Ansible 插件
一、Ansible 插件是什么?
所谓 “插件” 通俗点来理解就是增强软件本身功能的代码片段,通常以可插拔的方式安装、集成到软件中来,Ansible 正是基于插件架构实现丰富、灵活的功能集
前面,我们学习了 Playbook —— 判断 —— tests 小节,tests 提供给我们丰富的判断关键字,诸如以下,tests 就是插件的一种
除此外,当我们在清单文件 (/etc/ansible/hosts 文件) 中定义目标主机时,其实也用到了一类插件,Inventory Plugins,而当我们去连接被控节点时,也会用到一类插件,Connection Plugins,包括之前我们使用的各种用来循环的关键字 with_*,它也是在背后通过 Lookup Plugins 实现功能的
二、Ansible 插件分类
| 分类 | 常用插件 | 描述 |
|---|---|---|
| Action Plugins | Action 插件与模块一起执行 PlayBook 任务所需的操作,属于最基础的插件,不用太关注 | |
| Become Plugins | sudo、su、runas | Become 插进用来提升执行任务的权限, |
| Cache Plugins | jsonfile、redis、mongodb | 缓存插件 实现了后端缓存机制,通过将 facts 和 inventory 元数据存入缓存,以此避免频繁回源拉取数据,提供执行效率 |
| Callback Plugins | debug | 回调插件 可以在响应事件时向 Ansible 添加回调行为 |
| Cliconf Plugins | ||
| Connection Plugins | ||
| Httpapi Plugins | ||
| Inventory Plugins | host_list、k8s、script、yaml、ini | 清单插件 用于为用户声明数据源 |
| Lookup Plugins | with_*、loop、etcd、k8s | lookup 插件,从外部系统拉数据 |
| Netconf Plugins | ||
| Shell Plugins | sh、powershell、 | shell 插件,实现远程节点命令执行 |
| Strategy Plugins | debug、free、linear | 策略插件通过处理play和hosts调度 来控制play执行的流程 |
| Vars Plugins | host_group_vars | 主机变量、组变量 |
| Using filters to manipulate data | ||
| Tests | ||
| Rejecting modules |
暂时先不完善它了,避免有些概念理解还不透彻
三、Ansible 插件使用帮助
前面我们提到了,之前学习的过程中不知不觉便使用到了插件,哪由此我们获取会产生一个好奇,如何查看系统中有哪些可用的插件,以及它们分别该如何使用呢?
首先,先回到第一个问题,如何查看系统中有哪些可用的插件,答案是命令 ansible-doc,如下所示:
$ ansible-doc -l
fortios_router_community_list Configure community lists in Fortinet's FortiOS and FortiGate
azure_rm_devtestlab_info Get Azure DevTest Lab facts
ecs_taskdefinition register a task definition in ecs
avi_alertscriptconfig Module for setup of AlertScriptConfig Avi RESTful Object
tower_receive Receive assets from Ansible Tower
netapp_e_iscsi_target NetApp E-Series manage iSCSI target configuration
azure_rm_acs Manage an Azure Container Service(ACS) instance
fortios_log_syslogd2_filter Filters for remote system server in Fortinet's FortiOS and FortiGate
junos_rpc Runs an arbitrary RPC over NetConf on an Juniper JUNOS device
na_elementsw_vlan NetApp Element Software Manage VLAN
pn_ospf CLI command to add/remove ospf protocol to a vRouter
...
# 省略下面内容由于 ansible 内置了非常多的插件,假如我指向看某一类的插件,可以这么做
$ ansible-doc -t become -l
ksu Kerberos substitute user
pbrun PowerBroker run
enable Switch to elevated permissions on a network device
sesu CA Privileged Access Manager
pmrun Privilege Manager run
runas Run As user
sudo Substitute User DO
su Substitute User
doas Do As user
pfexec profile based execution
machinectl Systemd's machinectl privilege escalation
dzdo Centrify's Direct AuthorizeOK,这下清爽多了,可是如何使用呢?假如我们此时想要用 sudo 插件,这也不难
$ ansible-doc -t become sudo执行效果
> SUDO (/usr/lib/python2.7/site-packages/ansible/plugins/become/sudo.py)
This become plugins allows your remote/login user to execute commands as another user via the sudo utility.
* This module is maintained by The Ansible Community
OPTIONS (= is mandatory):
- become_exe
Sudo executable
[Default: sudo]
set_via:
env:
- name: ANSIBLE_BECOME_EXE
- name: ANSIBLE_SUDO_EXE
ini:
- key: become_exe
section: privilege_escalation
- key: executable
section: sudo_become_plugin
vars:
- name: ansible_become_exe
- name: ansible_sudo_exe
- become_flags
Options to pass to sudo
[Default: -H -S -n]
set_via:
env:
- name: ANSIBLE_BECOME_FLAGS
- name: ANSIBLE_SUDO_FLAGS
ini:
- key: become_flags
section: privilege_escalation
- key: flags
section: sudo_become_plugin
vars:
- name: ansible_become_flags
- name: ansible_sudo_flags
- become_pass
Password to pass to sudo
[Default: (null)]
set_via:
env:
- name: ANSIBLE_BECOME_PASS
- name: ANSIBLE_SUDO_PASS
ini:
- key: password
section: sudo_become_plugin
vars:
- name: ansible_become_password
- name: ansible_become_pass
- name: ansible_sudo_pass
- become_user
User you 'become' to execute the task
[Default: root]
set_via:
env:
- name: ANSIBLE_BECOME_USER
- name: ANSIBLE_SUDO_USER
ini:
- key: become_user
section: privilege_escalation
- key: user
section: sudo_become_plugin
vars:
- name: ansible_become_user
- name: ansible_sudo_user
AUTHOR: ansible (@core)
METADATA:
status:
- preview
supported_by: community我们可以参照着上述帮助信息,使用 sudo 插件
四、Ansible 常用插件
4.1 lookup 插件
我们先看下 lookup 类型插件里的插件列表:
$ ansible-doc -t lookup -l
aws_secret Look up secrets stored in AWS Secrets Manager
manifold get credentials from Manifold.co
vars Lookup templated value of variables
sequence generate a list based on a number sequence
first_found return first file found from list
keyring grab secrets from the OS keyring
nested composes a list with nested elements of other lists
cpm_metering Get Power and Current data from WTI OOB/Combo and PDU devices
list simply returns what it is given
avi Look up ``Avi`` objects
file read file contents
conjur_variable Fetch credentials from CyberArk Conjur
dnstxt query a domain(s)'s DNS txt fields
k8s Query the K8s API
template retrieve contents of file after templating with Jinja2
cpm_status Get status and parameters from WTI OOB and PDU devices
cartesian returns the cartesian product of lists
nios Query Infoblox NIOS objects
varnames Lookup matching variable names
inventory_hostnames list of inventory hosts matching a host pattern
passwordstore manage passwords with passwordstore.org's pass utility
redis fetch data from Redis
onepassword fetch field values from 1Password
laps_password Retrieves the LAPS password for a server
nios_next_ip Return the next available IP address for a network
dict returns key/value pair items from dictionaries
etcd get info from an etcd server
onepassword_raw fetch an entire item from 1Password
hiera get info from hiera data
config Lookup current Ansible configuration values
nios_next_network Return the next available network range for a network-container
subelements traverse nested key from a list of dictionaries
shelvefile read keys from Python shelve file
filetree recursively match all files in a directory tree
gcp_storage_file Return GC Storage content
mongodb lookup info from MongoDB
cyberarkpassword get secrets from CyberArk AIM
indexed_items rewrites lists to return 'indexed items'
csvfile read data from a TSV or CSV file
chef_databag fetches data from a Chef Databag
flattened return single list completely flattened
aws_account_attribute Look up AWS account attributes
password retrieve or generate a random password, stored in a file
random_choice return random element from list
skydive Query Skydive objects
aws_service_ip_ranges Look up the IP ranges for services provided in AWS such as EC2 and S3
env read the value of environment variables
url return contents from URL
items list of items
credstash retrieve secrets from Credstash on AWS
dig query DNS using the dnspython library
lines read lines from command
rabbitmq Retrieve messages from an AMQP/AMQPS RabbitMQ queue
together merges lists into synchronized list
pipe read output from a command
consul_kv Fetch metadata from a Consul key value store
hashi_vault retrieve secrets from HashiCorp's vault
grafana_dashboard list or search grafana dashboards
lastpass fetch data from lastpass
fileglob list files matching a pattern
aws_ssm Get the value for a SSM parameter or all parameters under a path
ini read data from a ini file内容比较多,我们先挑一个之前相对熟悉的,indexed_items,此前我们在 Playbook 循环的小节中学到过一个关键字 with_indexed_items,它的作用类似于 Python 中的 enumerate 函数,可以用来给列表元素分配序号
我们看下它的帮助信息
$ ansible-doc -t lookup indexed_items
...
EXAMPLES:
- name: indexed loop demo
debug:
msg: "at array position {{ item.0 }} there is a value {{ item.1 }}"
with_indexed_items:
- "{{ some_list }}"文档里提供的方法是直接使用 with_indexed_items ,其实我们可以通过另外一种方式 lookup 去使用它,具体见下面例子
indexed_items
现在,我们看看如何使用 lookup 实现之前的 with_indexed_items 的功能:
之前的使用方式
- hosts: ecs[0]
gather_facts: no
vars:
id_list: ["a", "b", "c"]
tasks:
- debug:
msg: "索引:{{ item.0 }} 值:{{ item.1 }}"
with_indexed_items: "{{ id_list }}"lookup 插件
- hosts: ecs[0]
gather_facts: no
vars:
id_list: ["a", "b", "c"]
tasks:
- debug:
msg: "索引:{{ item.0 }} 值:{{ item.1 }}"
# with_indexed_items: "{{ id_list }}"
# loop 关键字用来循环
# lookup 插件用来提供数据源
# lookup 函数通过 indexed_items 插件处理列表 ["a", "b", "c"] -> [(0, "a"), (1, "b"), (2, "c")]
loop: "{{ lookup('indexed_items', id_list) }}"执行效果
$ ansible-playbook playbook-plugin-demo1.yml
PLAY [ecs[0]] ******
TASK [debug] ******
ok: [ecs-1.aliyun.sz] => (item=[0, u'a']) => {
"msg": "索引:0 值:a"
}
ok: [ecs-1.aliyun.sz] => (item=[1, u'b']) => {
"msg": "索引:1 值:b"
}
ok: [ecs-1.aliyun.sz] => (item=[2, u'c']) => {
"msg": "索引:2 值:c"
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0可以看到,我们只需要通过将对应的 插件名称 传入 lookup 函数中,即可实现对应的功能
dict
我们再看一个例子,同样的先看下文档
$ ansible-doc -t lookup dict
EXAMPLES:
vars:
users:
alice:
name: Alice Appleworth
telephone: 123-456-7890
bob:
name: Bob Bananarama
telephone: 987-654-3210
tasks:
# with predefined vars
- name: Print phone records
debug:
msg: "User {{ item.key }} is {{ item.value.name }} ({{ item.value.telephone }})"
loop: "{{ lookup('dict', users) }}"
# with inline dictionary
- name: show dictionary
debug:
msg: "{{item.key}}: {{item.value}}"
with_dict: {a: 1, b: 2, c: 3}
# Items from loop can be used in when: statements
- name: set_fact when alice in key
set_fact:
alice_exists: true
loop: "{{ lookup('dict', users) }}"
when: "'alice' in item.key"此前的定义方式,大致如下:
# with inline dictionary
- name: show dictionary
debug:
msg: "{{item.key}}: {{item.value}}"
with_dict: {a: 1, b: 2, c: 3}使用 loop 关键字配合 lookup、dict 插件
- hosts: ecs[0]
gather_facts: no
vars:
userinfo: {"name": "Da", "gender": "male"}
tasks:
- debug:
msg: "属性: {{ item.key }} 值: {{ item.value }}"
loop: "{{ lookup('dict', userinfo) }}"执行效果
$ ansible-playbook playbook-plugin-demo2.yml
PLAY [ecs[0]] ******
TASK [debug] ******
ok: [ecs-1.aliyun.sz] => (item={u'value': u'male', u'key': u'gender'}) => {
"msg": "属性: gender 值: male"
}
ok: [ecs-1.aliyun.sz] => (item={u'value': u'Da', u'key': u'name'}) => {
"msg": "属性: name 值: Da"
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0OK,到这里我们基本已经熟悉了 lookup 插件的使用方式:lookup(‘插件名’,被处理数据或参数),由于它本身并没有循环功能,所以通常需要配合着 loop 关键字进行使用
前面我们了解 lookup 与 loop 配合可以实现某些 with_* 的功能,需要注意的是 lookup 的功能可不止于此,它最核心的功能的在于 获取并处理外部数据,并赋值给某个变量,为了加深这句话的理解,我们再做两个小例子
file
我们学习过 with_file 关键字,它是用来循环文件列表,并从获取控制节点获取对应的内容,我们看下它(file)在 lookup 插件中是如何使用的
with_file
- hosts: ecs[1]
remote_user: root
gather_facts: no
tasks:
- debug:
msg: "{{ item }}"
with_file:
- /tmp/testdir/t1.txt
- /tmp/testdir/t2.txt使用 loop 关键字配合 lookup、file 插件
- hosts: ecs[0]
gather_facts: no
vars:
filelist:
- /tmp/testdir/t1.txt
- /tmp/testdir/t2.txt
tasks:
- debug:
msg: "{{ lookup('file', item) }}"
loop: "{{ filelist }}"不适用 loop 关键字同样也可以,如下:
- hosts: ecs[0]
gather_facts: no
vars:
filelist:
- /tmp/testdir/t1.txt
- /tmp/testdir/t2.txt
tasks:
- debug:
# lookup 插件通过 file 插件获取多个文件的内容
# 默认情况下所有文件内容会输出到一行中,通过 wantlist=true 声明每个文件内容存到一个列表元素中
msg: "{{ lookup('file', '/tmp/testdir/t1.txt', '/tmp/testdir/t2.txt', wantlist=true) }}"
# loop: "{{ filelist }}"执行效果
$ ansible-playbook playbook-plugin-demo3.yml
PLAY [ecs[0]] ******
TASK [debug] ******
ok: [ecs-1.aliyun.sz] => {
"msg": [
"t1 test1 test file 1",
"t2 test2 test file 2"
]
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0可以看到我们通过设置 wantlist 参数为 true 实现每个文件内容存到一个元素中,在 2.5 版本的 ansible 中引入了一个新的 jinja2 函数,query,也可以表示为 q,query 函数再调用 lookup 中的 file 插件时,默认就是会返回一个包含各文件内容的列表,使用如下:
tasks:
- debug:
# lookup 插件通过 file 插件获取多个文件的内容
# 默认情况下所有文件内容会输出到一行中,通过 wantlist=true 声明每个文件内容存到一个列表元素中
# msg: "{{ lookup('file', '/tmp/testdir/t1.txt', '/tmp/testdir/t2.txt', wantlist=true) }}"
msg: "{{ query('file', '/tmp/testdir/t1.txt', '/tmp/testdir/t2.txt') }}"
# loop: "{{ filelist }}"执行效果
$ ansible-playbook playbook-plugin-demo3.yml
PLAY [ecs[0]] ******
TASK [debug] ******
ok: [ecs-1.aliyun.sz] => {
"msg": [
"t1 test1 test file 1",
"t2 test2 test file 2"
]
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0倘若文件列表中有某个文件我们不确定它是否存在,当文件不存在时我们可以通过 error='ignore' 显式声明忽略错误(ignore、warn、strict 默认)
剧本定义
tasks:
- debug:
# lookup 插件通过 file 插件获取多个文件的内容
# 默认情况下所有文件内容会输出到一行中,通过 wantlist=true 声明每个文件内容存到一个列表元素中
# msg: "{{ lookup('file', '/tmp/testdir/t1.txt', '/tmp/testdir/t2.txt', wantlist=true, errors='ignore') }}"
msg: "{{ query('file', '/tmp/testdir/t1.txt', '/tmp/testdir/nofile.txt', errors='ignore') }}"
# loop: "{{ filelist }}"默认不忽略错误
$ ansible-playbook playbook-plugin-demo3.yml
PLAY [ecs[0]] ******
TASK [debug] ******
[WARNING]: Unable to find '/tmp/testdir/nofile.txt' in expected paths (use -vvvvv to see paths)
fatal: [ecs-1.aliyun.sz]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /tmp/testdir/nofile.txt"}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0error='ignore' 声明忽略错误
$ ansible-playbook playbook-plugin-demo3.yml
PLAY [ecs[0]] ******
TASK [debug] ******
[WARNING]: Unable to find '/tmp/testdir/nofile.txt' in expected paths (use -vvvvv to see paths)
ok: [ecs-1.aliyun.sz] => {
"msg": []
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0ini
通常我们在获取文件内容时主要用于配置文件,针对配置文件,可以使用 ini 插件,如下所示:
- hosts: ecs[0]
gather_facts: no
vars:
ini_config: "/tmp/testdir/config.ini"
properties_config: /tmp/testdir/application.properties
tasks:
- name: "判断 ini 配置文件中的值"
debug:
# lookup 插件调用 ini 插件
# 获取 ini 配置文件中 basic 块中的 username 字段值,如果未找到则返回空列表
# 通过 default 参数设置默认返回值
msg: "{{ lookup('ini', 'username section=basic file=/tmp/testdir/config.ini default=not found' ) }}"
- name: "判断 properties 配置文件中的值"
debug:
# 通过 type 参数声明配置文件类型
msg: "{{ lookup('ini', 'http.port type=properties file=/tmp/testdir/config.properties default=not found') }}"执行效果
$ ansible-playbook playbook-plugin-demo4.yml
PLAY [ecs[0]] ******
TASK [判断 ini 配置文件中的值] ******
ok: [ecs-1.aliyun.sz] => {
"msg": "Da"
}
TASK [判断 properties 配置文件中的值] ******
ok: [ecs-1.aliyun.sz] => {
"msg": "not found"
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0dig
通过 dig 插件还可以实现 dns 解析,不过依赖 Python 第三方库 dnspython
TASK [通过 dig 插件 解析域名] ******
fatal: [ecs-1.aliyun.sz]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'dig'. Error was a <class 'ansible.errors.AnsibleError'>, original message: The dig lookup requires the python 'dnspython' library and it is not installed"}
PLAY RECAP ******安装 Python 第三方库 dnspython
$ pip install dnspython
# ...
Successfully installed dnspython-2.1.0剧本定义
- hosts: ecs[0]
gather_facts: no
tasks:
- name: "通过 dig 插件 解析域名"
debug:
msg: "{{ lookup('dig', 'www.baidu.com') }}"执行效果
$ ansible-playbook playbook-plugin-demo5.yml
PLAY [ecs[0]] ******
TASK [通过 dig 插件 解析域名] ******
ok: [ecs-1.aliyun.sz] => {
"msg": "14.215.177.39,14.215.177.38"
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0可能返回多个地址,可以用 wantlist 参数 或 query 函数获取结果列表
tasks:
- name: "通过 dig 插件 解析域名"
debug:
# msg: "{{ lookup('dig', 'www.baidu.com') }}"
# msg: "{{ lookup('dig', 'www.baidu.com', wantlist=true) }}"
msg: "{{ query('dig', 'www.baidu.com') }}"执行效果
TASK [通过 dig 插件 解析域名] ******
ok: [ecs-1.aliyun.sz] => {
"msg": [
"14.215.177.39",
"14.215.177.38"
]
}4.2 loop 插件
在 Ansible 2.6 以后,官方更推荐使用 loop + filter 的方式替代原先的 with_* or loop + lookup,理由主要有两部分:
- 官方认为 loop + lookup 插件方式不够简洁明了
- loop 关键字在循环上支持更多的功能及特性,todo
loop 实现 with_* 循环功能
为了学习 loop ,接下来我们用 loop 实现 with_* 各类循环的功能,再看下这副图回忆下 with 相关循环关键字
with_items
默认 loop 遍历列表并不会进行拉平
剧本定义
- hosts: ecs[0]
remote_user: root
gather_facts: no
vars:
testlist:
- [ 1, 2 ]
- [ a, b ]
tasks:
- debug:
msg: "{{ item }}"
# loop: "{{ testlist | flatten }}"
loop: "{{ testlist }}"执行效果
$ ansible-playbook playbook-loop-keyword-with_items-demo1.yml
PLAY [ecs[0]] ******
TASK [debug] ******
ok: [ecs-1.aliyun.sz] => (item=[1, 2]) => {
"msg": [
1,
2
]
}
ok: [ecs-1.aliyun.sz] => (item=[u'a', u'b']) => {
"msg": [
"a",
"b"
]
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0所以,如果想要拉平,需要通过 flatten 过滤器实现
tasks:
- debug:
msg: "{{ item }}"
loop: "{{ testlist | flatten }}"
# loop: "{{ testlist }}"执行效果
TASK [debug] ******
ok: [ecs-1.aliyun.sz] => (item=1) => {
"msg": 1
}
ok: [ecs-1.aliyun.sz] => (item=2) => {
"msg": 2
}
ok: [ecs-1.aliyun.sz] => (item=a) => {
"msg": "a"
}
ok: [ecs-1.aliyun.sz] => (item=b) => {
"msg": "b"
}with_flattened
同上
with_list
以列表为单位进行循环,这个很简单,按照的方式默认书写就行
剧本定义
- hosts: ecs[0]
remote_user: root
gather_facts: no
vars:
testlist:
- [ 1, 2 ]
- [ a, b ]
tasks:
- debug:
msg: "{{ item }}"
loop: "{{ testlist }}"执行效果
$ ansible-playbook playbook-loop-keyword-with_list-demo1.yml
PLAY [ecs[0]] ******
TASK [debug] ******
ok: [ecs-1.aliyun.sz] => (item=[1, 2]) => {
"msg": [
1,
2
]
}
ok: [ecs-1.aliyun.sz] => (item=[u'a', u'b']) => {
"msg": [
"a",
"b"
]
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0with_together
对齐合并列表元素
剧本定义
- hosts: ecs[0]
remote_user: root
gather_facts: no
vars:
testlist: [ 1, 2 ]
testlist2: [ a, b ]
tasks:
- name: "老方法"
debug:
msg: "{{ item.0 }} - {{ item.1 }}"
with_together:
- "{{ testlist }}"
- "{{ testlist2 }}"
- name: "新方法"
debug:
# zip or zip_longest 函数 会在对齐的同时生成一个重复的元素(重复元素值为列表首个元素)
# 例如:lst1 = [1, 2] lst2 = [a, b] -> zip -> [[1,1,a], [2,2,b]]
# 暂时不清楚什么原因
msg: "{{ item.1 }} - {{ item.2 }}"
# zip:按照最短的列表进行对齐
# zip_longest 安装最长的列表进行对齐,默认补齐字符串为空值,也可以通过参数 fillvalue='NoElement' 自定义
loop: "{{ testlist | zip(testlist, testlist2) | list }}"执行效果
$ ansible-playbook playbook-loop-keyword-with_together-demo1.yml
PLAY [ecs[0]] ******
TASK [老方法] ******
ok: [ecs-1.aliyun.sz] => (item=[1, u'a']) => {
"msg": "1 - a"
}
ok: [ecs-1.aliyun.sz] => (item=[2, u'b']) => {
"msg": "2 - b"
}
TASK [新方法] ******
ok: [ecs-1.aliyun.sz] => (item=[1, 1, u'a']) => {
"msg": "1 - a"
}
ok: [ecs-1.aliyun.sz] => (item=[2, 2, u'b']) => {
"msg": "2 - b"
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0with_cartesian
循环组合多个列表的元素
剧本定义
- hosts: ecs[0]
remote_user: root
gather_facts: no
vars:
testlist: [ 1, 2 ]
testlist2: [ a, b ]
tasks:
- name: "老方法"
debug:
msg: "{{ item.0 }} - {{ item.1 }}"
# 笛卡尔集,[(1, a), (1, b), (2, a), (2, b)]
with_cartesian: "[ {{ testlist }}, {{ testlist2 }} ]"
- name: "新方法"
debug:
msg: "{{ item.0 }} - {{ item.1 }}"
loop: "{{ testlist | product(testlist2) | list }}"执行效果
$ ansible-playbook playbook-loop-keyword-with_catesian-demo1.yml
PLAY [ecs[0]] ******
TASK [老方法] ******
ok: [ecs-1.aliyun.sz] => (item=[1, u'a']) => {
"msg": "1 - a"
}
ok: [ecs-1.aliyun.sz] => (item=[1, u'b']) => {
"msg": "1 - b"
}
ok: [ecs-1.aliyun.sz] => (item=[2, u'a']) => {
"msg": "2 - a"
}
ok: [ecs-1.aliyun.sz] => (item=[2, u'b']) => {
"msg": "2 - b"
}
TASK [新方法] ******
ok: [ecs-1.aliyun.sz] => (item=[1, u'a']) => {
"msg": "1 - a"
}
ok: [ecs-1.aliyun.sz] => (item=[1, u'b']) => {
"msg": "1 - b"
}
ok: [ecs-1.aliyun.sz] => (item=[2, u'a']) => {
"msg": "2 - a"
}
ok: [ecs-1.aliyun.sz] => (item=[2, u'b']) => {
"msg": "2 - b"
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0with_nested
同上
with_indexed_items
剧本定义
- hosts: ecs[0]
remote_user: root
gather_facts: no
vars:
testlist: [ 1, 2 ]
testlist2: [ a, b ]
tasks:
- name: "老方法"
debug:
msg: "{{ item.0 }} - {{ item.1 }}"
with_indexed_items: "{{ testlist2 }}"
- name: "新方法"
debug:
# 获取 index_var 所设置的 index 索引值
msg: "{{ index }} - {{ item }}"
# flatten 只拉平第一层
loop: "{{ testlist2 | flatten(levels=1) }}"
# loop_control 关键字用于控制循环的行为
loop_control:
# index_var 选项用于将 列表元素的索引值 指定变量
index_var: index执行效果
$ ansible-playbook playbook-loop-keyword-with_indexed_items-demo1.yml
PLAY [ecs[0]] ******
TASK [老方法] ******
ok: [ecs-1.aliyun.sz] => (item=[0, u'a']) => {
"msg": "0 - a"
}
ok: [ecs-1.aliyun.sz] => (item=[1, u'b']) => {
"msg": "1 - b"
}
TASK [新方法] ******
ok: [ecs-1.aliyun.sz] => (item=a) => {
"msg": "0 - a"
}
ok: [ecs-1.aliyun.sz] => (item=b) => {
"msg": "1 - b"
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0with_sequence
按照特定步长生成范围的数字
剧本定义
- hosts: ecs[0]
remote_user: root
gather_facts: no
tasks:
- name: "老方法"
debug:
msg: "{{ item }}"
# with_sequence 包含结束范围
with_sequence: start=1 end=3 stride=1
- name: "新方法"
debug:
msg: "{{ item }}"
# range(start,end,stride) 函数不包含结束范围
loop: "{{ range(1,4,1) | list }}"执行效果
$ ansible-playbook playbook-loop-keyword-with_sequence-demo1.yml
PLAY [ecs[0]] ******
TASK [老方法] ******
ok: [ecs-1.aliyun.sz] => (item=1) => {
"msg": "1"
}
ok: [ecs-1.aliyun.sz] => (item=2) => {
"msg": "2"
}
ok: [ecs-1.aliyun.sz] => (item=3) => {
"msg": "3"
}
TASK [新方法] ******
ok: [ecs-1.aliyun.sz] => (item=1) => {
"msg": 1
}
ok: [ecs-1.aliyun.sz] => (item=2) => {
"msg": 2
}
ok: [ecs-1.aliyun.sz] => (item=3) => {
"msg": 3
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0with_random_choice
随机选择顶层列表中的一个元素进行返回
剧本定义
- hosts: ecs[0]
remote_user: root
gather_facts: no
vars:
testlist: [ a, b, c ]
tasks:
- name: "老方法"
debug:
msg: "{{ item}}"
with_random_choice: "{{ testlist }}"
- name: "新方法"
debug:
msg: "{{ testlist | random }}"执行效果
$ ansible-playbook playbook-loop-keyword-with_random_choice-demo1.yml
PLAY [ecs[0]] ******
TASK [老方法] ******
ok: [ecs-1.aliyun.sz] => (item=c) => {
"msg": "c"
}
TASK [新方法] ******
ok: [ecs-1.aliyun.sz] => {
"msg": "c"
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0with_dict
遍历字典键值对
剧本定义
- hosts: ecs[0]
remote_user: root
gather_facts: no
vars:
user_info:
name: Da
gender: male
tasks:
- name: "老方法"
debug:
msg: "{{ item.key }} - {{ item.value }}"
with_dict: "{{ user_info }}"
- name: "新方法: dict2items"
debug:
msg: "{{ item.key }} - {{ item.value }}"
loop: "{{ user_info | dict2items }}"
- name: "新方法: dictsort"
debug:
msg: "{{ item.0 }} - {{ item.1 }}"
loop: "{{ user_info | dictsort }}"执行效果
$ ansible-playbook playbook-loop-keyword-with_dict-demo1.yml
PLAY [ecs[0]] ******
TASK [老方法] ******
ok: [ecs-1.aliyun.sz] => (item={u'key': u'gender', u'value': u'male'}) => {
"msg": "gender - male"
}
ok: [ecs-1.aliyun.sz] => (item={u'key': u'name', u'value': u'Da'}) => {
"msg": "name - Da"
}
TASK [新方法: dict2items] ******
ok: [ecs-1.aliyun.sz] => (item={u'key': u'gender', u'value': u'male'}) => {
"msg": "gender - male"
}
ok: [ecs-1.aliyun.sz] => (item={u'key': u'name', u'value': u'Da'}) => {
"msg": "name - Da"
}
TASK [新方法: dictsort] ******
ok: [ecs-1.aliyun.sz] => (item=[u'gender', u'male']) => {
"msg": "gender - male"
}
ok: [ecs-1.aliyun.sz] => (item=[u'name', u'Da']) => {
"msg": "name - Da"
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0with_subelements
如果变量值为字典,则以特定属性为循环基础,自动补全其他属性
剧本定义
- hosts: ecs[0]
remote_user: root
gather_facts: no
vars:
userlist:
- name: Da
gender: male
skill:
- linux
- python
- name: Yo
gender: female
skill:
- golang
tasks:
- name: "老方法"
debug:
# item = [{dict_key: dict_value}, skill_item]
msg: "用户:{{ item.0.name }} 性别:{{ item.0.gender }} 技能:{{ item.1 }}"
with_subelements:
# 遍历 userlist
- "{{ userlist }}"
# 基于 skill 循环迭代
# skill 字段值在最外层,其他属性会存放至字典中
- skill
- name: "新方法"
debug:
msg: "用户:{{ item.0.name }} 性别:{{ item.0.gender }} 技能:{{ item.1 }}"
loop: "{{ userlist | subelements('skill') }}"执行效果
$ ansible-playbook playbook-loop-keyword-with_subelements-demo1.yml
PLAY [ecs[0]] ******
TASK [老方法] ******
ok: [ecs-1.aliyun.sz] => (item=[{u'gender': u'male', u'name': u'Da'}, u'linux']) => {
"msg": "用户:Da 性别:male 技能:linux"
}
ok: [ecs-1.aliyun.sz] => (item=[{u'gender': u'male', u'name': u'Da'}, u'python']) => {
"msg": "用户:Da 性别:male 技能:python"
}
ok: [ecs-1.aliyun.sz] => (item=[{u'gender': u'female', u'name': u'Yo'}, u'golang']) => {
"msg": "用户:Yo 性别:female 技能:golang"
}
TASK [新方法] ******
ok: [ecs-1.aliyun.sz] => (item=[{u'gender': u'male', u'skill': [u'linux', u'python'], u'name': u'Da'}, u'linux']) => {
"msg": "用户:Da 性别:male 技能:linux"
}
ok: [ecs-1.aliyun.sz] => (item=[{u'gender': u'male', u'skill': [u'linux', u'python'], u'name': u'Da'}, u'python']) => {
"msg": "用户:Da 性别:male 技能:python"
}
ok: [ecs-1.aliyun.sz] => (item=[{u'gender': u'female', u'skill': [u'golang'], u'name': u'Yo'}, u'golang']) => {
"msg": "用户:Yo 性别:female 技能:golang"
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0loop_control
loop_control 用于控制循环的行为,此前我们用过 index_var 以实现在遍历元素时将其索引写入到指定的变量中,除了它以外还有以下几个选项,pause、label、loop_var
pause 选项
用于设置每次循环之后的暂停时间,以秒为单位,示例如下:
剧本定义
- hosts: ecs[0]
remote_user: root
gather_facts: no
tasks:
- debug:
msg: "【{{ '%H:%M:%S' | strftime }}】:{{ item }}"
loop: [ 1, 2, 3 ]
loop_control:
pause: 3执行效果
$ ansible-playbook playbook-loop-loop_control-demo1.yml
PLAY [ecs[0]] ******
TASK [debug] ******
ok: [ecs-1.aliyun.sz] => (item=1) => {
"msg": "【20:51:11】:1"
}
ok: [ecs-1.aliyun.sz] => (item=2) => {
"msg": "【20:51:14】:2"
}
ok: [ecs-1.aliyun.sz] => (item=3) => {
"msg": "【20:51:17】:3"
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0label 选项
简化遍历时元素输出信息
剧本定义
- hosts: ecs[0]
remote_user: root
gather_facts: no
vars:
userlist:
Da:
name: Da
gender: male
age: 18
Yo:
name: Yo
gender: female
age: 19
tasks:
- debug:
msg: "{{ item.key }}-{{ item.value }}"
loop: "{{ userlist | dict2items }}"不加 label 选项时执行效果
$ ansible-playbook playbook-loop-loop_control-demo2.yml
PLAY [ecs[0]] ******
TASK [debug] ******
ok: [ecs-1.aliyun.sz] => (item={u'key': u'Yo', u'value': {u'gender': u'female', u'age': 19, u'name': u'Yo'}}) => {
"msg": "Yo-{u'gender': u'female', u'age': 19, u'name': u'Yo'}"
}
ok: [ecs-1.aliyun.sz] => (item={u'key': u'Da', u'value': {u'gender': u'male', u'age': 18, u'name': u'Da'}}) => {
"msg": "Da-{u'gender': u'male', u'age': 18, u'name': u'Da'}"
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0定义 label 选项
tasks:
- debug:
msg: "{{ item.key }}-{{ item.value }}"
loop: "{{ userlist | dict2items }}"
loop_control:
label: "{{ item.key }}"执行效果
$ ansible-playbook playbook-loop-loop_control-demo2.yml
PLAY [ecs[0]] ******
TASK [debug] ******
ok: [ecs-1.aliyun.sz] => (item=Yo) => {
"msg": "Yo-{u'gender': u'female', u'age': 19, u'name': u'Yo'}"
}
ok: [ecs-1.aliyun.sz] => (item=Da) => {
"msg": "Da-{u'gender': u'male', u'age': 18, u'name': u'Da'}"
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0提取关键信息
# 设置 label 参数前
(item={u'key': u'Yo', u'value': {u'gender': u'female', u'age': 19, u'name': u'Yo'}})
# 设置 label 参数后 label: "{{ item.key }}" key 为最外层键 {'key': {"name": "v", ...}}
(item=Yo)loop_var 选项
使用 loop_control 关键字设置 loop_var 变量,可以避免变量冲突产生意外的问题
OK,我们处理下剧本和任务
---
- name: "Include-Tasks"
debug:
msg: "【{{ '%Y-%m-%d %H:%M:%S' | strftime }}】变量输出,item:{{outer_item}}-{{ item }}"
loop: [inner-a, inner-b]剧本定义
---
- hosts: ecs[0]
gather_facts: no
tasks:
# 包含引入 task 定义文件
- include: tasks/tasks-demo1-6.yml
# 迭代列表 [1, 2] 循环包含 include 默认会将 item 参数传递过去
loop: [outer-1, outer-2]
loop_control:
loop_var: outer_item执行效果
$ ansible-playbook playbook-include-demo1-6.yml
PLAY [ecs[0]] ******
TASK [include] ******
included: /prodata/scripts/ansibleLearn/tasks/tasks-demo1-6.yml for ecs-1.aliyun.sz
included: /prodata/scripts/ansibleLearn/tasks/tasks-demo1-6.yml for ecs-1.aliyun.sz
TASK [Include-Tasks] ******
ok: [ecs-1.aliyun.sz] => (item=inner-a) => {
"msg": "【2021-10-10 12:53:08】变量输出,item:outer-1-inner-a"
}
ok: [ecs-1.aliyun.sz] => (item=inner-b) => {
"msg": "【2021-10-10 12:53:08】变量输出,item:outer-1-inner-b"
}
TASK [Include-Tasks] ******
ok: [ecs-1.aliyun.sz] => (item=inner-a) => {
"msg": "【2021-10-10 12:53:08】变量输出,item:outer-2-inner-a"
}
ok: [ecs-1.aliyun.sz] => (item=inner-b) => {
"msg": "【2021-10-10 12:53:08】变量输出,item:outer-2-inner-b"
}
PLAY RECAP ******
ecs-1.aliyun.sz : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
