20210804 (수) ansible 작업제어 #3

9:31 review

 

include 모듈
 - 플레이, 작업, 역할, 변수 등을 포함할 수 있고 플레이북에 동적으로 추가할 수 있음
 - 이전 작업 내용의 영향을 받을 수 있음
 - 모듈이 실행되는 시점에 처리됨
 - 반복문에서 사용이 가능함
 - 플레이북의 내용을 일부 가져올 수 있음

import 모듈
 - 플레이북, 역할, 작업을 가져올 수 있고 플레이북에 정적으로 추가할 수 있음
 - 이전 작업 내용의 영향을 받지 않음
 - 플레이북 파싱시 전처리
 - 반복문에서 사용이 불가함
 - 플레이북의 전체 내용을 가져옴

 

 

 

[user@ansible-server 20210804]$ cat 0804_include1.yaml --- - name: include 1   hosts: all   become: true   tasks:   - name: initial task     debug:       msg: initial task   - name: include tasks     include_tasks: tasks/include_task1.yaml   - name: last task     debug:       msg: last task [user@ansible-server 20210804]$ cat tasks/include_task1.yaml --- - name: first include task   debug:     msg: first task - name: Stop services   service:     name: "{{ item }}"     state: stopped   loop:   - httpd   - vsftpd   - mariadb   ignore_errors: true - name: Uninstall Packages   yum:     name: "{{ item }}"     state: absent   loop:   - httpd   - vsftpd   - mariadb   - mariadb-server   ignore_errors: true [user@ansible-server 20210804]$ cat 0804_include2.yaml --- - name: include 2   hosts: all   become: true   tasks:   - name: Initial task playbook     debug:       msg: Initial task   - name: last task playbook     file:       path: /tmp/20210804       state: directory   - name: include tasks     include_tasks: tasks/include_task2.yaml     vars:       task_1: hello_ansible       task_2: "create a file"       task_2_src: /etc/crontab       task_2_file_dest: /tmp/20210804/crontab.bak [user@ansible-server 20210804]$ cat tasks/include_task2.yaml --- - name: deny services   firewalld:     service: "{{ item }}"     state: disabled     immediate: true     permanent: true   loop:   - http   - mysql   - ftp   ignore_errors: true - name: second task   debug:     msg: "second task {{ task_1 }}" - name: "third task {{ task_2 }}"   copy:     src: "{{ task_2_src }}"     dest: "{{ task_2_file_dest }}" [user@ansible-server 20210804]$ cat 0804_import1.yaml --- - name: import1   hosts: all   become: true   tasks:   - name: initial task playbook     debug:       msg: initial task   - name: import tasks     import_tasks : tasks/import_task1.yaml   - name: last task     debug:       msg: last task [user@ansible-server 20210804]$ cat tasks/import_task1.yaml --- - name: first task imported   debug:     msg: first task - name: second task   file:     path: /tmp/20210804/samples     recurse: true     state: directory - name: third task   command: cat /etc/hosts   register: result_hosts - name: print hosts   debug:     msg: "{{ result_hosts }}" [user@ansible-server 20210804]$ cat 0804_import2.yaml --- - name: import playbook   hosts: all   tasks:   - name: initial task     debug:       msg: initial task   - name: last task     debug:       msg: last task reuse_import_playbook.yaml - name: import playbook           → import playbook 은 task와 같은 수준으로 작성해야한다. (task 안에 속해있을 수 없음)   import_playbook: test_playbook.yaml [user@ansible-server 20210804]$ cat test_playbook.yaml --- - name: test_playbook   hosts: all   tasks:   - name: first task test_playbook     debug:       msg: first task   - name: second task test_playbook     command: touch /tmp/banner.txt   - name: third task     debug:       msg: third task it is last one

반응형

#### include를 통한 handler 실행과 import를 통한 handler 실행의 차이점 #### [user@ansible-server 20210804]$ cat 0804_include 0804_include1.yaml          0804_include2.yaml          0804_include3_handler.yaml [user@ansible-server 20210804]$ cat 0804_include3_handler.yaml --- - name: Include Handler   hosts: all   become: true   tasks:   - name: Initial task     debug:       msg: Initial task   - name: test task     command: /bin/true     notify: Handler1   handlers:   - name: Handler1     include_tasks: tasks/include_handler.yaml [user@ansible-server 20210804]$ cat tasks/include_handler.yaml --- - name: first task   debug:     msg: first task include - name: second task   command: cat /etc/hosts → notify를 스스로 선언하고, 호출하면서 handler파일의 first task, second task 모두를 작업수행하게 됨. [user@ansible-server 20210804]$ cat 0804_import4_handler.yaml --- - name: import handler   hosts: all   tasks:   - name: initial task     debug:       msg: initial task   - name: test task     command: /bin/true     notify:     - first task   handlers:   - name: handler1     import_tasks: tasks/import_handler.yaml [user@ansible-server 20210804]$ cat tasks/import_handler.yaml --- - name: first task   debug:     msg: first task using import handler - name: second task   debug:     msg: second task handler imported → notify를 handler 파일 안에 task 이름으로 선언하고 호출 : task 이름에 맞는 작업만 수행하게 됨.  --> 즉, second task는 실행되지 않음.

 

 

secret 관리

 

ansible-vault create

ansible-vault view

ansible-vault edit

ansible-vault encrypt

ansible-vault decrypt

 

ansible-vault rekey

 

ansible-plyabook PLAYBOOK --ask-vault-pass

ansible-playbook PLAYBOOK --vault-password-file

VAULT-PASS-FILE

 

--- - name: create user with password prompt   hosts: all   become: true   vars_prompt:   - name: username     prompt: Enter username     private: no     default: test01   - name: hashed_password     prompt: Enter password     private: yes     encrypt: sha512_crypt     confirm: yes     salt_size: 16   tasks:   - name: create user     user:       name: "{{ username }}"       password: "{{ hashed_password }}" [user@ansible-server 20210804]$ ansible-playbook 0804_create_user.yaml Enter username [test01]: test001 Enter password: confirm Enter password: PLAY [create user with password prompt] ******************************************************************************** TASK [Gathering Facts] ************************************************************************************************* ok: [192.168.56.13] ok: [192.168.56.12] ok: [192.168.56.11] TASK [create user] ***************************************************************************************************** changed: [192.168.56.12] changed: [192.168.56.11] changed: [192.168.56.13] PLAY RECAP ************************************************************************************************************* 192.168.56.11              : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0 192.168.56.12              : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0 192.168.56.13              : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0 [user@ansible-server 20210804]$ ssh test001@192.168.56.13 → 생성된 유저 원격접속 확인 test001@192.168.56.13's password: [test001@ansible-node03 ~]$