Ansible之系列命令詳解
ansible系列命令有:ansible、ansible-doc、ansible-playbook、ansible-vault、ansible-console、ansible-galaxy、ansible-pull,這些命令每一個命令都有它獨特的做用和用法,接下來咱們一一來了解它的用法。html
一、ansible-doc:這個命令主要做用是顯示模塊的幫助信息,有點相似Linux裏的man命令。node
命令用法:python
ansible-doc [options] [module...]
經常使用選項:git
-a:顯示全部模塊的文檔github
[root@localhost ~]# ansible-doc -a ping
> A10_SERVER (/usr/lib/python2.7/site-packages/ansible/modules/network/a10/a10_server.py)
Manage SLB (Server Load Balancer) server objects on A10 Networks devices via aXAPIv2.
OPTIONS (= is mandatory):
= host
Hostname or IP of the A10 Networks device.
[Default: None]
- partition
set active-partition
[Default: None]
version_added: 2.3
= password
Password for the `username' account.
(Aliases: pass, pwd)[Default: None]
- server_ip
The SLB server IPv4 address.
(Aliases: ip, address)[Default: None]
:
說明:-a選項列出了ping模塊的全部用法,以上只顯示了部分。web
-l,--list列出所有能夠模塊正則表達式
[root@localhost ~]# ansible-doc -l a10_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' server object. a10_server_axapi3 Manage A10 Networks AX/SoftAX/Thunder/vThunder devices a10_service_group Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' service groups. a10_virtual_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' virtual servers. accelerate Enable accelerated mode on remote node aci_aep Manage attachable Access Entity Profile (AEP) on Cisco ACI fabrics (infr... aci_ap Manage top level Application Profile (AP) objects on Cisco ACI fabrics (... aci_bd Manage Bridge Domains (BD) on Cisco ACI Fabrics (fv:BD) aci_bd_subnet Manage Subnets on Cisco ACI fabrics (fv:Subnet) aci_bd_to_l3out Bind Bridge Domain to L3 Out on Cisco ACI fabrics (fv:RsBDToOut) aci_config_rollback Provides rollback and rollback preview functionality for Cisco ACI fabri... aci_config_snapshot Manage Config Snapshots on Cisco ACI fabrics (config:Snapshot, config:Ex... aci_contract Manage contract resources on Cisco ACI fabrics (vz:BrCP) aci_contract_subject Manage initial Contract Subjects on Cisco ACI fabrics (vz:Subj) aci_contract_subject_to_filter Bind Contract Subjects to Filters on Cisco ACI fabrics (vz:RsSubjFiltAtt... aci_epg Manage End Point Groups (EPG) on Cisco ACI fabrics (fv:AEPg) aci_epg_monitoring_policy Manage monitoring policies on Cisco ACI fabrics (mon:EPGPol) aci_epg_to_contract Bind EPGs to Contracts on Cisco ACI fabrics (fv:RsCons and fv:RsProv) aci_epg_to_domain Bind EPGs to Domains on Cisco ACI fabrics (fv:RsDomAtt) aci_filter Manages top level filter objects on Cisco ACI fabrics (vz:Filter) aci_filter_entry Manage filter entries on Cisco ACI fabrics (vz:Entry) aci_intf_policy_fc Manage Fibre Channel interface policies on Cisco ACI fabrics (fc:IfPol) aci_intf_policy_l2 Manage Layer 2 interface policies on Cisco ACI fabrics (l2:IfPol) :
說明:-l選項列出了全部可用模塊,並簡要說明了模塊主要功能,以上內容只顯示了部分redis
-s,--snippet顯示指定模塊的playbook片斷shell
[root@localhost ~]# ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong' on success
ping:
data: # Data to return for the `ping' return value. If this parameter is set to `crash', the
module will cause an exception.
[root@localhost ~]#
說明:-s這個選項是咱們經常使用的選項,它主要列出模塊的經常使用參數的使用和參數的做用。api
二、ansible:這個命令就是ansible的主程序,咱們常常用這個命令來管理主機,它能夠調用各類模塊對遠端主機進行配置管理、應用部署、任務執行等功能。前文咱們介紹了ansible有兩種方式管理主機,一種是ad-hoc,也就是在命令行用ansible這個命令來管理主機,還有一種方式就是用ansible-playbook。
命令用法:
ansible <host-pattern> [-m module_name] [-a args]
說明:它的用法仍是很好理解,咱們都知道ansible的強大之處是它有不少模塊,ansible命令管理主機就是利用這些模塊去管理主機的,以上用法就是說 用ansible管理哪些主機(咱們須要指定主機或主機組),用什麼模塊(表現形式 -m指定模塊名稱,若不指定則表示使用默認模塊),讓模塊幹什麼事(它的表現形式就是-a 指定給模塊傳遞相應的參數)
經常使用選項:
--version:顯示版本
[root@localhost ~]# ansible --version ansible 2.4.2.0 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] [root@localhost ~]#
-m module:指定模塊,才安裝好ansible軟件默認的模塊是command
-v :顯示簡要的執行過程,-vv顯示較爲詳細的過程,-vvv顯示更爲詳細的執行過程
--list-hostss:顯示主機列表,能夠簡寫 --list
[root@localhost ~]# ansible all --list
hosts (3):
192.168.0.99
192.168.0.218
192.168.0.128
[root@localhost ~]# ansible websers --list
hosts (1):
192.168.0.99
[root@localhost ~]# ansible appsers --list
hosts (2):
192.168.0.218
192.168.0.128
[root@localhost ~]#
說明:all 表示匹配主機列表中的全部主機
-k,--ask-pass:指定輸入ssh鏈接密碼,默認ansible是基於ssh key驗證的(k是小寫的)
[root@localhost ~]# ansible websers -m ping -k
SSH password:
192.168.0.99 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@localhost ~]#
說明:這個選項通常用於咱們主機列表中沒有作ssh key驗證的主機,一般不建議使用。
-K,--ask-become-pass提示輸入sudo時的口令(k是大寫的)
[root@localhost ~]# ansible websers -u 'qiuhom' -k -s -K -a " getent shadow qiuhom" [DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature will be removed in version 2.6. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. SSH password: SUDO password[defaults to SSH password]: 192.168.0.99 | SUCCESS | rc=0 >> qiuhom:$6$5mlfZaKT$YmDjmEnKPoC.xASTVA5JqUrTiIkuXOe1yDm9PCql89e4lGKUS.W1515phi1OgD1W7Zu6Lm9srTBHi9QAigWpz/:18068:0:99999:7::: [root@localhost ~]#
說明:-u是指定遠程以那個用戶執行,-s 表示使用sudo運行後面的操做,-k(小寫)指定用ssh口令驗證,-K(大寫)提示輸入sudo時的口令,-a 指定給模塊傳遞的參數,上面示例沒有寫-m指定的模塊就是用的默認模塊command,固然這個默認模塊咱們能夠在/etc/ansible/ansible.cfg裏指定
-C,--check 檢查,並不執行,這個參數主要用於檢查playbook是否寫的正確。
-T,--timeout指定執行命令的超時時間,默認是10S
-u,指定以那個用戶遠程執行命令,指定的用戶是遠端服務器上存在的。並不是本地管理端的用戶
-b,--become代替舊版的sudo切換
--become-user-USERNAME指定sudo的runas用戶,默認是root
瞭解了ansible的基本選項說明,接下來咱們來講說匹配主機列表
一、all:表示匹配全部定義在主機清單中的主機
[root@localhost ~]# ansible all -m ping
192.168.0.99 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.0.128 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.0.218 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@localhost ~]# ansible all --list
hosts (3):
192.168.0.99
192.168.0.218
192.168.0.128
[root@localhost ~]#
二、「*」:通配符,也可表示匹配全部主機清單中的主機,它的用法和Linux裏的通配符相似。
[root@localhost ~]# ansible * -m ping
192.168.0.128 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.0.218 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.0.99 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@localhost ~]# ansible 192.168.0.1* -m ping
192.168.0.128 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@localhost ~]# ansible web* -m ping
192.168.0.99 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@localhost ~]#
三、或關係
[root@localhost ~]# tail -6 /etc/ansible/hosts
[websers]
192.168.0.99:41319
192.168.0.218
[appsers]
192.168.0.218
192.168.0.128
[root@localhost ~]# ansible "websers:appsers" --list
hosts (3):
192.168.0.99
192.168.0.218
192.168.0.128
[root@localhost ~]# ansible "192.168.0.1*:192.168.0.2*" --list
hosts (2):
192.168.0.128
192.168.0.218
[root@localhost ~]#
四、邏輯與
[root@localhost ~]# ansible "websers:&appsers" --list
hosts (1):
192.168.0.218
[root@localhost ~]#
說明:以上命令的意思是列出在websers組中,而且又在appsers組的主機
五、邏輯非
[root@localhost ~]# ansible "websers:!appsers" --list
-bash: !appsers": event not found
[root@localhost ~]# ansible 'websers:!appsers' --list
hosts (1):
192.168.0.99
[root@localhost ~]#
說明:這裏須要注意一點的是邏輯非要用單引號,以上命令表達的意思是列出在websers組中,可是不在appsers組中的主機
六、綜合邏輯
[root@localhost ~]# tail -13 /etc/ansible/hosts
[websers]
192.168.0.99:41319
192.168.0.218
[appsers]
192.168.0.218
192.168.0.128
[dbsers]
192.168.0.208
192.168.0.199
[ftpsers]
192.168.0.123
192.168.0.233
[root@localhost ~]# ansible 'dbsers:websers:&appsers:!ftpsers' --list
hosts (1):
192.168.0.218
[root@localhost ~]#
說明:以上命令有邏輯或邏輯與邏輯非,在這種綜合的匹配模式中咱們要遵循這樣一個優先級順序來匹配,首先邏輯非的優先級最好,其次是邏輯與,優先級最低是邏輯或,以上命令表示匹配dbsers和websers兩個組中的主機,在appsers中檔不在ftpsers中的主機
七、正則表達式
[root@localhost ~]# ansible "~(web|db).*" --list
hosts (4):
192.168.0.99
192.168.0.218
192.168.0.208
192.168.0.199
[root@localhost ~]#
說明:以上命令表示匹配web開頭的組或者db開頭的組中的主機,~表示使用正則匹配
瞭解了ansible的主機列表匹配,接着咱們再說下ansible命令的執行過程,咱們在使用ansible執行命令的時候能夠用-vvv選項來顯示更爲詳細的執行過程
[root@localhost ~]# ansible "websers:&appsers" -m shell -a "getent passwd root" -vvv
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
Using /etc/ansible/ansible.cfg as config file
Parsed /etc/ansible/hosts inventory source with ini plugin
META: ran handlers
Using module file /usr/lib/python2.7/site-packages/ansible/modules/commands/command.py
<192.168.0.218> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.0.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/82e2c5d794 192.168.0.218 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<192.168.0.218> (0, '/root\n', '')
<192.168.0.218> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.0.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/82e2c5d794 192.168.0.218 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1573399527.3-188437527440745 `" && echo ansible-tmp-1573399527.3-188437527440745="` echo /root/.ansible/tmp/ansible-tmp-1573399527.3-188437527440745 `" ) && sleep 0'"'"''
<192.168.0.218> (0, 'ansible-tmp-1573399527.3-188437527440745=/root/.ansible/tmp/ansible-tmp-1573399527.3-188437527440745\n', '')
<192.168.0.218> PUT /tmp/tmpPczCAu TO /root/.ansible/tmp/ansible-tmp-1573399527.3-188437527440745/command.py
<192.168.0.218> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/82e2c5d794 '[192.168.0.218]'
<192.168.0.218> (0, 'sftp> put /tmp/tmpPczCAu /root/.ansible/tmp/ansible-tmp-1573399527.3-188437527440745/command.py\n', '')
<192.168.0.218> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.0.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/82e2c5d794 192.168.0.218 '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1573399527.3-188437527440745/ /root/.ansible/tmp/ansible-tmp-1573399527.3-188437527440745/command.py && sleep 0'"'"''
<192.168.0.218> (0, '', '')
<192.168.0.218> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.0.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/82e2c5d794 -tt 192.168.0.218 '/bin/sh -c '"'"'/usr/bin/python /root/.ansible/tmp/ansible-tmp-1573399527.3-188437527440745/command.py; rm -rf "/root/.ansible/tmp/ansible-tmp-1573399527.3-188437527440745/" > /dev/null 2>&1 && sleep 0'"'"''
<192.168.0.218> (0, '\r\n{"changed": true, "end": "2019-11-10 23:25:23.100262", "stdout": "root:x:0:0:root:/root:/bin/bash", "cmd": "getent passwd root", "rc": 0, "start": "2019-11-10 23:25:23.082719", "stderr": "", "delta": "0:00:00.017543", "invocation": {"module_args": {"warn": true, "executable": null, "_uses_shell": true, "_raw_params": "getent passwd root", "removes": null, "creates": null, "chdir": null, "stdin": null}}}\r\n', 'Shared connection to 192.168.0.218 closed.\r\n')
192.168.0.218 | SUCCESS | rc=0 >>
root:x:0:0:root:/root:/bin/bash
META: ran handlers
META: ran handlers
[root@localhost ~]#
說明:經過以上信息的查看,咱們能夠大概知道ansible的執行命令的過程,以下
一、首先ansible會加載本身的配置文件,默認是/etc/ansible/ansible.cfg
二、加載對應模塊文件,如上就是加載的是shell模塊
三、經過ansible將模塊或命令生成對應的python臨時文件,並將該文件用sftp傳輸至遠端主機的對應執行用戶的家目錄下的.ansible/tmp/ansible-tmp-數字/xxxx.py文件
四、而後對剛纔傳送過去的臨時文件加可執行權限 chmod + x
五、執行臨時文件,並返回結果
六、刪除臨時py文件,sleep 0 退出
ansible的返回結果通常會有3種顏色來表示執行結果:紅色,綠色,橘黃色。其中紅色表示執行失敗,或者執行過程當中有異常,通常會終止剩餘的全部任務。綠色和橘黃色表示執行過程當中沒有異常,全部任務均正常執行,但橘黃色表示命令執行結束後目標有狀態變化,而綠色表示命令執行後目標沒有狀態變化,不只ansible命令執行結果有如此設置,ansible系列命令均有此設置,因此判斷ansible系列命令的執行結果是否正常,咱們看顏色便可
三、ansible-galaxy:命令主要做用是鏈接https://galaxy.ansible.com下載/上傳相應的roles
命令用法:
Usage: ansible-galaxy [delete|import|info|init|install|list|login|remove|search|setup] [--help] [options] ...
一、下載安裝角色
[root@localhost ~]# ansible-galaxy install geerlingguy.redis - downloading role 'redis', owned by geerlingguy - downloading role from https://github.com/geerlingguy/ansible-role-redis/archive/1.6.0.tar.gz - extracting geerlingguy.redis to /etc/ansible/roles/geerlingguy.redis - geerlingguy.redis (1.6.0) was installed successfully [root@localhost ~]#
二、列出全部已經安裝的角色列表
[root@localhost ~]# ansible-galaxy list - geerlingguy.redis, 1.6.0 [root@localhost ~]#
三、刪除已安裝的角色
[root@localhost ~]# ansible-galaxy remove geerlingguy.redis - successfully removed geerlingguy.redis [root@localhost ~]# ansible-galaxy list [root@localhost ~]#
說明:galaxy默認下載到/etc/ansible/roles目錄下,咱們刪除也可直接刪除該目錄下的角色,固然咱們也可把本身寫好的角色放在該目錄下,用ansible-galaxy list 也是能夠查看到咱們本身寫的角色。
四、ansible-vault:命令主要功能管理機密解密yaml文件
命令用法:
Usage: ansible-vault [create|decrypt|edit|encrypt|encrypt_string|rekey|view] [options] [vaultfile.yml]
一、加密
[root@localhost ansible]# cat test.yaml
---
- hosts: websers
remote_user: root
tasks:
- name: test
command: hostname
[root@localhost ansible]# ansible-vault encrypt test.yaml
New Vault password:
Confirm New Vault password:
Encryption successful
[root@localhost ansible]# cat test.yaml
$ANSIBLE_VAULT;1.1;AES256
38653234373532306537633636343038383031613537303437623730626462306665363165363432
6162306332313031326330386136623464346533363164320a353734386632303837393633643932
62656262626265396236646536646231646631363431383261623530626639303132396139633731
6663633466373034320a323161316262653535353361353436353238663836623034366534393265
34663862363938653531346237323265633861663430313839653932633362333865333366353765
38326239386432373665396133346632346336373839386134366335663339363338306138363733
39653462373564383736373063333764653137356237353563396635633862623039373964326531
61626138316239663535346562643436666534333637313363663536393932313565623533666561
6564
[root@localhost ansible]#
二、解密
[root@localhost ansible]# cat test.yaml
$ANSIBLE_VAULT;1.1;AES256
38653234373532306537633636343038383031613537303437623730626462306665363165363432
6162306332313031326330386136623464346533363164320a353734386632303837393633643932
62656262626265396236646536646231646631363431383261623530626639303132396139633731
6663633466373034320a323161316262653535353361353436353238663836623034366534393265
34663862363938653531346237323265633861663430313839653932633362333865333366353765
38326239386432373665396133346632346336373839386134366335663339363338306138363733
39653462373564383736373063333764653137356237353563396635633862623039373964326531
61626138316239663535346562643436666534333637313363663536393932313565623533666561
6564
[root@localhost ansible]# ansible-vault decrypt test.yaml
Vault password:
Decryption successful
[root@localhost ansible]# cat test.yaml
---
- hosts: websers
remote_user: root
tasks:
- name: test
command: hostname
[root@localhost ansible]#
三、不解密查看
[root@localhost ansible]# cat test.yaml
$ANSIBLE_VAULT;1.1;AES256
63623938346561623733663938396234303933353162326531353230366237373664663662623133
3136653066363866363461666438346531626439346134660a623231326637336464303965366263
38353637633962326233313664353966343663393931393131303361323139646530333566313739
3233336166653038630a626637366661646638376338653261373336373438353639333930363836
32353464313438633632323366323731333830326632313837623131636363393664323863663437
38346131303561373865316666346265653039346333373663383861653737373466356466393439
35386163636234623564353537373264636138636663663531356164313437373164633433303635
63306439633963636136663637643936373337376130616433396561303535313330656337323233
3065
[root@localhost ansible]# ansible-vault view test.yaml
Vault password:
---
- hosts: websers
remote_user: root
tasks:
- name: test
command: hostname
[root@localhost ansible]# cat test.yaml
$ANSIBLE_VAULT;1.1;AES256
63623938346561623733663938396234303933353162326531353230366237373664663662623133
3136653066363866363461666438346531626439346134660a623231326637336464303965366263
38353637633962326233313664353966343663393931393131303361323139646530333566313739
3233336166653038630a626637366661646638376338653261373336373438353639333930363836
32353464313438633632323366323731333830326632313837623131636363393664323863663437
38346131303561373865316666346265653039346333373663383861653737373466356466393439
35386163636234623564353537373264636138636663663531356164313437373164633433303635
63306439633963636136663637643936373337376130616433396561303535313330656337323233
3065
[root@localhost ansible]#
四、編輯加密文件
[root@localhost ansible]# cat test.yaml
$ANSIBLE_VAULT;1.1;AES256
63623938346561623733663938396234303933353162326531353230366237373664663662623133
3136653066363866363461666438346531626439346134660a623231326637336464303965366263
38353637633962326233313664353966343663393931393131303361323139646530333566313739
3233336166653038630a626637366661646638376338653261373336373438353639333930363836
32353464313438633632323366323731333830326632313837623131636363393664323863663437
38346131303561373865316666346265653039346333373663383861653737373466356466393439
35386163636234623564353537373264636138636663663531356164313437373164633433303635
63306439633963636136663637643936373337376130616433396561303535313330656337323233
3065
[root@localhost ansible]# ansible-vault edit test.yaml
Vault password:
---
- hosts: websers
remote_user: root
tasks:
- name: test
command: hostname
- name: test1
shell: ls /root/
~
~
~
~
~
~
~
~
~
~
~
~
~
~
"/tmp/tmpBHavml.yaml" 9L, 135C written
[root@localhost ansible]# cat test.yaml
$ANSIBLE_VAULT;1.1;AES256
30653764326466326131636362363762356362393334383966303433306331316335373732633463
3430383065336336333232303933356161363861376335630a363837363963386265333866643265
35333133393861646662636261653662313864633866373930306664646563343966366239373432
3661376233383766610a306366633964343434313533333065623739313762326561303837666437
61623136303764326138643362653166633138653237383761323665393132656161663639353631
62333063323135623466386333633835346539653463656239393562616164656664353562316163
36373161326261336338613137386636653431336535376338313165343564616531653439333764
65653834333335346531316137663332643963323966373064653664656532343061326234373563
31636364663737376639336531313937363630306232613561373932306432623835663563643463
66366530396536373031613134326464623939396538383335633764363237653064656135373262
306462316363333863393765323932373737
[root@localhost ansible]#
說明:這種編輯好的文件仍是處於加密狀態
五、修改加密口令
[root@localhost ansible]# ansible-vault rekey test.yaml Vault password: New Vault password: Confirm New Vault password: Rekey successful [root@localhost ansible]#
說明:修改口令必須先輸入原口令,正確後才能夠修改,若是忘記密碼則文件就沒法查看,也沒法修改口令
六、建立新加密文件
[root@localhost ansible]# ls
test.yaml
[root@localhost ansible]# ansible-vault create test2.yaml
New Vault password:
Confirm New Vault password:
---
- hosts: appsers
remote_user: root
tasks:
- name: test2
shell: getent passwd
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
"/tmp/tmpgYTB3x.yaml" 7L, 92C written
[root@localhost ansible]# ls
test2.yaml test.yaml
[root@localhost ansible]# cat test2.yaml
$ANSIBLE_VAULT;1.1;AES256
64616164373236646635383539366661646262383936613533363263303136393031633533373638
6261613964636466656439656464336635323337643632620a366133383633633837363432326138
63323331346437636365353866656233363139633364353833623933353732323038336364376539
3963643939383734350a643734356432663063383066313932333837323631636536613834333232
30393464376230633762663364333330343132386132343861636665343831653863653939356536
62333564303934303138356332376634313535373037663866323038363237323438633464623534
61303937313930363230353165346337393462666131303861646262333830333365393737326365
63346431613736303963346130363464313239646361653830303862333236303939613665383261
3230
[root@localhost ansible]
五、ansible-console:可交互式執行ansible命令,支持tab補全,經常使用於ad-hoc和ansible-playbook之間的場景,經常使用於集中一批臨時操做或命令。
[root@localhost ansible]# ansible-console Vault password: Welcome to the ansible console. Type help or ? to list commands. root@all (7)[f:5]$ list 192.168.0.99 192.168.0.218 192.168.0.123 192.168.0.233 192.168.0.128 192.168.0.208 192.168.0.199 root@all (7)[f:5]$ cd websers root@websers (2)[f:5]$ list 192.168.0.99 192.168.0.218 root@websers (2)[f:5]$ forks 2 root@websers (2)[f:2]$ shell getent passwd root 192.168.0.218 | SUCCESS | rc=0 >> root:x:0:0:root:/root:/bin/bash 192.168.0.99 | SUCCESS | rc=0 >> root:x:0:0:root:/root:/bin/bash root@websers (2)[f:2]$
說明:在終端鍵入ansible-console命令後會進入相似shell同樣的交互式終端環境,其中提示符格式是:執行用戶@當前操做的主機組(主機組中的主機數量)[f:併發數]$,設置併發數:forks n,其中n 表示設置的併發數;切換組用cd 主機組,如cd websers;list是列出當前主機組裏的主機列表,列出全部的內置命令用?或help
六、ansible-playbook:命令功能是執行playbook文件
命令用法:
Usage: ansible-playbook [options] playbook.yml [playbook2 ...]
經常使用選項:
-C,--check:檢查playbook 不執行
-e,傳遞變量
-f,設置併發數,默認是5
-t,指定tags運行
-l,--limit=subset針對某些主機執行
--list-hosts:列出匹配的主機列表
--list-tags:列出全部可用標籤
--list-tasks:列出全部將被執行的任務
[root@localhost ansible]# cat test.yaml
---
- hosts: websers
remote_user: root
tasks:
- name: test
command: /usr/bin/wall hello world
[root@localhost ansible]# ansible-playbook -C test.yaml
PLAY [websers] ********************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************
ok: [192.168.0.218]
ok: [192.168.0.99]
TASK [test] ***********************************************************************************************************
skipping: [192.168.0.218]
skipping: [192.168.0.99]
PLAY RECAP ************************************************************************************************************
192.168.0.218 : ok=1 changed=0 unreachable=0 failed=0
192.168.0.99 : ok=1 changed=0 unreachable=0 failed=0
[root@localhost ansible]# ansible-playbook test.yaml
PLAY [websers] ********************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************
ok: [192.168.0.218]
ok: [192.168.0.99]
TASK [test] ***********************************************************************************************************
changed: [192.168.0.218]
changed: [192.168.0.99]
PLAY RECAP ************************************************************************************************************
192.168.0.218 : ok=2 changed=1 unreachable=0 failed=0
192.168.0.99 : ok=2 changed=1 unreachable=0 failed=0
[root@localhost ansible]# ansible-playbook test.yaml --list-hosts
playbook: test.yaml
play #1 (websers): websers TAGS: []
pattern: [u'websers']
hosts (2):
192.168.0.99
192.168.0.218
[root@localhost ansible]# ansible-playbook test.yaml --list-tags
playbook: test.yaml
play #1 (websers): websers TAGS: []
TASK TAGS: []
[root@localhost ansible]# ansible-playbook test.yaml --list-tasks
playbook: test.yaml
play #1 (websers): websers TAGS: []
tasks:
test TAGS: []
[root@localhost ansible]# ansible-playbook test.yaml --limit 192.168.0.99
PLAY [websers] ********************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************
ok: [192.168.0.99]
TASK [test] ***********************************************************************************************************
changed: [192.168.0.99]
PLAY RECAP ************************************************************************************************************
192.168.0.99 : ok=2 changed=1 unreachable=0 failed=0
[root@localhost ansible]#
七、ansible-pull:命令功能從VCS存儲庫中提取劇本併爲本地主機執行,該命令的使用涉及ansible的另外一種工做模式:pull模式(ansible默認使用push模式)。這和一般的push模式工做機制恰好相反,其適用於一下場景。一、有數量巨大的機器須要配置,即便使用高併發線程依舊要花費不少時間;二、在剛啓動的、沒有網絡鏈接的主機上使用運行ansible
命令用法:
ansible-pull -U <repository> [options] [<playbook.yml>]
經常使用選項:
-U <URL>, --url <URL> 劇本資料庫的網址 -d <DEST>, --directory <DEST> 檢出存儲庫的目錄 -i, --inventory, --inventory-file 指定清單主機路徑或逗號分隔的主機列表。–不推薦使用庫存文件 -o, --only-if-changed 僅在存儲庫已更新的狀況下運行劇本 -u <REMOTE_USER>, --user <REMOTE_USER> 以該用戶身份鏈接(默認=無)
一般ansible-pull結合git和crontab 一併實現,其原理是經過crontab按期拉取指定的git庫中的playbook到本地,並指定模式自動運行預先制定好的指令。
示例:
*/20 * * * * root /usr/local/bin/ansible-pull -o -C 2.1.0 -d /srv/www/king-gw/ -i /etc/ansible/hosts -U git://git.kingifa.com/king-gw-ansiblepull >> /var/log/ansible-pull.log 2>&1
ansible-pull一般在配置大批量機器的場景會用到,靈活性稍有欠缺,但效率幾乎能夠無限提高,對運維人員的技術水平和前瞻性規劃有較高要求。
更多的選項說明請參考https://docs.ansible.com/ansible/2.4/ansible-pull.html
相關文章
- 1. ansible命令詳解
- 2. ansible初識(九)--ansible系列命令之Ansible-galaxy/pull工具
- 3. ansible模塊命令詳解
- 4. Linux系列命令——ls命令詳解
- 5. pssh系列命令詳解
- 6. Ansible系列命令與Inventory配置詳解
- 7. ansible命令中ansible-vault命令的使用詳解
- 8. ansible初識(四)--ansible系列命令ansible及主機模式
- 9. Ansible--配置文件及系列命令
- 10. 3.三、Ansible命令參數詳解
- 更多相關文章...
- • Spring體系結構詳解 - Spring教程
- • 免費ARP詳解 - TCP/IP教程
- • Docker 清理命令
- • Flink 數據傳輸及反壓詳解
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 「插件」Runner更新Pro版,幫助設計師遠離996
- 2. 錯誤 707 Could not load file or assembly ‘Newtonsoft.Json, Version=12.0.0.0, Culture=neutral, PublicKe
- 3. Jenkins 2018 報告速覽,Kubernetes使用率躍升235%!
- 4. TVI-Android技術篇之註解Annotation
- 5. android studio啓動項目
- 6. Android的ADIL
- 7. Android卡頓的檢測及優化方法彙總(線下+線上)
- 8. 登錄註冊的業務邏輯流程梳理
- 9. NDK(1)創建自己的C/C++文件
- 10. 小菜的系統框架界面設計-你的評估是我的決策
歡迎關注本站公眾號,獲取更多信息
