Ansible@一个高效的配置管理工具--Ansible configure management--翻译(六)

Finding files with variables
All modules can take variables as part of their arguments by dereferencing them
with {{ and }} . You can use this to load a particular file based on a variable.
For example, you might want to select a different config file for NRPE (a Nagios
check daemon) based on the architecture in use. Here is how that would look:
- name: Configure NRPE for the right architecture
hosts: ansibletest
user: root
- name: Copy in the correct NRPE config file
copy: src=files/nrpe.{{ ansible_architecture }}.conf
In the copy and the template modules, you can also configure Ansible to look for a
set of files, and it finds them using the first one. This lets you configure a file to look
for; if that file is not found a second will be used, and so on until the end of the list
is reached. If the file is not found, then the module will fail. The feature is triggered
by using the first_available_file key, and referencing {{ item }} in the action.
The following code is an example of this feature:
- name: Install an Apache config file
hosts: ansibletest
user: root
- name: Get the best match for the machine
copy: dest=/etc/apache.conf src={{ item }}
- files/apache/{{ ansible_os_family }}-{{
ansible_architecture }}.cfg
- files/apache/default-{{ ansible_architecture }}.cfg
- files/apache/default.cfg
Remember that you can run the setup module from the Ansible
command-line tool. This comes in handy when you are making heavy
use of variables in your playbooks or templates. To check what facts will
be available for a particular play, simply copy the value of the host line
and run the following command:
ansible [host line] -m setup
On a CentOS x86_64 machine, this configuration would first look for the file
RedHat-x86_64.cfg upon navigating through files/apache/ . If that file did not
exist, it would look for file default-x86_64.cfg upon navigating through file/
apache/ , and finally if nothing exists, it'll try and use default.cfg .


所有的Ansible模块都可以使用{{ }}这种形式将变量做为他的一部分参数。这样你就可以利用变量来加载不同的配置。比如你希望根据不同架构来加载不同nrpe配置,代码如下:


- name: Configure NRPE for the right architecture

hosts: ansibletest

user: root


- name: Copy in the correct NRPE config file

copy: src=files/nrpe.{{ ansible_architecture }}.conf


在copy和template模块中,Ansible可以让那个你配置去查找一个文件集,第一个被找到的文件将被使用,若找不到则继续知道找到匹配的为止,若循环完毕还是没有找到对应的文件,那么模块不会被运行。使用first_available_file关键字和在action中使用{{ item }}来完成以上功能,示例代码如下:


- name: Install an Apache config file

hosts: ansibletest

user: root


- name: Get the best match for the machine

copy: dest=/etc/apache.conf src={{ item }}


- files/apache/{{ ansible_os_family }}-{{

ansible_architecture }}.cfg

- files/apache/default-{{ ansible_architecture }}.cfg

- files/apache/default.cfg


在centos X86_64的机器上,他首先会查找RedHat-x86_64.cfg,因为他的架构是x86_64,如果找不到就找default-x86_64.cfg,如果再找不到就用default.cfg。

Environment variables
Often Unix commands take advantage of certain environment variables. Prevalent
examples of this are C makefiles, installers, and the AWS command-line tools.
Fortunately, Ansible makes this really easy. If you wanted to upload a file on the
remote machine to Amazon S3, you could set the Amazon access key as follows. You
will also see that we install EPEL so that we can install pip, and pip is used to install
the AWS tools.
- name: Upload a remote file via S3
hosts: ansibletest
user: root
- name: Setup EPEL
command rpm -ivh
#7 http://download.fedoraproject.org/pub/epel/6/i386/epel- release-6-8.noarch.rpm
- name: Install pip
yum: name=python-pip state=installed
- name: Install the AWS tools
pip: name=awscli state=present
- name: Upload the file
shell: aws s3 put-object --bucket=my-test-bucket --key={{
ansible_hostname }}/fstab --body=/etc/fstab --region=eu-
Internally, Ansible sets the environment variable into the Python code;
this means that any module that already uses environment variables
can take advantage of the ones set here. If you write your own modules,
you should consider if certain arguments would be better used as
environment variables instead of arguments.
Some Ansible modules such as get_url , yum , and apt will also use environment
variables to set their proxy server. Some of the other situations where you might
want to set environment variables are as follows:
•     Running application installers
•     Adding extra items to the path when using the shell module
•     Loading libraries from a place not included in the system library search path
•     Using an LD_PRELOAD hack while running a module

Environment 环境变量

unix的一些命令经常配合环境变量来运行,典型的例子比如,C makefiles, installers, 和 AWS这些命令行工具。幸运的是使用Ansible做到这一点,非常简单。比如:当我们要上传一个文件到S3服务器的时候,我们需要提AWS_SECRET_ACCESS_KEY,我们的脚本代码如下:


- name: Upload a remote file via S3

hosts: ansibletest

user: root


- name: Setup EPEL

command rpm -ivh


- name: Install pip

yum: name=python-pip state=installed

- name: Install the AWS tools

pip: name=awscli state=present

- name: Upload the file

shell: aws s3 put-object --bucket=my-test-bucket --key={{

ansible_hostname }}/fstab --body=/etc/fstab --region=eu-







另外像get_url , yum , 和 apt还会使用环境变量中的代理设置。下面是其他一些需要使用环境变量的场景:

External data lookups
Ansible introduced the lookup plugins in Version 0.9. These plugins allow Ansible to
fetch data from outside sources. Ansible provides several plugins, but you can also
write your own. This really opens the doors and allows you to be flexible in your
Lookup plugins are written in Python and run on the controlling machine. They are
executed in two different ways: direct calls and with_* keys. Direct calls are useful
when you want to use them like you would use variables. Using the with_* keys is
useful when you want to use them as loops. In an earlier section we covered with_
fileglob , which is an example of this.
In the next example, we use a lookup plugin directly to get the http_proxy value from
environment and send it through to the configured machine. This makes sure that the
machines we are configuring will use the same proxy server to download the file.
- name: Downloads a file using the same proxy as the controlling
hosts: all
- name: Download file
get_url: dest=/var/tmp/file.tar.gz
http_proxy: "{{ lookup('env', 'http_proxy') }}"






- name: Downloads a file using the same proxy as the controlling


hosts: all


- name: Download file

get_url: dest=/var/tmp/file.tar.gz



http_proxy: "{{ lookup('env', 'http_proxy') }}"


使用with_*格式可以让你历遍列表中的所有值,任何插件都可以,而他们返回的列表通常都很有用。下面的例子展示如何注册动态的app farm,它可以为每个虚拟机添加一个新的任务,并在每个虚拟机上运行。


- name: Registers the app server farm

hosts: localhost

connection: local


hostcount: 5


- name: Register the webapp farm

local_action: add_host name={{ item }} groupname=webapp

with_sequence: start=1 end={{ hostcount }} format=webapp%02x


从DNS TXT 记录获取配置
Storing results
Almost every module outputs something, even the debug module. Most of the
time the only variable used is the one named changed . The changed variable helps
Ansible decide whether to run handlers or not and which color to print the output
in. However, if you wish you can store the returned values and use them later in the
playbook. In this example we look at the mode in the /tmp directory and create a
new directory called /tmp/subtmp with the same mode.
- name: Using register
hosts: ansibletest
user: root
- name: Get /tmp info
file: dest=/tmp state=directory
register: tmp
- name: Set mode on /var/tmp
file: dest=/tmp/subtmp mode={{ tmp.mode }} state=directory
Some modules, like we see in the previous file module, can be configured to simply
give information. Combining this with the register feature, you can create playbooks
that can examine the environment and calculate how to proceed.
Combining the register feature and the set_fact module allows you
to perform data processing on data you receive back from modules. This
allows you to compute values and perform data processing on these values.
This makes your playbooks even smarter and more flexible than ever.
Register allows you to make your own facts about hosts from modules already
available to you. This can be useful in many different circumstances:
•     Getting a list of files in a remote directory and downloading them all
with fetch
•     Running a task when a previous task changes, before the handlers run
•     Getting the contents of the remote host SSH key and building a
known_hosts file




- name: Using register

hosts: ansibletest

user: root


- name: Get /tmp info

file: dest=/tmp state=directory

register: tmp

- name: Set mode on /var/tmp

file: dest=/tmp/subtmp mode={{ tmp.mode }} state=directory




Debugging playbooks
There are a few ways in which you can debug a playbook. Ansible includes both
a verbose mode, and a debug module specifically for debugging. You can also use
modules such as fetch and get_url for help. These debugging techniques can also
be used to examine how modules behave when you wish to learn how to use them.

Debugging playbooks


The debug module
Using the debug module is really quite simple. It takes two optional arguments,
msg and fail . msg sets the message that will be printed by the module and fail , if
set to yes , indicates a failure to Ansible, which will cause it to stop processing the
playbook for that host. We used this module earlier in the skipping modules section
to bail out of a playbook if the operating system was not recognized.
In the following example, we will show how to use the debug module to list all the
interfaces available on the machine:
- name: Demonstrate the debug module
hosts: ansibletest
user: root
hostcount: 5
- name: Print interface
debug: msg="{{ item }}"
with_items: ansible_interfaces
The preceding code gives the following output:
PLAY [Demonstrate the debug module] *********************************
GATHERING FACTS *****************************************************
ok: [ansibletest]
TASK: [Print IP address] ********************************************
ok: [ansibletest] => (item=lo) => {"item": "lo", "msg": "lo"}
ok: [ansibletest] => (item=eth0) => {"item": "eth0", "msg": "eth0"}
PLAY RECAP **********************************************************
: ok=2
As you can see the debug module is easy to use to see the current value of a variable
during the play.

Debug 模式

使用debug模式非常简单,只需要2个可选的参数,msg和fail。msg 设置模块和fail来打印消息,当msg设置为yes时,表明Ansible有failure会导致playbook停止在这台主机上运行。通常我们在脚本的开始处来检测操作系统是否可以被认出。下面的例子中,我们将展示如何使用debug模块来列机器上所有可用的接口:


- name: Demonstrate the debug module

hosts: ansibletest

user: root


hostcount: 5


- name: Print interface

debug: msg="{{ item }}"

with_items: ansible_interfaces


PLAY [Demonstrate the debug module] *********************************

GATHERING FACTS *****************************************************

ok: [ansibletest]

TASK: [Print IP address] ********************************************

ok: [ansibletest] => (item=lo) => {"item": "lo", "msg": "lo"}

ok: [ansibletest] => (item=eth0) => {"item": "eth0", "msg": "eth0"}

PLAY RECAP **********************************************************


: ok=2




The verbose mode
Your other option for debugging is the verbose option. When running Ansible
with verbose, it prints out all the values that were returned by each module after it
runs. This is especially useful if you are using the register keyword introduced
in the previous section. To run ansible-playbook in verbose mode, simply add
--verbose to your command line as follows:
ansible-playbook --verbose playbook.yml



ansible-playbook --verbose playbook.yml

The check mode
In addition to the verbose mode, Ansible also includes a check mode and a diff
mode. You can use the check mode by adding --check to the command line, and
--diff to use the diff mode. The check mode instructs Ansible to walk through the
play without actually making any changes to remote systems. This allows you to
obtain a listing of the changes that Ansible plans to make to the configured system.
It is important here to note that the check mode of Ansible is not
perfect. Any modules that do not implement the check feature are
skipped. Additionally, if a module is skipped that provides more
variables, or the variables depend on a module actually changing
something (like file size), then they will not be available. This is an
obvious limitation when using the command or shell modules.
The diff mode shows the changes that are made by the template module. This
limitation is because the template file only works with text files. If you were to
provide a diff of a binary file from the copy module, the result would almost be
unreadable. The diff mode also works with the check mode to show you the planned
changes that were not made due to being in check mode.





The pause module
Another technique is to use the pause module to pause the playbook while you
examine the configured machine as it runs. This way you can see changes that the
modules have made at the current position in the play, and then watch while it
continues with the rest of the play.



In this chapter we explored the more advanced details of writing playbooks. You
should now be able to use features such as delegation, looping, conditionals, and fact
registration to make your plays much easier to maintain and edit. We also looked at
how to access information from other hosts, configure the environment for a module,
and gather data from external sources. Finally we covered some techniques for
debugging plays that are not behaving as expected.
In the next chapter we will be covering how to use Ansible in a larger environment.
It will include methods for improving the performance of your playbooks that may
be taking a long time to execute. We will also cover a few more features that make
plays maintainable, particularly splitting them into many parts by purpose.



