Anisble中的变量及加密
1.变量的基本设定及使用方式
(1)直接定义变量
vim msgtest.yaml
- name: test playbook
hosts: all
tasks:
- name: test play
debug:
msg: "{{msg}}"
ansible-playbook msgtest.yaml -e msg="hello_westos"
(2)全局变量
vim msgtest1.yaml
- name: test playbook
hosts: allvars:
msg:hello
tasks:
- name: test play
debug:
msg: "{{msg}}"
ansible-playbook msgtest1.yaml
(3)在文件中指定变量
vim var.yaml
msg: hello_hello
vim msgtest2.yaml
- name: test playbook
hosts: all
vars_files: var.yaml
tasks:
- name: test play
debug:
msg: "{{msg}}"
ansible-playbook msgtest2.yaml
(4)在清单中指定
vim inventory
[westos]
192.168.168.89
192.168.168.90[westos:vars]
msg=helllo
ansible-playbook msgtest.yaml
(5)用目录设定变量
| group_vars | 清单变量,目录中的文件名称与主机清单名称一致 |
| host_vars | 主机变量,目录中的文件名称与主机名称一致 |
vim inventory
[westos]
192.168.168.89
192.168.168.90[westos1]
192.168.168.89[westos2]
192.168.168.90[westos:vars]
msg=helllo
mkdir group_vars
vim group_vars/westos1.yamlmsg: westos111
vim group_vars/westos2.yamlmsg: westos111
cp msgtest.yaml msg_westos1.yaml
vim msg_westos1.yaml
- name: test playbook
hosts: westos1
vars_files: var.yaml
tasks:
- name: test play
debug:
msg: "{{msg}}"
同理可以编辑westos2:
cp msgtest.yaml msg_westos2.yaml
vim msg_westos2.yaml
- name: test playbook
hosts: westos2
vars_files: var.yaml
tasks:
- name: test play
debug:
msg: "{{msg}}"
·······host_vars ##主机变量,目录中的文件名称与主机名称一致
mkdir host_vars
vim host_vars/192.168.168.89.yaml
msg: 192.168.168.89
vim host_vars/192.168.168.90.yaml
msg: 192.168.168.90
ansible-playbook msgtest.yaml
2.变量数组及注册变量
vim USER.yaml
USER:
westoslinux:
age: 20
sex: boy
westos:
age: 17
sex: girl
vim show_USER.yaml
- name: test vars
hosts: all
vars_files: ./USER.yaml
tasks:
- name: show vars
debug:
msg: "{{USER.westoslinux.age}}"
ansible-playbook show_USER.yaml
vim USER1.yaml
USER:
- name: westoslinux
uid: 666
- name: westos
uid: 888
vim show_USER1.yaml
- name: test vars
hosts: all
vars_files: ./USER1.yaml
tasks:
- name: show vars
debug:
msg: "{{item['name']}}"
loop:
"{{USER}}"
ansible-playbook show_USER1.yaml
vim register.yaml
- name: register
hosts: all
tasks:
- name: check file
shell: id xxx
register: outinfo- name: show messages
debug:
msg: "{{outinfo['stdout']}}"
ansible-playbook register.yaml
3.变量应用实例
建立user1和user2,uid为8888和9999,密码是user1123和user2123
[devops@ansible .ansible]$ vim create_user_list.yaml
users:
- name: user1
uid: 8888
password: user1123
- name: user2
uid: 9999
password: user2123
[devops@ansible .ansible]$ vim create_user.yaml
- name: create user1,user2
hosts: all
vars_files: ./create_user_list.yaml
tasks:
- name: create user1.user2
user:
name: "{{item.name}}"
uid: "{{item.uid}}"
password: "{{item.password|password_hash('sha512')}}"
loop:
"{{users}}"
ansible-playbook create_user.yaml
4.ansible中的事实变量的使用方法
vim ansible_facts.yaml
- name: test playbook
hosts: all
tasks:
- name: test message
debug:
msg: "{{ansible_facts['all_ipv4_addresses']}}"
ansible-playbook ansible_facts.yaml
vim ansible_facts_no.yaml
- name: test playbook
hosts: all
gather_facts: no
tasks:
- name: test message
debug:
msg: hello hello
ansible-playbook ansible_facts_no.yaml
msg: "{{ansible_facts['ens160']['ipv4']}}"
采集IP
msg: "{{ansible_facts['ens160']['ipv4']['address']}}"
msg: "{{ansible_facts['qdn']}}"
msg: "{{ansible_facts['architecture']}}"
5.ansible中的魔法变量
ansible localhost -m debug -a "var=hostvars"
列出指定的具体内容:
ansible localhost -m debug -a "var=hostvars['192.168.155.89']['groups']['all']"
ansible all -m debug -a "var=group_names"
ansible all -m debug -a "var=groups"
ansible all -m debug -a "var=inventory_hostname"
6.jinja2模板的书写及使用规则
vim j2_test.j2
{# test j2 #} 这是注释
hello world
vim j2_test.yaml
- name: test j2
hosts: all
tasks:
- name: create file
template:
src: ./j2_test.j2
dest: /mnt/j2_test
ansible-playbook j2_test.yaml
ansible all -m shell -a 'cat /mnt/j2_test'
vim j2_test_for.j2
{# test j2 for #}
{% for user in users %}
{{user}}
{% endfor %}
vim j2_test_for.yaml
- name: test j2 for
hosts: all
vars:
users:
- westos
- linux
- ansible
tasks:
- name: create file
template:
src: ./j2_test_for.j2
dest: /mnt/j2_test_for
ansible-playbook j2_test_for.yaml
显示行号(从1开始计数)
从0开始计数
vim j2_test_if.j2
{# test j2 if #}
{% for user in users %}
{%if user == "linux" %}
{{loop.index0}}-{{user}}
{%endif%}
{%if user != "linux" %}
{{user}}
{%endif%}
{% endfor %}
vim j2_test_if.yaml
- name: test j2 if
hosts: all
vars:
users:
- westos
- linux
- ansible
tasks:
- name: create file
template:
src: ./j2_test_if.j2
dest: /mnt/j2_test_if
ansible-playbook j2_test_if.yaml
ansible all -m shell -a 'cat /mnt/j2_test_if'
cat j2_test_if_age.j2
{# test j2 if_age #}
{% for user in users %}
name: {{ user.name }}
{%if user.age is defined %}
age: {{user.age}}
{%endif%}
{%if user.age is not defined %}
age: none
{%endif%}
{% endfor %}
vim j2_test_if_age.yaml
- name: test j2 if_age
hosts: all
vars:
users:
- name: westos
age: 19
- name: linux
- name: ansible
age: 88
tasks:
- name: create file
template:
src: ./j2_test_if_age.j2
dest: /mnt/j2_test_if_age
ansible-playbook j2_test_if_age.yaml
ansible all -m shell -a 'cat /mnt/j2_test_if_age'
7.jinja2模板实例
采集主机的ip地址和主机名字
vim hosts.j2
{% for HOST in groups['all'] %}
{{hostvars[HOST]['ansible_facts']['ens160']['ipv4']['address']}} {{hostvars[HOST]['ansible_facts']['fqdn']}}
{%endfor%}
vim hosts.yaml
- name: test hosts
hosts: all
tasks:
- name: hosts
template:
src: ./hosts.j2
dest: /mnt/hosts
ansible-playbook hosts.yaml
ansible all -m shell -a 'cat /mnt/hosts'
8.ansible中对文件加密
加密
ansible-vault encrypt test.yml
查看加密文件
ansible-vault view test.yml
编辑加密文件
ansible-vault edit test.yml
用文件指定加密
vim passwordfile
000000
ansible-vault edit test.yml --vault-password-file passwordfile
重设加密文件
ansible-vault rekey test.yml
解除加密
ansible-vault decrypt test.yml
创建加密文件
ansible-vault create jiamifile
