Variable naming
Can only contain numbers, underscores, letters,
can only start with underscores or letters
Variable level
Global: the configuration file from the command line or set in
play: set in the play and related structures in
the host: a list of facts or registered task
variable priority: a narrow range and wide range of
variable settings and used
in Define variables directly in the
playbook Write playbook
vim user.yml
Define variables in the file
Define variables
vim userlist
vim user.yml
Set host variables and inventory variables
Use
vim inventory
vim user.yml when defining host variables and inventory variables
## Directory setting variables
mkdir group_vars
mkdir host_vars
vim group_vars/list2
vim user.yml
vim host_vars/172.25.2.254
vim user.yml
If multiple files exist, one variable will follow the reading order, and the last read variable will overwrite the previous one
## Use commands to overwrite variables
vim user.yml
ansible-playbook user.yml
ansible-playbook user.yml -e “user=linux”
Use an array to set variables
vim user_var.yml
vim user.yml
Register the variable
register to register the module output to the specified character
vim hostname.yml
vim showrc.yml
Run, this is the playbook execution information
Use variables to represent this information (ignore_errors=yes means that the previous play fails and the latter can also run, the default is no)
run
Delete /mnt/file in
nod1 and run ansible nod1.westos.com -m file -a'path=/mnt/file state=absent'
ansible-playbook file.yml,
you can see that although the operation has failed, it still runs
Fact variables
Fact variables are variables automatically detected by ansible in the controlled host.
Fact variables contain host-related information.
When you need to use host-related information, you don’t need to collect and assign values, just call it directly. Because the variable information is system information, it can’t Arbitrary setting is only to collect information, so it becomes a fact variable.
For example, check ip
vim ip.yml
Playbook exercise Collect the ip, hostname, and memory of the nod1.westos.com controlled host, and save it to /mnt/host
vim vhost.yml
Run and view
Template variable
hostvars: internal information of ansible software
group_names: The group of the current managed host
groups: List all groups and hosts in the list
inventory_hostname: contains the name of the currently managed host configured in the inventory
JINJA2 template
Jinja2 is the next widely used template engine in Python.
His design idea is derived from Django's template engine, and has expanded its syntax and a series of powerful functions. The most notable one is the addition of sandbox execution functions and optional Automatic translation function
J2 template writing rules,
such as writing an address resolution
for loop
vim user.yml
vim users.j2
vim user.yml
Run and view
Exercise
Collect the ip and host name of all controlled hosts and save them to /mnt/host
vim host.j2 of the controlled host
vim host.yml
Run and view
If judgment
write an experimental playbook
vim user_messages.yml
vim user_messages.j2
vim user_messages.yml
Run and view
Encryption control in
Ansible Create and establish files ansible-vault create westos
View
Use ansible to view and enter the password
ansible-vault view westos
The file contains the password
vim westos-vault
ansible-vault create --vault-password-file=westos-vault westos
view (use the string written in
westos-vault as the password) ansible-vault view --vault-password-file=westos-vault westos
Encrypt existing file
vim westos.yml
ansible-vault encrypt westos.yml
View
Use ansible to enter the password to view
Edit encrypted files (note the indentation)
ansible-vault edit westos.yml
View with ansible
File password editing
ansible-vault edit --vault-password- file = westos-vault westos
View with ansible
Decrypt files
ansible-vault decrypt westos
The decrypted encrypted file becomes another file, the original file remains unchanged
ansible-vault decrypt westos.yml --output=linux.yml
Change password
ansible-vault rekey westos.yml
File change password
ansible-vault rekey westos.yml --new-vault-password-file=key1 (you need to edit the key1 file to write the password)
Encrypted file operation After the
file is encrypted, only the playbook command cannot be run
ansible-playbook westos,yml --ask-vault-pass