ansible变量
定义变量规则:由字母/数字/下划线组成,变量需要以字母开头,ansible内置的关键字不能作为变量名
ansible中,可以将变量简化为三个范围
Global范围(高):从命令行和ansible配置设置的变量
play范围(中):在play和相关结构中设置的变量
Host范围(低):inventory、facts或register的变量,在主机组和个别主机上设置的变量
三个范围的变量优先级由高到低,如果变量重复定义,则以优先级高的为准
注册和定义变量的各种方式
ansible中定义变量的方式有很多种,大致有:
(1) 将模块的执⾏结果注册为变量(register) (2) 直接定义字典类型的变量 (3) role中⽂件内定义变量 (4) 命令⾏传递变量(-e) (5) 借助with_items迭代将多个task的结果赋值给⼀个变量(循环变量) (6) inventory中的主机或主机组变量 (7) 内置变量(Magic Variables)(8)事实变量(Facts)
vars定义变量:
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node1
vars:
aa: 11
bb: 22
cc:
c1: 33
c2: 44
tasks:
- name: test1
debug:
msg: "{{ aa }}"
- name: test2
debug:
msg: "{{ bb }}"
- name: test3
debug:
msg: "{{ cc.c1 }}"
- name: test4
debug:
msg: "{{ cc.c2 }}"
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [test1] *******************************************************************
ok: [node1] => {
"msg": 11
}
TASK [test2] *******************************************************************
ok: [node1] => {
"msg": 22
}
TASK [test3] *******************************************************************
ok: [node1] => {
"msg": "33"
}
TASK [test4] *******************************************************************
ok: [node1] => {
"msg": "44"
}
PLAY RECAP *********************************************************************
node1 : ok=5 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node1
vars:
aa: 11
bb: 22
cc:
c1: 33
c2: 44
tasks:
- name: test1
debug:
msg: this is {{ aa }} ////////
- name: test2
debug:
msg: "{{ bb }}"
- name: test3
debug:
msg: "{{ cc.c1 }}"
- name: test4
debug:
msg: "{{ cc.c2 }}"
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [test1] *******************************************************************
ok: [node1] => {
"msg": "this is 11" //////////
}
TASK [test2] *******************************************************************
ok: [node1] => {
"msg": 22
}
TASK [test3] *******************************************************************
ok: [node1] => {
"msg": "33"
}
TASK [test4] *******************************************************************
ok: [node1] => {
"msg": "44"
}
PLAY RECAP *********************************************************************
node1 : ok=5 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 vars_files定义变量:
[student@master ansible]$ vim fy
aa: 1
bb: 2
cc:
c1: 3
c2: 4
~
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node1
vars_files:
- /home/student/ansible/fy
tasks:
- name: test1
debug:
msg: this is {{ aa }}
- name: test2
debug:
msg: "{{ bb }}"
- name: test3
debug:
msg: "{{ cc.c1 }}"
- name: test4
debug:
msg: "{{ cc.c2 }}"
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [test1] *******************************************************************
ok: [node1] => {
"msg": "this is 1"
}
TASK [test2] *******************************************************************
ok: [node1] => {
"msg": 2
}
TASK [test3] *******************************************************************
ok: [node1] => {
"msg": "3"
}
TASK [test4] *******************************************************************
ok: [node1] => {
"msg": "4"
}
PLAY RECAP *********************************************************************
node1 : ok=5 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 register 注册变量:(使⽤register选项,可以将当前task的输出结果赋值给⼀个变量)
[root@node1 ~]# echo 123 > /tmp/file1
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node1
tasks:
- name: test1
shell:
cmd: cat /tmp/file1
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [test1] *******************************************************************
changed: [node1]
PLAY RECAP *********************************************************************
node1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ ansible node1 -m shell -a 'cat /tmp/file1'
node1 | CHANGED | rc=0 >>
123
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node1
tasks:
- name: test1
shell:
cmd: cat /tmp/file1
register: luoqi
- name: test2
debug:
msg: "{{ luoqi }}"
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [test1] *******************************************************************
changed: [node1]
TASK [test2] *******************************************************************
ok: [node1] => {
"msg": {
"changed": true,
"cmd": "cat /tmp/file1",
"delta": "0:00:00.009407",
"end": "2025-09-01 16:11:09.516546",
"failed": false,
"msg": "",
"rc": 0,
"start": "2025-09-01 16:11:09.507139",
"stderr": "",
"stderr_lines": [],
"stdout": "123",
"stdout_lines": [
"123"
]
}
}
PLAY RECAP *********************************************************************
node1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node1
tasks:
- name: test1
shell:
cmd: cat /tmp/file1
register: luoqi
- name: test2
debug:
msg: "{{ luoqi.stdout }}"
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [test1] *******************************************************************
changed: [node1]
TASK [test2] *******************************************************************
ok: [node1] => {
"msg": "123"
}
PLAY RECAP *********************************************************************
node1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node1
tasks:
- name: test1
shell:
cmd: cat /tmp/file1
register: luoqi
- name: test2
debug:
var: luoqi.stdout
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [test1] *******************************************************************
changed: [node1]
TASK [test2] *******************************************************************
ok: [node1] => {
"luoqi.stdout": "123"
}
PLAY RECAP *********************************************************************
node1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 set_fact定义变量
set_fact和register的功能很相似,也是将值赋值给变量。它更像shell中变量的赋值⽅式,可以将某个变量的值赋值给另⼀个变量,也可以将字符串赋值给变量
通过ansible node1 -m setup 可以查询node1主机所有的事实变量
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node1
tasks:
- name: test1
debug:
msg: the {{ ansible_fqdn }} address is {{ ansible_default_ipv4.address }}
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [test1] *******************************************************************
ok: [node1] => {
"msg": "the node1.example.com address is 192.168.122.10"
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 通过命令传入变量:
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node1
tasks:
- name: test1
debug:
msg: my name is {{ name1 }}
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [test1] *******************************************************************
fatal: [node1]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'name1' is undefined\n\nThe error appears to be in '/home/student/ansible/a.yml': line 5, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n tasks:\n - name: test1\n ^ here\n"}
PLAY RECAP *********************************************************************
node1 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
[student@master ansible]$ ansible-playbook a.yml -e "name1=syf"
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [test1] *******************************************************************
ok: [node1] => {
"msg": "my name is syf"
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 主机清单中的变量:
[student@master ansible]$ vim inventory
[dev]
node1 name=luoqi
node2
[dev:vars]
name1=luoqi
[test]
node3
node4
[prod]
node5
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node2]
TASK [test1] *******************************************************************
ok: [node2] => {
"msg": "my name is luoqi"
}
PLAY RECAP *********************************************************************
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ vim inventory
[dev]
node1 name=luoqi
node2
[test]
node3
node4
[prod]
node5
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node2]
TASK [test1] *******************************************************************
fatal: [node2]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'name1' is undefined\n\nThe error appears to be in '/home/student/ansible/a.yml': line 5, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n tasks:\n - name: test1\n ^ here\n"}
PLAY RECAP *********************************************************************
node2 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
[student@master ansible]$ mkdir host_vars
[student@master ansible]$ cd host_vars/
[student@master host_vars]$ vim node2.yml
---
name1: luoqi
~
[student@master host_vars]$ cd ..
[student@master ansible]$ ls
ansible.cfg fy inventory sy1.yml sy.yml
a.yml fy.yml jihua.yml sy2.yml webdev.yml
collections host_vars roles sy3.yml
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node2]
TASK [test1] *******************************************************************
ok: [node2] => {
"msg": "my name is luoqi"
}
PLAY RECAP *********************************************************************
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ vim host_vars/node2
name1: sy
~
[student@master ansible]$ ls host_vars/
node2 node2.yml
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node2]
TASK [test1] *******************************************************************
ok: [node2] => {
"msg": "my name is sy"
}
PLAY RECAP *********************************************************************
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ vim inventory
[dev]
node1 name1=123
node2
[dev:vars]
name1=456
[test]
node3
node4
[prod]
node5
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node2]
TASK [test1] *******************************************************************
ok: [node2] => {
"msg": "my name is sy"
}
PLAY RECAP *********************************************************************
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ rm -rf host_vars/
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node2]
TASK [test1] *******************************************************************
ok: [node2] => {
"msg": "my name is 456"
}
PLAY RECAP *********************************************************************
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ vim inventory
[dev]
node1
node2 name1=123
[dev:vars]
name1=456
[test]
node3
node4
[prod]
node5
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node2]
TASK [test1] *******************************************************************
ok: [node2] => {
"msg": "my name is 123"
}
PLAY RECAP *********************************************************************
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 内置变量 ansible_version:
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node2
tasks:
- name: test1
debug:
msg: "{{ ansible_version }}"
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node2]
TASK [test1] *******************************************************************
ok: [node2] => {
"msg": {
"full": "2.13.3",
"major": 2,
"minor": 13,
"revision": 3,
"string": "2.13.3"
}
}
PLAY RECAP *********************************************************************
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 内置变量 inventory_hostname:
[student@master ansible]$ vim inventory
[dev]
192.168.122.10
node2
[test]
node3
node4
[prod]
node5
~
[student@master ansible]$ vim a.yml
---
- name: test
hosts: dev
tasks:
- name: test1
debug:
msg: "{{ inventory_hostname }}"
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node2]
ok: [192.168.122.10]
TASK [test1] *******************************************************************
ok: [192.168.122.10] => {
"msg": "192.168.122.10"
}
ok: [node2] => {
"msg": "node2"
}
PLAY RECAP *********************************************************************
192.168.122.10 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ vim inventory
[dev]
node1
node2
[test]
node3
node4
[prod]
node5
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node2]
ok: [node1]
TASK [test1] *******************************************************************
ok: [node1] => {
"msg": "node1"
}
ok: [node2] => {
"msg": "node2"
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 内置变量 play_hosts:
[student@master ansible]$ vim a.yml
---
- name: test
hosts: dev
tasks:
- name: test1
debug:
msg: "{{ play_hosts }}"
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node2]
ok: [node1]
TASK [test1] *******************************************************************
ok: [node1] => {
"msg": [
"node1",
"node2"
]
}
ok: [node2] => {
"msg": [
"node1",
"node2"
]
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ vim a.yml
---
- name: test
hosts: test
tasks:
- name: test1
debug:
msg: "{{ play_hosts }}"
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node4]
ok: [node3]
TASK [test1] *******************************************************************
ok: [node3] => {
"msg": [
"node3",
"node4"
]
}
ok: [node4] => {
"msg": [
"node3",
"node4"
]
}
PLAY RECAP *********************************************************************
node3 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node4 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 内置变量 groups:
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node1
tasks:
- name: test1
debug:
msg: "{{ groups }}"
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [test1] *******************************************************************
ok: [node1] => {
"msg": {
"all": [
"node1",
"node2",
"node3",
"node4",
"node5"
],
"dev": [
"node1",
"node2"
],
"prod": [
"node5"
],
"test": [
"node3",
"node4"
],
"ungrouped": []
}
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ vim inventory
node5
[dev]
node1
node2
[test]
node3
node4
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [test1] *******************************************************************
ok: [node1] => {
"msg": {
"all": [
"node5",
"node1",
"node2",
"node3",
"node4"
],
"dev": [
"node1",
"node2"
],
"test": [
"node3",
"node4"
],
"ungrouped": [
"node5"
]
}
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 内置变量 group_names:
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node1
tasks:
- name: test1
debug:
msg: "{{ groups.all }}"
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [test1] *******************************************************************
ok: [node1] => {
"msg": [
"node5",
"node1",
"node2",
"node3",
"node4"
]
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node1
tasks:
- name: test1
debug:
msg: "{{ group_names }}"
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [test1] *******************************************************************
ok: [node1] => {
"msg": [
"dev"
]
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node5
tasks:
- name: test1
debug:
msg: "{{ group_names }}"
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node5]
TASK [test1] *******************************************************************
ok: [node5] => {
"msg": [
"ungrouped"
]
}
PLAY RECAP *********************************************************************
node5 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 内置变量 inventory_dir:
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node5
tasks:
- name: test1
debug:
msg: "{{ inventory_dir }}"
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node5]
TASK [test1] *******************************************************************
ok: [node5] => {
"msg": "/home/student/ansible"
}
PLAY RECAP *********************************************************************
node5 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 With_items 叠加变量---可以给一个变量赋予多个值:
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node5
tasks:
- name: create user
user:
name: "{{ item }}"
state: present
with_items:
- user1
- user2
- user3
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node5]
TASK [create user] *************************************************************
changed: [node5] => (item=user1)
changed: [node5] => (item=user2)
changed: [node5] => (item=user3)
PLAY RECAP *********************************************************************
node5 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node5
tasks:
- name: test1
shell:
cmd: echo {{ item }}
with_items:
- a
- b
- c
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node5]
TASK [test1] *******************************************************************
changed: [node5] => (item=a)
changed: [node5] => (item=b)
changed: [node5] => (item=c)
PLAY RECAP *********************************************************************
node5 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node5
tasks:
- name: test1
shell:
cmd: echo {{ item }}
with_items:
- a
- b
- c
register: sy
- name: test2
debug:
var: sy
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node5]
TASK [test1] *******************************************************************
changed: [node5] => (item=a)
changed: [node5] => (item=b)
changed: [node5] => (item=c)
TASK [test2] *******************************************************************
ok: [node5] => {
"sy": {
"changed": true,
"msg": "All items completed",
"results": [
{
"ansible_loop_var": "item",
"changed": true,
"cmd": "echo a",
"delta": "0:00:00.008888",
"end": "2025-09-02 10:52:36.851330",
"failed": false,
"invocation": {
"module_args": {
"_raw_params": "echo a",
"_uses_shell": true,
"argv": null,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"stdin_add_newline": true,
"strip_empty_ends": true,
"warn": false
}
},
"item": "a",
"msg": "",
"rc": 0,
"start": "2025-09-02 10:52:36.842442",
"stderr": "",
"stderr_lines": [],
"stdout": "a",
"stdout_lines": [
"a"
]
},
{
"ansible_loop_var": "item",
"changed": true,
"cmd": "echo b",
"delta": "0:00:00.005314",
"end": "2025-09-02 10:52:37.533682",
"failed": false,
"invocation": {
"module_args": {
"_raw_params": "echo b",
"_uses_shell": true,
"argv": null,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"stdin_add_newline": true,
"strip_empty_ends": true,
"warn": false
}
},
"item": "b",
"msg": "",
"rc": 0,
"start": "2025-09-02 10:52:37.528368",
"stderr": "",
"stderr_lines": [],
"stdout": "b",
"stdout_lines": [
"b"
]
},
{
"ansible_loop_var": "item",
"changed": true,
"cmd": "echo c",
"delta": "0:00:00.007496",
"end": "2025-09-02 10:52:38.314184",
"failed": false,
"invocation": {
"module_args": {
"_raw_params": "echo c",
"_uses_shell": true,
"argv": null,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"stdin_add_newline": true,
"strip_empty_ends": true,
"warn": false
}
},
"item": "c",
"msg": "",
"rc": 0,
"start": "2025-09-02 10:52:38.306688",
"stderr": "",
"stderr_lines": [],
"stdout": "c",
"stdout_lines": [
"c"
]
}
],
"skipped": false
}
}
PLAY RECAP *********************************************************************
node5 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ vim a.yml
---
- name: test
hosts: node5
tasks:
- name: test1
shell:
cmd: echo {{ item }}
with_items:
- a
- b
- c
register: sy
- name: test2
debug:
var: sy.results[0].stdout
- name: test3
debug:
var: sy.results[1].stdout
- name: test4
debug:
var: sy.results[2].stdout
~
[student@master ansible]$ ansible-playbook a.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node5]
TASK [test1] *******************************************************************
changed: [node5] => (item=a)
changed: [node5] => (item=b)
changed: [node5] => (item=c)
TASK [test2] *******************************************************************
ok: [node5] => {
"sy.results[0].stdout": "a"
}
TASK [test3] *******************************************************************
ok: [node5] => {
"sy.results[1].stdout": "b"
}
TASK [test4] *******************************************************************
ok: [node5] => {
"sy.results[2].stdout": "c"
}
PLAY RECAP *********************************************************************
node5 : ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 管理机密
Ansible可能需要访问密码或者API密钥等敏感数据,以便配置受控主机。通常,此信息可能以纯文本形式存储在清单变量或其他ansible文件中。但若如此,任何有权访问ansible文件的用户或者存储这些ansible文件的版本控制系统都能够访问此敏感数据。这显然存在安全风险
使用ansible随附的ansible vault 可以加密和解密任何由ansible使用的结构化数据文件。若要使用ansible vault,可通过一个名为ansible-vault的命令行工具创建、编辑、加密、解密和查看文件。Ansible vault可以加密任何由ansible使用的结构化数据文件。这可能包括清单变量、playbook中含有的变量文件、在执行playbook时作为参数传递的变量文件,或者ansible角色中定义的变量
实验:
[student@master ansible]$ ansible-vault create y.yml
New Vault password:
Confirm New Vault password:
---
- name: test
hosts: node1
tasks:
- name: test1
debug:
msg: echo 123
~
[student@master ansible]$ cat y.yml
$ANSIBLE_VAULT;1.1;AES256
30313530326231663234393135303439356135626632646132653334336638373435613832653638
3266386166666461346662303765316363363232326466660a306634366462613538303066646132
39383238643331336639373038666162633965666630343439653164393562383738303963386131
6130356266353761300a333439373032363762353438343632393838643064353537383163336534
63333530316463343163656363613231643463343530383231646365396537396264386237373232
66393035643837336535633432336235346530353531356138613335326639363063656364633764
34313031313733303136316364653231626333353534333331306137343237643765343664373330
66383162653536383065306535343439643864643261386632376434353735373230623966383462
3033
[student@master ansible]$ ansible-vault view y.yml
Vault password:
---
- name: test
hosts: node1
tasks:
- name: test1
debug:
msg: echo 123
[student@master ansible]$ ansible-vault edit y.yml
Vault password:
---
- name: test
hosts: node1
tasks:
- name: test1
debug:
msg: echo 123
~ 加密后的文件直接用 playbook执行会报错,那么该使用什么命令呢?
使用选项 --vault-id @prompt或者--ask-vault-pass
[student@master ansible]$ ansible-playbook y.yml
ERROR! Attempting to decrypt but no vault secrets found
[student@master ansible]$ ansible-playbook y.yml --ask-vault-pass
Vault password:
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [test1] *******************************************************************
ok: [node1] => {
"msg": "echo 123"
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ ansible-vault decrypt y.yml
Vault password:
Decryption successful
[student@master ansible]$ vim y.yml
---
- name: test
hosts: node1
tasks:
- name: test1
debug:
msg: echo 123
~
[student@master ansible]$ ansible-playbook y.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [test1] *******************************************************************
ok: [node1] => {
"msg": "echo 123"
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 查看加密的文件:
[student@master ansible]$ cp y.yml f.yml
[student@master ansible]$ cat f.yml
---
- name: test
hosts: node1
tasks:
- name: test1
debug:
msg: echo 123
[student@master ansible]$ ansible-vault encrypt f.yml
New Vault password:
Confirm New Vault password:
Encryption successful
[student@master ansible]$ vim syf.txt
redhat
~
[student@master ansible]$ chmod 600 syf.txt
[student@master ansible]$ ansible-vault encrypt y.yml --vault-id syf.txt
Encryption successful
[student@master ansible]$ vim y.yml
$ANSIBLE_VAULT;1.1;AES256
37313265326633386366316430653663663439383761336161383662303165633666663532363331
3832303331366432646164663339346261346165663539660a393432653133653066303932333630
37653837306164373462306465633536643266326364303064333438373765643433353966636435
3061653134396538610a326134323033313533316265373937653362303166656437613066306161
36316634306139613636303664393230373665333635643437653436663335643239663465346165
34386431656162393130303732333762323066396139623130626533346333373038353062623132
32393235313562616233323961643039643063333931653435303235333138653065333237666433
61333738303361613933633730623261636534373066343233356230646438373037356638616466
3664
~
[student@master ansible]$ ansible-vault view y.yml
Vault password:
---
- name: test
hosts: node1
tasks:
- name: test1
debug:
msg: echo 123
[student@master ansible]$ ansible-playbook y.yml --vault-id syf.txt
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [test1] *******************************************************************
ok: [node1] => {
"msg": "echo 123"
}
PLAY RECAP *********************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@master ansible]$ vim f.yml
$ANSIBLE_VAULT;1.1;AES256
36363833633939363664306434383437666465653336303432646131323831663235376132313938
3463643130386461656335306439653663393762353131310a373434643734346536373064326137
66353431616561326365313732356363373632323065633965656132636536383264326164366464
3131336137643430610a373335306536376562373362363131373239323831313863363264313065
30343131643839656565353533656331313436646639376533623735386366366331633136666638
36323232323361663536303035656139623433313038663762306532663534323435643561346330
37626537303961316162373633356165633561393562396134356261343532643937336635373738
65663439326633653162343735666362353762333165633661316534653463303361303231663361
6131
~ 更改加密文件的密码:
[student@master ansible]$ ansible-vault rekey f.yml
Vault password: //输入旧密码
New Vault password: //输入新密码
Confirm New Vault password: //输入新密码
Rekey successful