

Simple Playbooks
Ansible is useful as a command-line tool for making small changes. However, its real
power lies in its scripting abilities. While setting up machines, you almost always
need to do more than one thing at a time. Ansible provides for this by using a tool
called playbook. Using playbooks, you can perform many actions at once, and
across multiple systems. They provide a way to orchestrate deployments, ensure a
consistent configuration, or simply perform a common task.
Playbooks are expressed in YAML, and for the most part, Ansible uses a standard
YAML parser. This means that you have all the features of YAML available to you
as you write them. For example, you can use the same commenting system as you
would in YAML. Many lines of a playbook can also be written and represented in
YAML data types. See http://www.yaml.org/ for more information.
Playbooks also open up many opportunities. They allow you to carry the state
from one command to the next. For example, you can grab the content of a file on
one machine, register it as a variable, and then use that on another machine. This
allows you to make complex deployment mechanisms that will be impossible with
the Ansible command alone. Additionally, each module tries to be idempotent; you
should be able to run a playbook several times and changes will only be made if they
need to be.
The command to execute a playbook is ansible-playbook . It accepts arguments
similar to the Ansible command-line tool. For example, -k ( --ask-pass ) and -K
( --ask-sudo ) make it prompt for the SSH and sudo passwords, respectively; -u
can be used to set the user to use SSH. However, these options can also be set inside
the playbooks themselves in the target section. For example, to use the play named
example-play.yml , you can use the following command:
$ ansible-playbook example-play.yml
The Ansible playbooks are made up of one or more plays. A play consists of three
sections: the target section, the variable section, and finally the bit that does all the
real work, the task section. You can include as many plays as you like in a single
YAML file.
•     The target section defines hosts on which the play will be run, and how it
will be run. This is where you set the SSH username and other SSH-related
•     The variable section defines variables which will be made available to the
play while running.
•     The task section lists all the modules in the order that you want them to be
run by Ansible.
A full example of an Ansible play looks like the following code snippet:
- hosts: localhost
user: root
motd_warning: 'WARNING: Use by ACME Employees ONLY'
- name: setup a MOTD
copy: dest=/etc/motd content={{ motd_warning }}

第二章 简单的playbooks




Playbooks also open up many opportunities.(这句不知道该怎样翻译,只是从以下的语句应该能够反推它的意思)这能够让我们把一个状态信息从一个命令带到下一个命令。


执行playbook的命令是ansible-playbook,它接受的參数和命令行工具相似,比方-k 。--ask-sudo 是询问ssh和sudo密码。-u指定连接用户。



$ ansible-playbook example-play.yml


  • 目标选项:定义哪些主机来执行任务,怎样执行任务,这也是你制定SSH-related和ssh參数的地方
  • 变量选项:定义在任务执行过程中须要启用那些变量
  • 任务选项:须要被执行的Ansible模块列表


- hosts: localhost
user: root
motd_warning: 'WARNING: Use by ACME Employees ONLY'
- name: setup a MOTD
copy: dest=/etc/motd content={{ motd_warning }}

The target section
The target section looks like the following code snippet:
- hosts: webservers
user: root
This is an incredibly simple version, but likely to be all you need in most cases. Each
play exists within a list. As per the YAML syntax, the line must start with a dash. The
hosts that a play will be run on must be set in the value of hosts . This value uses the
same syntax as the one used when selecting hosts using the Ansible command line,
which we discussed in the previous chapter. The host-pattern-matching features of
Ansible were also discussed in the previous chapter. In the next line, the user tells
the Ansible playbook which user to connect to the machine as.



- hosts: webservers
user: root




connection:同意你指定ssh parmiko或者local这三种传输方式


The variable section
Here you can define variables that apply to the entire play on all machines. You can
also make Ansible prompt for variables if they weren't supplied in the command
line. This allows you to make easily maintainable plays, and prevents you from
changing the same thing in several parts of the play. This also allows you to have
all the configuration for the play stored at the top, where you can easily read and
modify it without worrying about what the rest of the play does.
Variables in this section of a play can be overridden by machine facts (those that are set
by modules), but they themselves override the facts you set in your inventory. So they
are useful to define defaults that you may collect in a module later, but they can't be
used to keep defaults for inventory variables as they will override those defaults.
Variable declarations, called vars , look like the values in the target section and
contain a YAML dictionary or a list. An example looks like the following code
apache_version: 2.6
motd_warning: 'WARNING: Use by ACME Employees ONLY'
testserver: yes
Variables can also be loaded from external YAML files by giving Ansible a list of
variable files to load. This is done in a similar way using the vars_files directive.
Then simply provide the name of another YAML file that contains its own dictionary.
This means that instead of storing the variables in the same file, they can be stored
and distributed separately, allowing you to share your playbook with others.
Using vars , the files look like the following code snippet in your playbook:
In the previous example, Ansible looks for country-AU.yml , datacenter-SYD.yml ,
and cluster-mysql.yml in the conf folder. Each YAML file looks similar to the
following code snippet:
ntp: 'ntp1.au.example.com'
TZ: 'Australia/Sydney'
Finally you can make Ansible ask the user for each variable interactively. This
is useful when you have variables that you don't want to make available for
automation, and instead require human input. One example where this is useful is
prompting for the passphrases used to decrypt secret keys for the HTTPS servers.
You can instruct Ansible to prompt for variables with the following code snippet:
- name: 'https_passphrase'
prompt: 'Key Passphrase'
private: yes
In the previous example, https_passphrase is where the entered data will be
stored. The user will be prompted with Key Passphrase , and because private
is set to yes , the value will not be printed on the screen as the user enters it.
You can use variables, facts, and inventory variables with the help of: {{
variablename }} , ${variablename} , or simply $variablename . You can even
refer to complex variables, such as dictionaries, with a dotted notation. For example,
a variable named httpd , with a key in it called maxclients , will be accessed as
{{ httpd.maxclients }} . This works with facts from the setup module too. For
example, you can get the IPv4 address of a network interface called eth0 using {{
ansible_eth0.ipv4.address }} .
Variables that are set in the variable section do not survive between different plays
in the same playbook. However, facts gathered by the setup module or set by set_
fact do. This means that if you are running a second play on the same machines, or
a subset of the machines in an earlier play, you can set gather_facts in the target
section to false . The setup module can sometimes take a while to run, so this can
dramatically speed up plays, especially in plays where the serial is set to a low value. 






apache_version: 2.6
motd_warning: 'WARNING: Use by ACME Employees ONLY'
testserver: yes






ntp: 'ntp1.au.example.com'
TZ: 'Australia/Sydney'



vars_prompt:                                         #手工确认的变量
- name: 'https_passphrase'                #输入数据存储的地方
prompt: 'Key Passphrase'                  #手工确认的数据
private: yes                                           #当这个參数设置为yes的时候,用户的输入不会显示到屏幕上

在使用variables, facts,  inventory variables的时候。用{{variablename }} , ${variablename} , 或者$variablename .来表示。这个变量的语法跟字典一样。能够通过‘.’来訪问属性。

比方https变量有一个叫做maxclients的属性,我们能够使用{{ httpd.maxclients }}来訪问。这是通过setup模块来实现的,通过{{ansible_eth0.ipv4.address }} 来訪问。


The task section
The task section is the last section of each play. It contains a list of the actions that
you want Ansible to perform in the order you want them to be performed. There are
several ways in which you can represent each module's configuration. We suggest
you try to stick with one as much as possible, and use the others only when required.
This makes your playbooks easier to read and maintain. The following code snippet
is what a task section looks like with all three styles shown:
- name: install apache
action: yum name=httpd state=installed
- name: configure apache
copy: src=files/httpd.conf dest=/etc/httpd/conf/httpd.conf
- name: restart apache
name: httpd
state: restarted
Here we see the three different styles being used to install, configure, and start
the Apache web server as it will look on a CentOS machine. The first task shows
you how to install Apache using the original syntax, which requires you to call the
module as the first keyword inside an action key. The second task copies Apache's
configuration file into place using the second style of the task. In this style, you use
the module name in place of the action keyword and its value simply becomes its
argument. This form is the one recommended by the Ansible authors. Finally the
last task, the third style, shows how to use the service module to restart Apache. In
this style, you use the module name as the key, as usual, but you also supply the
arguments as a YAML dictionary. This can come in handy when you are providing a
large number of arguments to a single module, or if the module wants the arguments
in a complex form, such as the Cloud Formation module.
Note that names are not required for tasks. However, they make good documentation
and allow you to refer to each task later on if required. This will become useful
especially when we come to handlers. The names are also outputted to the console
when the playbook is run, so that the user can tell what is happening. If you don't
provide a name, Ansible will just use the action line of the task or the handler.
Unlike other configuration management tools, Ansible does not provide
a fully featured dependency system. This is a blessing and a curse; with
a complete dependency system, you can get to a point where you are
never quite sure what changes will be applied to particular machines.
Ansible, however, does guarantee that your changes will be executed
in the order they are written. So, if one module depends on another
module that is executed before it, simply place one before the other in
the playbook.




- name: install apache
action: yum name=httpd state=installed

- name: configure apache
copy: src=files/httpd.conf dest=/etc/httpd/conf/httpd.conf

- name: restart apache

name: httpd
state: restarted


第一个任务用Ansible的原始语法来安装apache,这须要我们用模块名来做为action key,第一个參数。第二个任务把把apache的配置文件从源辅助到目的地,用模块名做为key,values就是他的參数,这样的形式是Ansible作者推荐的形式。最后一个任务、第三种形式,用来重新启动apache服务,使用模块名做为key,使用YAML 字典作为value。当一个模块须要非常多參数的时候,第三种形式就能够派上用场了。比方配置Cloud




The handlers section
The handlers section is syntactically the same as the task section and supports the
same format for calling modules. The modules in the handlers section are not run
unless they are called by tasks. They are called only when the task they were called
from records that they changed something. You simply add a notify key to the task
with the value set to the name of the task.
Handlers are run when Ansible has finished running the task list. They are run in
the order that they are listed in the handlers section, and even if they are called
multiple times in the task section, they will run only once. This is often used to
restart daemons after they have been upgraded and configured. The following
play demonstrates how you will upgrade an ISC DHCP server to the latest version,
configure it, and set it to start at boot. If this playbook is run on a server where the
ISC DHCP daemon is already running the latest version and the config files are not
changed, the handler will not be called and DHCP will not be restarted.
- hosts: dhcp
- name: update to latest DHCP
action: yum name=dhcp state=latest
notify: restart dhcp
- name: copy the DHCP config
action: copy src=dhcp/dhcpd.conf dest=/etc/dhcp/dhcpd.conf
notify: restart dhcp
- name: start DHCP at boot
action: service name=dhcpd state=started enabled=yes
- name: restart dhcp
action: service name=dhcpd state=restarted
Each handler can only be a single module, but you can notify a list of handlers from
a single task. This allows you to trigger many handlers from a single step in the task
list. For example, if you have just checked out a new version of a Django application,
you might set a handler to migrate the database, deploy the static files, and restart
Apache. You can do this by simply using a YAML list on the notify action. This
might look something like the following code snippet:
- hosts: qroud
- name: checkout Qroud
action: git repo=git@github.com:smarthall/Qroud.git
dest=/opt/apps/Qroud force=no
- migrate db
- generate static
- restart httpd
- name: migrate db
action: command chdir=/opt/apps/Qroud ./manage.py migrate –all
- name: generate static
action: command chdir=/opt/apps/Qroud ./manage.py
collectstatic -c –noinput
- name: restart httpd
action: service name=httpd state=restarted
You can see that the git module is used to check out some public GitHub code, and
if that caused anything to change, it triggers the migrate db , generate static , and
restart httpd actions.





- hosts: dhcp
- name: update to latest DHCP
action: yum name=dhcp state=latest
notify: restart dhcp

- name: copy the DHCP config
action: copy src=dhcp/dhcpd.conf dest=/etc/dhcp/dhcpd.conf
notify: restart dhcp

- name: start DHCP at boot
action: service name=dhcpd state=started enabled=yes

- name: restart dhcp
action: service name=dhcpd state=restarted


- hosts: qroud
- name: checkout Qroud
action: git repo=git@github.com:smarthall/Qroud.git                  #使用git更新程序版本号
dest=/opt/apps/Qroud force=no

- migrate db                   #迁移数据库
- generate static           #部署静态文件
- restart httpd                #重新启动apache服务

- name: migrate db
action: command chdir=/opt/apps/Qroud ./manage.py migrate –all
- name: generate static
action: command chdir=/opt/apps/Qroud ./manage.py
collectstatic -c –noinput
- name: restart httpd
action: service name=httpd state=restarted

The playbook modules
Using modules in playbooks is a little bit different from using them in the command
line. This is mainly because we have many facts available from the previous modules
and the setup module. Certain modules don't work in the Ansible command line
because they require access to those variables. Other modules will work in the
command-line version, but are able to provide enhanced functionalities when used
in a playbook.




The template module
One of the most frequently used examples of a module that requires facts from
Ansible is the template module. This module allows you to design an outline of a
configuration file and then have Ansible insert values in the right places. In reality,
the Jinja2 templates can be much more complicated than this, including things
such as conditionals, for loops, and macros. The following is an example of a Jinja2
configuration file for configuring BIND:
# {{ ansible_managed }}
options {
listen-on port 53 {;
{% for ip in ansible_all_ipv4_addresses %}
{{ ip }};
{% endfor %}
listen-on-v6 port 53 { ::1; };
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
zone "." IN {
type hint;
file "named.ca";
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
{# Variables for zone config #}
{% if 'authorativenames' in group_names %}
{% set zone_type = 'master' %}
{% set zone_dir = 'data' %}
{% else %}
{% set zone_type = 'slave' %}
{% set zone_dir = 'slaves' %}
{% endif %}
zone "internal.example.com" IN {
type {{ zone_type }};
file "{{ zone_dir }}/internal.example.com";
{% if 'authorativenames' not in group_names %}
masters {; };
{% endif %}
The first line merely sets up a comment that shows which template the file came
from, the host, modification time of the template, and the owner. Putting this
somewhere in the template as a comment is a good practice, and it ensures that
people know what they should edit if they wish to alter it permanently. In the fifth
line, there is a for loop. For loops go through all the elements of a list once for each
item in the list. It optionally assigns the item to the variable of your choice so that
you can use it inside the loop. This one loops across all the values in ansible_all_
ipv4_addresses , which is a list from the setup module that contains all the IPv4
addresses that the machine has. Inside the for loop, it simply adds each of them into
the configuration to make sure BIND will listen on that interface.
Line 24 of the preceding code snippet has a comment. Anything in between {#
and #} is simply ignored by the Jinja2 template processor. This allows you to add
comments in the template that do not make it into the final file. This is especially
handy if you are doing something complicated, setting variables within the template,
or if the configuration file does not allow comments.
In the very next line we can see an if statement. Anything between {% if %} and {%
endif %} is ignored if the statement in the if tag is false. Here we check if the value
authorativenames is in the list of group names that apply to this host. If this is true,
the next two lines set two custom variables. zone_type is set to master and zone_dir
is set to data. If this host is not in the authorativenames group, zone_type and
zone_dir will be set to slave and slaves , respectively.
In line 33, we start the configuration of the zone. We set the type to the variable we
created earlier, and the location to zone_dir . Finally we check again if the host is in
the authorativenames groups, and if it isn't, we configure its master to a particular
IP address.
To get this template to set up an authorative nameserver, you need to create a group
in your inventory file named authorativenames and add some hosts under it. How
to do this was discussed back in Chapter 1, Getting Started with Ansible.
You can simply call the templates module and the facts from the machines will be
sent through, including the groups the machine is in. This is as simple as calling any
other module. The template module also accepts similar arguments to the copy
module such as owner, group, and mode.
- name: Setup BIND
host: allnames
- name: configure BIND
template: src=templates/named.conf.j2 dest=/etc/named.conf
owner=root group=named mode=0640




# {{ ansible_managed }}                                        
options {
listen-on port 53 {;
{% for ip in ansible_all_ipv4_addresses %}
{{ ip }};
{% endfor %}
listen-on-v6 port 53 { ::1; };
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
zone "." IN {
type hint;
file "named.ca";
include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";
{# Variables for zone config #}

{% if 'authorativenames' in group_names %}
{% set zone_type = 'master' %}
{% set zone_dir = 'data' %}

{% else %}

{% set zone_type = 'slave' %}
{% set zone_dir = 'slaves' %}
{% endif %}

zone "internal.example.com" IN {
type {{ zone_type }};
file "{{ zone_dir }}/internal.example.com";

{% if 'authorativenames' not in group_names %}
masters {; };
{% endif %}


第24行,模板的处理程序会自己主动忽略{#  #} 之间的信息,在定义一些复杂的变量的时候能够使用这个来当凝视(有些配置文件不同意凝视)。假设在if标签中语法參数被设置成false,那么不论什么在{% if %} 和 {%endif %}之间的配置都会被忽略。在这里我们检查authorativenames时候在group_names列表中,怎样存在,则设置{% set zone_type = 'master' %}   {% set zone_dir = 'data' %} 否则设置{% set zone_type
= 'slave' %} {% set zone_dir = 'slaves' %}。

第33行,我们開始配置bind的区域,而且将之前设置的变量zone_type应用进去,最后再一次检查authorativenames时候在group_names中,假设不存在。就将maser设置成固定的ip地址。要使这个模板文件生效,我们须要建立一个authorative nameserver,在设备清单文件里创建一个叫authorative nameserver的组。并加入一些主机(远程受管主机)----第一章内容已经介绍过怎样完毕这些配置。

使用模板模块就能够非常easy将命令传递到组里面全部的机器,调用模板模块也和调用其它模块一样简单。此外。模板模块和copy模块一样也有owner, group,  mode这些參数。

The set_fact module
The set_fact module allows you to build your own facts on the machine inside
an Ansible play. These facts can then be used inside templates or as variables in the
playbook. Facts act just like arguments that come from modules such as the setup
module: in that they work on a per-host basis. You should use this to avoid putting
complex logic into templates. For example, if you are trying to configure a buffer to
take a certain percentage of RAM, you should calculate the value in the playbook.
The following example shows how to use set_fact to configure a MySQL server
to have an InnoDB buffer size of approximately half of the total RAM available on
the machine:
- name: Configure MySQL
hosts: mysqlservers
- name: install MySql
yum: name=mysql-server state=installed
- name: Calculate InnoDB buffer pool size
set_fact: innodb_buffer_pool_size_mb="{{ ansible_memtotal_mb /
2 }}"
- name: Configure MySQL
template: src=templates/my.cnf.j2 dest=/etc/my.cnf owner=root
group=root mode=0644
notify: restart mysql
- name: Start MySQL
service: name=mysqld state=started enabled=yes
- name: restart mysql
service: name=mysqld state=restarted
The first task here simply installs MySQL using yum. The second task creates a fact
by getting the total memory of the managed machine, dividing it by two, losing any
non-integer remainder, and putting it in a fact called innodb_buffer_pool_size_
mb . The next line then loads a template into /etc/my.cnf to configure MySQL.
Finally, MySQL is started and set to start at boot time. A handler is also included to
restart MySQL when its configuration changes.
The template then only needs to get the value of innodb_buffer_pool_size and
place it into the configuration. This means that you can re-use the same template
in places where the buffer pool should be one-fifth of the RAM, or one-eighth, and
simply change the playbook for those hosts. In this case, the template will look
something like the following code snippet:
# {{ ansible_managed }}
# Disabling symbolic-links is recommended to prevent assorted
security risks
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mysqld according to the
# instructions in http://fedoraproject.org/wiki/Systemd
# Configure the buffer pool
innodb_buffer_pool_size = {{
innodb_buffer_pool_size_mb|default(128) }}M
You can see that in the previous template, we are simply putting the variables we
get from the play into the template. If the template doesn't see the innodb_buffer_
pool_size_mb fact, it simply uses a default of 128.







- name: Configure MySQL
hosts: mysqlservers

- name: install MySql
yum: name=mysql-server state=installed

- name: Calculate InnoDB buffer pool size
set_fact: innodb_buffer_pool_size_mb="{{ ansible_memtotal_mb /
2 }}"

- name: Configure MySQL
template: src=templates/my.cnf.j2 dest=/etc/my.cnf owner=root
group=root mode=0644
notify: restart mysql

- name: Start MySQL
service: name=mysqld state=started enabled=yes

- name: restart mysql
service: name=mysqld state=restarted

第一个任务通yum 来安装mysql。第二个任务有一个set_fact 来计算InnoDB buffer pool size。第三个任务设置一个模板模板来设置my。cnf。并调用notify重新启动mysql。第四个任务设置mysql加入到启动列表。第五个任务重新启动mysql。

这个模板仅仅须要InnoDB buffer pool size的值来放进配置文件,这样我们就能够把这个模板给多个机器用,五分之中的一个、八分之中的一个内存都能够。以下是这个模板的代码:

# {{ ansible_managed }}
# Disabling symbolic-links is recommended to prevent assorted
security risks
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mysqld according to the
# instructions in http://fedoraproject.org/wiki/Systemd
# Configure the buffer pool
innodb_buffer_pool_size = {{
innodb_buffer_pool_size_mb|default(128) }}M


The pause module
The pause module stops the execution of a playbook for a certain period of time. You
can configure it to wait for a particular period, or you can make it prompt the user to
continue. While effectively useless when used from the Ansible command line, it can
be very handy when used inside a playbook.
Generally, the pause module is used when you want the user to provide
confirmation to continue, or if manual intervention is required at a particular point.
For example, if you have just deployed a new version of a web application to a
server, and you need to have the user check manually to make sure it looks okay
before you configure them to receive production traffic, you can put a pause there.
It is also handy to warn the user of a possible problem and give them the option of
continuing. This will make Ansible print out the names of the servers and ask the
user to press Enter to continue. If used with the serial key in the target section, it
will ask once for each group of hosts that Ansible is running on. This way you can
give the user the flexibility of running the deployment at their own pace while they
interactively monitor the progress.
Less usefully, this module can simply wait for a specified period of time. This is
often not useful as you usually don't know how long a particular action may take,
and guessing may have disastrous outcomes. You should not use it for waiting for
networked daemons to start up; you should use the wait_for module (described
in the next section) for this task. The following play demonstrates using the pause
module first in the user interactive mode and then in the timed mode:
- hosts: localhost
- name: wait on user input
pause: prompt="Warning! Detected slight issue. ENTER to
continue CTRL-C a to quit."
- name: timed wait
pause: seconds=30








- hosts: localhost

- name: wait on user input
pause: prompt="Warning! Detected slight issue. ENTER to
continue CTRL-C a to quit."

- name: timed wait
pause: seconds=30

The wait_for module
The wait_for module is used to poll a particular TCP port and not continue until that
port accepts a remote connection. The polling is done from the remote machine. If you
only provide a port, or set the host argument to localhost , the poll will try to connect
to the managed machine. You can utilize local_action to run the command from the
controller machine and use the ansible_hostname variable as your host argument to
make it try and connect to the managed machine from the controller machine.
This module is particularly useful for daemons that can take a while to start, or
things that you want to run in the background. Apache Tomcat ships with an init
script that when you try to start it immediately returns, leaving Tomcat starting in
the background. Depending on the application that Tomcat is configured to load,
it might take anywhere between two seconds to 10 minutes to fully start up and be
ready for connections. You can time your application's start up and use the pause
module. However, the next deployment may take longer or shorter, and this can
break your deployment mechanism. With the wait_for module, you have Ansible
to recognize when Tomcat is ready to accept connections. The following is a play that
does exactly this:
- hosts: webapps
- name: Install Tomcat
yum: name=tomcat7 state=installed
- name: Start Tomcat
service: name=tomcat7 state=started
- name: Wait for Tomcat to start
wait_for: port=8080 state=started
After the completion of this play, Tomcat should be installed, started, and ready to
accept requests. You can append further modules to this example and depend on
Tomcat being available and listening.

wait_for 模块





- hosts: webapps
- name: Install Tomcat
yum: name=tomcat7 state=installed

- name: Start Tomcat
service: name=tomcat7 state=started

- name: Wait for Tomcat to start
wait_for: port=8080 state=started


The assemble module
The assemble module combines several files on the managed machine and saves
them to another file on the managed machine. This is useful in playbooks when you
have a config file that does not allow includes, or globbing in its includes. This is
useful for the authorized_keys file for say, the root user. The following play will
send a bunch of SSH public keys to the managed machine, then make it assemble
them all together and place it in the root user's home directory:
- hosts: all
- name: Make a Directory in /opt
file: path=/opt/sshkeys state=directory owner=root group=root
mode=0700 - name: Copy SSH keys over
copy: src=keys/{{ item }}.pub dest=/opt/sshkeys/{{ item }}.pub
owner=root group=root mode=0600
- dan
- kate
- mal - name: Make the root users SSH config directory file: path=/root/.ssh state=directory owner=root group=root
mode=0700 - name: Build the authorized_keys file
assemble: src=/opt/sshkeys dest=/root/.ssh/authorized_keys
owner=root group=root mode=0700 By now this should all look familiar. You may note the with_items key in the task
that copies the keys over, and the {{ items }} variable. These will be explained
later in Chapter 3, Advanced Playbooks, but all you need to know now is that whatever
item you supply to the with_items key is substituted into the {{ items }} variable,
similar to how a for loop works. This simply lets us easily copy many files to the
remote host at once.
The last task shows the usage of the assemble module. You pass the directory
containing the files to be concatenated into the output as the src argument, and then
pass dest as the output file. It also accepts many of the same arguments ( owner ,
group , and mode ) as the other modules that create files. It also combines the files in
the same order as the ls -1 command lists them. This means you can use the same
approach as udev and rc.d , and prepend numbers to the files to ensure that they end
up in the correct order.



- hosts: all

- name: Make a Directory in /opt
file: path=/opt/sshkeys state=directory owner=root group=root

- name: Copy SSH keys over
copy: src=keys/{{ item }}.pub dest=/opt/sshkeys/{{ item }}.pub
owner=root group=root mode=0600
- dan
- kate
- mal

- name: Make the root users SSH config directory
file: path=/root/.ssh state=directory owner=root group=root

- name: Build the authorized_keys file
assemble: src=/opt/sshkeys dest=/root/.ssh/authorized_keys

with_items 关键字将在下一章介绍。如今你仅仅须要知道他能够将一个列表赋值给item參数。就想循环一样。这样我们就非常easy的合并多个文件了。

最后assemble-组装模块使用src dest參数将src文件夹下的全部文件都合并成dest以下的一个文件。和其它创建文件的模块一样。assemble-组装模块也有owner group mode等属性。而且,文件合并的顺序和ls -l命令的顺序一样,这样我们确定文件的顺序和我们预期的一样了,就像udev 、rc.d这些方法一样。

The add_host module
The add_host module is one of the most powerful modules that is available in
playbooks. add_host lets you dynamically add new machines inside a play. You
can do this by using the uri module to get a host from your CMDB and then adding
it to the current play. This module will also add your host to a group, dynamically
creating that group if it does not already exist.
The module simply takes a hostname and a groups argument, which are rather self-
explanatory, and sets the hostname and groups. You can also send extra arguments
and these are treated in the same way in which extra values in the inventory file are
treated. This means you can set ansible_ssh_user , ansible_ssh_port , and so on.

add_host 加入主机模块

add_host 加入主机模块是playbook中一个强大的模块,它能够让你动态的加入受管主机到一个play中。我们能够使用uri模块从CMDB中或者主机信息然后加入他们。它还能够将主机加到组里面。假设组不存在的话还会自己主动创建它。这个模块仅须要主机名和组名2个參数,跟主机库存清单的配置一样。我们还能够加入扩展的參数像ansible_ssh_user , ansible_ssh_port等等。

The group_by module
In addition to creating hosts dynamically in your play, you can also create groups.
The group_by module can create groups based on the facts about the machines,
including the ones you set up yourself using the add_fact module explained
earlier. The group_by module accepts one argument, key , which takes the name
of a group the machine will be added to. Combining this with the use of variables,
you can make the module add a server to a group based on its operating system,
visualization technology, or any other fact that you have access to. You can then use
this group in the target section of any subsequent plays, or in templates.
So if you want to create a group that groups the hosts by operating system, you will
call the module as follows. You can then use these groups to install packages using
the right packager, for example:
- name: Create operating system group
hosts: all
- group_by: key=os_{{ ansible_distribution }}
- name: Run on CentOS hosts only
hosts: os_CentOS
- name: Install Apache
yum: name=httpd state=latest
- name: Run on Ubuntu hosts only
hosts: os_Ubuntu
- name: Install Apache
apt: pkg=apache2 state=latest



group_by 模块能够让我们依据主机的真实特性来进行分组,真实特性能够通过add_fact来实现(前面已经介绍过set_fact)。group_by模块仅仅接受一个參数,key。相同组名的机器就被分到一个组里面。



- name: Create operating system group
hosts: all
- group_by: key=os_{{ ansible_distribution }}

- name: Run on CentOS hosts only
hosts: os_CentOS

- name: Install Apache
yum: name=httpd state=latest

- name: Run on Ubuntu hosts only
hosts: os_Ubuntu

- name: Install Apache
apt: pkg=apache2 state=latest


