Ansibleのtemplateコマンドについて

カテゴリ: 未分類 | タグ:

Ansibleでは単純なファイルのコピーだけでなく、templateコマンドを使うことによって可変部を含むファイルをコピーできるテンプレート機能を使用することができます。

テンプレートの仕組みについて

  • templateコマンドを使うと、Jinja2のテンプレートエンジンが使える
  • テンプレートのファイル名は何でもよいが*.j2にすることが多い
  • 可変部は {{ name }}のような形式で記述する
    昔は、$nameの形式だったので、ネットを探すと$形式の変数になっている可能性もある

テンプレートのドキュメントについて

Jinja2のドキュメントは下記のURLより確認できる。
http://jinja.pocoo.org/docs/templates/

ansibleでのヘルプマニュアルについて

コマンドのヘルプは、'ansible-doc template'コマンドで確認できる

 > ansible-doc template


> TEMPLATE    (/usr/lib/python2.7/dist-packages/ansible/modules/files/template.py)

  Templates are processed by the Jinja2 templating language (http://jinja.pocoo.org/docs/) - documentation on the template
  formatting can be found in the Template Designer Documentation (http://jinja.pocoo.org/docs/templates/). Six additional
  variables can be used in templates: `ansible_managed' (configurable via the `defaults' section of `ansible.cfg') contains a
  string which can be used to describe the template name, host, modification time of the template file and the owner uid.
  `template_host' contains the node name of the template's machine. `template_uid' the numeric user id of the owner.
  `template_path' the path of the template. `template_fullpath' is the absolute path of the template. `template_run_date' is the
  date that the template was rendered.

  * note: This module has a corresponding action plugin.

Options (= is mandatory):

- attributes
        Attributes the file or directory should have. To get supported flags look at the man page for `chattr' on the target
        system. This string should contain the attributes in the same order as the one displayed by `lsattr'.
        [Default: None]
- backup
        Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered
        it incorrectly.
        (Choices: yes, no)[Default: no]
= dest
        Location to render the template to on the remote machine.

- force
        the default is `yes', which will replace the remote file when contents are different than the source.  If `no', the file
        will only be transferred if the destination does not exist.
        (Choices: yes, no)[Default: yes]
- group
        Name of the group that should own the file/directory, as would be fed to `chown'.
        [Default: None]
- mode
        Mode the file or directory should be. For those used to `/usr/bin/chmod' remember that modes are actually octal numbers
        (like 0644). Leaving off the leading zero will likely have unexpected results. As of version 1.8, the mode may be
        specified as a symbolic mode (for example, `u+rwx' or `u=rw,g=r,o=r').
        [Default: None]
- owner
        Name of the user that should own the file/directory, as would be fed to `chown'.
        [Default: None]
- selevel
        Level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the `range'. `_default'
        feature works as for `seuser'.
        [Default: s0]
- serole
        Role part of SELinux file context, `_default' feature works as for `seuser'.
        [Default: None]
- setype
        Type part of SELinux file context, `_default' feature works as for `seuser'.
        [Default: None]
- seuser
        User part of SELinux file context. Will default to system policy, if applicable. If set to `_default', it will use the
        `user' portion of the policy if available.
        [Default: None]
= src
        Path of a Jinja2 formatted template on the Ansible controller. This can be a relative or absolute path.

- unsafe_writes
        Normally this module uses atomic operations to prevent data corruption or inconsistent reads from the target files,
        sometimes systems are configured or just broken in ways that prevent this. One example are docker mounted files, they
        cannot be updated atomically and can only be done in an unsafe manner.
        This boolean option allows ansible to fall back to unsafe methods of updating files for those cases in which you do not
        have any other choice. Be aware that this is subject to race conditions and can lead to data corruption.
        [Default: False]
- validate
        The validation command to run before copying into place. The path to the file to validate is passed in via '%s' which
        must be present as in the example below. The command is passed securely so shell features like expansion and pipes won't
        work.
        [Default: None]
Notes:
  * Including a string that uses a date in the template will result in the template being marked 'changed' each time
  * Since Ansible version 0.9, templates are loaded with `trim_blocks=True'.
  * Also, you can override jinja2 settings by adding a special header to template file. i.e.
        `#jinja2:variable_start_string:'[%' , variable_end_string:'%]', trim_blocks: False' which changes the variable
        interpolation markers to  [% var %] instead of  {{ var }}. This is the best way to prevent evaluation of things
        that look like, but should not be Jinja2. raw/endraw in Jinja2 will not work as you expect because templates in
        Ansible are recursively evaluated.
EXAMPLES:
# Example from Ansible Playbooks
- template:
    src: /mytemplates/foo.j2
    dest: /etc/file.conf
    owner: bin
    group: wheel
    mode: 0644

# The same example, but using symbolic modes equivalent to 0644
- template:
    src: /mytemplates/foo.j2
    dest: /etc/file.conf
    owner: bin
    group: wheel
    mode: "u=rw,g=r,o=r"

# Copy a new "sudoers" file into place, after passing validation with visudo
- template:
    src: /mine/sudoers
    dest: /etc/sudoers
    validate: 'visudo -cf %s'

# Update sshd configuration safely, avoid locking yourself out
- template:
    src: etc/ssh/sshd_config.j2
    dest: /etc/ssh/sshd_config
    owner: root
    group: root
    mode: '0600'
    validate: /usr/sbin/sshd -t -f %s
    backup: yes


MAINTAINERS: Ansible Core Team, Michael DeHaan

METADATA:
        Status: ['stableinterface']
        Supported_by: core
こちらもおススメ

コメントを残す

メールアドレスが公開されることはありません。