ansible中的变量及加密
变量
1.变量命名
只能包含数字,下划线,字母
只能用下划线或字母开头
2.变量级别
| 全局 | 从命令行后配置文件中设定的 |
|---|---|
| paly: | 在play和相关结构中设定的 |
| 主机: | 由清单,事实收集或注册的任务 |
变量优先级设定:
狭窄范围有限与广域范围
3.变量设定和使用方式
3.1.在playbook中直接定义变量
---
- name: test var
hosts: all
vars:
USER: westosuser
3.2.在文件中定义变量
vim user_list.yml
---
user: westosuser
vim westos.yml
---
- name: Create User
hosts: all
vars_files:
- ./user_list.yml
3.3.使用变量
tasks:
- name: create user
user:
name: "{
{ USER }}"
playbook 1 (在playbook中直接使用变量并使用)
[westos@ansible ~]$ cat create_user.yml
---
- name: create user
hosts: 172.25.11.1
vars:
user: westosuser
tasks:
- name: create user
user:
name: "{
{ user}}"
在受控主机中查看
playbook 2(在文件中定义变量并使用)
[westos@ansible ~]$ cat create_user.yml
---
- name: create user
hosts: 172.25.11.1
vars_files:
- user_list.yml
tasks:
- name: create user
user:
name: "{
{user}}"
[westos@ansible ~]$ cat user_list.yml ##建立用户的名单;相比较于直接写,文件中可以被多次利用
---
user: westosuser3
在受控主机1中查看结果
3.4.设定主机变量和清单变量
在定义主机变量和清单变量时使用
vim inventory
[westos_list1]
172.25.11.1
[westos_list2]
172.25.11.2
[westos_list3]
172.25.11.3
[westos_list1:vars] ##在清单中设置变量
user=inventory
vim create_user.yml
---
- name: create user
hosts: 172.25.11.1
tasks:
- name: create user
user:
name: "{
{user}}"
受控主机中
[root@nod1 ~]# grep bash$ /etc/passwd
root:x:0:0:root:/root:/bin/bash
westos:x:1000:1000::/home/westos:/bin/bash
westosuser1:x:1001:444::/mnt/westosuser1:/bin/bash
westosuser2:x:1002:6666::/mnt/westosuser2:/bin/bash
westosuser:x:1003:100::/home/westosuser:/bin/bash
westosuser3:x:1004:1004::/home/westosuser3:/bin/bash
inventory:x:1005:1005::/home/inventory:/bin/bash
3.5.目录设定变量
group_vars清单变量,目录中的文件名称与主机清单名称一致
host_vars ##主机变量,目录中的文件名称与主机名称一致
host_vars的内容会覆盖group_vars的内容
[westos@ansible ~]$ mkdir group_vars
[westos@ansible ~]$ cat inventory
[westos_list1]
172.25.11.1
[westos_list2]
172.25.11.2
[westos_list3]
172.25.11.3
[westos@ansible ~]$ cat group_vars/westos_list1
---
user: westos3
[westos@ansible ~]$ cat create_user.yml
---
- name: create user
hosts: 172.25.11.1
tasks:
- name: create user
user:
name: "{
{user}}"
state: present
[westos@ansible ~]$ mkdir host_vars
[westos@ansible ~]$ vim hosts_vars/172.25.11.1
[westos@ansible ~]$ cat host_vars/172.25.11.1
---
user: westos2
[westos@ansible ~]$ cat create_user.yml
---
- name: create user
hosts: 172.25.11.1
tasks:
- name: create user
user:
name: "{
{user}}"
state: present
[westos@ansible ~]$ ansible-playbook create_user.yml
[root@nod1 ~]# grep bash$ /etc/passwd
root:x:0:0:root:/root:/bin/bash
westos:x:1000:1000::/home/westos:/bin/bash
westosuser:x:1003:100::/home/westosuser:/bin/bash
inventory:x:1005:1005::/home/inventory:/bin/bash
westos2:x:1006:1006::/home/westos2:/bin/bash ##westos2在主机1中被建立出来
[root@nod1 ~]#
3.6.用命令覆盖变量
ansible-playbook user.yml -e "USER=hello"
3.7.使用数组设定变量
vim user_var.yml
---
USER:
lee:
age: 18
obj: linux
westos:
age: 20
obj: java
#vim user.yml
- name: Create User
hosts: all
gather_facts: no
vars_files:
./user_var.yml
tasks:
- name: create user
shell:
echo "{
{USER['lee']['age']}}"
echo "{
{USER.westos.obj}}"
create web vhost
www.westos.com 80 ------ > /var/www/html
linux.westos.com 80 ------> /var/www/virtual/westos.com/linux
####建立两个虚拟主机及设置默认发布测试页########
[westos@ansible ~]$ cat vhost.yml
---
- name: vhost
hosts: 172.25.11.1
vars:
- web1:
name: www.westos.com
port: 80
documentroot: /var/www/html
index: www.westos.com page
- web2:
name: linux.westos.com
port: 80
documentroot: /var/www/virtual/westos.com/linux/html
index: linux.westos.com page
tasks:
- name: install web server
dnf:
name: httpd
state: latest
- name: configure web server
copy:
dest: /etc/httpd/conf.d/vhost.conf
content:
"<VirtualHost _default_:80>\n DocumentRoot /var/www/html\n CustomLog logs/default.log combined\n</VirtualHost>\n<VirtualHost *:{
{web1.port}}>\n ServerName {
{web1.name}}\n DocumentRoot {
{web1.documentroot}}\n CustomLog logs/{
{web1.name}}.log combined\n</VirtualHost>\n\n<VirtualHost *:{
{web2.port}}>\n ServerName {
{web2.name}}\n DocumentRoot {
{web2.documentroot}}\n CustomLog logs/{
{web2.name}}.log combined\n</VirtualHost>"
- name: create documentroot dir
file:
path: "{
{item}}"
state: directory
loop:
- "{
{web1.documentroot}}"
- "{
{web2.documentroot}}"
- name: create index
copy:
content: "{
{item.index_content}}"
dest: "{
{item.index_file}}"
loop:
- index_file: "{
{web1.documentroot}}/index.html"
index_content: "{
{web1.index}}"
- index_file: "{
{web2.documentroot}}/index.html"
index_content: "{
{web2.index}}"
- name: restart apache
service:
name: httpd
state: restarted
enabled: yes
- name: firewalld configure
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
[westos@ansible ~]$ ansible-playbook vhost.yml ###运行成功####
PLAY [vhost] ***********************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************
ok: [172.25.11.1]
TASK [install web server] **********************************************************************************************************
ok: [172.25.11.1]
TASK [configure web server] ********************************************************************************************************
ok: [172.25.11.1]
TASK [create documentroot dir] *****************************************************************************************************
ok: [172.25.11.1] => (item=/var/www/html)
ok: [172.25.11.1] => (item=/var/www/virtual/westos.com/linux/html)
TASK [create index] ****************************************************************************************************************
ok: [172.25.11.1] => (item={
'index_file': '/var/www/html/index.html', 'index_content': 'www.westos.com page'})
ok: [172.25.11.1] => (item={
'index_file': '/var/www/virtual/westos.com/linux/html/index.html', 'index_content': 'linux.westos.com page'})
TASK [restart apache] **************************************************************************************************************
changed: [172.25.11.1]
TASK [firewalld configure] *********************************************************************************************************
ok: [172.25.11.1]
PLAY RECAP *************************************************************************************************************************
172.25.11.1 : ok=7 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
在主机中做好解析,访问
[root@lyx_good Desktop]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.23 www.lyx.com news.lyx.com bbs.lyx.com login.lyx.com
172.25.254.205 net.a.westos.com
172.25.11.1 www.westos.com linux.westos.com #####
3.8.注册变量
register 把模块输出注册到指定字符串中
---
- name: test register
hosts: 172.25.0.254
tasks:
- name: hostname command
shell:
hostname
register: info
- name: show messages
shell:
echo "{
{info['stdout']}}"
屏蔽错误输出
[westos@ansible ~]$ cat var.yml
---
- name: test register
hosts: 172.25.11.1
tasks:
- name: test
shell:
test -e /mnt/file
ignore_errors: yes ##忽略错误输出继续执行
register: westos
- name: show westos
debug:
msg: "{
{westos.rc}}" ## 输出rc,成功rc=0.失败rc=0
[westos@ansible ~]$ ansible-playbook var.yml
PLAY [test register] ***************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************
ok: [172.25.11.1]
TASK [test] ************************************************************************************************************************
fatal: [172.25.11.1]: FAILED! => {
"changed": true, "cmd": "test -e /mnt/file", "delta": "0:00:00.005763", "end": "2020-09-13 06:44:56.752272", "msg": "non-zero return code", "rc": 1, "start": "2020-09-13 06:44:56.746509", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
...ignoring
TASK [show westos] *****************************************************************************************************************
ok: [172.25.11.1] => {
"msg": "1" ##输出的错误结果
}
PLAY RECAP *************************************************************************************************************************
172.25.11.1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=1
3.9.事实变量
事实变量是ansible在受控主机中自动检测出的变量
事实变量中还有与主机相关的信息
当需要使用主机相关信息时不需要采集赋值,直接调用即可
因为变量信息为系统信息所以不能随意设定仅为采集信息,故被成为事实变量
---
- name: test register
hosts: 172.25.0.254
tasks:
- name: show messages
debug:
msg: "{
{ansible_facts['architecture']}}"
eg:抓取受控主机的ip,主机名,等等
[westos@ansible ~]$ cat hosts_messages.yml
---
- name: test register
hosts: 172.25.11.1
tasks:
- name: test
copy:
dest: /mnt/hosts_messages
content:
"{
{ansible_facts.enp1s0.ipv4.address}}\n
{
{ansible_facts.fqdn}}\n
{
{ansible_facts.memtotal_mb}}"
ansible-playbook hosts_messages
[root@nod1 www]# cat /mnt/hosts_messages ###在受控主机中可以看到抓取的ip及主机名及内存
172.25.11.1
nod1.westos.com
726[root@nod1 www]#
3.10.魔法便变量
| hostvars | ansible软件的内部信息 |
|---|---|
| group_names: | 当前受管主机所在组 |
| groups: | 列出清单中所有的组和主机 |
| inventory_hostname: | 包含清单中配置的当前授管主机的名称 |
ansible 192.168.3.1 -m debug -a 'var=groups' 列出清单中所有的组和主机
ansible 192.168.3.1 -m debug -a 'var=hostvars' ansible软件的内部信息
ansible 192.168.3.1 -m debug -a 'var=inventory_hostname' 包含清单中配置的当前授管主机的名称
JINJA2模板
介绍
Jinja2是Python下一个被广泛应用的模版引擎
他的设计思想来源于Django的模板引擎,
并扩展了其语法和一系列强大的功能。
其中最显著的一个是增加了沙箱执行功能和可选的自动转义功能
j2模板书写规则
{# /etc/hosts line #}
127.0.0.1 localhost
{
{ ansible_facts['all_ipv4_addresses'] }} {
{ansible_facts['fqdn']}}
for循环
vim users.yml
users:
- westos
- linux
- ansible
vim test.j2
{% for NAME in users %}
{
{ NAME }}
{%endfor%}
if 判定
{% for NAME in users if not NAME == “ansible” %}
User number {
{loop.index}} - {
{ NAME }}
{%endfor%}
loop.index ##循环迭代记数从1开始
loop.index0 ##循环迭代计数从0开始
{% for user in students %}
name: {
{user[‘name’]}}
{%if user[‘age’] is defined%}
age: {
{user[‘age’]}}
{%endif%}
{% if user[‘age’] is not defined %}
age: null
{% endif%}
obj: {
{user[‘obj’]}}
{%endfor%}
j2模板在playbook中的应用
playbook1
---
- name: test register
hosts: xxxx
tasks:
- name: create hosts
template:
src: ./xxxx.j2
dest: /mnt/hosts
#playbook2
---
- name: test.j2
hosts: 172.25.0.254
vars:
students:
- name: student1
obj: linux
- name: student2
age: 18
obj: linux
tasks:
- template:
src: ./test.j2
dest: /mnt/list
在playbook中建立westos用户时没有age,所以在建立的时候,在j2模板中要判定age
USERNAME in userlist :userlist是在playbook中相对应的变量
[westos@ansible ~]$ cat userlist.j2
{% for USERNAME in userlist if USERNAME['name'] != "lee" %}
######{
{USERNAME['name']}} messages##
name: {
{USERNAME['name']}}
class: {
{USERNAME['class']}}
{% if UESRNAME['age'] is defined %} ##如果age有,则建立,没有,就跳过
age: {
{USERNAME[age]}}
{% endif%}
{% endfor %}
[westos@ansible ~]$ cat userlist.yml
---
- name: test
hosts: 172.25.11.1
vars:
userlist:
- name: lee
class: linux
age: 18
- name: westos
class: java
tasks:
- name: template
template:
src: ./userlist.j2
dest: /mnt/userlist
[lee@lee ~]$ cat vhost.j2
{% for webserver in vhost %}
{% if webserver.name is not defined %}
<VirtualHost _default_:80>
{% endif %}
{% if webserver.name is defined %}
<VirtualHost *:80>
{% endif %}
{% if webserver.name is defined %}
ServerName {
{ webserver.name }}
{% endif %}
DocumentRoot {
{webserver.root}}
{% if webserver.name is not defined %}
CustomLog logs/default.log combined
{% endif %}
{% if webserver.name is not defined %}
CustomLog logs/{
{ webserver.name }}.log combined
{% endif %}
</VirtualHost>
{% endfor %}
[lee@lee ~]$ cat apache.yml
---
- name: install apache server
hosts: 192.168.3.12
vars:
vhost:
- root: /var/www/html
- root: /var/www/virtual/westos.com/www/html
name: www.westos.com
- root: /var/www/virtual/westos.com/linux/html
name: linux.westos.com
tasks:
- name: configure apache
template:
src: /mnt/vhost.j2
dest: /mnt/vhost
Ansible的加密控制
创建建立文件
1.
ansible-vault create westos
2.
vim westos-vault 有密码的建立
lee
ansible-vault create --vault-password-file=westos-valut test
加密现有文件
ansible-vault encrypt test
查看加密文件
ansible-vault view test
ansible-vault view --vault-password-file=westos-valut test
编辑加密文件
ansible-vault edit westos1
ansible-vault edit --vault-password-file=westos-valut westos
解密文件
ansible-vault decrypt test 文件永久解密
ansible-vault decrypt westos --output=linux文件解密保存为linux,原文件不变
更改密码
ansible-vault rekey test
ansible-vault rekey test --new-vault-password-file=westos-vault
playbook
ansible-playbook httpd.yml --ask-vault-pass
