Take variable application
[devops@server1 ansible]$ ls
ansible.cfg files hostinfo.yml httpd.yml inventory templates
[devops@server1 ansible]$ vim templates/info
主机名:{{ ansible_facts['hostname'] }}
主机ip:{{ ansible_facts['eth0']['ipv4']['address'] }}
根分区大小:{{ ansible_facts['devices']['dm-0']['size'] }}
系统内核:{{ ansible_facts['kernel'] }}
Write variables need to take in this file.
[devops@server1 ansible]$ vim hostinfo.yml
---
- hosts: all
tasks:
- name: create infofile
template:
src: templates/info ##上面编写的info文件地址
dest: /mnt/hostinfo ##存放地址
[devops@server1 ansible]$ ansible-playbook hostinfo.yml
Push
the test variable display.
Write applications yml file
Software installation
Here we have to write a yml file.
[devops@server1 ansible]$ vim install.yml
---
- hosts: all
tasks:
- name: install httpd
yum:
name: httpd
state: present
when: ansible_facts['hostname'] == 'server2'
The role of the file is to install httpd service, but here added a condition that is called when the host is installed when server2
Server3 found skipped when push. Only server2 to operate, so that you can flexibly define the host need to operate.
Such as:
[devops@server1 ansible]$ vim install.yml
---
- hosts: all
tasks:
- name: install httpd ##设置只在server2安装httpd等多个软件
yum:
name: "{{ item }}" ##固定变量
state: present
when: ansible_facts['hostname'] == 'server2'
loop:
- httpd
- mariadb
- php
- name: install vim ##设置在只server3安装vim
yum:
name: vim
state: present
when: ansible_facts['hostname'] == 'server3'
Install more software on server2, installed only in vim server3.
Production mutual resolve
[devops@server1 ansible]$ vim templates/hosts.j2
{% for host in groups ['webservers'] %}
{{ hostvars[host]['ansible_facts']['eth0']['ipv4']['address'] }} {{ hostvars[host]['ansible_facts']['hostname'] }}
{% endfor %}
Make parse the file.
[devops@server1 ansible]$ vim hosts.yml
---
- hosts: all
tasks:
- name: create hosts
template:
src: templates/hosts.j2
dest: /etc/hosts
owner: root
group: root
mode: 644
Yml write file.
Push.
server3 of mutual resolve and server2 well.
Batch create user
[devops@server1 ansible]$ vim adduser.yml
---
- hosts: all
tasks:
- name: create users
user:
name: "{{ item }}"
state: present
password: redhat ##密码
loop:
- user1
- user2
- user3
In the two hosts have built a user, but the user password is created in this way are the same, we can create a list specifying the user's name and password.
[devops@server1 ansible]$ cd vars/
[devops@server1 vars]$ ls
userlist.yml
[devops@server1 vars]$ vim userlist.yml
---
userlist:
- user: user1
pass: redhat
- user: user2
pass: yangmi
- user: user3
pass: hang
A list of the user's password.
[devops@server1 ansible]$ pwd
/home/devops/ansible
[devops@server1 ansible]$ vim adduser.yml
---
- hosts: all
vars_files:
- vars/userlist.yml
tasks:
- name: create users
user:
name: "{{ item.user }}" ##用户名
state: present
password: "{{ item.pass }}" ##密码
loop: "{{ userlist }}"
You can view directly to the user list, this is unsafe, we can encrypt the file.
[devops@server1 ansible]$ ansible-vault --help
Usage: ansible-vault [create|decrypt|edit|encrypt|encrypt_string|rekey|view] [options] [vaultfile.yml]
encryption/decryption utility for Ansible data files
Options:
--ask-vault-pass ask for vault password
-h, --help show this help message and exit
--new-vault-id=NEW_VAULT_ID
the new vault identity to use for rekey
--new-vault-password-file=NEW_VAULT_PASSWORD_FILE
new vault password file for rekey
--vault-id=VAULT_IDS the vault identity to use
--vault-password-file=VAULT_PASSWORD_FILES
vault password file
-v, --verbose verbose mode (-vvv for more, -vvvv to enable
connection debugging)
--version show program's version number and exit
See 'ansible-vault <command> --help' for more information on a specific
command.
View Help
[devops@server1 ansible]$ ansible-vault encrypt vars/userlist.yml
After the password can be encrypted.
[devops@server1 ansible]$ ansible-playbook adduser.yml --ask-vault-pass
To join a password when push.
[root@server2 ~]# cat /etc/shadow
Check in server2 in / etc / shadow, can be found in plaintext password, for security reasons, we need to encrypt it.
[devops@server1 ansible]$ vim adduser.yml
---
- hosts: all
vars_files:
- vars/userlist.yml
tasks:
- name: create users
user:
name: "{{ item.user }}"
state: present
password: "{{ item.pass | password_hash('sha512','mysecretsalt') }}" ##加密方式
loop: "{{ userlist }}"
[devops@server1 ansible]$ ansible-playbook adduser.yml --ask-vault-pass
Push.
[root@server2 ~]# cat /etc/shadow
Server2 again in view, the encryption worked.
It should pay attention to more yml encrypt files, to use a password encryption, because at the time of verification can only enter a password.