1. Variable naming
It can only contain numbers, underscores and letters
Can only start with an underscore or a letter
2. Variable level
overall situation: Set from the command line or configuration file
paly: Set in play and related structures
host: Tasks collected or registered by lists, facts
experiment:
vim test.yml
- name: test
hosts: westos
vars:
NAME: westos
tasks:
- name: debug
debug:
msg: "{{ NAME }}"
- name: create file
file:
path: "/mnt/{{ NAME }}"
state: touch
- name: create file
file:
path: "/mnt/{{ item }}"
state: touch
loop:
- file1
- file2
- file3
- name: copy
copy:
dest: /mnt/testfile
content: "{{ansible_facts['fqdn']}}"
Variable priority setting: narrow range, limited range and wide range
3. Variable setting and usage##
3.1 directly defining variables in playbook
experiment:
vim user.yml
- name: create user
hosts: westos
vars:
USER1:
NAME: user1
UID: 666
tasks:
- name: create user1
user:
name: "{{USER1['NAME']}}"
uid: "{{USER1.UID}}"
ansible-playbook user.yml
3.2. Define variables in the file
experiment:
vim user_list.yml
USER1:
NAME: user1
UID: 666
vim user.yml
- name: create user
hosts: westos
vars_files:
- ./user_list.yml
tasks:
- name: create user1
user:
name: "{{USER1['NAME']}}"
uid: "{{USER1.UID}}"
ansible-playbook user.yml
3.3. Using variables
tasks:
- name: create user
user:
name: "{{ USER }}"
3.4. Set host variables and list variables
Used when defining host variables and manifest variables
experiment:
vim inventory
[westos:vars]
WESTOS=test #add to
vim user.yml
- name: create user
hosts: westos
tasks:
- debug:
msg: "{{WESTOS}}"
ansible-playbook user.yml
3.5. Directory setting variables
group_vars ## List variable. The file name in the directory is consistent with the host list name
host_vars ## Host variable. The file name in the directory is consistent with the host name
experiment:
su - devops
cd .ansible/
mkdir group_vars
cd group_vars/
vim westos.yml
WESTOS: hello
cd ..
vim user.yml
- name: create user
hosts: westos
tasks:
- debug:
msg: "{{WESTOS}}"
ansible-playbook user.yml
3.6. Override variables with commands
ansible-playbook user.yml -e "WESTOS=nihao"
three 7 setting variables using arrays
experiment:
vim user_list.yml
userlist:
- name: lee
uid: 6666
- name: westos
uid: 8888
vim user.yml
- name: create user
hosts: westos
vars_files:
- ./user_list.yml
tasks:
- name: create user1
user:
name: "{{item.name}}"
uid: "{{item.uid}}"
loop:
"{{userlist}}"
ansible-playbook user.yml
practice:
www.westos.com 80 ------ > /var/www/html ------> www.westos.com
linux.westos.com 80 ------> /var/www/virtual/westos.com/linux -----> linux.westos.com
vim web_list.yml
web_default:
doc: /var/www/html
index: www.westos.org
web_linux:
name: linux.westos.org
doc: /var/www/virtual/westos.com/linux
index: linux.westos.org
vim web.yml
- name: install httpd
hosts: westos
vars_files: ./web_list.yml
tasks:
- name: install httpd
dnf:
name: httpd
state: present
- name: firewalld
firewalld:
service: http
permanent: yes
state: enabled
immediate: yes
- name: check_file
file:
path: /etc/httpd/conf.d/vhosts.conf
state: absent
- name: configure vhost
lineinfile:
path: /etc/httpd/conf.d/vhosts.conf
create: yes
line: |+
<VirtualHost _default_:80>
DocumentRoot {{web_default.doc}}
</VirtualHost>
<VirtualHost *:80>
ServerName {{web_linux.name}}
DocumentRoot {{web_linux.doc}}
</VirtualHost>
- name: start httpd
service:
name: httpd
state: restarted
enabled: yes
- name: touch html
copy:
dest: /var/www/html/index.html
content: www.westos.org
- name: mkdir
file:
path: /var/www/virtual/westos.com/linux
state: directory
- name: touch linux
copy:
dest: /var/www/virtual/westos.com/linux/index.html
content: linux.westos.org
ansible-playbook web.yml
Super user in real machine:
vim /etc/hosts
172.25.254.217 www.westos.org linux.westos.org
3.8. Registered variables
register registers the module output to the specified string
vim westos.yml
- name: check file
hosts: westos
tasks:
- name: shell
shell: test -e /mnt/file1
register: out
- name: debug
debug:
msg: "{{out.rc}}"
3.9. Factual variables
Fact variables are variables automatically detected by ansible in the controlled host
There is also host related information in the fact variable
When the host related information needs to be used, there is no need to collect and assign values, and it can be called directly
Because the variable information is system information, it cannot be arbitrarily set to collect information only, so it is called a fact variable
gather_facts: no ## Turn off fact variable collection in playbook
Supplement: ansible westos -m setup | less # View all the information of the controlled machine in the list
10. Magic variables
hostvars: ## Internal information of ansible software
ansible localhost -m debug -a "var=hostvars"
group_names: ## Current managed host group
ansible localhost -m debug -a "var=group_names"
groups: ## Lists all groups and hosts in the list
ansible localhost -m debug -a "var=groups"
inventory_hostname: ## Contains the name of the currently managed host configured in the manifest
ansible localhost -m debug -a "var=inventory_hostname"
JINJA2 template
introduce
Jinja2 is the next widely used template engine in Python
His design idea comes from Django's template engine,
And extends its syntax and a series of powerful functions.
One of the most significant is the addition of sandbox execution function and optional automatic escape function
j2 template writing rules
{# /etc/hosts line #} ## Notes describe the purpose of the document
127.0.0.1 localhost ## File content
{{ ansible_facts['all_ipv4_addresses'] }} {{ansible_facts['fqdn ']} ## use fact variables
for loop
vim users.yml
users:
- westos
- linux
- ansible
vim test.j2
{% for NAME in users %}
{{ NAME }}
{%endfor%}
if decision
{% for NAME in users if not NAME == "ansible" %}
User number {{loop.index}} - {{ NAME }}
{%endfor%}
loop.index ## Loop iteration counting starts with 1
loop.index0 ## Loop iteration count starts at 0
{% for user in students %}
name: {{user['name']}}
{%if user['age'] is defined%}
age: {{user['age']}}
{%endif%}
{% if user['age'] is not defined %}
age: null
{% endif%}
obj: {{user['obj']}}
{%endfor%}
Application of j2 template in playbook
Experiment 1:
mkdir host_vars
vim host_vars/172.25.254.217.yml
#/host_ The file name under vars must be the ip of the controlled host. If it is a domain name, resolution must be added
users:
- westos
- lee
- linux
vim test.j2
{% for user in users %}
{{ user }}
{% endfor %}
vim westos.yml
- name: users
hosts: westos
tasks:
- name: test.j2
template:
src: ./test.j2
dest: /mnt/westos
ansible-playbook westos.yml
In the controlled host nodeb Medium:
cat westos #You can see the three user s just defined
Experiment 1 supplement:
vim test.j2
{% for user in users %}
{{loop.index}}{{ user }} ##Loop iteration counting starts with 1
{% endfor %}
Experiment 2:
vim test.j2
{% for user in users %}
{% if user == "lee" %}
luck user
{% endif %}
{{loop.index}}{{ user }}
{% endfor %}
ansible-playbook westos.yml
Experiment 3:
vim host_vars/172.25.254.217.yml
#/host_ The file name under vars must be the ip of the controlled host. If it is a domain name, resolution must be added
users:
- name: lee
age: 18
obj: linux
- name: westos
age: 20
vim test.j2
{% for user in users %}
{% if user.obj is defined %}
{{ user.name }} - {{ user.age }} - {{ user.obj }}
{% endif %}
{% if user.obj is not defined %}
{{ user.name }} - {{ user.age }} - NONE
{% endif %}
{% endfor %}
ansible-playbook westos.yml
In the controlled host nodeb Medium:
cat westos
four Ansible encryption control
Create build file
1.
ansible-vault create westos.yml
2.
vim pass # password file
westos # password
Encrypt existing files
ansible-vault encrypt westos.yml
View encrypted files
ansible-vault view westos.yml
ansible-vault view westos.yml --vault-password-file=pass
Edit encrypted file
ansible-vault edit westos.yml
ansible-vault edit westos.yml --vault-password-file=pass
Decrypt file
ansible-vault decrypt westos.yml ## File permanent decryption
ansible-vault decrypt westos --output=linux ## Decrypt the file and save it as Linux
Change password
ansible-vault rekey westos.yml
ansible-vault rekey westos1 --new-vault-password-file=key1