/docsite/rst/playbooks_lookups.rst

https://github.com/ajanthanm/ansible · ReStructuredText · 155 lines · 100 code · 55 blank · 0 comment · 0 complexity · 6322e16f657ab4b7c8b3fb2d4e00e600 MD5 · raw file

  1. Using Lookups
  2. =============
  3. Lookup plugins allow access of data in Ansible from outside sources. These plugins are evaluated on the Ansible control
  4. machine, and can include reading the filesystem but also contacting external datastores and services.
  5. These values are then made available using the standard templating system
  6. in Ansible, and are typically used to load variables or templates with information from those systems.
  7. .. note:: This is considered an advanced feature, and many users will probably not rely on these features.
  8. .. note:: Lookups occur on the local computer, not on the remote computer.
  9. .. contents:: Topics
  10. .. _getting_file_contents:
  11. Intro to Lookups: Getting File Contents
  12. ```````````````````````````````````````
  13. The file lookup is the most basic lookup type.
  14. Contents can be read off the filesystem as follows::
  15. - hosts: all
  16. vars:
  17. contents: "{{ lookup('file', '/etc/foo.txt') }}"
  18. tasks:
  19. - debug: msg="the value of foo.txt is {{ contents }}"
  20. .. _password_lookup:
  21. The Password Lookup
  22. ```````````````````
  23. .. note::
  24. A great alternative to the password lookup plugin, if you don't need to generate random passwords on a per-host basis, would be to use :doc:`playbooks_vault`. Read the documentation there and consider using it first, it will be more desirable for most applications.
  25. ``password`` generates a random plaintext password and stores it in
  26. a file at a given filepath.
  27. (Docs about crypted save modes are pending)
  28. If the file exists previously, it will retrieve its contents, behaving just like with_file. Usage of variables like "{{ inventory_hostname }}" in the filepath can be used to set
  29. up random passwords per host (what simplifies password management in 'host_vars' variables).
  30. Generated passwords contain a random mix of upper and lowercase ASCII letters, the
  31. numbers 0-9 and punctuation (". , : - _"). The default length of a generated password is 20 characters.
  32. This length can be changed by passing an extra parameter::
  33. ---
  34. - hosts: all
  35. tasks:
  36. # create a mysql user with a random password:
  37. - mysql_user: name={{ client }}
  38. password="{{ lookup('password', 'credentials/' + client + '/' + tier + '/' + role + '/mysqlpassword length=15') }}"
  39. priv={{ client }}_{{ tier }}_{{ role }}.*:ALL
  40. (...)
  41. .. note:: If the file already exists, no data will be written to it. If the file has contents, those contents will be read in as the password. Empty files cause the password to return as an empty string
  42. Starting in version 1.4, password accepts a "chars" parameter to allow defining a custom character set in the generated passwords. It accepts comma separated list of names that are either string module attributes (ascii_letters,digits, etc) or are used literally::
  43. ---
  44. - hosts: all
  45. tasks:
  46. # create a mysql user with a random password using only ascii letters:
  47. - mysql_user: name={{ client }}
  48. password="{{ lookup('password', '/tmp/passwordfile chars=ascii_letters') }}"
  49. priv={{ client }}_{{ tier }}_{{ role }}.*:ALL
  50. # create a mysql user with a random password using only digits:
  51. - mysql_user: name={{ client }}
  52. password="{{ lookup('password', '/tmp/passwordfile chars=digits') }}"
  53. priv={{ client }}_{{ tier }}_{{ role }}.*:ALL
  54. # create a mysql user with a random password using many different char sets:
  55. - mysql_user: name={{ client }}
  56. password="{{ lookup('password', '/tmp/passwordfile chars=ascii_letters,digits,hexdigits,punctuation') }}"
  57. priv={{ client }}_{{ tier }}_{{ role }}.*:ALL
  58. (...)
  59. To enter comma use two commas ',,' somewhere - preferably at the end. Quotes and double quotes are not supported.
  60. .. _more_lookups:
  61. More Lookups
  62. ````````````
  63. .. note:: This feature is very infrequently used in Ansible. You may wish to skip this section.
  64. .. versionadded:: 0.8
  65. Various *lookup plugins* allow additional ways to iterate over data. In :doc:`Loops <playbooks_loops>` you will learn
  66. how to use them to walk over collections of numerous types. However, they can also be used to pull in data
  67. from remote sources, such as shell commands or even key value stores. This section will cover lookup
  68. plugins in this capacity.
  69. Here are some examples::
  70. ---
  71. - hosts: all
  72. tasks:
  73. - debug: msg="{{ lookup('env','HOME') }} is an environment variable"
  74. - debug: msg="{{ item }} is a line from the result of this command"
  75. with_lines:
  76. - cat /etc/motd
  77. - debug: msg="{{ lookup('pipe','date') }} is the raw result of running this command"
  78. - debug: msg="{{ lookup('redis_kv', 'redis://localhost:6379,somekey') }} is value in Redis for somekey"
  79. - debug: msg="{{ lookup('dnstxt', 'example.com') }} is a DNS TXT record for example.com"
  80. - debug: msg="{{ lookup('template', './some_template.j2') }} is a value from evaluation of this template"
  81. As an alternative you can also assign lookup plugins to variables or use them
  82. elsewhere. This macros are evaluated each time they are used in a task (or
  83. template)::
  84. vars:
  85. motd_value: "{{ lookup('file', '/etc/motd') }}"
  86. tasks:
  87. - debug: msg="motd value is {{ motd_value }}"
  88. .. seealso::
  89. :doc:`playbooks`
  90. An introduction to playbooks
  91. :doc:`playbooks_conditionals`
  92. Conditional statements in playbooks
  93. :doc:`playbooks_variables`
  94. All about variables
  95. :doc:`playbooks_loops`
  96. Looping in playbooks
  97. `User Mailing List <http://groups.google.com/group/ansible-devel>`_
  98. Have a question? Stop by the google group!
  99. `irc.freenode.net <http://irc.freenode.net>`_
  100. #ansible IRC chat channel