无书面许可请勿转载
高级Playbook
Extra variablesYou may have seen in our template example in the previous chapter that we used avariable called group_names . This is one of the magic variables that are provided byAnsible itself. At the time of writing there are seven such variables, described in thefollowing sections.
额外的变量
你在之前的模板样例里已经看到过我们有一个叫做group_names的变量,这是Ansible提供的一个奇妙的变量,像这样的变量眼下为止总共同拥有7个,接下来我们就将逐一介绍他们!
hostvars allows you to retrieve variables about all the hosts that the current playhas dealt with. If the setup module hasn't yet been run on that host in the currentplay, only its variables will be available. You can access it like you would accessother complex variables, such as ${hostvars.hostname.fact} , so to get the Linuxdistribution running on a server named ns1 , it would be ${hostvars.ns1.ansible_distribution} . The following example sets a variable called zone master to theserver named ns1 . It then calls the template module, which would use this to set themasters for each zone.---#1- name: Setup DNS Servers#2hosts: allnameservers#3tasks:#4- name: Install BIND#5yum: name=named state=installed#6- name: Setup Slaves#7hosts: slavenamesservers#8tasks:#9- name: Get the masters IP#10set_fact: dns_master="{ {hostvars.ns1.ansible_default_ipv4.address }}"- name: Configure BIND#12template: dest=/etc/named.confsrc/templates/named.conf.j2#11#13Using hostvars, you can further abstract templates from yourenvironment. If you nest your variable calls, then instead of placing anIP address in the variable section of the play, you can add the hostname.To find the address of a machine named in the variable the_machineyou would use, { { hostvars.[the_machine].default_ipv4.address }}. hostvars 变量
hostvas能够让你检索,全部当前play已经处理的主机,假设setup模块还没执行。那么仅仅有hostvar变量可用。它能够用${hostvars.hostname.fact}这样的形式来訪问复杂的变量,比方用${hostvars.ns1.ansible_distribution}来訪问ns1这台server的发行版本号。以下的样例设置一个dns masterserver叫ns1,调用模板模块来为每一个zone设置mastserver:
---
- name: Setup DNS Servers hosts: allnameservers tasks: - name: Install BIND yum: name=named state=installed- name: Setup Slaves
hosts: slavenamesserverstasks:
- name: Get the masters IP set_fact: dns_master="{ { hostvars.ns1.ansible_default_ipv4.address }}"- name: Configure BIND
template: dest=/etc/named.conf src/templates/named.conf.j2The groups variableThe groups variable contains a list of all hosts in the inventory grouped by theinventory group. This lets you get access to all the hosts that you have configured.This is potentially a very powerful tool. It allows you to iterate across a whole groupand for every host apply an action to the current machine.---- name: Configure the databasehosts: dbserversuser: roottasks:- name: Install mysqlyum: name={ { item }} state=installedwith_items:- mysql-server- MySQL-python- name: Start mysqlservice: name=mysqld state=started enabled=true- name: Create a user for all app serverswith_items: groups.appserversmysql_user: name=kate password=test host={ {hostvars.[item].ansible_eth0.ipv4.address }}state=presentYou can even use this variable to create known_hosts files for all of your machinescontaining the host keys of all the other machines. This would allow you to then SSHfrom one machine to another without confirming the identity of the remote host. Itwould also handle removing machines when they leave service or updating them whenthey are replaced. The following is a template for a known_hosts file that does this:{% for host in groups['all'] %}{ { hostvars[host]['ansible_hostname'] }}{ {hostvars[host]['ansible_ssh_host_key_rsa_public'] }}{% endfor %}The playbook that uses this template would look like this:---hosts: alltasks:- name: Setup known hostshosts: alltasks:- name: Create known_hoststemplate: src=templates/known_hosts.j2dest=/etc/ssh/ssh_known_hosts owner=root group=rootmode=0644 groups变量
group变量包括设备清单组内的全部主机,它同意我们同一时候訪问全部我们配置的主机,这是一个很强力的工具,让我们能够历遍组内的每一个主机并在上面应用操作。
---
- name: Configure the database hosts: dbservers user: root tasks: - name: Install mysql yum: name={ { item }} state=installed with_items: - mysql-server - MySQL-python - name: Start mysql service: name=mysqld state=started enabled=true - name: Create a user for all app servers with_items: groups.appservers mysql_user: name=kate password=test host={ { hostvars.[item].ansible_eth0.ipv4.address }} state=present你甚至能够使用这个变量,创建一个known_hosts文件。包括全部这台主机已知的其它主机,然后应用给你的全部主机。这样当你使用ssh从一台机器登陆到另外一台的时候就不须要身份验证了。
它也能够处理在服务断开或则因更新时被替换时,用来移除主机。以下是known_hosts文件模板的代码:
{% for host in groups['all'] %}
{ { hostvars[host]['ansible_hostname'] }} { {hostvars[host]['ansible_ssh_host_key_rsa_public'] }} {% endfor %}在playbook中能够这样使用这个模板:
--- hosts: all tasks: - name: Setup known hosts hosts: all tasks: - name: Create known_hosts template: src=templates/known_hosts.j2 dest=/etc/ssh/ssh_known_hosts owner=root group=root mode=0644The group_names variableThe group_names variable contains a list of strings with the names of all thegroups the current host is in. This is not only useful for debugging, but also forconditionals detecting group membership. This was used in the last chapter toset up a nameserver.This variable is mostly useful for skipping a task or in a template as a condition. Forinstance, if you had two configurations for the SSH daemon, one secure and one lesssecure, but you only wanted the secure configuration on the machines in the securegroup, you would do it like this:- name: Setup SSHhosts: sshserverstasks:- name: For secure machinesset_fact: sshconfig=files/ssh/sshd_config_securewhen: "'secure' in group_names"- name: For non-secure machinesset_fact: sshconfig=files/ssh/sshd_config_defaultwhen: "'secure' not in group_names"- name: Copy over the configcopy: src={ { sshconfig }} dest=/tmp/sshd_configIn the previous example, we used the set_fact module to set the factfor each case, and then used the copy module. We could have usedthe copy module in place of the set_facts modules and used onefewer task. The reason this was done is that the set_fact moduleruns locally and the copy module runs remotely. When you use theset_facts module first and only call the copy module once, the copiesare made on all the machines in parallel. If you used two copy moduleswith conditions, then each would execute on the relevant machinesseparately. Since copy is the longer task of the two, it benefits the mostfrom running in parallel. group_names变量
group_names是一个关于当前主机属于哪些组的。以及这些组名相加所得到的字符串列表的变量。
它不只用来debugging,也能够用来作为推断组成员的条件。上一章关于dns配置的样例中我们使用过。这个变量在用来跳过一些任务的运行或作为模板的条件的时候很实用。
比方你有2个ssh的配置,一个安全等级比較高、还有一个略微低一些。
以下的样例展示怎样在高安全等级的组设备来使用高安全等级的配置:
- name: Setup SSH
hosts: sshservers tasks: - name: For secure machines set_fact: sshconfig=files/ssh/sshd_config_secure when: "'secure' in group_names" - name: For non-secure machines set_fact: sshconfig=files/ssh/sshd_config_default when: "'secure' not in group_names" - name: Copy over the config copy: src={ { sshconfig }} dest=/tmp/sshd_config在上述样例中,我们在2个条件中分别设置fact然后再部署一个copy,这样做的原因是由于set_fact是在本地执行,而copy是在远程执行。当执行时,copy模块是并行执行的。否则当我们在2个条件中分别使用copy,那么它将单独执行。假设copy模块执行的时间较长的话,并行执行的性能将会更好一些!
The inventory_hostname variableThe inventory_hostname variable stores the hostname of the server as recorded inthe inventory. You should use this if you have chosen not to run the setup moduleon the current host, or if for various reasons the value detected by the setup moduleis not correct. This is useful when you are doing the initial setup of the machine andchanging the hostname.The inventory_hostname_short variableThe inventory_hostname_short variable is the same as the previous variable;however, it only includes the characters up to the first dot. So for host.example.com , it would return host .
inventory_hostname变量
inventory_hostname变量保存了在设备配置清单中server的主机名,当你选择不使用setup模块或则由于其它原因setup模块不能执行的时候,这非常实用。
另外,当你正在初始化一个台主机并改动它的hostname的时候也非常实用。
inventory_hostname_short变量
inventory_hostname_short变量跟inventory_hostname一样,仅仅是去掉域名。比方inventory_hostname 是host.example 那么inventory_hostname_short就是 host
The inventory_dir variableThe inventory_dir variable is the path name of the directory containing theinventory file.The inventory_file variableThe inventory_file variable is the same as the previous one, except it also includesthe filename.
inventory_dir
inventory_dir是设备清单文件的路径
inventory_file
inventory_file是设备清单文件的文件名称