Ansible中的变量及加密
作者:互联网
变量命名
1.只能包含数字,下划线,字母
2.只能用下划线或字母开头!
变量级别
全局: 从命令行或配置文件中设定的
play: 在play和相关结构中设定的
主机: 由清单,事实收集或注册的任务
变量优先级设定:
狭窄范围有限与广域范围
变量设定和使用方式
1.在playbook中直接定义变量
例如:
vim user.yml
---
- name: test var
hosts: all
vars:
USER: westosuser
tasks:
- name: create user
user:
name: "{{USER}}"
state: present
执行成功之后,查看用户是否存在:
结果:存在
2.在文件中定义变量
例如:
vim user_list.yml
---
USER: westosuser
vim test.yml
---
- name: del User
hosts: all
vars_files:
./user_list.yml
tasks:
- name: del user
user:
name: "{{USER}}"
state: absent
执行playbook如下:
westosuser被删除
3.使用变量
tasks:
- name: create user
user:
name: “{{ USER }}”
4.设定主机变量和清单变量
在定义主机变量和清单变量时使用
比如可以:(IP是随便举例用的)
vim inventory
[list1]
172.25.1.10
[list2]
172.25.1.20
[list3]
172.25.1.10
172.25.1.20
[list1:vars] #直接在hosts里面写 list1清单
USER=westosuser
vim test.yml
---
- name: test var
- hosts: list1
- tasks:
- name: create user
user:
name: "{{USER}}"
state: present
5.目录设定变量
group_vars ##清单变量,目录中的文件名称与主机清单名称一致
host_vars ##主机变量,目录中的文件名称与主机名称一致
测试如下:
vim inventory
添加list1 172.25.254.229
[westos]
172.25.76.6
172.25.76.7
[list1]
172.25.76.6
vim test.yml
---
- name: Create User
hosts: list1
tasks:
- name: create user
user:
name: "{{USER}}"
state: present
接着需写:group_vars,清单变量,host_vars 主机变量
测试如下:
ansible-playbook -i inventory test.yml
在受控机server6查看用户westos123如下:
6.用命令覆盖变量
ansible-playbook user.yml -i inventory -e “USER=lcf”
这样不需要修改test.yml的用户,即可快速指定用户并执行!
执行之后测试如下:
7.使用数组设定变量
vim user_var.yml
vim user.yml
内容如下:
vim user_var.yml
---
USER:
lcf:
age: 18
obj: linux
westos:
age: 20
obj: java
vim user.yml
- name: Create User
hosts: all
vars_files:
./user_var.yml
tasks:
- name: create user
debug:
msg: "{{USER['lee']['age']}}{{USER.westos.obj}}"
测试如下:
在执行的时候会输出msg: 年龄18,和职业java
练习
建立两个虚拟主机及设置默认发布测试页
create web vhost
www.westos.com:80 ------ > /var/www/html
linux.westos.com:80 ------> /var/www/virtual/westos.com/linux
vim vhost.yml
---
- name: vhost
hosts: all
vars:
- web1:
name: www.westos.com
port: 80
documentroot: /var/www/html
index: www.westos.com page
- web2:
name: linux.westos.com
port: 80
documentroot: /var/www/virtual/westos.com/linux/html
index: linux.westos.com page
tasks:
- name: install web server
dnf:
name: httpd
state: latest
- name: configure web server
copy:
dest: /etc/httpd/conf.d/vhost.conf
content:
"<VirtualHost _default_:80>\n DocumentRoot /var/www/html\n CustomLog logs/default.log combined\n</VirtualHost>\n<VirtualHost *:{{web1.port}}>\n ServerName {{web1.name}}\n DocumentRoot {{web1.documentroot}}\n CustomLog logs/{{web1.name}}.log combined\n</VirtualHost>\n\n<VirtualHost *:{{web2.port}}>\n ServerName {{web2.name}}\n DocumentRoot {{web2.documentroot}}\n CustomLog logs/{{web2.name}}.log combined\n</VirtualHost>"
- name: create documentroot dir
file:
path: "{{item}}"
state: directory
loop:
- "{{web1.documentroot}}"
- "{{web2.documentroot}}"
- name: create index
copy:
content: "{{item.index_content}}"
dest: "{{item.index_file}}"
loop:
- index_file: "{{web1.documentroot}}/index.html"
index_content: "{{web1.index}}"
- index_file: "{{web2.documentroot}}/index.html"
index_content: "{{web2.index}}"
- name: restart apache
service:
name: httpd
state: restarted
enabled: yes
- name: firewalld configure
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
测试如下:
做好本地解析,然后访问
8.注册变量
register 把模块输出注册到指定字符串中
---
- name: test register
hosts: list1
tasks:
- name: hostname
shell:
hostname
register: info
- name: show messages
debug:
msg: "{{info['stdout']}}"
测试如下:
在执行playbook的时候,输出了主机名!
9.事实变量
事实变量是ansible在受控主机中自动检测出的变量
事实变量中还有与主机相关的信息
当需要使用主机相关信息时不需要采集赋值,直接调用即可
因为变量信息为系统信息所以不能随意设定仅为采集信息,故被成为事实变量。
我们在不知道系统信息的参数的时候,可以在系统中自己去查:
方法是:
ansible all -m setup | less
系统的参数在这里都存在,可以自己查找自己需要的
/fqdn: 查找fqdn, 找到的结果如下
就可以知道查看主机名的参数的具体名称,直接可以用
例如:
vim test.yml
---
- name: test
hosts: list1
tasks:
- name: show
debug:
msg: "{{ansible_facts['fqdn']}}"
ansible-playbook -i inventory test.yml
测试的时候,相当于输出了主机名:
msg:后面是受控机的hostname!
练习脚本
采集主机的ip 和主机名并以
hostname:
ip:
形式输出到/etc/motd中!
- name: test
hosts: list1
tasks:
- name: info
copy:
content: "hostname: {{ansible_facts['fqdn']}}\nip: {{ansible_facts['eth0']['ipv4']['address']}}\n"
dest: /etc/motd
测试如下:
ansible-playbook -i inventory test.yml
执行:
10.魔法变量
hostvars: ##ansible软件的内部信息
group_names: ##当前受管主机所在组
groups: ##列出清单中所有的组和主机
inventory_hostname: ##包含清单中配置的当前授管主机的名称
JINJA2模板
Jinja2是Python下一个被广泛应用的模版引擎
他的设计思想来源于Django的模板引擎,
并扩展了其语法和一系列强大的功能。
其中最显著的一个是增加了沙箱执行功能和可选的自动转义功能
j2模板书写规则
for循环
vim users.yml
users:
westos
linux
ansible
vim test.j2
{% for NAME in users %}
{{ NAME }}
{%endfor%}
if 判定
{% for NAME in users if not NAME == “ansible” %}
User number {{loop.index}} - {{ NAME }}
{%endfor%}
loop.index ##循环迭代记数从1开始
loop.index0 ##循环迭代计数从0开始
{% for user in students %}
name: {{user[‘name’]}}
{%if user[‘age’] is defined%}
age: {{user[‘age’]}}
{%endif%}
{% if user[‘age’] is not defined %}
age: null
{% endif%}
obj: {{user[‘obj’]}}
{%endfor%}
j2模板在playbook中的应用
#playbook1
---
- name: test register
hosts: xxxx
tasks:
- name: create hosts
template:
src: ./xxxx.j2
dest: /mnt/hosts
#playbook2
---
- name: test.j2
hosts: 172.25.0.254
vars:
students:
- name: student1
obj: linux
- name: student2
age: 18
obj: linux
tasks:
- template:
src: ./test.j2
dest: /mnt/list
练习脚本
用j2和前面不同
create web vhost
www.westos.com 80 ------ > /var/www/html
linux.westos.com 80 ------> /var/www/westos.org/linux
vim vhost.j2
{% for WEB in WEBS%}
{% if WEB['NAME'] is not defined %}
<VirtualHost _default_:80>
{% endif%}
{% if WEB['NAME'] is defined %}
<VirtualHost *:80>
ServerName {{ WEB['NAME'] }}
{% endif%}
DocumentRoot {{ WEB['DOC'] }}
</VirtualHost>
{% endfor%}
vim apache.yml
---
- name: install web server
hosts: all
vars:
WEBS:
- DOC: /var/www/html
INDEX: /var/www/html/index.html
INDEX_TEXT: www.westos.org
- NAME: linux.westos.org
DOC: /var/www/westos.org/linux
INDEX: /var/www/westos.org/linux/index.html
INDEX_TEXT: linux.westos.org
tasks:
- name: install apache
yum:
name: httpd
state: present
- name: create vhosts configure file
template:
src: ./vhost.j2
dest: /etc/httpd/conf.d/vhosts.conf
notify: restart httpd
- name: create html dir
file:
path: "{{ item['DOC'] }}"
state: directory
loop: "{{ WEBS }}"
- name: create index.html
copy:
dest: "{{ item['INDEX']}}"
content: "{{ item['INDEX_TEXT'] }}"
loop: "{{ WEBS }}"
- name: start web server
service:
name: httpd
state: started
enabled: yes
- name: set firewalld
firewalld:
service: http
permanent: yes
state: enabled
immediate: yes
handlers:
- name: restart httpd
service:
name: httpd
state: restarted
之后测试网页内容:
Ansible的加密控制
#创建建立文件
1.
ansible-vault create westos
2.
vim westos-vault
123456
ansible-vault create --vault-password-file=westos-vault westos
#加密现有文件
ansible-vault encrypt test
#查看加密文件
ansible-vault view westos
ansible-vault view --vault-password-file=westos-valut westos
#编辑加密文件
ansible-vault edit westos1
ansible-vault edit --vault-password-file=westos-valut westos
##解密文件
ansible-vault decrypt westos ##文件永久解密
ansible-vault decrypt westos --output=linux ##文件解密保存为linux
##更改密码
ansible-vault rekey westos1
ansible-vault rekey westos1 --new-vault-password-file=key1
#playbook#
ansible-playbook apache_install.yml --ask-vault-pass
创建加密文件
再查看文件westos发现已经被加密,无法查看!
指定密码文件创建加密文件:
vim westos-vault
123456
ansible-vault create --vault-password-file=westos-vault westos
对于现有的文件,进行加密:
并查看已经加密的文件
ansible-vault encrypt test.yml
ansible-vault view test.yml
直接编辑现有加密的文件,使用密码文件编辑加密文件
ansible-vault edit westos
ansible-vault edit --vault-password-file=westos-vault westos
将现有的加密文件进行解密
ansible-vault decrypt westos
将加密文件解密为新的名字的文件
只需要后面加上:
–output=xxxx
ansible-vault decrypt westos --output=1.yml
更改加密文件的密码:
ansible-vault rekey westos1
对于加密了的playbook脚本再在运行的时候需要询问密码进行允许,不然会失败
标签:加密,变量,ansible,westos,Ansible,user,vault,yml,name 来源: https://blog.csdn.net/qq_45655407/article/details/121524943