ansible变量
一、定义变量规则
由字母/数字/下划线组成,变量需要以字母开头,ansible内置的关键字不能作为变量名。
ansible中,可以将变量简化为三个范围
Global范围(高):从命令行和ansible配置设置的变量
play范围(中):在play和相关结构中设置的变量
Host范围(低):inventory、facts或register的变量,在主机组和个别主机上设置的变量
三个范围的变量优先级由高到低,如果变量重复定义,则以优先级高的为准
二、注册和定义变量的各种方式
ansible中定义变量的方式有很多种,大致有:
(1) 将模块的执⾏结果注册为变量
(2) 直接定义字典类型的变量
(3) role中⽂件内定义变量
(4) 命令⾏传递变量
(5) 借助with_items迭代将多个task的结果赋值给⼀个变量(循环)
(6) inventory中的主机或主机组变量
(7) 内置变量
(8) 事实变量
查看事实变量
[student@master ansible]$ ansible node1 -m setup > a //将node1的事实变量都存放到a文件中
[student@master ansible]$ vim a
三、定义变量的方法
1、vars定义变量(手动定义)
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
TASK [test1] ***************************************************************************
ok: [node1] => {
"msg": 11
}
TASK [test2] ***************************************************************************
ok: [node1] => {
"msg": 22
}
TASK [test3] ***************************************************************************
ok: [node1] => {
"msg": "33"
}
TASK [test4] ***************************************************************************
ok: [node1] => {
"msg": "44"
}
PLAY RECAP *****************************************************************************
node1 : ok=5 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
---
- name: test
hosts: node1
vars:
aa: 11
bb: 22
cc:
c1: 33
c2: 44
tasks:
- name: test1
debug:
msg: "{{ aa }}"
- name: test2
debug:
msg: "{{ bb }}"
- name: test3
debug:
msg: "{{ cc.c1 }}"
- name: test4
debug:
msg: "{{ cc.c2 }}"
不使用引号是前面或者后面需要带字符串
[student@master ansible]$ vim a.yml
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
TASK [test1] ***************************************************************************
ok: [node1] => {
"msg": "this is 11"
}
TASK [test2] ***************************************************************************
ok: [node1] => {
"msg": 22
}
TASK [test3] ***************************************************************************
ok: [node1] => {
"msg": "33"
}
TASK [test4] ***************************************************************************
ok: [node1] => {
"msg": "44"
}
PLAY RECAP *****************************************************************************
node1 : ok=5 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
2、Vars_files定义变量(变量定义在文件中)
[student@master ansible]$ vim abc
[student@master ansible]$ vim abc.yml
[student@master ansible]$ ansible-playbook abc.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
TASK [test1] ***************************************************************************
ok: [node1] => {
"msg": "this is 1"
}
TASK [test2] ***************************************************************************
ok: [node1] => {
"msg": 2
}
TASK [test3] ***************************************************************************
ok: [node1] => {
"msg": "3"
}
TASK [test4] ***************************************************************************
ok: [node1] => {
"msg": "4"
}
PLAY RECAP *****************************************************************************
node1 : ok=5 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
3、register注册变量(不管注册成功或者失败变量都存在)
使⽤register选项,可以将当前task的输出结果赋值给⼀个变量
(1)在node1中写入内容123到/tmp/file1
[root@node1 ~]# echo 123 > /tmp/file1
[root@node1 ~]# cat /tmp/file1
123
(2)用shell查看(不能看到内容:123,用临时命令可以呈现,但用playbook会隐藏结果,但是playbook也查看了,只是没有呈现)
[student@master ansible]$ vim b.yml
[student@master ansible]$ ansible-playbook b.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
TASK [test1] ***************************************************************************
changed: [node1]
PLAY RECAP *****************************************************************************
node1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
(3)使用register进行输出(输出的结果比较多,123只是其中一部分)
[student@master ansible]$ vim b.yml
[student@master ansible]$ ansible-playbook b.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
TASK [test1] ***************************************************************************
changed: [node1]
TASK [test2] ***************************************************************************
ok: [node1] => {
"msg": {
"changed": true,
"cmd": "cat /tmp/file1",
"delta": "0:00:00.011342",
"end": "2025-09-02 10:59:50.777497",
"failed": false,
"msg": "",
"rc": 0,
"start": "2025-09-02 10:59:50.766155",
"stderr": "",
"stderr_lines": [],
"stdout": "123",
"stdout_lines": [
"123"
]
}
}
PLAY RECAP *****************************************************************************
node1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
(4)只输出123的内容
[student@master ansible]$ vim b.yml
[student@master ansible]$ ansible-playbook b.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
TASK [test1] ***************************************************************************
changed: [node1]
TASK [test2] ***************************************************************************
ok: [node1] => {
"msg": "123"
}
PLAY RECAP *****************************************************************************
node1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
(5)用var就不用引号和大括号
[student@master ansible]$ vim b.yml
[student@master ansible]$ ansible-playbook b.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
TASK [test1] ***************************************************************************
changed: [node1]
TASK [test2] ***************************************************************************
ok: [node1] => {
"luoqi.stdout": "123"
}
PLAY RECAP *****************************************************************************
node1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
(6)不管shell任务执行成功或者失败,luoqi都会注册成功(只不过显示空值)
4、set_fact 定义变量(事实变量)
set_fact和register的功能很相似,也是将值赋值给变量。它更像shell中变量的赋值⽅式,可以将某个变量的值赋值给另⼀个变量,也可以将字符串赋值给变量。
(1)查看node1的事实变量,并将这些事实变量从定向到a文件
[student@master ansible]$ ansible node1 -m setup > a
[student@master ansible]$ vim a
(2)一些比较重要额、的事实变量
ipv4地址: ansible_default_ipv4.address
ansible_网卡名称.ipv4.address
例: ansible_enp1s0.ipv4.address
主机名(完全合格域名): ansible_fqdn
主机名称: ansible_hostname
内存大小: ansible_memtotal_mb
vda硬盘大小: ansible_devices.vda.size
bios版本: ansible_bios_version
(3)引用事实变量(直接引用不需要手动进行指定)
[student@master ansible]$ vim ss.yml
[student@master ansible]$ ansible-playbook ss.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
TASK [test1] ***************************************************************************
ok: [node1] => {
"msg": "the node1.example.com address is 192.168.122.10"
}
PLAY RECAP *****************************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
5、通过命令传入变量(传多个值中间用空格隔开)
[student@master ansible]$ ansible-playbook ml.yml -e "name1=yyqx"
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
TASK [test1] ***************************************************************************
ok: [node1] => {
"msg": "my name is yyqx"
}
PLAY RECAP *****************************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
6、主机清单中的变量
(1)对单个受控主机
[student@master ansible]$ vim inventory
[student@master ansible]$ vim ml.yml
[student@master ansible]$ ansible-playbook ml.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
TASK [test1] ***************************************************************************
ok: [node1] => {
"msg": "my name is luoqi"
}
PLAY RECAP *****************************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
注意:变量名称写到node1后面,就只有node1能调用这个变量(name1)
(2)将受控主机分组,进行设置变量(可以调用主机组里的主机:node2)
[student@master ansible]$ vim inventory
[student@master ansible]$ vim ml.yml
[student@master ansible]$ ansible-playbook ml.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node2]
TASK [test1] ***************************************************************************
ok: [node2] => {
"msg": "my name is luoqi"
}
PLAY RECAP *****************************************************************************
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
7、对主机设置变量
(1)创建一个host_vars的目录(注意路径),然后编写一个node2.yml的文件
[student@master ansible]$ ls
a abc.yml a.yml collections ml.yml ss.yml
abc ansible.cfg b.yml inventory roles
[student@master ansible]$ mkdir host_vars
[student@master ansible]$ ls
a abc.yml a.yml collections inventory roles
abc ansible.cfg b.yml host_vars ml.yml ss.yml
[student@master ansible]$ cd host_vars/
[student@master host_vars]$ ls
[student@master host_vars]$ vim node2.yml
也可以调用node2.yml中的变量(记得调用之前确保inventory中没有给node2定义变量)
[student@master ansible]$ ansible-playbook ml.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node2]
TASK [test1] ***************************************************************************
ok: [node2] => {
"msg": "my name is luoqi"
}
PLAY RECAP *****************************************************************************
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
(2)在host_vars的目录下再写一个node2的文件
(会调用node2文件中的值,node2的优先级高于node2.yml)
[student@master host_vars]$ vim node2
[student@master host_vars]$ cd ..
[student@master ansible]$ ansible-playbook ml.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node2]
TASK [test1] ***************************************************************************
ok: [node2] => {
"msg": "my name is yyqx"
}
PLAY RECAP *****************************************************************************
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
8、对主机组定义变量(mkdir group_vars)
(1)创建一个group_vars的目录(注意路径),然后编写一个dev.yml的文件
[student@master ansible]$ ls
a abc.yml a.yml collections inventory roles
abc ansible.cfg b.yml host_vars ml.yml ss.yml
[student@master ansible]$ mkdir group_vars
[student@master ansible]$ ls
a abc.yml a.yml collections host_vars ml.yml ss.yml
abc ansible.cfg b.yml group_vars inventory roles
[student@master ansible]$ cd group_vars/
[student@master group_vars]$ ls
[student@master group_vars]$ vim dev.yml
也可以调用dev.yml中的变量(记得调用之前确保inventory中没有给node2定义变量)
[student@master ansible]$ ansible-playbook ml.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node2]
ok: [node1]
TASK [test1] ***************************************************************************
ok: [node1] => {
"msg": "my name is sss"
}
ok: [node2] => {
"msg": "my name is sss"
}
PLAY RECAP *****************************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
(2)在group_vars的目录下再写一个dev的文件
(会调用dev文件中的值,dev的优先级高于dev.yml)
[student@master ansible]$ cd group_vars/
[student@master group_vars]$ ls
dev.yml
[student@master group_vars]$ vim dev
[student@master group_vars]$ cd ..
[student@master ansible]$ ansible-playbook ml.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
ok: [node2]
TASK [test1] ***************************************************************************
ok: [node1] => {
"msg": "my name is yyqx"
}
ok: [node2] => {
"msg": "my name is yyqx"
}
PLAY RECAP *****************************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
9、当主机变量和主机组变量发生冲突时(以单个受控主机的定义为准)
[student@master ansible]$ vim inventory
[student@master ansible]$ vim ml.yml
[student@master ansible]$ ansible-playbook ml.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node2]
TASK [test1] ***************************************************************************
ok: [node2] => {
"msg": "my name is 123"
}
PLAY RECAP *****************************************************************************
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
10、内置变量ansible_version(查看ansible版本)
[student@master ansible]$ vim a.yml
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node2]
TASK [test1] ***************************************************************************
ok: [node2] => {
"msg": {
"full": "2.13.3",
"major": 2,
"minor": 13,
"revision": 3,
"string": "2.13.3"
}
}
PLAY RECAP *****************************************************************************
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
11、内置变量inventory_hostname
[student@master ansible]$ vim inventory
[student@master ansible]$ vim a.yml
[student@master ansible]$ ansible-playbook a.yml
12、内置变量play_hosts(输出指定组里面的全部受控主机)
[student@master ansible]$ vim inventory
[student@master ansible]$ vim a.yml
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
ok: [node2]
TASK [test1] ***************************************************************************
ok: [node2] => {
"msg": [
"node2",
"node1"
]
}
ok: [node1] => {
"msg": [
"node2",
"node1"
]
}
PLAY RECAP *****************************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
13、内置变量groups(显示分组情况)
[student@master ansible]$ vim a.yml
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
TASK [test1] ***************************************************************************
ok: [node1] => {
"msg": {
"all": [
"node2",
"node1",
"node3",
"node4",
"node5"
],
"dev": [
"node2",
"node1"
],
"prod": [
"node5"
],
"test": [
"node3",
"node4"
],
"ungrouped": []
}
}
PLAY RECAP *****************************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
ungrouped:展示未分组的受控主机
[student@master ansible]$ vim inventory
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
TASK [test1] ***************************************************************************
ok: [node1] => {
"msg": {
"all": [
"node5",
"node2",
"node1",
"node3",
"node4"
],
"dev": [
"node2",
"node1"
],
"test": [
"node3",
"node4"
],
"ungrouped": [
"node5"
]
}
}
PLAY RECAP *****************************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
获取所有的受控主机
[student@master ansible]$ vim a.yml
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
TASK [test1] ***************************************************************************
ok: [node1] => {
"msg": [
"node5",
"node2",
"node1",
"node3",
"node4"
]
}
PLAY RECAP *****************************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
14、内置变量group_names(告诉指定的受控主机属于哪一个组)
[student@master ansible]$ vim a.yml
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
TASK [test1] ***************************************************************************
ok: [node1] => {
"msg": [
"dev"
]
}
PLAY RECAP *****************************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
15、内置变量inventory_dir(告知主机清单的目录)
[student@master ansible]$ vim a.yml
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
TASK [test1] ***************************************************************************
ok: [node1] => {
"msg": "/home/student/ansible"
}
PLAY RECAP *****************************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
16、With_items叠加变量—可以给一个变量赋予多个值
示例1:要对node5创建三个用户(user1、user2、user3)
[student@master ansible]$ vim a.yml
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node5]
TASK [create user] *********************************************************************
changed: [node5] => (item=user1)
changed: [node5] => (item=user2)
changed: [node5] => (item=user3)
PLAY RECAP *****************************************************************************
node5 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@node5 ~]# ls /home
student user1 user2 user3
[root@node5 ~]#
只用with_items看不到结果
[student@master ansible]$ vim a.yml
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node5]
TASK [test1] ***************************************************************************
changed: [node5] => (item=a)
changed: [node5] => (item=b)
changed: [node5] => (item=c)
PLAY RECAP *****************************************************************************
node5 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
使用注册变量输出结果
[student@master ansible]$ vim a.yml
这样会显示全部的注册变量
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node5]
TASK [test1] ***************************************************************************
changed: [node5] => (item=a)
changed: [node5] => (item=b)
changed: [node5] => (item=c)
TASK [test2] ***************************************************************************
ok: [node5] => {
"stw": {
"changed": true,
"msg": "All items completed",
"results": [
{
"ansible_loop_var": "item",
"changed": true,
"cmd": "echo a",
"delta": "0:00:00.008039",
"end": "2025-09-02 14:27:15.658547",
"failed": false,
"invocation": {
"module_args": {
"_raw_params": "echo a",
"_uses_shell": true,
"argv": null,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"stdin_add_newline": true,
"strip_empty_ends": true,
"warn": false
}
},
"item": "a",
"msg": "",
"rc": 0,
"start": "2025-09-02 14:27:15.650508",
"stderr": "",
"stderr_lines": [],
"stdout": "a",
"stdout_lines": [
"a"
]
},
{
"ansible_loop_var": "item",
"changed": true,
"cmd": "echo b",
"delta": "0:00:00.006834",
"end": "2025-09-02 14:27:16.671465",
"failed": false,
"invocation": {
"module_args": {
"_raw_params": "echo b",
"_uses_shell": true,
"argv": null,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"stdin_add_newline": true,
"strip_empty_ends": true,
"warn": false
}
},
"item": "b",
"msg": "",
"rc": 0,
"start": "2025-09-02 14:27:16.664631",
"stderr": "",
"stderr_lines": [],
"stdout": "b",
"stdout_lines": [
"b"
]
},
{
"ansible_loop_var": "item",
"changed": true,
"cmd": "echo c",
"delta": "0:00:00.008333",
"end": "2025-09-02 14:27:17.727243",
"failed": false,
"invocation": {
"module_args": {
"_raw_params": "echo c",
"_uses_shell": true,
"argv": null,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"stdin_add_newline": true,
"strip_empty_ends": true,
"warn": false
}
},
"item": "c",
"msg": "",
"rc": 0,
"start": "2025-09-02 14:27:17.718910",
"stderr": "",
"stderr_lines": [],
"stdout": "c",
"stdout_lines": [
"c"
]
}
],
"skipped": false
}
}
PLAY RECAP *****************************************************************************
node5 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
只单独显示a、b、c(需要给a、b、c 排序)
[student@master ansible]$ vim a.yml
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node5]
TASK [test1] ***************************************************************************
changed: [node5] => (item=a)
changed: [node5] => (item=b)
changed: [node5] => (item=c)
TASK [test2] ***************************************************************************
ok: [node5] => {
"stw.results[0].stdout": "a"
}
TASK [test3] ***************************************************************************
ok: [node5] => {
"stw.results[1].stdout": "b"
}
TASK [test4] ***************************************************************************
ok: [node5] => {
"stw.results[2].stdout": "c"
}
PLAY RECAP *****************************************************************************
node5 : ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
17、管理机密(ansible-vault 进行创建、编辑、加密、解密和查看文件)
Ansible vault可以加密任何由ansible使用的结构化数据文件。这可能包括清单变量、playbook中含有的变量文件、在执行playbook时作为参数传递的变量文件,或者ansible角色中定义的变量。
(1)创建加密的文件
[student@master ansible]$ ansible-vault create c.yml
New Vault password:
Confirm New Vault password:
[student@master ansible]$ ansible-playbook c.yml (不能直接用-playbook执行这个剧本)
ERROR! Attempting to decrypt but no vault secrets found
[student@master ansible]$ cat c.yml (用cat不能查看)
$ANSIBLE_VAULT;1.1;AES256
30366232316237353735323039393630343734643334646134646630326165303561366461366231
3263323339636331383231613631363565306535646336620a653336383238326465383839613861
65663863623666396236653434366464616561343361393133666237326665356264313039633639
3765346434653364330a373666326261303166633862663631323139623065656266386437366533
37306335386139326632616436323833616138333764353437383738386162633436363762333233
64366332643262336663626166613239313165663931303936326331393932376635323133333639
61326230653034376466663838373263376139633464303465383234356663373764366538633837
62313238363933343231643366373338633037643433393634346565646130383261393463613362
3733
(2)查看加密文件
[student@master ansible]$ ansible-vault view c.yml
Vault password:
---
- name: test
hosts: node1
tasks:
- name: test1
debug:
msg: echo 123
(3)编辑现有的加密文件
[student@master ansible]$ ansible-vault edit c.yml
Vault password:
(4)解密现有的文件
[student@master ansible]$ ansible-vault decrypt c.yml
Vault password:
Decryption successful
(5)对现有的文件进行加密
[student@master ansible]$ cat d.yml
---
- name: test
hosts: node1
tasks:
- name: test1
debug:
msg: echo 123
[student@master ansible]$ ansible-vault encrypt d.yml
New Vault password:
Confirm New Vault password:
Encryption successful
(6)对现有的文件进行加密(密码在另一个文件里面)
[student@master ansible]$ vim secret.txt
[student@master ansible]$ cat secret.txt
123456
[student@master ansible]$ chmod 600 secret.txt
[student@master ansible]$ vim c.yml
[student@master ansible]$ ansible-vault encrypt c.yml --vault-id secret.txt
Encryption successful
[student@master ansible]$ cat c.yml
$ANSIBLE_VAULT;1.1;AES256
30393434656533616139363562343833376238333231376239373630343830373064353836343964
3063613265613030343463336361316537393136356538320a623835376461303034383562633531
32656336303537343466626265373236333837393635656139336261646237373864653262653432
6535616333366538660a636630336539373430346461326235643738646564663862333937316530
34643133353966363135646132303533383335313532313665376338653761646533633938643264
34363636343036633632613664383062343664336437643063636231383761396161613135356332
39323831303434646162666531613239623439633138663630363666646538366330343432333939
33393130326334373838623364383036366638333134616639346462346135633066323332326663
6136
运行这个剧本(不用输密码)
[student@master ansible]$ ansible-playbook c.yml --vault-id secret.txt
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
TASK [test1] ***************************************************************************
ok: [node1] => {
"msg": "echo 123"
}
PLAY RECAP *****************************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
(7)更改加密文件的密码
[student@master ansible]$ cat d.yml
$ANSIBLE_VAULT;1.1;AES256
32383432626631343332366434303136363562336364346666343232366661323162386534346565
3265393039376561666638613837373231353164333265650a353438383333316530636433663031
31376334383837383263353632333133376331613866323064656232383837626239316632376434
3832333463363863640a353362656461353434386136353037326631383031353536613065353161
62363031353265623334393261343139626165663034373231366133613765376234306562643938
61313766303163366463323531393966313335323231666230633132636566326133373965363064
32656664393561383738383937313664343637346531313237633131383838386634356136663032
31363762306661666132306433663635373165323936316633393565633937623965393562663566
3461
[student@master ansible]$ ansible-vault rekey d.yml
Vault password: //先输入旧密码
New Vault password: //再输入新密码
Confirm New Vault password: //确认新密码
Rekey successful
(8)执行加密的剧本(使用选项–vault-id @prompt或者–ask-vault-pass都可以)
[student@master ansible]$ ansible-playbook c.yml --ask-vault-pass
Vault password:
PLAY [test] ****************************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
TASK [test1] ***************************************************************************
ok: [node1] => {
"msg": "echo 123"
}
PLAY RECAP *****************************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0