Management variables and facts:
Exercise: Use basic identity authentication httpd
ple.com #write
playbook
--
- name: Webserver vars
hosts: web
vars:
firewall_pkg: firewalld
firewall_ser: firewalld
web_pkg: httpd
web_ser: httpd
ssl_pkg: mod_ssl
httpdconf_src: files/httpd.conf
httpdconf_dest: /etc/httpd/conf/httpd.conf
secrets_dir: /etc/httpd/secrets
secrets_dest: "{{ secrets_dir }}/htpasswd"
secrets_src: files/htpasswd
web_root: /var/www/html
tasks:
- name: Install packages
yum:
name:
- "{{ firewall_pkg }}"
- "{{ web_pkg }}"
- "{{ ssl_pkg }}"
- name: config service
copy:
src: "{{ httpdconf_src }}"
dest: "{{ httpdconf_dest }}"
owner: root
group: root
mode: 0644
- name: Create secrets directory
file:
path: "{{ secrets_dir }}"
state: directory
owner: apache
group: apache
mode: 0500
- name: Create htpasswd
copy:
src: "{{ secrets_src }}"
dest: "{{ secrets_dest }}"
owner: apache
group: apache
mode: 0400
- name: Create index.html
copy:
content: "{{ ansible_facts['fqdn'] }} ({{ ansible_facts['all_ipv4_addresses'] }})\n"
- name: Config firewall.service
service:
name: "{{ firewall_ser }}"
state: started
enabled: true
- name: Firewall permits https
firewall:
service: https
state: enabled
immediate: true
parmanent: true
- name: config apache.service
service:
name: "{{ web_ser }}"
state: started
enabled: true
- name: test apache
hosts: localhost
become: no
vars:
- web_user: admin
vars_files:
- vars/secret.yml
tasks:
- name: Connect Apache with Auth
uri:
url: https://rhel71.com
validate_certs: no
force_basic_auth: yes
user: "{{ web_user }}"
password: "{{ web_pass }}"
return_content: yes
register: auth_test
- debug:
var: auth_test.content
#Create encrypted file
mkdir vars
ansible-vault create vars/secret.yml
New Vault password: 'caoaoyuan'
Confirm New Vault password: 'caoaoyuan'
Write in the file:
web_pass: redhat #Create
files directory
mkdir files
Generate two files.
htpasswd -cm htpasswd admin 生成htpasswd文件
Change the configuration file to allow access based on authentication.
vim httpd.conf
#Interactively enter the password for grammar detection
# Execute
ansible-playbook --vault-id @prompt playbook.yml
It can be seen that the dubug value is returned.
# Summary
1. variable allows playbook multiplex
2. You can define variables hosts and host groups to list
3. You can use the fact that the external file definitions and variables in the command line can also be
why 4.register keywords used to capture command output
5.ansible Vault
6.ansible from the fact that the managed host variable automatically detected