本文介绍了Ansible自动化运维工具的基本使用方法,包括安装组件、常用命令解析及如何通过Ansible进行远程主机操作。同时,详细解释了Ansible的主机清单配置、模块执行以及连接选项等关键概念。
1、看看安装了那些
[root@elb ~]# rpm -ql ansible |more
/etc/ansible
/etc/ansible/ansible.cfg 配置文件
/etc/ansible/hosts 主机清单
/etc/ansible/roles
/usr/bin/ansible
/usr/bin/ansible-console
/usr/bin/ansible-doc
/usr/bin/ansible-galaxy
/usr/bin/ansible-playbook
/usr/bin/ansible-pull
/usr/bin/ansible-vault
/usr/lib/python2.6/site-packages/ansible
/usr/lib/python2.6/site-packages/ansible-2.2.1.0-py2.6.egg-info
/usr/lib/python2.6/site-packages/ansible-2.2.1.0-py2.6.egg-info/PKG-INFO
/usr/lib/python2.6/site-packages/ansible-2.2.1.0-py2.6.egg-info/SOURCES.txt
/usr/lib/python2.6/site-packages/ansible-2.2.1.0-py2.6.egg-info/dependency_links
.txt
/usr/lib/python2.6/site-packages/ansible-2.2.1.0-py2.6.egg-info/requires.txt
/usr/lib/python2.6/site-packages/ansible-2.2.1.0-py2.6.egg-info/top_level.txt
/usr/lib/python2.6/site-packages/ansible/__init__.py
/usr/lib/python2.6/site-packages/ansible/__init__.pyc
/usr/lib/python2.6/site-packages/ansible/__init__.pyo
/usr/lib/python2.6/site-packages/ansible/cli
。。。。。。。。。。。
2、命令详解
[root@elb ~]# ansible
Usage: ansible <host-pattern> [options]
Options:
-a MODULE_ARGS, --args=MODULE_ARGS -a指定模块
module arguments
--ask-vault-pass ask for vault password
-B SECONDS, --background=SECONDS
run asynchronously, failing after X seconds
(default=N/A)
-C, --check don't make any changes; instead, try to predict some
of the changes that may occur
-D, --diff when changing (small) files and templates, show the
differences in those files; works great with --check
-e EXTRA_VARS, --extra-vars=EXTRA_VARS
set additional variables as key=value or YAML/JSON
-f FORKS, --forks=FORKS
specify number of parallel processes to use
(default=5)
-h, --help show this help message and exit
-i INVENTORY, --inventory-file=INVENTORY 指定主机,默认读主机列表
specify inventory host path
(default=/etc/ansible/hosts) or comma separated host
list.
-l SUBSET, --limit=SUBSET
further limit selected hosts to an additional pattern
--list-hosts outputs a list of matching hosts; does not execute
anything else
-m MODULE_NAME, --module-name=MODULE_NAME 模块,默认为command
module name to execute (default=command)
-M MODULE_PATH, --module-path=MODULE_PATH
specify path(s) to module library (default=None)
--new-vault-password-file=NEW_VAULT_PASSWORD_FILE
new vault password file for rekey
-o, --one-line condense output
--output=OUTPUT_FILE output file name for encrypt or decrypt; use - for
stdout
-P POLL_INTERVAL, --poll=POLL_INTERVAL
set the poll interval if using -B (default=15)
--syntax-check perform a syntax check on the playbook, but do not
execute it
-t TREE, --tree=TREE log output to this directory
--vault-password-file=VAULT_PASSWORD_FILE
vault password file
-v, --verbose verbose mode (-vvv for more, -vvvv to enable
connection debugging)
--version show program's version number and exit
Connection Options:
control as whom and how to connect to hosts
-k, --ask-pass ask for connection password
--private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE
use this file to authenticate the connection
-u REMOTE_USER, --user=REMOTE_USER 指定一个远程用户(远程主机上必须有,默认为root)
connect as this user (default=None)
-c CONNECTION, --connection=CONNECTION
connection type to use (default=smart)
-T TIMEOUT, --timeout=TIMEOUT
override the connection timeout in seconds
(default=10)
--ssh-common-args=SSH_COMMON_ARGS
specify common arguments to pass to sftp/scp/ssh (e.g.
ProxyCommand)
--sftp-extra-args=SFTP_EXTRA_ARGS
specify extra arguments to pass to sftp only (e.g. -f,
-l)
--scp-extra-args=SCP_EXTRA_ARGS
specify extra arguments to pass to scp only (e.g. -l)
--ssh-extra-args=SSH_EXTRA_ARGS
specify extra arguments to pass to ssh only (e.g. -R)
Privilege Escalation Options:
control how and which user you become as on target hosts
-s, --sudo run operations with sudo (nopasswd) (deprecated, use
become)
-U SUDO_USER, --sudo-user=SUDO_USER
desired sudo user (default=root) (deprecated, use
become)
-S, --su run operations with su (deprecated, use become)
-R SU_USER, --su-user=SU_USER
run operations with su as this user (default=root)
(deprecated, use become)
-b, --become run operations with become (does not imply password
prompting)
--become-method=BECOME_METHOD
privilege escalation method to use (default=sudo),
valid choices: [ sudo | su | pbrun | pfexec | doas |
dzdo | ksu ]
--become-user=BECOME_USER
run operations as this user (default=root)
--ask-sudo-pass ask for sudo password (deprecated, use become)
--ask-su-pass ask for su password (deprecated, use become)
-K, --ask-become-pass
ask for privilege escalation password
3、host列表讲解
[root@elb ~]# cat /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
[webservers]
192.168.3.49
[dbservers]
192.168.3.62
[root@elb ~]# ansible -i /etc/ansible/hosts webservers -u root -m command -a ’ls /home‘ -k (-k输入密码)
[root@elb ~]# ansible -i /etc/ansible/hosts webservers -u root -m command -a 'ls /home'
192.168.3.49 | SUCCESS | rc=0 >>
wolf
默认的可以省略掉
ansible webservers -a 'ls /home'
[root@elb ~]# ansible webservers -a 'ls /home'
192.168.3.49 | SUCCESS | rc=0 >>
wolf
定义连续
[webservers]
192.168.3.49
[dbservers]
192.168.3.62
192.168.3.[1:10] (表示1到10)
ansible模式是用ssh key的方式来进行连接,也可以-k输入密码方式
ansible all -m ping ping是一个模块,没有任何参数
[root@elb ~]# ansible all -m ping
192.168.3.49 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.3.62 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@elb ~]# ansible webservers -m ping
192.168.3.49 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@elb ~]# ansible dbservers -m ping
192.168.3.62 | SUCCESS => {
"changed": false,
"ping": "pong"
}
不直接用root用户
ansible all -m ping --sudo
嵌套
[webservers]
192.168.3.49
[dbservers]
192.168.3.62
[wolf:children]
webservers
dbservers
"/etc/ansible/hosts" 7L, 88C written
[root@elb ~]# ansible wolf -m ping
192.168.3.49 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.3.62 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@elb ~]# ansible webservers -m ping
192.168.3.49 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@elb ~]# ansible dbservers -m ping
192.168.3.62 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@elb ~]# rpm -ql ansible |more
/etc/ansible
/etc/ansible/ansible.cfg 配置文件
/etc/ansible/hosts 主机清单
/etc/ansible/roles
/usr/bin/ansible
/usr/bin/ansible-console
/usr/bin/ansible-doc
/usr/bin/ansible-galaxy
/usr/bin/ansible-playbook
/usr/bin/ansible-pull
/usr/bin/ansible-vault
/usr/lib/python2.6/site-packages/ansible
/usr/lib/python2.6/site-packages/ansible-2.2.1.0-py2.6.egg-info
/usr/lib/python2.6/site-packages/ansible-2.2.1.0-py2.6.egg-info/PKG-INFO
/usr/lib/python2.6/site-packages/ansible-2.2.1.0-py2.6.egg-info/SOURCES.txt
/usr/lib/python2.6/site-packages/ansible-2.2.1.0-py2.6.egg-info/dependency_links
.txt
/usr/lib/python2.6/site-packages/ansible-2.2.1.0-py2.6.egg-info/requires.txt
/usr/lib/python2.6/site-packages/ansible-2.2.1.0-py2.6.egg-info/top_level.txt
/usr/lib/python2.6/site-packages/ansible/__init__.py
/usr/lib/python2.6/site-packages/ansible/__init__.pyc
/usr/lib/python2.6/site-packages/ansible/__init__.pyo
/usr/lib/python2.6/site-packages/ansible/cli
。。。。。。。。。。。
2、命令详解
[root@elb ~]# ansible
Usage: ansible <host-pattern> [options]
Options:
-a MODULE_ARGS, --args=MODULE_ARGS -a指定模块
module arguments
--ask-vault-pass ask for vault password
-B SECONDS, --background=SECONDS
run asynchronously, failing after X seconds
(default=N/A)
-C, --check don't make any changes; instead, try to predict some
of the changes that may occur
-D, --diff when changing (small) files and templates, show the
differences in those files; works great with --check
-e EXTRA_VARS, --extra-vars=EXTRA_VARS
set additional variables as key=value or YAML/JSON
-f FORKS, --forks=FORKS
specify number of parallel processes to use
(default=5)
-h, --help show this help message and exit
-i INVENTORY, --inventory-file=INVENTORY 指定主机,默认读主机列表
specify inventory host path
(default=/etc/ansible/hosts) or comma separated host
list.
-l SUBSET, --limit=SUBSET
further limit selected hosts to an additional pattern
--list-hosts outputs a list of matching hosts; does not execute
anything else
-m MODULE_NAME, --module-name=MODULE_NAME 模块,默认为command
module name to execute (default=command)
-M MODULE_PATH, --module-path=MODULE_PATH
specify path(s) to module library (default=None)
--new-vault-password-file=NEW_VAULT_PASSWORD_FILE
new vault password file for rekey
-o, --one-line condense output
--output=OUTPUT_FILE output file name for encrypt or decrypt; use - for
stdout
-P POLL_INTERVAL, --poll=POLL_INTERVAL
set the poll interval if using -B (default=15)
--syntax-check perform a syntax check on the playbook, but do not
execute it
-t TREE, --tree=TREE log output to this directory
--vault-password-file=VAULT_PASSWORD_FILE
vault password file
-v, --verbose verbose mode (-vvv for more, -vvvv to enable
connection debugging)
--version show program's version number and exit
Connection Options:
control as whom and how to connect to hosts
-k, --ask-pass ask for connection password
--private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE
use this file to authenticate the connection
-u REMOTE_USER, --user=REMOTE_USER 指定一个远程用户(远程主机上必须有,默认为root)
connect as this user (default=None)
-c CONNECTION, --connection=CONNECTION
connection type to use (default=smart)
-T TIMEOUT, --timeout=TIMEOUT
override the connection timeout in seconds
(default=10)
--ssh-common-args=SSH_COMMON_ARGS
specify common arguments to pass to sftp/scp/ssh (e.g.
ProxyCommand)
--sftp-extra-args=SFTP_EXTRA_ARGS
specify extra arguments to pass to sftp only (e.g. -f,
-l)
--scp-extra-args=SCP_EXTRA_ARGS
specify extra arguments to pass to scp only (e.g. -l)
--ssh-extra-args=SSH_EXTRA_ARGS
specify extra arguments to pass to ssh only (e.g. -R)
Privilege Escalation Options:
control how and which user you become as on target hosts
-s, --sudo run operations with sudo (nopasswd) (deprecated, use
become)
-U SUDO_USER, --sudo-user=SUDO_USER
desired sudo user (default=root) (deprecated, use
become)
-S, --su run operations with su (deprecated, use become)
-R SU_USER, --su-user=SU_USER
run operations with su as this user (default=root)
(deprecated, use become)
-b, --become run operations with become (does not imply password
prompting)
--become-method=BECOME_METHOD
privilege escalation method to use (default=sudo),
valid choices: [ sudo | su | pbrun | pfexec | doas |
dzdo | ksu ]
--become-user=BECOME_USER
run operations as this user (default=root)
--ask-sudo-pass ask for sudo password (deprecated, use become)
--ask-su-pass ask for su password (deprecated, use become)
-K, --ask-become-pass
ask for privilege escalation password
3、host列表讲解
[root@elb ~]# cat /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
[webservers]
192.168.3.49
[dbservers]
192.168.3.62
[root@elb ~]# ansible -i /etc/ansible/hosts webservers -u root -m command -a ’ls /home‘ -k (-k输入密码)
[root@elb ~]# ansible -i /etc/ansible/hosts webservers -u root -m command -a 'ls /home'
192.168.3.49 | SUCCESS | rc=0 >>
wolf
默认的可以省略掉
ansible webservers -a 'ls /home'
[root@elb ~]# ansible webservers -a 'ls /home'
192.168.3.49 | SUCCESS | rc=0 >>
wolf
定义连续
[webservers]
192.168.3.49
[dbservers]
192.168.3.62
192.168.3.[1:10] (表示1到10)
ansible模式是用ssh key的方式来进行连接,也可以-k输入密码方式
ansible all -m ping ping是一个模块,没有任何参数
[root@elb ~]# ansible all -m ping
192.168.3.49 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.3.62 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@elb ~]# ansible webservers -m ping
192.168.3.49 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@elb ~]# ansible dbservers -m ping
192.168.3.62 | SUCCESS => {
"changed": false,
"ping": "pong"
}
不直接用root用户
ansible all -m ping --sudo
嵌套
[webservers]
192.168.3.49
[dbservers]
192.168.3.62
[wolf:children]
webservers
dbservers
"/etc/ansible/hosts" 7L, 88C written
[root@elb ~]# ansible wolf -m ping
192.168.3.49 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.3.62 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@elb ~]# ansible webservers -m ping
192.168.3.49 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@elb ~]# ansible dbservers -m ping
192.168.3.62 | SUCCESS => {
"changed": false,
"ping": "pong"
}
扫一扫
2170
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
