Ansible@一个高效的配置管理工具--Ansible configure management--翻译（五）

无书面许可请勿转载

高级Playbook

Extra variables
You may have seen in our template example in the previous chapter that we used a
variable called group_names . This is one of the magic variables that are provided by
Ansible itself. At the time of writing there are seven such variables, described in the
following sections.

额外的变量

你在之前的模板样例里已经看到过我们有一个叫做group_names的变量，这是Ansible提供的一个奇妙的变量，像这样的变量眼下为止总共同拥有7个，接下来我们就将逐一介绍他们！

hostvars allows you to retrieve variables about all the hosts that the current play
has dealt with. If the setup module hasn't yet been run on that host in the current
play, only its variables will be available. You can access it like you would access
other complex variables, such as ${hostvars.hostname.fact} , so to get the Linux
distribution running on a server named ns1 , it would be ${hostvars.ns1.ansible_
distribution} . The following example sets a variable called zone master to the
server named ns1 . It then calls the template module, which would use this to set the
masters for each zone.
---
#1
- name: Setup DNS Servers
#2
hosts: allnameservers
#3
tasks:
#4
- name: Install BIND
#5
yum: name=named state=installed
#6
- name: Setup Slaves
#7
hosts: slavenamesservers
#8
tasks:
#9
- name: Get the masters IP
#10
set_fact: dns_master="{{
hostvars.ns1.ansible_default_ipv4.address }}"
- name: Configure BIND
#12
template: dest=/etc/named.conf
src/templates/named.conf.j2
#11
#13
Using hostvars, you can further abstract templates from your
environment. If you nest your variable calls, then instead of placing an
IP address in the variable section of the play, you can add the hostname.
To find the address of a machine named in the variable the_machine
you would use, {{ hostvars.[the_machine].default_ipv4.
address }}.

hostvars 变量

hostvas能够让你检索，全部当前play已经处理的主机，假设setup模块还没执行。那么仅仅有hostvar变量可用。它能够用${hostvars.hostname.fact}这样的形式来訪问复杂的变量，比方用${hostvars.ns1.ansible_distribution}来訪问ns1这台server的发行版本号。以下的样例设置一个dns masterserver叫ns1,调用模板模块来为每一个zone设置mastserver：

---

- name: Setup DNS Servers

hosts: allnameservers



tasks:

- name: Install BIND

yum: name=named state=installed

- name: Setup Slaves

hosts: slavenamesservers

tasks:

- name: Get the masters IP

set_fact: dns_master="{{

hostvars.ns1.ansible_default_ipv4.address }}"

- name: Configure BIND

template: dest=/etc/named.conf

src/templates/named.conf.j2

The groups variable
The groups variable contains a list of all hosts in the inventory grouped by the
inventory group. This lets you get access to all the hosts that you have configured.
This is potentially a very powerful tool. It allows you to iterate across a whole group
and for every host apply an action to the current machine.
---
- name: Configure the database
hosts: dbservers
user: root

tasks:
- name: Install mysql
yum: name={{ item }} state=installed
with_items:
- mysql-server
- MySQL-python
- name: Start mysql
service: name=mysqld state=started enabled=true
- name: Create a user for all app servers
with_items: groups.appservers
mysql_user: name=kate password=test host={{
hostvars.[item].ansible_eth0.ipv4.address }}
state=present
You can even use this variable to create known_hosts files for all of your machines
containing the host keys of all the other machines. This would allow you to then SSH
from one machine to another without confirming the identity of the remote host. It
would also handle removing machines when they leave service or updating them when
they are replaced. The following is a template for a known_hosts file that does this:
{% for host in groups['all'] %}
{{ hostvars[host]['ansible_hostname'] }}
{{
hostvars[host]['ansible_ssh_host_key_rsa_public'] }}
{% endfor %}
The playbook that uses this template would look like this:
---
hosts: all
tasks:
- name: Setup known hosts
hosts: all
tasks:
- name: Create known_hosts
template: src=templates/known_hosts.j2
dest=/etc/ssh/ssh_known_hosts owner=root group=root
mode=0644

groups变量

group变量包括设备清单组内的全部主机，它同意我们同一时候訪问全部我们配置的主机，这是一个很强力的工具，让我们能够历遍组内的每一个主机并在上面应用操作。

---

- name: Configure the database

hosts: dbservers

user: root



tasks:

- name: Install mysql

yum: name={{ item }} state=installed

with_items:

- mysql-server

- MySQL-python

- name: Start mysql

service: name=mysqld state=started enabled=true

- name: Create a user for all app servers

with_items: groups.appservers

mysql_user: name=kate password=test host={{

hostvars.[item].ansible_eth0.ipv4.address }}

state=present

你甚至能够使用这个变量，创建一个known_hosts文件。包括全部这台主机已知的其它主机，然后应用给你的全部主机。这样当你使用ssh从一台机器登陆到另外一台的时候就不须要身份验证了。

它也能够处理在服务断开或则因更新时被替换时，用来移除主机。以下是known_hosts文件模板的代码：

{% for host in groups['all'] %}

{{ hostvars[host]['ansible_hostname'] }}

{{hostvars[host]['ansible_ssh_host_key_rsa_public'] }}

{% endfor %}

在playbook中能够这样使用这个模板：

---

hosts: all

tasks:

- name: Setup known hosts

    hosts: all

    tasks:

    - name: Create known_hosts

    template: src=templates/known_hosts.j2

    dest=/etc/ssh/ssh_known_hosts owner=root group=root mode=0644

The group_names variable
The group_names variable contains a list of strings with the names of all the
groups the current host is in. This is not only useful for debugging, but also for
conditionals detecting group membership. This was used in the last chapter to
set up a nameserver.
This variable is mostly useful for skipping a task or in a template as a condition. For
instance, if you had two configurations for the SSH daemon, one secure and one less
secure, but you only wanted the secure configuration on the machines in the secure
group, you would do it like this:
- name: Setup SSH
hosts: sshservers
tasks:
- name: For secure machines
set_fact: sshconfig=files/ssh/sshd_config_secure
when: "'secure' in group_names"
- name: For non-secure machines
set_fact: sshconfig=files/ssh/sshd_config_default
when: "'secure' not in group_names"
- name: Copy over the config
copy: src={{ sshconfig }} dest=/tmp/sshd_config
In the previous example, we used the set_fact module to set the fact
for each case, and then used the copy module. We could have used
the copy module in place of the set_facts modules and used one
fewer task. The reason this was done is that the set_fact module
runs locally and the copy module runs remotely. When you use the
set_facts module first and only call the copy module once, the copies
are made on all the machines in parallel. If you used two copy modules
with conditions, then each would execute on the relevant machines
separately. Since copy is the longer task of the two, it benefits the most
from running in parallel.

group_names变量

group_names是一个关于当前主机属于哪些组的。以及这些组名相加所得到的字符串列表的变量。

它不只用来debugging，也能够用来作为推断组成员的条件。上一章关于dns配置的样例中我们使用过。这个变量在用来跳过一些任务的运行或作为模板的条件的时候很实用。

比方你有2个ssh的配置，一个安全等级比較高、还有一个略微低一些。

以下的样例展示怎样在高安全等级的组设备来使用高安全等级的配置：

- name: Setup SSH

hosts: sshservers

tasks:

- name: For secure machines

set_fact: sshconfig=files/ssh/sshd_config_secure

when: "'secure' in group_names"

- name: For non-secure machines

set_fact: sshconfig=files/ssh/sshd_config_default

when: "'secure' not in group_names"

- name: Copy over the config

copy: src={{ sshconfig }} dest=/tmp/sshd_config

在上述样例中，我们在2个条件中分别设置fact然后再部署一个copy，这样做的原因是由于set_fact是在本地执行，而copy是在远程执行。当执行时，copy模块是并行执行的。否则当我们在2个条件中分别使用copy，那么它将单独执行。假设copy模块执行的时间较长的话，并行执行的性能将会更好一些！

The inventory_hostname variable
The inventory_hostname variable stores the hostname of the server as recorded in
the inventory. You should use this if you have chosen not to run the setup module
on the current host, or if for various reasons the value detected by the setup module
is not correct. This is useful when you are doing the initial setup of the machine and
changing the hostname.

The inventory_hostname_short variable
The inventory_hostname_short variable is the same as the previous variable;
however, it only includes the characters up to the first dot. So for host.example.
com , it would return host .

inventory_hostname变量

inventory_hostname变量保存了在设备配置清单中server的主机名，当你选择不使用setup模块或则由于其它原因setup模块不能执行的时候，这非常实用。

另外，当你正在初始化一个台主机并改动它的hostname的时候也非常实用。

inventory_hostname_short变量

inventory_hostname_short变量跟inventory_hostname一样，仅仅是去掉域名。比方inventory_hostname 是host.example 那么inventory_hostname_short就是 host

The inventory_dir variable
The inventory_dir variable is the path name of the directory containing the
inventory file.
The inventory_file variable
The inventory_file variable is the same as the previous one, except it also includes
the filename.

inventory_dir

inventory_dir是设备清单文件的路径

inventory_file

inventory_file是设备清单文件的文件名称