0 Basic idea
Ansible variables, like variables in any programming language, are used to store values.
All ansible variables will be mapped to Python variables underhood, as Ansible itself is written in Python.
A YAML file (playbook) is not aware of variables, it's the JinJa2 template engine that precompiles the playbook and supports variables.
1 How to use variables
In a playbook, usually, variables are marked by special syntax called "JinJa2".
- hosts: all
vars:
myvar: foobar
tasks:
- name: test
debug:
msg: "Hello, {{ myvar }}"
There are also some special sections where the content is pure JinJa2 by default, like when.
- hosts: all
tasks:
- name: test
command: cat /etc/passwd
when: inventory_hostname == "webserver01"
2 Where to define variables
It's a bit complex when talking about where to define a variable. Based on the official document, a variable can be defined in 22 places.
To make it simple, there are generally 3 places you can put a variable definition.
- command-line arguments when calling ansible-playbook with -e. e.g.
$ ansible-playbook -e 'username=root' playbook.yml
- a yaml file whether it's a playbook, included files, or an inventory variable file. e.g.
- hosts: all
vars:
username: user01
vars_files:
- vars/app.yml
- vars/dev.yml
vars_prompt:
- name: username
prompt: input the username
tasks:
- name: test task1
vars:
username: admin
- Inventory variables
Variables defined in an inventory file or inventory variable files (host_vars or group_vars). e.g.
# variables defined in a inventory file
$ cat /etc/ansible/hosts
[webservers]
192.168.0.101 run_account=app1run
[webservers:vars]
run_account=apprun
# variables defined in a inventory host_vars file
$ cat ./host_vars/webserver01
users:
- user01
- user02
- user03
3 Special variables / Predefined variables / Magic variables
In addition to user-defined variables, Ansible itself pre-defines many variables to control its behaviors. Here are some most common ones:
3.1 Ansible connection related variables
- ansible_connection=ssh
- ansible_user=user01
- ansible_ssh_pass=mypassword
- ansible_remote_tmp=/tmp
- ansible_host_key_checking=False
- ansible_become_password=mybecomepwd
Notes: there are "directives" with similar function to those variables, like:
-- hosts: all
become: yes
become_user: root
Those "directives" and variables have the same functions and similar names, so it's a little confusing at first.
3.2 Magic variables
- inventory_hostname
- groups
- group_names
3.3 Facts
- ansible_facts
By default, Ansible executes "setup" module before running any other task in playbooks to collect information about the target server. The result is saved as variable "ansible_facts".
The following tasks can use "ansible_facts" to conditionally run.
4 Variable scope and precedence
As any other programming language, a variable definition is valid in a certain scope. For Ansible, it's more complex. A variable can be defined at different places at the same time, so precedence must be applied to determine the final value of that variable.
4.1 Scope
- a host
- a group
- a task
- a block
- a play
- Global
4.2 Precedence
The complete list can be found here.
In the list below, the priority gets higher from top to bottom. In other words, the later overrides the former.
- command line values (eg “-u user”)
- role defaults [1]
- inventory file or script group vars [2]
- inventory group_vars/all [3]
- playbook group_vars/all [3]
- inventory group_vars/* [3]
- playbook group_vars/* [3]
- inventory file or script host vars [2]
- inventory host_vars/* [3]
- playbook host_vars/* [3]
- host facts / cached set_facts [4]
- play vars
- play vars_prompt
- play vars_files
- role vars (defined in role/vars/main.yml)
- block vars (only for tasks in block)
- task vars (only for the task)
- include_vars
- set_facts / registered vars
- role (and include_role) params
- include params
- extra vars (always win precedence)
No comments:
Post a Comment