ansible变量和机密（2）

MD_雨落心尘.wyn

已于 2022-10-31 09:41:57 修改

阅读量271

点赞数

文章标签： ansible

于 2022-10-30 19:25:25 首次发布

本文链接：https://blog.csdn.net/qq_58733916/article/details/127603478

版权

ansible变量和机密（2）

文章目录

ansible变量和机密（2）
- 实例

实例

在ansible节点中新建/home/student/ansible/hwreport.empty的文件，文件内容为

hostname: inventoryhostname
mem: memory_in_MB
bios: BIOS_version
sda: disk_sda_size

创建一个名为 /home/student/ansible/hwreport.yml的 playbook，它将在所有受管节点上生成含有以下信息的输出文件 /root/hwreport.txt：
输出文件中的每一行含有一个 key=value 对。
您的 playbook 应当：
从 ansible节点中复制hwreport.empty文件到每台受控主机，并将它保存为/root/hwreport.txt，使用正确的值修改 /root/hwreport.txt
然后将/home/student/ansible/hwreport.yml这个playbook进行加密，加密的密码保存在/home/student/ansible/pass文件中，密码为abcdefg
执行该playbook，实现需求

//定义的主机清单变量
[student@server ansible]$ vim hweeport.empty 
hostname: inventory_hostname
men: memory_in_MB
bios: BIOS_version
sda: disk_sda_size

//编写，使用replace文本正则表达式替换数据
[student@server ansible]$ vim hwreport.yml 
---
- name: get file
  hosts: all
  tasks: 
      - name: copy hwreport.empty
      copy: 
        src: /home/student/ansible/hwreport.yml
        dest: /root/hwreport.txt
        
    - name: get inventory_hostname
      replace: 
        path: /root/hwreport.txt
        regexp: inventory_hostname
        replace: "{{ inventory_hostname }}"

    - name: get mem
      replace: 
        path: /root/hwreport.txt
        regexp: 'memory_in_MB'
        replace: "{{ ansible_memtotal_mb }}"

    - name: get bios
      replace: 
        path: /root/hwreport.txt
        regexp: 'BIOS_version'
        replace: "{{ ansible_bios_version }}"

    - name: get sda
      replace: 
        path: /root/hwreport.txt
        regexp: 'disk_sda_size'
        replace: "{{ ansible_devices.sda.size }}"


//创建密钥
[student@server ansible]$ vim pass 
abcdefg

//设为只允许该用户读
[student@server ansible]$ chmod 600 pass 

//指定加密运行时只指定pass中
[student@server ansible]$ ansible-vault encrypt hwreport.yml --vault-id pass
Encryption successful

//验证所有的主机通过变量是否验证成功
[student@server ansible]$ ansible-playbook hwreport.yml --vault-id pass

PLAY [get file] ****************************************************************

TASK [Gathering Facts] *********************************************************
ok: [node1]
ok: [node3]
ok: [node2]

TASK [get inventory_hostname] **************************************************
ok: [node1]
ok: [node3]
ok: [node2]

TASK [get mem] *****************************************************************
[WARNING]: The value 3704 (type int) in a string field was converted to '3704'
(type string). If this does not look like what you expect, quote the entire
value to ensure it does not change.
ok: [node1]
[WARNING]: The value 1785 (type int) in a string field was converted to '1785'
(type string). If this does not look like what you expect, quote the entire
value to ensure it does not change.
ok: [node3]
[WARNING]: The value 777 (type int) in a string field was converted to '777'
(type string). If this does not look like what you expect, quote the entire
value to ensure it does not change.
ok: [node2]

TASK [get bios] ****************************************************************
ok: [node1]
ok: [node3]
ok: [node2]

TASK [get sda] *****************************************************************
ok: [node1]
ok: [node3]
ok: [node2]

PLAY RECAP *********************************************************************
node1                      : ok=5    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
node2                      : ok=5    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
node3                      : ok=5    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0