一、inventory介绍

前面我们介绍过ansible的hosts文件是存放被管理主机的，被管理主机比较少的情况下，直接在hosts中定义即可，但是以后很定会管理多台主机，而ansible可管理的主机集合就叫做inventory。在ansible中，描述你主机的默认方法是将它们列在一个文本文件中,这个文件叫inventory文件。

一个简单的inventory文件可能只包含一组主机名的列表，如下：

ftp.testansible.com
samba.testansible.com
mail.testansible.com

1、inventory的行为参数

有时候我们需要在ansible inventory文件中描述我们的主机，我们需要定义主机名，以及ansible的ssh客户端可以连接到的端口(22,2222,22300)等，那么ansible将这些变量命名为inventory的行为参数，如下：

名称                           默认值                                描述
ansible_ssh_host               主机的名字                             SSH目的主机名或IP
ansible_ssh_port               22                                    SSH目的端口
ansible_ssh_user               root                                  SSH登录使用的用户名
ansible_ssh_pass               none                                  SSH认证所使用的密码
ansible_connection             smart                                 ansible使用何种连接模式连接到主机
ansible_ssh_private_key_file   none                                  SSH认证所使用的私钥
ansible_shell_type             sh                                    命令所使用的shell
ansible_python_interpreter     /usr/bin/python                       主机上的python解释器

ansible默认的inventory文件是/etc/ansible/hosts

可以自定义动态的inventory文件，(--inventory-file等同于-i path)如下

#ansible --inventory-file=/root/iptables/iptableshosts iptables -m script -a '/root/iptables/check_iptables.sh'

如果有多台服务器的话，想并发运行，可以使用-f参数，默认是并发5

#ansible --inventory-file=/root/iptables/iptableshosts iptables -f 6 -m script -a '/root/iptables/check_iptables.sh'

2、主机和主机组定义方式：

直接定义一台或者2台server

#vim /etc/ansible/hosts
192.168.100.10
192.168.100.11

定义一个组,可以是ip也可以是解析好的域名

[web]
192.168.100.10
192.168.100.11
[httpd]
192.168.100.12
192.168.100.13

嵌套定义组

[apache]
http1.test.com
http2.test.com
[nginx]
nginx1.test.com
nginx2.test.com
[webservers:children]
apache
nginx

3、主机变量和组变量

主机变量：针对单主机的特性化要求，通过内置变量实现，如下：

[webservers]
web1.test.com http_port=80 ansible_ssh_port=12345

群组变量

语法：[<group name>:vars] 在inventory中指定群组变量，如下：

[all:vars]
ntp_server=ntp.centos.com[production]
test1
test2
test3
[production:vars]
db_primary_port=22[groupservers]
web1.test.com
web2.test.com
[groupservers:vars]
ntp_server=ntp.test.com
admin_user=tom

4、嵌套组和组变量

[apache]
http1.test.com
http2.test.com[nginx]
nginx1.test.com
nginx2.test.com[webservers:children]
apache
nginx[webservers:vars]
ntp_server=ntp.test.com

5、变量分离

变量除了可以和inventory一起存储在INI配置文件中，也可以独立出来。

当我们要为非常多的主机和主机组分别设置不同的变量时，用如上的方式就显得比较笨拙了，就需要用到group_vars和host_vars 变量了。Ansible在运行任何yml文件之前，都会去搜索与Hosts文件同一个目录下的两个用于定义变量的目录group_vars和host_vars，所以，我们可以在这两个目录下放一些使用YAML语法编辑的定义变量的文件，并以对应的主机名和主机组名来命名这些文件，这样在运行ansible时

ansible会自动去这两个目录下读取针对不同主机和主机组的变量定义

比如对主机组group设置变量：

File: /etc/ansible/group_vars/group
admin_user: tom

对主机host1设置变量

File: /etc/ansible/host_vars/host1
admin_user: john

除此之外，我们还可以在group_vars和host_vars两个文件夹下定义all文件来一次性地为所有的主机组和主机定义变量。如何巧妙使用主机变量和组变量有些时候，我们在运行ansible任务时，可能需要从一台远程主机上面获取另一台远程主机的变量信息，这时一个神奇的变量hostvars可以帮我们实现这一个需求。变量hostvars包含了指定主机上面所定义的所有变量。

比如我们想获取host1上面的变量admin_user的内容，在任意主机上直接使用如下代码即可：

{{ hostvars['host1']['admin_user'] }}

Ansible提供了一些非常有用的内置变量，这里我们列举几个常用的：

a、groups: 包含了所有Hosts文件里面主机组的一个列表

b、group_names: 包含了当前主机所在的所有主机组名的一个列表

c、inventory_hostname: 通过Hosts文件定义主机的主机名和ansible_home不一定相同

d、play_hosts: 将会执行当前任务的所有主机

6、yml文件中使用变量的一个例子：

---
- hosts: alluser: rootvars:GETURL:"http://192.168.24.14/sa"TARFILE:"sa"TMPPATCH:"/tmp"SHFILE:"os.sh" tasks:- name: Download `TARFILE`.tar.gz packageget_url: url="`GETURL`/`TARFILE`.tar.gz" dest=`TMPPATCH` sha256sum=b6f482b3c26422299f06524086d1f087e1d93f2748be18542945bca4c2df1569tags:-downsa - name: tarzxvf `TARFILE`.tar.gz fileshell: tar zxvf "`TMPPATCH`/`TARFILE`.tar.gz" -C `TMPPATCH`tags:-tarxsa- name: Run`SHFILE` scriptshell: "`TMPPATCH`/`TARFILE`/`SHFILE`"tags:-runsa

二、ansible常用模块介绍：

ansible的每个模块用法可以使用#ansible-doc MOD 来查看，如下范例：

#ansible-doc copy
less 436
Copyright (C) 1984-2009 Mark Nudelman
less comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
Homepage: http://www.greenwoodsoftware.com/less
> COPYThe [copy] module copies a file on the local box to remote locations. Use the [fetch] module to copy files from remote locations to the local box. If you needvariable interpolation in copied files, use the [template] module.Options (= is mandatory):- backup
……………………还有很多可以显示，此处省略

查看所支持的模块，可以使用ansible-doc -l 查看，如下：

#ansible-doc -l
less 436
Copyright (C) 1984-2009 Mark Nudelmanless comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
Homepage: http://www.greenwoodsoftware.com/less
a10_server                    Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
a10_service_group             Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
a10_virtual_server            Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
acl                           Sets and retrieves file ACL information.
add_host                      add a host (and alternatively a group) to the ansible-playbook in-memory inventory
airbrake_deployment           Notify airbrake about app deployments
alternatives                  Manages alternative programs for common commands
apache2_module                enables/disables a module of the Apache2 webserver
apt                           Manages apt-packages
……………………还有很多模块可以显示，这里省略

1、远程命令模块

command、script 、shell

Examples：

# Example from Ansible Playbooks

- script: /some/local/script.sh --some-arguments 1234

例如：

#ansible host1 -m command -a "free -m"   #可以简写为ansible host1 -a "free -m"
#ansible host1 -m script -a "/home/test.sh 12 34"
#ansible host1 -m shell -a "/home/test.sh"

比如在服务端执行：

#ansible web -m shell -a "/root/test.sh 3 4 "
10.0.90.25 | success | rc=0 >>
7
20151119-171933
10.0.90.24 | success | rc=0 >>
7
20151119-171933
注：test.sh 在客户端服务器/root目录，内容是前两个位置变量相加，并打印出当前时间。

一个简单的创建目录的例子，创建/usr/local/src/data/log 目录，如下：

#cat test1.sh
#!/bin/bash
if [ -z $1 ] || [ -z $2 ];thenecho "Wrong,Please input two args"echo "Usage `basename $0` arguments arguments"exit 6
fi
mkdir -pv /usr/local/src/$1/$2
#cat createdir.yml
---
- hosts: "{{ host }}"user: "{{ user }}"gather_facts: Truetasks:- name: Create Dir in client serverscript: /etc/ansible/test1.sh data log
执行：
#ansible-playbook createdir.yml -e "host=web user=root"

一个批量修改root密码的例子：

shell脚本
#cat alter.sh
#!/bin/bash
##modify passwd##
echo 'root:1234567890' |chpasswd
if [ $? -eq 0 ]
thenecho "Change password for root OK!!!"
elseecho "Change password for root failure!!!"
fi
ansible的yml文件
#cat modify_all_password.yml
---
- hosts: alluser: rootgather_facts: Truetasks:- name: Modify root passwd in all clientscript: /etc/ansible/roles/alter.sh
然后执行：
#ansible-playbook modify_all_password.yml

ansible-playbook可以跟很多参数，可以使用--help查看

#ansible-playbook --help
Usage: ansible-playbook playbook.ymlOptions:--ask-become-pass     ask for privilege escalation password-k, --ask-pass        ask for connection password--ask-su-pass         ask for su password (deprecated, use become)-K, --ask-sudo-pass   ask for sudo password (deprecated, use become)--ask-vault-pass      ask for vault password-b, --become          run operations with become (nopasswd implied)--become-method=BECOME_METHODprivilege escalation method to use (default=sudo),valid choices: [ sudo | su | pbrun | pfexec | runas |doas ]……………………    还有很多，此处省略。这里介绍一些常用的
--inventory=PATH (-i PATH)：  指定inventory文件，默认文件是/etc/ansible/hosts
--verbose(-v)：               显示详细输出，也可以使用-vvvv显示精确到每分钟的输出
--extra-vars=VARS(-e VARS)：  定义在playbook使用的变量，格式为："key=value,key=value"
--forks=NUM ( -f NUM)：       指定并发执行的任务数，默认为5，根据服务器性能，调大这个值可提高ansible执行效率
--connection=TYPE ( -c TYPE)：指定连接远程主机的方式，默认为ssh，设为local时，刚只在本地执行playbook，建议不做修改
--check：                     检测模式，playbook中定义的所有任务将在每台远程主机上进行检测，但并不直正执行

2、copy模快

实现服务端向目标主机拷贝文件，类似于scp功能：-m copy   -a "command"

例如:

#ansible host1 -m copy -a "src=/root/php-5.5.24-1.ele.el6.x86_64.rpm dest=/usr/local/src owner=root group=root mode=0755"
查看客户端文件是否存在
#ansible host1 -m shell -a "ls -l /usr/local/src"
172.16.29.193 | success | rc=0 >>
total 10264
-rw-r--r--. 1 root root 10507544 May 30 02:40 php-5.5.24-1.ele.el6.x86_64.rpm

3、stat模块：

获取远程文件状态信息，包括atime，ctime，mtime，md5，uid，gid等信息

# ansible 10.0.90.25 -m stat -a "path=/etc/sysctl.conf"
10.0.90.25 | SUCCESS => {"changed": false, "stat": {"atime": 1459270210.5650001, "checksum": "a27c7ce2e6002c37f3cb537ad997c6da7fd76480", "ctime": 1441217442.5749998, "dev": 2051, "exists": true, "gid": 0, "gr_name": "root", "inode": 1181554, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "md5": "c97839af771c8447b9fc23090b4e8d0f", "mode": "0644", "mtime": 1413471211.0, "nlink": 1, "path": "/etc/sysctl.conf", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 1150, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}
}

#ansible web -m setup   ##显示所有的ansible默认变量信息

4、get_url 模块

实现在远程主机下载指定URL到本地，支持sha256sum文件校验

例如：

#ansible host1 -m get_url -a "url=http://www.baidu.com dest=/tmp/index.html mode=0440 force=yes"
172.16.29.193 | success >> {"changed": true,"checksum": "8bc43056c39fbb882cf5d7b0391d70b6e84096c6","dest": "/tmp/index.html","gid": 0,"group": "root","md5sum": "324aa881293b385d2c0b355cf752cff9","mode": "0440","msg": "OK (unknown bytes)","owner": "root","secontext": "unconfined_u:object_r:user_tmp_t:s0","sha256sum": "","size": 93299,"src": "/tmp/tmp3WI5fE","state": "file","uid": 0,"url": "http://www.baidu.com"
}

5、yum 模块

linux 平台软件包管理操作，常见的有yum，apt

例如：

#ansible host1 -m yum -a "name=vsftpd state=latest"
Ubuntu系列：
#ansible host1 -m apt -a "pkg=vsftpd state=latest"
yum 模块的一些用法：
- name: install the latest version of Apacheyum: name=httpd state=latest
- name: remove the Apache packageyum: name=httpd state=absent
- name: install the latest version of Apache from the testing repoyum: name=httpd enablerepo=testing state=present
- name: install one specific version of Apacheyum: name=httpd-2.2.29-1.4.amzn1 state=present
- name: upgrade all packagesyum: name=* state=latest
- name: install the nginx rpm from a remote repoyum: name=http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm state=present
- name: install nginx rpm from a local fileyum: name=/usr/local/src/nginx-release-centos-6-0.el6.ngx.noarch.rpm state=present
- name: install the 'Development tools' package groupyum: name="@Development tools" state=present
- name: install the 'Gnome desktop' environment groupyum: name="@^gnome-desktop-environment" state=present

6、cron 模块

远程主机crontab 配置，如下：

#ansible host1 -m cron -a "name='crontab test' minute=0 hour=5,2 job='ls -alh > /dev/null'"
172.16.29.193 | success >> {"changed": true,"jobs": ["crontab test"]
}
效果如下：
#Ansible: crontab test
0 5,2 * * * ls -alh > /dev/null

一个简单的yml例子添加cron：

#cat add_cron.yml
---
-  hosts: web_crontabremote_user: rootgather_facts: Truetasks:- name: add ntp server cron jobcron: name="local network ntpserver" minute="*/12" hour="*" job="/usr/sbin/ntpdate 10.0.18.1 > /root/ntp.log"
执行：
#ansible-playbook add_cron.yml

移除一个cron任务：

#cat del_cron.yml
---
- hosts: webremote_user: rootgather_facts: falsetasks:- name: del an old crontab jobcron: name="local network ntpserver" state=absent
执行：
#ansible-playbook del_cron.yml

小案例： 假如有一个db备份脚本，需要推到所有db服务器上，并加入crontab，每隔1分钟执行一次，需要定义playbook结构的yml文件

#tree cronjob/
cronjob/
└── tasks├── crontest.yml└── main.yml
yml文件如下：
#cat test-cron.yml
---
- name: cron jobs testhosts: "{{ host }}"remote_user: "{{ user }}"gather_facts: Trueroles:- cronjob
tasks目录中的crontest.yml
#cat crontest.yml
#copy cron job to client server- copy: src=/tmp/test_time.sh dest=/usr/local/src/test_time.sh owner=root group=root mode=0755
#add cron job- cron: name="test time jobs" minute="*/1" hour="*" job="/usr/local/src/test_time.sh >> /tmp/time.log"
tasks目录中的main.yml
#cat main.yml- include: crontest.yml
执行：
ansible-playbook test-cron.yml --extra-vars "host=172.16.29.193 user=root"   --单台执行
客户端crontab效果如下：
#Ansible: test time jobs
*/1 * * * * /usr/local/src/test_time.sh >> /tmp/time.log

以上有点复杂，整合进一个简单的yml文件：

#cat test-cron.yml
---
- hosts: host1remote_user: rootgather_facts: Truetasks:- name: copy cron job file to client servercopy: src=/tmp/test_time.sh dest=/usr/local/src/test_time.sh owner=root group=root mode=0755- name: add cron jobcron: name="test time jobs" minute="*/2" hour="*" job="/usr/local/src/test_time.sh >> /tmp/time.log"
执行：
#ansible-playbook test-cron.yml
效果：
#Ansible: test time jobs
*/2 * * * * /usr/local/src/test_time.sh >> /tmp/time.log

启用10个并行进程数执行playbook：

#ansible-playbook host1 nginx.yml -f 10

7、file模块

##设置文件的属性，一个很常用的模块

相关选项如下：

force：需要在两种情况下强制创建软链接，一种是源文件不存在，但之后会建立的情况下；另一种是目标软链接已存在，需要先取消之前的软链，然后创建新的软链，有两个选项：yes|no
group：定义文件/目录的属组
mode： 定义文件/目录的权限
owner：定义文件/目录的属主
path： 必选项，定义文件/目录的路径
recurse：递归设置文件的属性，只对目录有效
src：被链接的源文件路径，只应用于state=link的情况
dest：被链接到的路径，只应用于state=link的情况
state：directory：如果目录不存在，就创建目录file：即使文件不存在，也不会被创建link：创建软链接hard：创建硬链接touch：如果文件不存在，则会创建一个新的文件，如果文件或目录已存在，则更新其最后修改时间absent：删除目录、文件或者取消链接文件

比如：

- file: src=/tmp/test1 dest=/home/test2 state=link
- file: path=/root/test.txt state=touch
- file: path=/root/tomcat state=directory owner=root group=root mode=0755

8、mount 模块:远程主机分区挂载

#ansible host1 -m mount -a "name=/mnt/data src=/dev/sd0 fstype=ext3 opts=ro state=present"

9、service 模块:远程主机系统服务管理

#ansible host1 -m service -a "name=httpd stete=restarted"

10、sysctl 模块:远程linux主机sysctl配置

sysctl: name=kernel.panic value=3 sysctl_file=/etc/sysctl.conf checks=before reload=yes
以下是定义在yml格式文件中的例子：
- sysctl: name=net.ipv4.tcp_rmem 'value=4096        87380   16777216' state=present
- sysctl: name=net.ipv4.tcp_wmem 'value=4096        65536   16777216' state=present
- sysctl: name=net.ipv6.conf.lo.disable_ipv6 value=1 state=present

11、lineinfile模块

Ensure a particular line is in a file, or replace an existing line using a back-referenced regular expression 确保特定的行在文件中，或使用反向引用正则表达式替换现有的行

用法：Examples

- lineinfile: dest=/etc/selinux/config regexp=^SELINUX= line=SELINUX=enforcing
- lineinfile: dest=/etc/sudoers state=absent regexp="^%wheel"
- lineinfile: dest=/etc/hosts regexp='^127\.0\.0\.1' line='127.0.0.1 localhost' owner=root group=root mode=0644
- lineinfile: dest=/etc/httpd/conf/httpd.conf regexp="^Listen " insertafter="^#Listen " line="Listen 8080"
- lineinfile: dest=/etc/services regexp="^# port for http" insertbefore="^www.*80/tcp" line="# port for http by default"
# Add a line to a file if it does not exist, without passing regexp
- lineinfile: dest=/tmp/testfile line="192.168.1.99 foo.lab.net foo"
# Fully quoted because of the ': ' on the line. See the Gotchas in the YAML docs.
- lineinfile: "dest=/etc/sudoers state=present regexp='^%wheel' line='%wheel ALL=(ALL) NOPASSWD: ALL'"
- lineinfile: dest=/opt/jboss-as/bin/standalone.conf regexp='^(.*)Xms(\d+)m(.*)$' line='\1Xms${xms}m\3' backrefs=yes
# Validate the sudoers file before saving
- lineinfile: dest=/etc/sudoers state=present regexp='^%ADMIN ALL\=' line='%ADMIN ALL=(ALL) NOPASSWD:ALL' validate='visudo -cf %s'

一个例子：

#cat linetest.yml
---
- hosts: webuser: rootgather_facts: flasetasks:- name: change /etc/hostslineinfile: dest=/etc/hostsline='test line 1\ntest line 2\ntest line 3\ntest line 4'
上面的例子是在/etc/hosts中添加4行，如果你只需要添加一行，line='test line 1'即可！

12、blockinfile模块 Insert/update/remove a text block surrounded by marker lines

注意：dest后面的路径和文件名一定要存在，否则会报错。

Examples：
Insert/update/remove a text block surrounded by marker lines
- name: insert/update "Match User" configuation block in /etc/ssh/sshd_configblockinfile:dest: /etc/ssh/sshd_configblock: |Match User ansible-agentPasswordAuthentication no
- name: insert/update eth0 configuration stanza in /etc/network/interfaces(it might be better to copy files into /etc/network/interfaces.d/)blockinfile:dest: /etc/network/interfacesblock: |iface eth0 inet staticaddress 192.168.0.1netmask 255.255.255.0
- name: insert/update HTML surrounded by custom markers after <body> lineblockinfile:dest: /var/www/html/index.htmlmarker: "<!-- {mark} ANSIBLE MANAGED BLOCK -->"insertafter: "<body>"content: |<h1>Welcome to `ansible_hostname`</h1><p>Last updated on `ansible_date_time`.`iso8601`</p>
- name: remove HTML as well as surrounding markers      ##此文件实现将上面添加的内容删除blockinfile:dest: /var/www/html/index.htmlmarker: "<!-- {mark} ANSIBLE MANAGED BLOCK -->"content: ""
- name: insert/update "Match User" configuation block in /etc/ssh/sshd_configblockinfile:dest: /etc/hostsblock: |`item`.`name` `item`.`ip`marker: "# {mark} ANSIBLE MANAGED BLOCK `item`.`name`"with_items:- { name: host1, ip: 10.10.1.10 }- { name: host2, ip: 10.10.1.11 }- { name: host3, ip: 10.10.1.12 }

第一个例子：在/etc/hosts文件中添加3行

#cat blockinfile.yml
---
- hosts: webuser: roottasks:- name: this is test blockinfile moduleblockinfile:dest: /etc/hostsblock: |this is a test line 1 this is a test line 2 this is a test line 3
结果：
#cat /etc/hosts
# BEGIN ANSIBLE MANAGED BLOCK
this is a test line 1
this is a test line 2
this is a test line 3
# END ANSIBLE MANAGED BLOCK

第二个例子：创建一个index.html文件，并写入html格式内容

#cat blockinfile.yml
---
- hosts: webuser: roottasks:- name: create a test filefile: path=/root/index.html state=touch- name: this is test blockinfile moduleblockinfile:dest: /root/index.htmlmarker: "<!-- {mark} ansible managed block -->"insertafter: "<body>"content: |<h1>welcome to `ansible_hostname`</h1><p>Last updated on `ansible_date_time`.`iso8601`</p>
结果：
#cat index.html
<!-- BEGIN ansible managed block -->
<h1>welcome to http</h1>
<p>Last updated on 2016-05-19T03:17:35Z</p>
<!-- END ansible managed block -->

注意：上面yml文件中ansible_hostname和ansible_date_time.iso8601变量是ansible默认的系统变量，这个变量可以通过-m setup查看到！

所以上面的ansible_date_time.iso8601可以改为iso8601_basic_short（人类可读）

结果就变成了如下：因为当前时间就是#Thu May 19 11:33:29 CST 2016

<p>Last updated on 20160519T113219</p>

第三个例子：index.html已经存在，并且内容如下：

#cat index.html
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>body {width: 35em;margin: 0 auto;font-family: Tahoma, Verdana, Arial, sans-serif;}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>

创建ansible的playbook文件如下：

#cat blockinfile.yml
---
- hosts: 10.0.90.25user: rootgather_facts: Truetasks:- name: this is test blockinfile moduleblockinfile:dest: /root/index.htmlmarker: "<!-- {mark} ansible managed block -->"insertafter: "<body>"content: |<h1>welcome to `ansible_hostname`</h1><p>Last updated on `ansible_date_time`.`iso8601_basic_short`</p>
执行之后，再查看index.html
#cat index.html
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>body {width: 35em;margin: 0 auto;font-family: Tahoma, Verdana, Arial, sans-serif;}
</style>
</head>
<body>
<!-- BEGIN ansible managed block -->            ###从这里开始
<h1>welcome to http</h1>
<p>Last updated on 20160519T115013</p>
<!-- END ansible managed block -->              ###在这里结束
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p><p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p>
</body>
</html>

第四个例子：使用变量

#cat blockinfile.yml
---
- hosts: 10.0.90.25user: rootgather_facts: Truetasks:- name: this is test blockinfile moduleblockinfile:dest: /etc/hostsblock: |`item`.`name` `item`.`ip`marker: "# {mark} ansible managed block `item`.`name`"with_items:- { name: host1, ip: 10.10.1.10}- { name: host2, ip: 10.10.1.11}- { name: host3, ip: 10.10.1.12}
执行后，结果如下：
#cat /etc/hosts
# BEGIN ansible managed block host1
host1 10.10.1.10
# END ansible managed block host1
# BEGIN ansible managed block host2
host2 10.10.1.11
# END ansible managed block host2
# BEGIN ansible managed block host3
host3 10.10.1.12
# END ansible managed block host3

不足之处，请多多指出！