Application Example ansible playbooks

Take variable application

[devops@server1 ansible]$ ls
ansible.cfg  files  hostinfo.yml  httpd.yml  inventory  templates
[devops@server1 ansible]$ vim templates/info 

主机名：{{ ansible_facts['hostname'] }}
主机ip：{{ ansible_facts['eth0']['ipv4']['address'] }}
根分区大小：{{ ansible_facts['devices']['dm-0']['size'] }}
系统内核：{{ ansible_facts['kernel'] }}

Write variables need to take in this file.

[devops@server1 ansible]$ vim hostinfo.yml

---
- hosts: all
  tasks:
    - name: create infofile
      template:
        src: templates/info			##上面编写的info文件地址
        dest: /mnt/hostinfo			##存放地址

[devops@server1 ansible]$ ansible-playbook hostinfo.yml

Push

the test variable display.

Write applications yml file

Software installation
Here we have to write a yml file.

[devops@server1 ansible]$ vim install.yml

---
- hosts: all
  tasks:
    - name: install httpd
      yum:
        name: httpd
        state: present
      when: ansible_facts['hostname'] == 'server2'

The role of the file is to install httpd service, but here added a condition that is called when the host is installed when server2

Server3 found skipped when push. Only server2 to operate, so that you can flexibly define the host need to operate.
Such as:

[devops@server1 ansible]$ vim install.yml 

---
- hosts: all
  tasks:
    - name: install httpd				##设置只在server2安装httpd等多个软件	
      yum:
        name: "{{ item }}"				##固定变量
        state: present
      when: ansible_facts['hostname'] == 'server2'
      loop:
        - httpd
        - mariadb
        - php

    - name: install vim			##设置在只server3安装vim
      yum:
        name: vim
        state: present
      when: ansible_facts['hostname'] == 'server3'		

Install more software on server2, installed only in vim server3.
Production mutual resolve

[devops@server1 ansible]$ vim templates/hosts.j2

{% for host in groups ['webservers'] %}
{{ hostvars[host]['ansible_facts']['eth0']['ipv4']['address'] }} {{ hostvars[host]['ansible_facts']['hostname'] }}
{% endfor %}

Make parse the file.

[devops@server1 ansible]$ vim hosts.yml

---
- hosts: all
  tasks:
    - name: create hosts
      template:
        src: templates/hosts.j2
        dest: /etc/hosts
        owner: root
        group: root
        mode: 644

Yml write file.

Push.


server3 of mutual resolve and server2 well.
Batch create user

[devops@server1 ansible]$ vim adduser.yml

---
- hosts: all
  tasks:
    - name: create users
      user:
        name: "{{ item }}"
        state: present
        password: redhat		##密码
      loop:
        - user1
        - user2
        - user3

In the two hosts have built a user, but the user password is created in this way are the same, we can create a list specifying the user's name and password.

[devops@server1 ansible]$  cd vars/
[devops@server1 vars]$ ls
userlist.yml
[devops@server1 vars]$ vim userlist.yml 

---
userlist:
  - user: user1
    pass: redhat
  - user: user2
    pass: yangmi
  - user: user3
    pass: hang

A list of the user's password.

[devops@server1 ansible]$ pwd
/home/devops/ansible
[devops@server1 ansible]$ vim adduser.yml

---
- hosts: all
  vars_files:
    - vars/userlist.yml
  tasks:
    - name: create users
      user:
        name: "{{ item.user }}"		##用户名
        state: present
        password: "{{ item.pass }}"	 ##密码
      loop: "{{ userlist }}"

You can view directly to the user list, this is unsafe, we can encrypt the file.

[devops@server1 ansible]$ ansible-vault --help
Usage: ansible-vault [create|decrypt|edit|encrypt|encrypt_string|rekey|view] [options] [vaultfile.yml]

encryption/decryption utility for Ansible data files

Options:
  --ask-vault-pass      ask for vault password
  -h, --help            show this help message and exit
  --new-vault-id=NEW_VAULT_ID
                        the new vault identity to use for rekey
  --new-vault-password-file=NEW_VAULT_PASSWORD_FILE
                        new vault password file for rekey
  --vault-id=VAULT_IDS  the vault identity to use
  --vault-password-file=VAULT_PASSWORD_FILES
                        vault password file
  -v, --verbose         verbose mode (-vvv for more, -vvvv to enable
                        connection debugging)
  --version             show program's version number and exit

 See 'ansible-vault <command> --help' for more information on a specific
command.

View Help

[devops@server1 ansible]$ ansible-vault encrypt vars/userlist.yml 

After the password can be encrypted.

[devops@server1 ansible]$ ansible-playbook adduser.yml --ask-vault-pass

To join a password when push.

[root@server2 ~]# cat /etc/shadow

Check in server2 in / etc / shadow, can be found in plaintext password, for security reasons, we need to encrypt it.

[devops@server1 ansible]$ vim adduser.yml 

---
- hosts: all
  vars_files:
    - vars/userlist.yml
  tasks:
    - name: create users
      user:
        name: "{{ item.user }}"
        state: present
        password: "{{ item.pass | password_hash('sha512','mysecretsalt') }}"		##加密方式
      loop: "{{ userlist }}"

[devops@server1 ansible]$ ansible-playbook adduser.yml --ask-vault-pass

Push.

[root@server2 ~]# cat /etc/shadow

Server2 again in view, the encryption worked.
It should pay attention to more yml encrypt files, to use a password encryption, because at the time of verification can only enter a password.