Ansible@一個高效的配置管理工具--Ansible configure management--翻譯（五）

無書面許可請勿轉載

高級Playbook

Extra variables
You may have seen in our template example in the previous chapter that we used a
variable called group_names . This is one of the magic variables that are provided by
Ansible itself. At the time of writing there are seven such variables, described in the
following sections.

額外的變量

你在以前的模板樣例裏已經看到過咱們有一個叫作group_names的變量，這是Ansible提供的一個奇妙的變量，像這樣的變量眼下爲止總共同擁有7個，接下來咱們就將逐一介紹他們！

hostvars allows you to retrieve variables about all the hosts that the current play
has dealt with. If the setup module hasn't yet been run on that host in the current
play, only its variables will be available. You can access it like you would access
other complex variables, such as ${hostvars.hostname.fact} , so to get the Linux
distribution running on a server named ns1 , it would be ${hostvars.ns1.ansible_
distribution} . The following example sets a variable called zone master to the
server named ns1 . It then calls the template module, which would use this to set the
masters for each zone.
---
#1
- name: Setup DNS Servers
#2
hosts: allnameservers
#3
tasks:
#4
- name: Install BIND
#5
yum: name=named state=installed
#6
- name: Setup Slaves
#7
hosts: slavenamesservers
#8
tasks:
#9
- name: Get the masters IP
#10
set_fact: dns_master="{{
hostvars.ns1.ansible_default_ipv4.address }}"
- name: Configure BIND
#12
template: dest=/etc/named.conf
src/templates/named.conf.j2
#11
#13
Using hostvars, you can further abstract templates from your
environment. If you nest your variable calls, then instead of placing an
IP address in the variable section of the play, you can add the hostname.
To find the address of a machine named in the variable the_machine
you would use, {{ hostvars.[the_machine].default_ipv4.
address }}.

hostvars 變量

hostvas可以讓你檢索，所有當前play已經處理的主機，假設setup模塊還沒執行。那麼僅僅有hostvar變量可用。它可以用${hostvars.hostname.fact}這樣的形式來訪問複雜的變量，比方用${hostvars.ns1.ansible_distribution}來訪問ns1這臺server的發行版本號。如下的樣例設置一個dns masterserver叫ns1,調用模板模塊來爲每個zone設置mastserver：

---
- name: Setup DNS Servers
hosts: allnameservers

tasks:
- name: Install BIND
yum: name=named state=installed

- name: Setup Slaves
hosts: slavenamesservers

tasks:
- name: Get the masters IP
set_fact: dns_master="{{
hostvars.ns1.ansible_default_ipv4.address }}"

- name: Configure BIND
template: dest=/etc/named.conf
src/templates/named.conf.j2

The groups variable
The groups variable contains a list of all hosts in the inventory grouped by the
inventory group. This lets you get access to all the hosts that you have configured.
This is potentially a very powerful tool. It allows you to iterate across a whole group
and for every host apply an action to the current machine.
---
- name: Configure the database
hosts: dbservers
user: root

tasks:
- name: Install mysql
yum: name={{ item }} state=installed
with_items:
- mysql-server
- MySQL-python
- name: Start mysql
service: name=mysqld state=started enabled=true
- name: Create a user for all app servers
with_items: groups.appservers
mysql_user: name=kate password=test host={{
hostvars.[item].ansible_eth0.ipv4.address }}
state=present
You can even use this variable to create known_hosts files for all of your machines
containing the host keys of all the other machines. This would allow you to then SSH
from one machine to another without confirming the identity of the remote host. It
would also handle removing machines when they leave service or updating them when
they are replaced. The following is a template for a known_hosts file that does this:
{% for host in groups['all'] %}
{{ hostvars[host]['ansible_hostname'] }}
{{
hostvars[host]['ansible_ssh_host_key_rsa_public'] }}
{% endfor %}
The playbook that uses this template would look like this:
---
hosts: all
tasks:
- name: Setup known hosts
hosts: all
tasks:
- name: Create known_hosts
template: src=templates/known_hosts.j2
dest=/etc/ssh/ssh_known_hosts owner=root group=root
mode=0644

groups變量

group變量包括設備清單組內的所有主機，它贊成咱們同一時候訪問所有咱們配置的主機，這是一個很強力的工具，讓咱們可以歷遍組內的每個主機並在上面應用操做。

---
- name: Configure the database
hosts: dbservers
user: root

tasks:
- name: Install mysql
yum: name={{ item }} state=installed
with_items:
- mysql-server
- MySQL-python

- name: Start mysql
service: name=mysqld state=started enabled=true

- name: Create a user for all app servers
with_items: groups.appservers
mysql_user: name=kate password=test host={{
hostvars.[item].ansible_eth0.ipv4.address }}
state=present

你甚至可以使用這個變量，建立一個known_hosts文件。包括所有這臺主機已知的其它主機，而後應用給你的所有主機。這樣當你使用ssh從一臺機器登錄到另一臺的時候就不需要身份驗證了。

它也可以處理在服務斷開或則因更新時被替換時，用來移除主機。如下是known_hosts文件模板的代碼：

{% for host in groups['all'] %}
{{ hostvars[host]['ansible_hostname'] }}
{{hostvars[host]['ansible_ssh_host_key_rsa_public'] }}
{% endfor %}

在playbook中可以這樣使用這個模板：
---
hosts: all
tasks:
- name: Setup known hosts
    hosts: all
    tasks:
    - name: Create known_hosts
    template: src=templates/known_hosts.j2
    dest=/etc/ssh/ssh_known_hosts owner=root group=root mode=0644

The group_names variable
The group_names variable contains a list of strings with the names of all the
groups the current host is in. This is not only useful for debugging, but also for
conditionals detecting group membership. This was used in the last chapter to
set up a nameserver.
This variable is mostly useful for skipping a task or in a template as a condition. For
instance, if you had two configurations for the SSH daemon, one secure and one less
secure, but you only wanted the secure configuration on the machines in the secure
group, you would do it like this:
- name: Setup SSH
hosts: sshservers
tasks:
- name: For secure machines
set_fact: sshconfig=files/ssh/sshd_config_secure
when: "'secure' in group_names"
- name: For non-secure machines
set_fact: sshconfig=files/ssh/sshd_config_default
when: "'secure' not in group_names"
- name: Copy over the config
copy: src={{ sshconfig }} dest=/tmp/sshd_config
In the previous example, we used the set_fact module to set the fact
for each case, and then used the copy module. We could have used
the copy module in place of the set_facts modules and used one
fewer task. The reason this was done is that the set_fact module
runs locally and the copy module runs remotely. When you use the
set_facts module first and only call the copy module once, the copies
are made on all the machines in parallel. If you used two copy modules
with conditions, then each would execute on the relevant machines
separately. Since copy is the longer task of the two, it benefits the most
from running in parallel.

group_names變量

group_names是一個關於當前主機屬於哪些組的。以及這些組名相加所獲得的字符串列表的變量。

它不僅用來debugging，也可以用來做爲推斷組成員的條件。上一章關於dns配置的樣例中咱們使用過。這個變量在用來跳過一些任務的運行或做爲模板的條件的時候很實用。

比方你有2個ssh的配置，一個安全等級比較高、還有一個略微低一些。

如下的樣例展現怎樣在高安全等級的組設備來使用高安全等級的配置：

- name: Setup SSH
hosts: sshservers

tasks:
- name: For secure machines
set_fact: sshconfig=files/ssh/sshd_config_secure
when: "'secure' in group_names"
- name: For non-secure machines
set_fact: sshconfig=files/ssh/sshd_config_default
when: "'secure' not in group_names"

- name: Copy over the config
copy: src={{ sshconfig }} dest=/tmp/sshd_config

在上述樣例中，咱們在2個條件中分別設置fact而後再部署一個copy，這樣作的緣由是因爲set_fact是在本地執行，而copy是在遠程執行。當執行時，copy模塊是並行執行的。不然當咱們在2個條件中分別使用copy，那麼它將單獨執行。假設copy模塊執行的時間較長的話，並行執行的性能將會更好一些！

The inventory_hostname variable
The inventory_hostname variable stores the hostname of the server as recorded in
the inventory. You should use this if you have chosen not to run the setup module
on the current host, or if for various reasons the value detected by the setup module
is not correct. This is useful when you are doing the initial setup of the machine and
changing the hostname.

The inventory_hostname_short variable
The inventory_hostname_short variable is the same as the previous variable;
however, it only includes the characters up to the first dot. So for host.example.
com , it would return host .

inventory_hostname變量

inventory_hostname變量保存了在設備配置清單中server的主機名，當你選擇不使用setup模塊或則因爲其它緣由setup模塊不能執行的時候，這很是實用。

另外，當你正在初始化一個臺主機並改動它的hostname的時候也很是實用。

inventory_hostname_short變量

inventory_hostname_short變量跟inventory_hostname同樣，僅僅是去掉域名。比方inventory_hostname 是host.example 那麼inventory_hostname_short就是 host

The inventory_dir variable
The inventory_dir variable is the path name of the directory containing the
inventory file.
The inventory_file variable
The inventory_file variable is the same as the previous one, except it also includes
the filename.

inventory_dir

inventory_dir是設備清單文件的路徑

inventory_file

inventory_file是設備清單文件的文件名稱