centos ansible常用命令

ansible在日常运维中经常使用，特别是批量执行多台服务器的时候，有效减小重复的操作成本，以下从安装到使用仅讲解工作中常用的几种方式，模块很多功能很强大，但不做全面讨论。

ansible安装

在centos服务器中安装ansible很简单，只需两条命令：

yum install epel-release
yum -y install ansible
ansible --version

ansible 2.9.16
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]

ansible配置

配置hosts，添加需要被管理的主机

[root@test01 ~]# cat /etc/ansible/hosts
[webservers]
10.124.59.82
10.124.59.83
[dbservers]
10.124.59.208
10.124.59.209
[ftp]
10.124.59.210

生成密钥

[root@test01 ~]# ssh-keygen

使用ssh-copy-id命令来复制ansible公钥到各个节点

[root@test01 ~]# ssh-copy-id root@10.124.59.82
[root@test01 ~]# ssh-copy-id root@10.124.59.83
[root@test01 ~]# ssh-copy-id root@10.124.59.208
[root@test01 ~]# ssh-copy-id root@10.124.59.209
[root@test01 ~]# ssh-copy-id root@10.124.59.210

执行ping命令测试

[root@test01 ~]# ansible all -m ping

10.124.59.210 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
10.124.59.209 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
10.124.59.82 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
10.124.59.83 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
10.124.59.208 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}

success说明安装配置成功。

ansible常用模块与使用

实际使用过程中，会有几个模块经常用到，下面列出如下：

• ping模块

测试主机是否是通的，用法很简单，不涉及参数

以上已经举例，这里不再赘述。

• command模块

ansible管理工具使用-m选项来指定使用模块，默认使用command模块，

即-m选项省略时会运行此模块，用于在被管理主机上运行命令。

远程执行命令，但不支持管道。它是默认命令可不指明模块。

• shell模块

远程执行命令，与command的不同在于可以使用管道。

• copy：拷贝文件到远程主机

用法：
src ：本地文件路径，可以是绝对和相对
dest= ：不可省，如果src是目录，则dest也是目录。只能是绝对路径
group ：指明文件属组
mode   ：指明权限
owner ：指明所有者
content :直接写出内容，并将其复制给远程主机

示例：

复制本地文件到远端主机

[root@test01 ~]# ansible all -m copy -a "src=/tmp/filebeat.yml dest=/tmp/ owner=ansible mode=600"

10.124.59.209 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "checksum": "203e1c00bc853d638e8c00eaa4015be17ae26900",
    "dest": "/tmp/filebeat.yml",
    "gid": 1016,
    "group": "mgadmin",
    "md5sum": "fb66b0662ccea6dd9148d50ed2cdbdb3",
    "mode": "0600",
    "owner": "ansible",
    "size": 10386,
    "src": "/home/ansible/.ansible/tmp/ansible-tmp-1628185005.83-13684-201530439549721/source",
    "state": "file",
    "uid": 1020
}
10.124.59.210 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "checksum": "203e1c00bc853d638e8c00eaa4015be17ae26900",
    "dest": "/tmp/filebeat.yml",
    "gid": 1016,
    "group": "mgadmin",
    "md5sum": "fb66b0662ccea6dd9148d50ed2cdbdb3",
    "mode": "0600",
    "owner": "ansible",
    "size": 10386,
    "src": "/home/ansible/.ansible/tmp/ansible-tmp-1628185005.82-13680-7844302613885/source",
    "state": "file",
    "uid": 1020
}
...省略

• fetch：从远端主机获取文件到本地

用法：
src=远端主机上的文件。
dest=保存文件的目录

示例

[root@test01 tmp]# ansible 10.124.59.83 -m fetch -a "dest=/tmp src=/tmp/filebeat.yml"

10.124.59.83 | CHANGED => {
    "changed": true,
    "checksum": "203e1c00bc853d638e8c00eaa4015be17ae26900",
    "dest": "/tmp/10.124.59.83/tmp/filebeat.yml",
    "md5sum": "fb66b0662ccea6dd9148d50ed2cdbdb3",
    "remote_checksum": "203e1c00bc853d638e8c00eaa4015be17ae26900",
    "remote_md5sum": null
}

注意：获取的文件存放路径为dest_dir/IP|address/src_file

以上就是几个经常使用的命令，另外一些少用的模块，需要的时候到官网或使用ansible-doc查看帮助即可。

• 官方文档：https://docs.ansible.com/
• ansible-doc查看模块帮助信息的工具

Ansible-doc用来查询ansible模块文档的说明，类似于man命令，针对每个模块都有详细的用法说明及应用案例介绍，语法如下：

ansible-doc [options] [module……]

-l用来列出可使用的模块，
-s用来列出某个模块的描述信息和使用示例。

[root@test01 tmp]# ansible-doc -s command

- name: Execute commands on targets
  command:
      argv:                  # Passes the command as a list rather than a string. Use `argv' to avoid quoting values that would otherwise be interpreted incorrectly (for example "user name"). Only the string or the
                               list form can be provided, not both.  One or the other must be provided.
      chdir:                 # Change into this directory before running the command.
      cmd:                   # The command to run.
      creates:               # A filename or (since 2.0) glob pattern. If it already exists, this step *won't* be run.
      free_form:             # The command module takes a free form command to run. There is no actual parameter named 'free form'.
      removes:               # A filename or (since 2.0) glob pattern. If it already exists, this step *will* be run.
      stdin:                 # Set the stdin of the command directly to the specified value.
      stdin_add_newline:     # If set to `yes', append a newline to stdin data.
      strip_empty_ends:      # Strip empty lines from the end of stdout/stderr in result.
      warn:                  # Enable or disable task warnings.

---- 钢铁 648403020@qq.com 2021.08.06

参考文献

http://blog.itpub.net/29785807/viewspace-2700983/

https://www.huaweicloud.com/articles/cd442ec1b8aca5208f04555385362147.html