在 playbooks 中可以使用一个名为 lookup()的函数,该函数用于 ansible 从外部资源访问数据,根据第一个参数的不同,该函数具有不同的功能,典型的就是读取外部文件内容。注意 lookup()只在本地执行,而不是在远程主机上执行

Ansible技术问答:http://linux.xyz/topic/Ansible

1、file 类型

  1. 获取文件内容

第一个参数为 file,表示获取外部文件内容

- hosts: all

  vars:
     contents: "{{ lookup('file', '/etc/foo.txt') }}" #将值保存到变量中,参数都要引号引起来,不然出错
  tasks:
     - debug: msg="the value of foo.txt is {{ contents }}"
     - debug: msg="the value of foo.txt is {{ lookup('file', '/etc/foo.txt') }}" #直接使用

通过 lookup 函数做 ansible 与远程主机之间主机信任关系

- hosts: all
  tasks:
   - authorized_key:
     user=ops
     key="{{ lookup('file', '/home/ops/.ssh/id_rsa.pub') }}"
     #path="/home/ops/.ssh/authorized_keys" 

2)主机信任配置

$ ansible-playbook xiaoniu-authorized-key.yml -e "hosts=all user=ops" -k
---
# file: xiaoniu-authorized-key.yml
- hosts: {{ hosts }}
  remote_user: root
  tasks:
   - name: create user on ansible server as remote_user
     user: name="{{ user }}"
           generate_ssh_key=yes
           ssh_key_type=rsa
           ssh_key_bits=2048
           ssh_key_file=.ssh/id_rsa
           state=present
     delegate_to: localhost
     tags: authorized-key

  - name: create user on remote host
    user: name="{{ user }}" state=present
    tags: authorized-key
  - name: copy id_rsa.pub to remote host for authorized trust
    authorized_key: user="{{ user }}" key="{{ lookup("file","/home/"+user+"/.ssh/id_rsa.pub") }}"
    tags: authorized-key 

2、password 类型

第一个参数为 password,表示生成一个随机明文密码,并存储到指定文件中,生成的密码包括大小写字母、数字和.,:-_,默认密码长度为 20 个字符,该长度可以通过传递一个额外参数 length=修改

---
 - hosts: 127.0.0.1
   gather_facts: no
   tasks:
    - debug: msg="password - {{ lookup('password', '/tmp/random_pass.txt length=10') }}"

$ cat /tmp/random_pass.txt
ejL.Ho_.mb

测试:ansible-playbook test.yml

PLAY [127.0.0.1] ******************************************************
TASK: [debug msg="password - ejL.Ho_.mb"] *****************************

ok: [127.0.0.1] => {
 "msg": "password - ejL.Ho_.mb"}


PLAY RECAP ************************************************************
127.0.0.1: ok=1 changed=0 unreachable=0 failed=0

如果用来保存密码的文件已经存在,则不会往里写入任何数据,且会读取文件已有内容作为密码,如果文件存在且为空,则返回一个空字符串作为密码 除了 length=<length>外,从 ansible1.4 开始还加入了 chars=<chars>参数,用于自定义生成密码的字符集,而不是默认的大小写字母、数字和.,:-_

---
- hosts: 127.0.0.1
  gather_facts: no
  tasks:
  
    #create a random password using only ascii letters:
   - debug: msg="password - {{ lookup('password', '/tmp/passfile1 chars=ascii_letters') }}"
    #create a random password using only digits:
  - debug: msg="password - {{ lookup('password', '/tmp/passfile2 chars=digits') }}"
    #create a random password using many different char sets:
  - debug: msg="password - {{ lookup('password', '/tmp/passfile3 chars=ascii_letters,digits,hexdigits,punctuation,,') }}" #逗号本身用",,"表示

测试:ansible-playbook test.yml

PLAY [127.0.0.1] *******************************************************

TASK: [debug msg="password - funEtMBYbqWTUdPlfIGC"] ********************
ok: [127.0.0.1] => {
 "msg": "password - funEtMBYbqWTUdPlfIGC"}
 
TASK: [debug msg="password - 79223199493177921267"] ********************
ok: [127.0.0.1] => {
 "msg": "password - 79223199493177921267"}
 
TASK: [debug msg="password - 0,92YO4R0m6iqg2=4RA8"] ********************
ok: [127.0.0.1] => {
 "msg": "password - 0,92YO4R0m6iqg2=4RA8"}
 
PLAY RECAP *************************************************************
127.0.0.1: ok=3 changed=0 unreachable=0 failed=0

3、其他类型

---
hosts: all
tasks:
 - debug: msg="{{ lookup('env','HOME') }} is an environment variable"
 
 - debug: msg="{{ lookup('pipe','date') }} is the raw result of running this command"
 
 - debug: msg="{{ lookup('redis_kv', 'redis://localhost:6379,somekey') }} is value in Redis for somekey"
 
 - debug: msg="{{ lookup('dnstxt', 'example.com') }} is a DNS TXT record for example.com"
 
- debug: msg="{{ lookup('template', './some_template.j2') }} is a value from evaluation of this template"