Table of contents
Define variables and reference
Fact variables and magic variables
Ansible variables
Ansible supports the use of variables to store values, and these values can be reused in all files in the Ansible project
Variables may contain the following values
user to create
packages to install
service to restart
file to delete
Archives to retrieve from the Internet
Variable Naming Rules
The name of the variable must start with a letter and can only contain letters, numbers and underscores (no spaces)
variable definition scope
Variables can be defined in multiple locations in the ansible project, and variables can be roughly simplified into three ranges depending on the location
Global scope (high priority): variables on the command line or Ansible configuration variables
Play scope (medium priority): Variables set in Playbook and related structures
Host scope (low priority): variables set by inventory, facts, or registers, variables set on hosts and individual hosts
If there are variables with the same name defined at multiple levels, the variable with the higher priority shall prevail
variable type
string type
service_port: 80 或 service_port=80
array type
user:
name:
admin1
admin2
uid:
1230
1000
Two ways to extract array type variables
The variables extracted by user.name are admin1 and amdin2
The variables extracted by user['name'] are admin1 and admin2
Define variables and reference
Global scope: define and reference variables when the playbook is executed (string variables are defined here)
Reference variables via { { }} (put variable names in curly braces { { }}), define variables via -e
vim httpd.yml --- - hosts: web tasks: - name: install { { package_name }} packages yum: name: "{ { package_name }}" state: present - name: modify firewalld rules firewalld: port: "{ { service_port }}/tcp" immediate: yes permanent: yes state: enabled ansible-playbook -e package_name=httpd -e service_port=80 httpd.yml
Play scope: define and reference variables in the playbook (string variables are defined here)
Variables are defined by vars, and variables are referenced by { { }} (put the variable name in curly braces { { }})
编写剧本并定义、引用变量 vim httpd.yml --- - hosts: web vars: package_name: httpd service_port: 80 tasks: - name: install { { package_name }} packages yum: name: "{ { package_name }}" state: present - name: modify firewalld rules firewalld: port: "{ { service_port }}/tcp" immediate: yes permanent: yes state: enabled 执行剧本 ansible-playbook httpd.yml
Play scope: Specify an external file in the playbook as a variable file and reference it ( refer to the variable through "{ { variable name }}") -- (here define the array variable)
Use var_files in the playbook to refer to external files as variable files, and refer to variables through { { }} (put the variable name in curly braces { { }})
在外部文件中定义变量 vim ~/ansible/users.yml users: admin1: name: admin1 uid: 1200 创建剧本,并引用外部变量文件 vim user_list.yml --- - name: create users hosts: web vars_files: - users.yml tasks: - name: create user admin1 user: name: "{ { users.admin1.name }}" uid: "{ { users['admin1']['uid'] }}" state: present 执行剧本 ansible-playbook user_list.yml
Host scope: define variables in the inventory file of the asset list, and then reference them in the playbook
Define variables for specific hosts, host groups
在资产清单文件中定义变量 vim ~/ansible/inventory [web] node1 [ftp] node2 [web:vars] #为web主机组定义变量 package_name=httpd service_port:=80 创建剧本文件并引用变量 vim httpd.yml --- - hosts: web tasks: - name: install { { package_name }} packages yum: name: "{ { package_name }}" state: present - name: modify firewalld rules firewalld: port: "{ { service_port }}/tcp" immediate: yes permanent: yes state: enabled 执行剧本,使用指定的资产清单(定义了变量的资产清单) ansible-playbook -i ~/ansible/inventory httpd.yml
Host scope: Capture command output using registered variables
Use the register statement to capture the output of the command (for debugging or other purposes)
Use the debug module to store the value of the registered variable (the value obtained by register) to the terminal and display it
That is: view the execution result of the module corresponding to the register (displayed in json format)
vim httpd.yml --- - hosts: web tasks: - name: install httpd packages yum: name: httpd state: present register: yesok - name: debug debug: var: yesok 或者 msg: "{ { yesok }}"
Fact variables and magic variables
fact variable
The Ansible management fact is a variable detected on the managed host, which is a variable of the host range type; it contains information such as the host name, kernel version, IP address, etc.; we can easily detect the status of the managed host with the help of fact variables;
By default, before executing the first Playbok, the status of the managed host will be collected with the help of the setup module and stored in the ansible_facts default variable in the format of json
View the fact variables of a host
View the fact variables of this host/host group through ansible hostname -m setup
You can also view the value of the ansible_facts variable through the debug module
Extract the value of a fact variable by variable name
The extraction method is the same as the extraction of array type variables, both of which are two ways (you can write how to extract variables according to the output of ansible host name -m setup)
主机名: ansible_facts['hostname'] 或 ansible_facts.hostname 完全有效域名: ansible_facts['fqdn'] 或 ansible_facts.fqdn 主要IPv4地址: ansible_facts['default_ipv4']['address'] 或 ansible_facts. default_ipv4.address /dev/vda的大小: ansible_facts['devices'] ['vda']['size'] 或ansible_facts.devices.vda.size
If you don't want to collect fact variables, you can do the following settings (which can speed up the running of the script)
When configuring the playbook, add the gather_facts object (same level as hosts)
gather_facts: no yes表示会收集,no表示不会收集
magic variable
Magic variables are not fact variables, nor are they configured through the setup module; they are automatically set by Ansible and can be used to obtain information about a specific managed host (Ansible built-in variables)
Commonly used magic variables include:
hostvars:包含受管主机的变量,用于获取另一台受管主机的变量的值 group_names:列出当前受管主机所属的所有组 groups:列出清单中的所有组和主机 inventory-hostname:包含清单中的当前受管主机的主机名称
The magic variables on the host can be obtained through the debug module
ansible hostname -m debug -a "var=hostvars.localhost"
Ansible encryption
Ansible vault is a function of ansible, which can keep sensitive data (password or key) in an encrypted file, and then specify the path of the encrypted file in the vault_password_file field in the ansible.cfg configuration file, then you can pass ansible-vault Commands to create, edit, encrypt, decrypt and view yml files
ansible-vault parameters
ansible-valut --ask-vault-pass 要求需要输入密码(在执行加密的Yml文件、检验加密的Yml文件的语法时需要使用此参数)
ansible-vault --vault-password-file 指定加解密所使用的加密文件(默认使用ansible.cfg中vault_password_file字段对应的文件作为加密文件)
ansible-vault creat 创建一个加密的yml文件(一般不推荐直接使用ansile-vault创建空的加密yml文件,一般是通过vim创建yml文件,然后再通过ansible.vault加密)
ansible-vault encrypt 对现有的yml文件进行加密
ansible-vault view 查看加密yml文件
ansible-vault edit 编辑加密的yml文件
ansible-vault decrypt 对现有的加密yml文件进行解密
ansible-vault rekey 对现有的yml文件更新密码(注意更新密钥时需要把ansible.cfg配置文件中的vault_password_file 字段给去掉或注释掉)
ansible-vault example
Configure encrypted files and specify in ansible.cfg
vim /home/greg/ansible/vault.yml admin@123 vim ansible.cfg vault_password_file = /home/greg/ansible/vault.yml
Encrypt existing yml files
ansible-vault encrypt httpd.yml
View the encrypted yml file
ansible-vault view httpd.yml