ansible进阶06

复杂的循环结构

• 循环基础

[student@worktest myansible]$ cat users.yml
---
- name: create usershosts: serveratasks:- name: create some usersuser:name: "{{item}}"password: "{{'123456'|password_hash('sha512')}}"state: presentloop:- zhangsan- lisi

• loop是ansible 2.5以后引入的，之前使用with_xxx结构

[student@worktest myansible]$ cat users.yml
---
- name: create usershosts: serveratasks:- name: create some usersuser:name: "{{item}}"password: "{{'123456'|password_hash('sha512')}}"state: presentwith_list:- zhangsan- lisi

列表嵌套

• 嵌套的列表，可以使用flatten过滤器处理成扁平结构

[student@worktest myansible]$ cat file_list.yml
---
- name: create fileshosts: serveravars:file_lists:- [a1, a2, a3]- [b1, b2]- [c1, c2, c3, c4]tasks:- name: display flatten listdebug:msg: "{{file_lists|flatten}}"- name: create some filesfile:path: /tmp/{{item}}state: touchloop: "{{file_lists|flatten}}"

复杂的嵌套结构

• 复杂嵌结构，python示例：

[student@worktest myansible]$ python3
>>> users = [
...     {
...         'name': 'zzz',
...         'email': 'zzz@stud.cn',
...         'days': ['Sat', 'Sun']
...     },
...     {
...         'name': 'dmy',
...         'email': 'dmy@stud.cn',
...         'days': ['Mon', 'Tue', 'Wed']
...     }
... ]
# 在取数据的时候，列表项是通过下标取出的，字典项通过key取出。
>>> users[0]
{'name': 'zzz', 'email': 'zzz@stud.cn', 'days': ['Sat', 'Sun']}
>>> users[1]
{'name': 'dmy', 'email': 'dmy@stud.cn', 'days': ['Mon', 'Tue', 'Wed']}
>>> users[0]['email']
'zzz@stud.cn'
>>> users[1]['days']
['Mon', 'Tue', 'Wed']
>>> users[1]['days'][1]
'Tue'

• 取出复杂结构中的子列表，使用subelement过滤器

[student@worktest myansible]$ cat lists2.yml
---
- name: nested listshosts: serveravars:users:- name: zzzemail: zzz@stud.cndays:- Sat- Sun- name: dmyemail: dmy@stud.cndays:- Mon- Tue- Wedtasks:- name: display emaildebug:msg: "{{item}}"loop: "{{users|subelements('days')}}"

遍历字典

• 输出嵌套的字典结构

[student@worktest myansible]$ cat dicts.yml
---
- name: display dicthosts: serveravars:users:user1:name: zzzemail: zzz@stud.cnuser2:name: dmyemail: dmy@stud.cntasks:- name: display some infodebug:msg: "{{users|dict2items}}"  #将上面的结构转换为key，value的结构- name: loop usersdebug:msg: "{{item.key}}:{{item['value']}}"loop: "{{users|dict2items}}"

使用过滤器处理网络地址

收集和处理地址信息

• 与网络有关的facts变量
  • ansible_facts['dns']['nameservers']：DNS服务器
  • ansible_facts['domain']：域名
  • ansible_facts['all_ipv4_addresses']：所有的IPV4地址
  • ansible_facts['all_ipv6_addresses']：所有的IPV6地址
  • ansible_facts['fqdn']：完全合格域名
  • ansible_facts['hostname']：主机名

[student@worktest myansible]$ ansible all -m setup -a "filter=ansible_all_ipv4"
[student@worktest myansible]$ ansible all -m setup -a "filter=ansible_fqdn"
[student@worktest myansible]$ ansible all -m setup -a "filter=ansible_hostname"

网络信息过滤器

• ipaddr：

# 如果是一个地址，则返回地址；不是IP地址，则返回False
[student@worktest myansible]$ lab data-netfilters start
[student@worktest myansible]$ cat ipaddr.yml
---
- name: test ip addresshosts: serveravars:myips:- "192.168.1.10"- "300.1.1.1"tasks:- name: test ipdebug:msg: "{{item|ipaddr}}"loop: "{{myips}}"# netmask参数，可以返回前缀表示法地址中的网络掩码
[student@worktest myansible]$ cat ipaddr.yml
---
- name: test ip addresshosts: serveratasks:- name: test ipdebug:msg: "{{'10.1.1.10/23'|ipaddr('netmask')}}"

ipaddr可以使用的选项有：

• address：判断某一地址是否是有效地址
• net：验证输出的值是是网络范围
• host：确保地址有一个等效的CIDR格式
• prefix：验证输入的是CIDR/prefix格式，返回前缀

# 返回网络地址10.1.0.0/24
[student@worktest myansible]$ cat ipaddr.yml
---
- name: test ip addresshosts: serveratasks:- name: test ipdebug:msg: "{{'10.1.0.0/255.255.255.0'|ipaddr('net')}}"# 判断地址是不是公有的public。私有的private
[student@worktest myansible]$ cat ipaddr.yml
---
- name: test ip addresshosts: serveratasks:- name: test ipdebug:msg: "{{'100.1.10.0'|ipaddr('public')}}"

使用插件收集网络信息

DNS记录

• A：把FQDN解析为IP地址
• PTR：与A记录相反
• SOA：起始授权。指定域中的权威服务器
• NS：名称服务器。
• MX：邮件交换器
• CNAME：别名记录

C:\Users\BJTT>nslookup   # 进入时，将显示当前主机使用的DNS服务器
默认服务器:  xd-cache-1.bjtelecom.net
Address:  219.141.136.10
# 查看163.com中谁是权威服务器
> set type=soa
> 163.com
服务器:  xd-cache-1.bjtelecom.net
Address:  219.141.136.10非权威应答:
163.comprimary name server = ns4.nease.netresponsible mail addr = admin.nease.netserial  = 20201030refresh = 7200 (2 hours)retry   = 1800 (30 mins)expire  = 1209600 (14 days)default TTL = 60 (1 min)163.com nameserver = ns5.nease.net
163.com nameserver = ns2.166.com
163.com nameserver = ns1.nease.net
163.com nameserver = ns6.nease.net
163.com nameserver = ns8.166.com
163.com nameserver = ns3.nease.net
163.com nameserver = ns4.nease.net# 查看ns4.nease.net的IP地址
> set q=a         # 等价于set type=a
> ns4.nease.net
服务器:  xd-cache-1.bjtelecom.net
Address:  219.141.136.10非权威应答:
名称:    ns4.nease.net
Address:  103.72.16.81# 查询163.com中，有哪些邮件服务器
> set q=mx
> 163.com
服务器:  xd-cache-1.bjtelecom.net
Address:  219.141.136.10非权威应答:
163.com MX preference = 10, mail exchanger = 163mx01.mxmail.netease.com
163.com MX preference = 10, mail exchanger = 163mx02.mxmail.netease.com
163.com MX preference = 10, mail exchanger = 163mx03.mxmail.netease.com
163.com MX preference = 50, mail exchanger = 163mx00.mxmail.netease.com163.com nameserver = ns3.nease.net
163.com nameserver = ns5.nease.net
163.com nameserver = ns2.166.com
163.com nameserver = ns1.nease.net
163.com nameserver = ns6.nease.net
163.com nameserver = ns8.166.com
163.com nameserver = ns4.nease.net

• 通过dig插件查询域信息

# 默认查询A记录。查询example.com的IP地址
[student@worktest myansible]$ cat ipaddr.yml
---
- name: test ip addresshosts: serveratasks:- name: dns infodebug:msg: "{{lookup('dig', 'example.com')}}"# 查询example.com中邮件服务器是谁
[student@worktest myansible]$ cat ipaddr.yml
---
- name: test ip addresshosts: serveratasks:- name: dns infodebug:msg: "{{lookup('dig', 'example.com', 'qtype=MX')}}"