.100 | SUCCESS => {
"groups": {
"all": [
"172.25.254.100",
"172.25.254.200",
"172.25.254.50"
],
"linux": [
"172.25.254.50",
"172.25.254.100"
],
"test": [
"172.25.254.100"
],
"ungrouped": [],
"westos": [
"172.25.254.100",
"172.25.254.200"
]
}
}
[root@foundation50 .ansible]# ansible westos -m debug -a "var=inventory_hostname" inventory_hostname表示清单中受控主机名称
172.25.254.100 | SUCCESS => {
"inventory_hostname": "172.25.254.100"
}
172.25.254.200 | SUCCESS => {
"inventory_hostname": "172.25.254.200"
}
6、j2模板的使用
[root@foundation50 .ansible]# vim test.j2 书写j2模板
{# /etc/hosts line #} 注释说明文件用途
127.0.0.1 localhost
{{ ansible_facts['ens3']['ipv4']['address']}} {{ansible_facts['fqdn']}} 文件内容
[root@foundation50 .ansible]# vim westos.yml 书写ansible
---
- name: test j2
hosts: 172.25.254.100
tasks:
- name: test j2
template:
src:./test.j2
dest: /mnt/hosts 表示主机172.25.254.100里生成/mnt/hosts 文件 内容是以test.j2为模板,并且以test.j2文模板里的内容进行数据采集生成的内容
j2 模板的作用是在那台主机生成的ip和域名就是谁的,而不是固定不变的
循环模板语句
[root@foundation50 .ansible]# vim test.j2
1 {%for NAME in users%} users就是westos.yml里的变量
2 {{NAME}}
3 {% endfor %} 结束写endfor
[root@foundation50 .ansible]# vim westos.yml
1 ---
2 - name: test j2
3 hosts: 172.25.254.100
4 vars:
5 users:
6 - westos
7 - linux
8 - lee
9 tasks:
10 - name: test j2
11 template:
12 src: ./test.j2
13 dest: /mnt/hosts
[root@foundation50 .ansible]# ansible-playbook westos.yml 运行
[root@node1 ~]# cat /mnt/hosts
westos
linux
lee
判定语句
[root@foundation50 .ansible]# vim test.j2 模板写法
{%for NAME in users%}
{{loop.index}}-{{NAME}} loop.index循环迭代记数从1开始
{% endfor %}
[root@foundation50 .ansible]# ansible-playbook westos.yml 运行
[root@node1 ~]# cat /mnt/hosts
1-westos
2-linux
3-lee
[root@foundation50 .ansible]# vim test.j2 模板写法
1 {%for NAME in users%}
2 {{loop.index0}}-{{NAME}} loop.index0 循环迭代记数从0开始
3 {% endfor %}
[root@node1 ~]# cat /mnt/hosts
0-westos
1-linux
2-lee
[root@foundation50 .ansible]# vim test.j2
1 {%for NAME in users if NAME == "linux" %} 如果等与linux
2 {{loop.index1}}-{{NAME}}
3 {% endfor %}
[root@node1 ~]# cat /mnt/hosts
1-linux
[root@foundation50 .ansible]# vim test.j2
1 {%for NAME in users if not NAME == "linux" %} 如果不等于linux
2 {{loop.index}}-{{NAME}}
3 {% endfor %}
[root@foundation50 .ansible]# ansible-playbook westos.yml
[root@node1 ~]# cat /mnt/hosts
1-westos
2-lee
[root@foundation50 .ansible]# vim westos.yml
1 ---
2 - name: test j2
3 hosts: 172.25.254.100
4 vars:
5 users:
6 - name: westos name都被定义了
7 age: 18
8 - name: linux age有的没有定义
9 - name: lee
10 age: 20
11 tasks:
12 - name: test j2
13 template:
14 src: ./test.j2
15 dest: /mnt/hosts
1 {%for NAME in users if not NAME == "linux" %}
2 name: {{NAME['name']}} NAME表示user name表示里面的用户名字,比如westos
3 {%if NAME['age'] is defined%} 如果age被定义
4 age: {{NAME['age']}}
5 {% endif %}
6 {%if NAME['age'] is not defined %}
7 age: x
8 {% endif %}
9 {% endfor %}
[root@foundation50 .ansible]# ansible-playbook westos.yml 运行
[root@node1 ~]# cat /mnt/hosts
name: westos
age: 18
name: linux
age: x
name: lee
age: 20
7、yml文件的加密
[root@foundation50 .ansible]# vim westos.yml 没有创建加密
---
-name: test
hosts: westos
tasks:
-debug:
msg:hello westos
[root@foundation50 .ansible]# ansible-vault create westos1.yml 创建加密
New Vault password: 输入密码
Confirm New Vault password: 再次输入密码
[root@foundation50 .ansible]# cat westos1.yml 查看,已经加密
$ANSIBLE_VAULT;1.1;AES256
32363836323139353936643736653935613962363039386336653962316138633964333964396536
6239383565613066623630623532353730363837626130370a323536643961613461343934666365
3264396435363534333566376362
非交互式加密
[root@foundation50 .ansible]# vim password 创建一个密码文件
westos 就是密码
[root@foundation50 .ansible]# ansible-vault create --vault-password-file=password westos2.yml
对现有yml文件加密
[root@foundation50 .ansible]# ansible-vault encrypt westos.yml --vault-password-file=password
Encryption successful 加密成功
[root@foundation50 .ansible]# cat westos.yml
$ANSIBLE_VAULT;1.1;AES256
36653937373637373436386331343164313934353062393032373565393432656632613835373362
30353234313830336130376538633164336165393032373565393432656632613835653934632618
[root@foundation50 .ansible]# ansible-vault view westos.yml 对加密文件进行查看
Vault password: 输入密码
---
-name: test
hosts: westos
tasks:
-debug:
msg:hello westos
[root@foundation50 .ansible]# ansible-vault view westos.yml --vault-password-file=password 非交互式对加密文件进行查看
---
-name: test
hosts: westos
tasks:
-debug:
msg:hello westos
[root@foundation50 .ansible]# ansible-vault edit westos.yml 编辑加密文件
Vault password: 输入密码,即可编辑
[root@foundation50 .ansible]# ansible-playbook westos.yml --ask-vault-pass 加密文件的执行
Vault password:
[root@foundation50 .ansible]# ansible-vault decrypt westos.yml --vault-password-file=password 解密加密文件, decrypt 解密
Decryption successful
[root@foundation50 .ansible]# cat westos.yml
---
- name: test
hosts: westos
tasks:
-debug:
msg:hello westos
[root@foundation50 .ansible]# ansible-vault encrypt westos.yml --vault-password-file=password 加密现有文件
Encryption successful
[root@foundation50 .ansible]# ansible-vault decrypt westos.yml --vault-password-file=password --output=westos4.yml 解密时不想解密当前文件而是解密后生成新的文件
Decryption successful
[root@foundation50 .ansible]# cat westos.yml
$ANSIBLE_VAULT;1.1;AES256
61323466653764363638306563623131383165363032646238343434386563336361653834656236
3438396263396330343835643939373537303033303630380a646161353262383131656135646665
62393663383264306335356164343139313465383932343931643162393536666331383039343562
3865633535316362350a373135383537633263636434336635643138343635646265393538306661
30363839303464303636386330373336346636373135636535366333653235656664363536383539
39663132373163346139613039653762373933313634306563616230653238366336383666663535
66376331313462313337393461316338376262326239633432333835393664303863633466356436
34366438653136353861
[root@foundation50 .ansible]# cat westos4.yml
---
- name: test
hosts: westos
tasks:
-debug:
msg:hello westos
[root@foundation50 .ansible]# ansible-vault rekey westos.yml 更改密码
Vault password: 输入原始密码
New Vault password: 输入新密码
Confirm New Vault password: 输入新密码
Rekey successful
[root@foundation50 .ansible]# ansible-vault decrypt westos.yml 解密删除密码
Vault password:
Decryption successful