1. Variable naming
Like most programming languages, ansible’s built-in keywords cannot be used as variable names, including numbers, underscores, and letters. They can only start with underscores or letters.
2. Variable level
Global: set from the command line or configuration file
paly: set in play and related structures
Host: a task consisting of a checklist, fact collection, or registration
Variable priority setting: narrow scope and wide scope
3. Variable setting and usage
1. Define variables directly in the playbook
vim var.yml
- name: test var hosts: all vars: TEST: hello world tasks: - name: debug: msg: "{<!-- -->{TEST}}"
2. Define variables in the file
vim test.yml
TEST: hello linux
vim var.yml
- name: test var hosts: all vars_files: - ./test.yml tasks: - name: debug: msg: "{<!-- -->{TEST}}"
3. Use variables
tasks: - name: debug: msg: "{<!-- -->{TEST}}"
4. Set host variables and manifest variables
Used when defining host variables and manifest variables
Edit inventory as follows, edit test.yml as follows, run test.yml to output on the controlled host
5. Directory setting variables
group_vars inventory variables, the file names in the directory are consistent with the host inventory names host_vars host variable, the file name in the directory is consistent with the host name
The test is as follows
vim inventory
Add host IP
vim var.yml
Then you need to write: group_vars list variables, host_vars host variables
The content is as follows:
The test is as follows:
6. Overwrite variables with commands
ansible-playbook var.yml -e "TEST=westos"
7. Use arrays to set variables
vim user.yml - name: test var hosts: all vars: USER1: name: user1 ID: 123 USER2: name: user2 ID: 456 tasks: - name: create user1 user: name: "{<!-- -->{USER1.name}}" uid: "{<!-- -->{USER1.id}}" state: present - name: create user2 user: name: "{<!-- -->{USER2.name}}" uid: "{<!-- -->{USER2.id}}" state: present
8. Register variables
vim register.yml
- name: test register hosts: all tasks: - name: hostname command shell: hostname register: info - name: show messages debug: msg: "{<!-- -->{info['stdout']}}"
9.Fact variables
Fact variables are variables automatically detected by ansible in the controlled host. The fact variables also contain host-related information.
When you need to use host-related information, there is no need to collect and assign values, just call it directly.
Because the variable information is system information, it cannot be set arbitrarily and is only used to collect information, so it is called a fact variable.
When we don’t know the system parameters, we can directly check the parameters in the system
ansible all -m setup |less
vim var.yml - name: test var hosts: all tasks: - name: debug: msg: "{<!-- -->{ansible_facts['hostname']}}"
10. Magic variables
hostvars: internal information of ansible software
ansible all -m debug -a 'var=hostvars'
group_names: the group to which the current managed host belongs
ansible all -m debug -a 'var=group_names'
groups: list all groups and hosts in the list
ansible all -m debug -a 'var=groups'
inventory_hostname: Contains the name of the currently managed host configured in the inventory
ansible all -m debug -a 'var=inventory_hostname'
JINJA2 template
introduce
Jinja2 is the next widely used template engine in Python. Its design idea is derived from Django’s template engine and extends its syntax and a series of powerful functions. The most notable of these is the addition of sandbox execution capabilities and optional auto-escaping capabilities
j2 template writing rules
Write loop content
{# /etc/hosts line #} ##Comments describing the purpose of the file 127.0.0.1 localhost ##File content {<!-- -->{ ansible_facts['all_ipv4_addresses'] }} {<!-- -->{ansible_facts['fqdn']}} ##Use fact variables
for loop
vim users.yml users: - westos - linux - ansible vimtest.j2 {% for NAME in users %} {<!-- -->{ NAME }} {%endfor%}
if judgment
{% for NAME in users if not NAME == "ansible" %} User number {<!-- -->{loop.index}} - {<!-- -->{ NAME }} {%endfor%} loop.index ##Loop iteration count starts from 1 loop.index0 ##Loop iteration count starts from 0 {% for user in students %} name: {<!-- -->{user['name']}} {%if user['age'] is defined%} age: {<!-- -->{user['age']}} {%endif%} {% if user['age'] is not defined %} age: null {% endif%} obj: {<!-- -->{user['obj']}} {%endfor%}
Application of j2 template in playbook
#playbook1 --- - name: test register hosts: xxxx tasks: - name: create hosts template: src: ./xxxx.j2 dest: /mnt/hosts
#playbook2 --- - name: test.j2 hosts: 172.25.0.254 vars: students: - name: student1 obj: linux - name: student2 age: 18 obj: linux tasks: -template: src: ./test.j2 dest: /mnt/list
Ansible’s encryption control
1. Create encrypted files
ansible-vault create test creates encrypted file test
2. vim key creates key
vim authfile ansible-vault create testfile --vault-password-file=authfile
Encrypt the new file testfile (the password of the testfile file is the content 123 in the authfile file)
3. Encrypt existing files
ansible-vault encrypt test.yml encrypts the existing test.yml file
4. View encrypted files
ansible-vault view test.yml View encrypted file test.yml
ansible-vault view test.yml --vault-password-file=authfile
View the encrypted file test.yml, the key is the authfile file
5. Edit encrypted files
ansible-vault edit test.yml Edit the encrypted file test.yml
ansible-vault edit test.yml --vault-password-file=authfile
Edit the encrypted file test.yml, the key is the authfile file
6. Decrypt files
ansible-vault decrypt test.yml test.yml file permanent decryption
ansible-vault decrypt testfile --output=savafile ##File decryption is saved as savafile
7.Change password
ansible-vault rekey test