采集本机信息
ansible有内置模块 (setup模块)专门可以查看主机信息;我们也可以利用这一模块来找寻我们需要的变量,也可以使用ansible-doc模块
[devops@server1 ansible]$ ansible web -m setup |less ##分页的方式查看 web对象主机的信息
[devops@server1 ansible]$ cat info.j2
主机名:"{{ ansible_facts['hostname'] }}"
主机ip:"{{ ansible_facts['default_ipv4']['address'] }}"
主机dns: "{{ ansible_facts['dns']['nameservers'][-1] }}'
主机网关:"{{ ansible_facts['default_ipv4']['gateway'] }}"
系统版本:"{{ ansible_facts['distribution'] }}" "{{ ansible_facts['distribution_version'] }}"
系统磁盘空间:"{{ ansible_facts['devices']['dm-0']['size'] }}'
系统内核:"{{ ansible_facts['kernel'] }}"
系统空闲内存:"{{ ansible_facts['memfree_mb'] }}"
[devops@server1 ansible]$ cat info.yml
---
- hosts: all
tasks:
- name: crate /mnt/info
template:
src: info.j2
dest: /mnt/info
[devops@server1 ansible]$ansible-playbook info.yml
[devops@server1 ansible]$ cat /mnt/info
主机名:"server1"
主机ip:"172.25.34.1"
主机dns: "114.114.114.114'
主机网关:"172.25.34.250"
系统版本:"RedHat" "7.5"
系统磁盘空间:"17.00 GB'
系统内核:"3.10.0-862.el7.x86_64"
系统空闲内存:"114"
批量创建用户
创建用户的yml文件
[devops@server1 ansible]$ cat usrs.yml
---
- hosts: server
vars_files:
- userlist.yml
tasks:
- name: create users
user:
name: "{{ item.user }}"
state: present
password: "{{ item.pass | password_hash('sha512') }}"
loop: "{{ userlist }}"
[devops@server1 ansible]$ cat userlist.yml
---
userlist:
- user: user1
pass: westos
- user: user2
pass: redhat
创建用户的文件中,可以查看到用户的密码。这样是不安全的,我们可以通过ansible-vault命令以及特定的参数,给文件进行加密
[devops@server1 ansible]$ ansible-vault --help
usage: ansible-vault [-h] [--version] [-v]
{create,decrypt,edit,view,encrypt,encrypt_string,rekey}
...
encryption/decryption utility for Ansible data files
positional arguments:
{create,decrypt,edit,view,encrypt,encrypt_string,rekey}
create Create new vault encrypted file
decrypt Decrypt vault encrypted file
edit Edit vault encrypted file
view View vault encrypted file
encrypt Encrypt YAML file
encrypt_string Encrypt a string
rekey Re-key a vault encrypted file
加密文件
[devops@server1 ansible]$ ansible-vault encrypt userlist.yml
New Vault password:
Confirm New Vault password:
Encryption successful
[devops@server1 ansible]$ cat userlist.yml
$ANSIBLE_VAULT;1.1;AES256
36646537653764363264633864356232366233366137633061366234323030663236646435373965
3338653931383137333736336261323762343438363765350a636439336231613366313336366537
37633035336330353763623638376530626665316436663435616166366162313835366339303762
3366313238346366370a356331613030626535343263646539333066613234396631326332343566
31613432363562613633333762626637313735633238333133386238643831366331666238386234
64316137626530363566653432393963313265653961346337343839636566363166316538623665
35366339303439396336316136366333653362666538636131343433366531346461663437396230
30386566383966313533643465393738666434383962393230376630666666656437323063343634
3835
如何能够查看到文件内容
[devops@server1 ansible]$ ansible-vault view userlist.yml
Vault password:
---
userlist:
- user: user1
pass: westos
- user: user2
pass: redhat
如何解密文件
[devops@server1 ansible]$ ansible-vault decrypt userlist.yml
Vault password:
Decryption successful
[devops@server1 ansible]$ cat userlist.yml
---
userlist:
- user: user1
pass: westos
- user: user2
pass: redhat
做批量解析
[devops@server1 ansible]$ cat etc.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
{% for host in groups['agent'] %}
{{ hostvars[host]['ansible_facts']['eth0']['ipv4']['address'] }} {{ hostvars[host]['ansible_facts']['hostname']}} {% endfor %}
[devops@server1 ansible]$ansible-playbook etc.yml
[devops@server1 ansible]$ cat etc.yml
---
- hosts: agent
tasks:
- name: update /etc/hosts
template:
src: etc.j2
dest: /etc/hosts
[devops@server1 ansible]$ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.34.2 server2
172.25.34.3 server3
172.25.34.1 server1