Ansible 可转换变量的引用
我是Ansible的新手,我正在努力控制用户访问。我在Galaxy找到了这本剧本: 我还阅读了本资料,以帮助管理不同的环境: 因此,我有以下设置:Ansible 可转换变量的引用,ansible,ansible-template,Ansible,Ansible Template,我是Ansible的新手,我正在努力控制用户访问。我在Galaxy找到了这本剧本: 我还阅读了本资料,以帮助管理不同的环境: 因此,我有以下设置: vagrant@ansible:~/ansible$ tree ├── ansible.cfg ├── debug.yml ├── dev_site.yml ├── filter_plugins ├── group_vars │ └── all │ └── 000_cross_env_vars -> ../../invent
vagrant@ansible:~/ansible$ tree
├── ansible.cfg
├── debug.yml
├── dev_site.yml
├── filter_plugins
├── group_vars
│ └── all
│ └── 000_cross_env_vars -> ../../inventories/000_cross_env_vars
├── hosts
├── inventories
│ ├── 000_cross_env_vars
│ ├── development
│ │ ├── group_vars
│ │ │ └── all
│ │ │ ├── 000_cross_env_vars -> ../../../000_cross_env_vars
│ │ │ └── env_specific.yml
│ │ ├── hosts
│ │ └── host_vars
│ │ └── hostname1
│ ├── production
│ │ ├── group_vars
│ │ │ └── all
│ │ │ ├── 000_cross_env_vars -> ../../../000_cross_env_vars
│ │ │ └── env_specific
│ │ ├── hosts
│ │ └── host_vars
│ │ └── hostname1
│ └── staging
│ ├── group_vars
│ │ └── all
│ │ ├── 000_cross_env_vars -> ../../../000_cross_env_vars
│ │ └── env_specific.yml
│ ├── hosts
│ └── host_vars
│ └── hostname1
├── library
├── mgmt-ssh-add-key.yml
├── module_utils
├── prod_site.yml
├── README.md
├── roles
│ └── users <--- FROM LINK ABOVE
│ ├── defaults
│ │ └── main.yml
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── tasks
│ │ ├── main.yml
│ └── tests
│ └── test.yml
├── stage_site.yml
├── user_accounts.retry
└── user_accounts.yml
环境之间的共享变量
vagrant@ansible:~/ansible$ more inventories/000_cross_env_vars
---
# System Users
users:
- username: sbody
name: Some Body
uid: 3001
groups: "{{ users_groups.['username'].groups }}"
home: /home/sbody
profile: |
alias ll='ls -lah'
ssh_key:
- "ssh-rsa ... "
# Users to delete
users_deleted:
- username: bar
uid: 9002
remove: yes
force: yes
特定环境变量
vagrant@ansible:~/ansible$ cat inventories/development/group_vars/all/env_specific.yml
# here we assign variables to particular groups
env: dev
users_groups:
- username: sbody
groups: ['users','developers'] # feeds groups in user creation
# Groups to create
groups_to_create:
- name: developers
gid: 10000
我认为有一种方法可以从env_specific.yml为000_cross_env_vars中的每个用户提供组成员资格,但如果没有env_specific.yml胜过000_cross_env_vars,我不知道如何做到这一点。任何帮助都将不胜感激。先谢谢你
编辑:
我做了以下更改,现在似乎越来越近了:
vagrant@ansible:~/ansible$ cat
inventories/development/group_vars/all/env_specific.yml
# here we assign variables to particular groups
stage: dev
group_membership:
sbody_groups: ['users','developers']
以及用户声明:
vagrant@ansible:~/ansible$ more inventories/000_cross_env_vars
---
# System Users
users:
- username: sbody
name: Some Body
uid: 3001
groups: "{{ group_membership['sbody_groups'] }}"
home: /home/sbody
profile: |
alias ll='ls -lah'
ssh_key:
- "ssh-rsa ... "
因此,现在我需要弄清楚如何设置默认值,以防用户组未定义 根据我的经验:我宁愿使用
vars目录,而不是使用inventory vars
,比如:
- name: Read all variables
block:
- name: Get stats on all variable files
stat:
path: "{{item}}"
with_fileglob:
- "vars/global/common.yml"
- "vars/{{ env|default('dev') }}/default.yml"
- "vars/{{ env|default('dev') }}/secrets.vault"
register: _variables_stat
- name: Include all variable files (only when found)
include_vars : "{{item.stat.path}}"
when : item.stat.exists
with_items : "{{_variables_stat.results}}"
no_log : true
delegate_to: localhost
become: false
您可以从清单或命令行中选择env
您的全局变量将首先被读取,并由您的环境(如果存在)替换。如果没有,您将始终使用默认选项。根据个人经验,我使用清单来分隔环境,并且在尝试在不同清单之间保持某些变量的同步时,它会产生不必要的开销
相反,我们选择的是按库存组分隔环境。这样,我们可以根据组名加载变量,将这些变量传递给角色,并利用Ansible的库存自动加载机制
- name: Manage Users
hosts: some-host
tasks:
- name: Include Common Users & Groups
set_fact:
users: "{{ common_users }}"
usergroups: "{{ common_usergroups }}"
- name: Include Users Based on Groups
set_fact:
users "{{ users + q('vars', item + '_users') }}"
usergroups: "{{ usergroups + q('vars', item + '_usergroups') }}"
loop: "{{ lookup('items', group_names) }}"
roles:
role: users
但是,query
过滤器和vars
查找是新功能,随Ansible 2.5
一起提供。您是否将其作为剧本运行,并将其导入所有剧本中?我将其作为标准过程导入所有剧本中
- name: Manage Users
hosts: some-host
tasks:
- name: Include Common Users & Groups
set_fact:
users: "{{ common_users }}"
usergroups: "{{ common_usergroups }}"
- name: Include Users Based on Groups
set_fact:
users "{{ users + q('vars', item + '_users') }}"
usergroups: "{{ usergroups + q('vars', item + '_usergroups') }}"
loop: "{{ lookup('items', group_names) }}"
roles:
role: users