Ansible(二) - 配置及命令简介

Ⅰ. Ansible Inventory Hosts文件配置

# mkdir /etc/ansible
# touch /etc/ansible/hosts
# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.137.6 client
192.168.137.5 server
192.168.137.7 web1
192.168.137.8 web2
# cat /etc/ansible/hosts
[local]
server
client
[web]
web[1:2]
192.168.13.14:52022
jumpter ansible_port=5555 ansible_host=192.168.1.50 ansible_user=xxx ansible_ssh_pass="xxxx"

我这里就添加了两个主机组：local、web，local主机组两台主机，web主机组4台主机。

这里你可以把同一类主机或者是想统一管理的主机放在一个主机组里。

# 其他ansible2.3  inventory参数举例

General for all connections:

ansible_host

The name of the host to connect to, if different from the alias you wish to give to it.

ansible_port

The ssh port number, if not 22

ansible_user

The default ssh user name to use.

Specific to the SSH connection:

ansible_ssh_pass

The ssh password to use (never store this variable in plain text; always use a vault. See Variables and Vaults)

ansible_ssh_private_key_file

Private key file used by ssh. Useful if using multiple keys and you don’t want to use SSH agent.

ansible_ssh_common_args

This setting is always appended to the default command line for sftp, scp, and ssh. Useful to configure a ProxyCommand for a certain host (or group).

ansible_sftp_extra_args

This setting is always appended to the default sftp command line.

ansible_scp_extra_args

This setting is always appended to the default scp command line.

ansible_ssh_extra_args

This setting is always appended to the default ssh command line.

ansible_ssh_pipelining

Determines whether or not to use SSH pipelining. This can override the pipelining setting in ansible.cfg.

ansible_ssh_executable (added in version 2.2)

This setting overrides the default behavior to use the system ssh. This can override the ssh_executable setting in ansible.cfg.

Privilege escalation (see Ansible Privilege Escalation for further details):

ansible_become

Equivalent to ansible_sudo or ansible_su, allows to force privilege escalation

ansible_become_method

Allows to set privilege escalation method

ansible_become_user

Equivalent to ansible_sudo_user or ansible_su_user, allows to set the user you become through privilege escalation

ansible_become_pass

Equivalent to ansible_sudo_pass or ansible_su_pass, allows you to set the privilege escalation password (never store this variable in plain text; always use a vault. See Variables and Vaults)

ansible_become_exe

Equivalent to ansible_sudo_exe or ansible_su_exe, allows you to set the executable for the escalation method selected

ansible_become_flags

Equivalent to ansible_sudo_flags or ansible_su_flags, allows you to set the flags passed to the selected escalation method. This can be also set globally in ansible.cfg in the sudo_flags option

Remote host environment parameters:

ansible_shell_type

The shell type of the target system. You should not use this setting unless you have set the ansible_shell_executable to a non-Bourne (sh) compatible shell. By default commands are formatted using sh-style syntax. Setting this to csh or fish will cause commands executed on target systems to follow those shell’s syntax instead.

ansible_python_interpreter

The target host python path. This is useful for systems with more than one Python or not located at /usr/bin/python such as *BSD, or where /usr/bin/python is not a 2.X series Python. We do not use the /usr/bin/env mechanism as that requires the remote user’s path to be set right and also assumes the python executable is named python, where the executable might be named something like python2.6.

ansible_*_interpreter

Works for anything such as ruby or perl and works just like ansible_python_interpreter. This replaces shebang of modules which will run on that host.

New in version 2.1.

ansible_shell_executable

This sets the shell the ansible controller will use on the target machine, overrides executable in ansible.cfg which defaults to /bin/sh. You should really only change it if is not possible to use /bin/sh (i.e. /bin/sh is not installed on the target machine or cannot be run from sudo.).

Examples from an Ansible-INI host file:

Ⅱ. Ansible配置及命令详解

 · module_name

　　Ansible将管理功能分成一个个模块，默认是'command'模块，但是command模块不支持shell变量、管道、配额。所以，执行带有管道的命令，可以使用'shell'模块。

· pattern

　　如果没有提供'hosts'节点，这是playbook要通信的默认主机组，默认值是对所有主机通信。

　　1. 指定一组连续的机器：ansible 192.168.1.* -m ping (指定192.168.1/28网段所有机器)

　　2. 指定一组不相关机器：ansible abcd.com：efgh.com -m ping (同样适用于组连接)

　　3. 指定在local组，不在web组的机器： local：！web （从左到右依次匹配）

　　4. 指定在local组，也在web组的机器：local：&web

-a 指定传入模块的参数

-C -D 一起使用，检查hosts规则文件的修改

-l 限制匹配规则的主机数

--list-hosts 显示所有匹配规则的主机

-m -M指定所使用的模块和模块的路径

--syntax-check 检查语法

-v 显示详细日志

Ⅲ. Ansible命令举例

1> 执行第一条ansible命令

# ansible local -m ping  #使用ping模块
                server | UNREACHABLE! => {
                      "changed": false,
                      "msg": "Failed to connect to the host via ssh: Permission denied  (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
               }

                client | UNREACHABLE! => {
                      "changed": false,
                      "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
               }

由于ansible是基于ssh，这里我们先要配置公钥。

# ssh-keygen -t rsa

# ssh-copy-id -i root@192.168.137.6 #为ansible管理的主机安装server的公钥

再次运行上一条命令：

# ansible local -m ping
                server | SUCCESS => {
                    "changed": false,
                    "ping": "pong"
                }

                client | SUCCESS => {
                    "changed": false,
                    "ping": "pong"
                }

2> 其他命令简介

查看local组主机内存使用情况：

# ansible local -a "free -m"
server | SUCCESS | rc= >>
              total        used        free      shared  buff/cache   available
Mem:
Swap:
client | SUCCESS | rc= >>
              total        used        free      shared  buff/cache   available
Mem:
Swap:
 

若要执行带有管道的命令，可使用shell模块：

# ansible local -m shell -a "df -h | grep /home"
server | SUCCESS | rc= >>
/dev/mapper/cl-home   16G  187M   16G   % /home
client | SUCCESS | rc= >>
/dev/mapper/cl-home   16G  187M   16G   % /home

限定命令只在一台client主机生效：

# ansible -a "df -h" --limit "client"

执行一个耗时任务：(-B 3600表示最多运行60分钟，-P 60表示每隔60s获取一次状态)

ansible all -B  -P 6 -a "/usr/bin/long_running-operation --do-stuff"

其他ansible参数可使用ansible -h查看。

3> 常用模块命令举例

①file模块

创建文件符链接：

# ansible local -m file -a "src=/etc/resolv.conf dest=/tmp/resolv.conf state=link"

更改文件权限为755，属组为root:root：

ansible local -m file -a "dest=/tmp/resolv.conf mode=755 owner=root group=root"

②service模块

启动NTP服务：

# ansible local -m service -a "name=ntpd state=started enabled=yes"

③copy模块

将本地文件拷贝到远程服务器：

# ansible local -m copy -a "src=/etc/ansible/ansible.cfg dest=/tmp/ansible.cfg owner=root group=root mode=0644"

更多模块请参考命令ansible-doc -l

模块官网http://docs.ansible.com/ansible/latest/list_of_all_modules.html