1
00:00:06,416 --> 00:00:07,330
- [Instructor] In the previous video,

2
00:00:07,330 --> 00:00:09,210
you've learned about lookup plugins.

3
00:00:09,210 --> 00:00:10,950
There are so many of them

4
00:00:10,950 --> 00:00:12,760
that I feel that is needed to have a look

5
00:00:12,760 --> 00:00:15,630
at a couple of them in more detail.

6
00:00:15,630 --> 00:00:19,410
So to start it there's
env, env for environment.

7
00:00:19,410 --> 00:00:21,810
So this lookup plugin is
used to set a variable

8
00:00:21,810 --> 00:00:24,020
that's based on the
value of a shell variable

9
00:00:24,020 --> 00:00:25,710
on the managed host.

10
00:00:25,710 --> 00:00:28,100
And if you combine that
with a default filter,

11
00:00:28,100 --> 00:00:31,540
it has a nice potential
to automatically create

12
00:00:31,540 --> 00:00:34,620
or modify content based on local settings.

13
00:00:34,620 --> 00:00:36,010
In particular, when combined

14
00:00:36,010 --> 00:00:38,760
with the template lookup
plugin, it can be very useful.

15
00:00:39,610 --> 00:00:41,310
Notice that a template lookup plugin

16
00:00:41,310 --> 00:00:43,290
is not the same as a template module.

17
00:00:43,290 --> 00:00:45,410
The template plugin issues
should generate texts

18
00:00:45,410 --> 00:00:48,720
that can be used in modules like copy.

19
00:00:48,720 --> 00:00:50,440
Sometimes it's a little bit confusing

20
00:00:50,440 --> 00:00:52,220
and you really need to clarify

21
00:00:52,220 --> 00:00:54,130
what it is that you're talking about.

22
00:00:54,130 --> 00:00:56,950
But this time, we are talking about env,

23
00:00:56,950 --> 00:00:59,300
and template variables.

24
00:00:59,300 --> 00:01:02,802
Let's have a look at
setlanguage.yaml, our first example.

25
00:01:02,802 --> 00:01:04,520
(keyboard clicking)

26
00:01:04,520 --> 00:01:06,507
So here we have setlanguage.yaml,

27
00:01:06,507 --> 00:01:08,640
and what it is doing.

28
00:01:08,640 --> 00:01:11,720
Well, choosing templates to
provide the right language.

29
00:01:11,720 --> 00:01:15,280
So we have the variable, the
variable is using language.

30
00:01:15,280 --> 00:01:17,300
And then we have the lookup plugin.

31
00:01:17,300 --> 00:01:20,160
The lookup plugin env for environment,

32
00:01:20,160 --> 00:01:23,290
which is looking up,
the local variable Lang.

33
00:01:23,290 --> 00:01:26,800
The local variable Lang
is setting the language.

34
00:01:26,800 --> 00:01:30,080
And if this local variable is not set,

35
00:01:30,080 --> 00:01:32,013
then it's using the default.

36
00:01:33,060 --> 00:01:34,320
And the default...

37
00:01:34,320 --> 00:01:36,530
Notice that that's a filter
that we are using here.

38
00:01:36,530 --> 00:01:38,970
The default is setting
the value of the variable

39
00:01:38,970 --> 00:01:43,970
to en_US.UTF-8, which
will use English language.

40
00:01:46,550 --> 00:01:49,770
Now we have the task, install
MOTD in the right language.

41
00:01:49,770 --> 00:01:51,420
So what do we get?

42
00:01:51,420 --> 00:01:53,590
Well, we get a copy,

43
00:01:53,590 --> 00:01:58,590
and copy is using lookup
template motd + language.j2.

44
00:02:00,740 --> 00:02:05,490
And it's writing that to
the destination, etc/motd.

45
00:02:05,490 --> 00:02:10,330
So we need some template files ls star j2,

46
00:02:10,330 --> 00:02:14,360
and there you can see
that we have an motd en,

47
00:02:14,360 --> 00:02:16,630
and then motd fr.

48
00:02:16,630 --> 00:02:20,763
So let me use ansible
playbook on setlanguage.yaml,

49
00:02:23,840 --> 00:02:26,240
and that is working out alright.

50
00:02:26,240 --> 00:02:28,050
Oh, it's not working out alright.

51
00:02:28,050 --> 00:02:29,760
Because apparently on ansible 1,

52
00:02:29,760 --> 00:02:32,270
I need a pseudo password, -K.

53
00:02:32,270 --> 00:02:36,540
There we go, become password,
and then we try again.

54
00:02:36,540 --> 00:02:39,180
And there we can see
it installing the motd

55
00:02:39,180 --> 00:02:41,390
in the appropriate language

56
00:02:41,390 --> 00:02:44,760
on the different nodes that are involved.

57
00:02:44,760 --> 00:02:47,743
Good, let's have a look at
some more lookup plugins.

58
00:02:48,930 --> 00:02:52,040
Our next example is
based on pipe and lines.

59
00:02:52,040 --> 00:02:54,120
The pipe and lines lookup plugins

60
00:02:54,120 --> 00:02:55,772
are used to return output from a command

61
00:02:55,772 --> 00:02:58,000
that has been used on a control node.

62
00:02:58,000 --> 00:03:01,610
Where pipe shows raw, which
is unformatted output,

63
00:03:01,610 --> 00:03:03,010
and lines split the output

64
00:03:03,010 --> 00:03:06,210
in lines that can be treated as a list.

65
00:03:06,210 --> 00:03:09,370
In the example, let's
have a look at lines.yaml.

66
00:03:09,370 --> 00:03:12,400
And just to give you a
tip in the example file,

67
00:03:12,400 --> 00:03:16,320
change the lines to pipe
and observe the difference.

68
00:03:16,320 --> 00:03:17,420
Let's go check it out.

69
00:03:18,450 --> 00:03:20,580
So what do we have in lines.yaml?

70
00:03:20,580 --> 00:03:22,970
Well, in lines.yaml,

71
00:03:22,970 --> 00:03:27,280
we see it is printing the
first line of any file.

72
00:03:27,280 --> 00:03:32,280
And we can see that we
have debug on item 0.

73
00:03:33,480 --> 00:03:36,810
So that's printing what we
are currently looping over,

74
00:03:36,810 --> 00:03:39,980
and then we have the loop,
and the loop is happening

75
00:03:39,980 --> 00:03:44,400
based on query lines on cat/etc/hosts,

76
00:03:44,400 --> 00:03:47,720
and query lines on cat/etc/passwd.

77
00:03:47,720 --> 00:03:50,970
So the loop is just
processing over a list,

78
00:03:50,970 --> 00:03:55,970
and the thing is that we
should do something with it.

79
00:03:56,940 --> 00:03:59,770
And let's observe what it is doing.

80
00:03:59,770 --> 00:04:04,390
So ansible playbook on lines.yaml,

81
00:04:04,390 --> 00:04:05,707
and there we can see,

82
00:04:05,707 --> 00:04:08,070
"Print the first line of any file."

83
00:04:08,070 --> 00:04:12,150
Here we have the localhost file,

84
00:04:12,150 --> 00:04:15,740
and we have the password file.

85
00:04:16,600 --> 00:04:19,240
And we can see that in the messages

86
00:04:19,240 --> 00:04:23,900
we have the first line,
and again, the first line.

87
00:04:23,900 --> 00:04:25,050
In case you are wondering

88
00:04:25,050 --> 00:04:27,470
where does this first line come from?

89
00:04:27,470 --> 00:04:30,670
Well, the query using the lines plugin,

90
00:04:30,670 --> 00:04:32,970
is generating a list.

91
00:04:32,970 --> 00:04:37,160
A list is an array, and we print item 0.

92
00:04:37,160 --> 00:04:38,110
We can change it.

93
00:04:38,110 --> 00:04:42,660
And if I make that item 1, for instance,

94
00:04:42,660 --> 00:04:44,330
then we are going to see a difference.

95
00:04:44,330 --> 00:04:47,300
So right here, we can see 127,

96
00:04:47,300 --> 00:04:50,700
right here we can see a
root as the first line,

97
00:04:50,700 --> 00:04:51,980
running it again.

98
00:04:51,980 --> 00:04:55,700
And now you can see, we
have the second line,

99
00:04:55,700 --> 00:04:59,720
which is ::1, and the bin user.

100
00:04:59,720 --> 00:05:02,790
So there is a little bit of difference.

101
00:05:02,790 --> 00:05:04,003
So the next lookup plugin

102
00:05:04,003 --> 00:05:06,517
that we will be looking at is URL.

103
00:05:06,517 --> 00:05:08,250
The URL lookup plugin can be used

104
00:05:08,250 --> 00:05:10,570
to fetch content from a URL.

105
00:05:10,570 --> 00:05:13,910
The main benefit is that
this allows you to use data

106
00:05:13,910 --> 00:05:16,480
returned as values in variables.

107
00:05:16,480 --> 00:05:19,070
And notice, that for more generic use,

108
00:05:19,070 --> 00:05:21,440
you can also use the URI module.

109
00:05:21,440 --> 00:05:25,320
So there's the URL lookup
plugin, the URI module.

110
00:05:25,320 --> 00:05:28,640
And let's go have a look at url.yaml,

111
00:05:28,640 --> 00:05:32,193
and after that let's do
some additional examples.

112
00:05:33,090 --> 00:05:34,960
So url.yaml, here we go.

113
00:05:34,960 --> 00:05:37,893
This installs web server on ansible 2.

114
00:05:38,880 --> 00:05:41,250
So it installs a web server,

115
00:05:41,250 --> 00:05:44,570
it uses a copy module
to create an index html.

116
00:05:44,570 --> 00:05:46,120
It starts and enables,

117
00:05:46,120 --> 00:05:49,840
and it opens the firewall
using firewall D,

118
00:05:49,840 --> 00:05:51,743
and in firewall D, we open the http,

119
00:05:51,743 --> 00:05:53,873
as well as the https ports.

120
00:05:54,890 --> 00:05:58,340
All of that's pretty straightforward.

121
00:05:58,340 --> 00:06:01,230
Then we are using the URL lookup plugin.

122
00:06:01,230 --> 00:06:04,760
We do the lookup from
localhost using debug,

123
00:06:04,760 --> 00:06:06,420
and we print a message,

124
00:06:06,420 --> 00:06:10,690
ansible 2 shows, lookup
URL, http ansible 2.

125
00:06:10,690 --> 00:06:13,080
So we should see the content,

126
00:06:13,080 --> 00:06:15,900
the welcome message that
fetched from the URL

127
00:06:15,900 --> 00:06:20,400
and produced by this lookup plugin.

128
00:06:20,400 --> 00:06:25,400
Let's go run it, ansible
playbook on url.yaml.

129
00:06:26,440 --> 00:06:28,857
And there we go, ansible 2 shows,

130
00:06:28,857 --> 00:06:30,410
"Welcome to this web server."

131
00:06:30,410 --> 00:06:32,530
And "Welcome to this web server,"

132
00:06:32,530 --> 00:06:36,400
that is exactly what was
returned from the URL.

133
00:06:36,400 --> 00:06:38,930
Now, there are two more examples

134
00:06:38,930 --> 00:06:40,940
that I would like to show you.

135
00:06:40,940 --> 00:06:45,270
These examples are starting
with the users.txt.

136
00:06:45,270 --> 00:06:47,920
So here we have a list of users,

137
00:06:47,920 --> 00:06:50,980
and I'm going to work with these users.

138
00:06:50,980 --> 00:06:54,140
And in order to do that,
I have two playbook.

139
00:06:54,140 --> 00:06:57,550
Makeusers1.yaml to start with.

140
00:06:58,400 --> 00:06:59,340
What is this doing?

141
00:06:59,340 --> 00:07:02,429
This is populating the users from a file.

142
00:07:02,429 --> 00:07:05,750
The host all, get effects no,

143
00:07:05,750 --> 00:07:08,380
and then we create the remote user.

144
00:07:08,380 --> 00:07:09,420
And what are we doing here?

145
00:07:09,420 --> 00:07:11,760
We are doing something
new, this is so cool.

146
00:07:11,760 --> 00:07:13,490
We are using password,

147
00:07:13,490 --> 00:07:17,950
and password is using the
password lookup plugin.

148
00:07:17,950 --> 00:07:22,950
And this password lookup plugin
is generating credentials

149
00:07:23,800 --> 00:07:27,640
for item with a length of nine.

150
00:07:27,640 --> 00:07:29,900
Now, the nice thing about
this password lookup plugin,

151
00:07:29,900 --> 00:07:34,190
is that you can use it to
dynamically generate credentials.

152
00:07:34,190 --> 00:07:38,490
Then I'm using debug, debug
is just printing the password

153
00:07:38,490 --> 00:07:43,490
as passwords and loop is using query lines

154
00:07:43,530 --> 00:07:46,220
of a cat users,txt.

155
00:07:46,220 --> 00:07:48,820
This is definitely one
that you want to remember.

156
00:07:48,820 --> 00:07:52,790
If you want to process all
lines in a specific file,

157
00:07:52,790 --> 00:07:57,790
query lines on cat on that
file will do it for you.

158
00:07:58,250 --> 00:08:00,240
Let's go check out how this is working.

159
00:08:00,240 --> 00:08:05,093
So ansible playbook on makeusers1.yaml,

160
00:08:06,120 --> 00:08:07,380
and there we go.

161
00:08:07,380 --> 00:08:11,290
You can see the passwords
that have been generated

162
00:08:11,290 --> 00:08:12,950
for all of my users.

163
00:08:12,950 --> 00:08:16,930
Of course, it's doing that
twice for every single server.

164
00:08:16,930 --> 00:08:18,620
That's not really the thing that matters.

165
00:08:18,620 --> 00:08:20,000
What matters is that we can see

166
00:08:20,000 --> 00:08:22,490
for user Isabelle on ansible 2,

167
00:08:22,490 --> 00:08:25,280
the password is a random string,

168
00:08:25,280 --> 00:08:29,050
and all of these users have
a beautiful random string.

169
00:08:29,050 --> 00:08:30,100
This is really nice,

170
00:08:30,100 --> 00:08:34,310
and let me show you again,
the password lookup plugin

171
00:08:34,310 --> 00:08:37,400
which you can use to
generate dynamic passwords.

172
00:08:37,400 --> 00:08:41,550
Hey, did you do the bonus
part of the lab in Lesson 10?

173
00:08:41,550 --> 00:08:43,470
That's all about this dynamic password.

174
00:08:43,470 --> 00:08:45,050
If you didn't do it yet,

175
00:08:45,050 --> 00:08:47,830
go have a look at it and try it again.

176
00:08:47,830 --> 00:08:51,483
Right, I also would like
to show you makeusers2,

177
00:08:52,669 --> 00:08:54,740
and what are we doing in makeusers2?

178
00:08:54,740 --> 00:08:59,740
Well, we are still
using this lookup plugin

179
00:08:59,880 --> 00:09:02,600
to define the value of the variable,

180
00:09:02,600 --> 00:09:07,600
and then we are going to use that value.

181
00:09:07,980 --> 00:09:09,680
So what are we going to use?

182
00:09:09,680 --> 00:09:10,750
Well, look carefully.

183
00:09:10,750 --> 00:09:14,540
We have the variable
password defined here,

184
00:09:14,540 --> 00:09:15,780
the variable password.

185
00:09:15,780 --> 00:09:18,200
This is dynamically generated value.

186
00:09:18,200 --> 00:09:22,110
Then we have the password
property on the user,

187
00:09:22,110 --> 00:09:25,300
and the password property on the user

188
00:09:25,300 --> 00:09:26,920
is looping over all these users

189
00:09:26,920 --> 00:09:29,660
based on the input value users.txt.

190
00:09:29,660 --> 00:09:31,210
And this password property

191
00:09:31,210 --> 00:09:34,920
is using the password hash filter.

192
00:09:34,920 --> 00:09:37,320
So this is where we have
the password plugin,

193
00:09:37,320 --> 00:09:41,080
and the password hash filter
working at the same time.

194
00:09:41,080 --> 00:09:43,740
So the password plugin
is already generating

195
00:09:43,740 --> 00:09:45,620
a pretty complex string,

196
00:09:45,620 --> 00:09:47,760
but in order to really secure it,

197
00:09:47,760 --> 00:09:52,760
we need to provide some
encryption using password hash.

198
00:09:53,700 --> 00:09:56,680
And this is what is
really going to make sure

199
00:09:56,680 --> 00:10:01,680
that your users are getting a
password that is very secure.

200
00:10:02,970 --> 00:10:07,380
So I'm using ansible
playbook on makeusers2.yaml,

201
00:10:07,380 --> 00:10:08,450
and there we go.

202
00:10:08,450 --> 00:10:10,790
This should create all
of these users for us,

203
00:10:10,790 --> 00:10:15,790
and you can see that is
working out pretty well.

204
00:10:17,220 --> 00:10:22,220
So if I'm using ansible on
ansible 2, -a tail/etc/shadow,

205
00:10:27,330 --> 00:10:28,940
that's where we can see the passwords.

206
00:10:28,940 --> 00:10:32,620
After all, here we can see the users

207
00:10:32,620 --> 00:10:34,740
with the encrypted passwords.

208
00:10:34,740 --> 00:10:39,430
Notice that this time I did
not define any random sort,

209
00:10:39,430 --> 00:10:42,420
so it has used a random
sort that is really random.

210
00:10:42,420 --> 00:10:44,010
That's in the highlighted part.

211
00:10:44,010 --> 00:10:46,040
And this is how you create users

212
00:10:46,040 --> 00:10:47,950
that really have secure passwords.

213
00:10:47,950 --> 00:10:48,993
I hope you like it.