7.9 Ansible 入门指南使用手册 ============================ |image0| 1. 有用的小技巧 --------------- 1. 只输出错误的信息 ~~~~~~~~~~~~~~~~~~~ 如何让 ansible 只输出错误的信息。 1、修改配置:只对 playbook 有效 .. code:: ini [defaults] bin_ansible_callbacks=True 2、添加环境变量:对 ad-hoc 命令有效 .. code:: shell export ANSIBLE_LOAD_CALLBACK_PLUGINS=1 具体示例 .. code:: shell ANSIBLE_LOAD_CALLBACK_PLUGINS=1 ANSIBLE_STDOUT_CALLBACK=actionable ansible all -m ping 2. 如何批量推送文件 ~~~~~~~~~~~~~~~~~~~ :: # 批量推送文件 ansible ws_compute01 -m copy -a 'src= dest=' 3. 测试机器连接性 ~~~~~~~~~~~~~~~~~ .. code:: shell ansible ws_compute01,ws_compute02 -m ping 4. 将命令放在远程主机的后台执行 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 在下架机器时,要做的一个操作是去除ip,若使用shell 或者 command 模块去删除ip配置,会导致当前连接的断开而失败。这时候可以借鉴异步的思想,将这个脚本放在后台执行。 可以使用 async 和 poll 关键字来实现。 - async:表示超时时间 - poll:检测task执行情况的时间间隔 如下设置超时时间为 4 秒,每2秒检测一次执行结果。若经过两次检测后,脚本仍没有执行完成,就将其挂起在后台,直接进入一步。 :: - name: remove private ip shell: "sh /tmp/remove_private_ip.sh &" when: host_status is success async: 4 poll: 2 所以要实现挂起在后台的效果,你应该在 ``remove_private_ip.sh`` 里加一条语句:\ ``sleep 5``\ ,使脚本的运行时间超时 4 s。 5. 获取节点级变量:Gathering Facts ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :: ansible all -m setup 6. 获取节点信息 ~~~~~~~~~~~~~~~ 保证这个文件有 x 执行权限,并且文件格式要是 unix 而不能是dos .. code:: shell /root/deployment/inventory/get_controller_v1.py --list 7. ad-hoc 指定 run_once ~~~~~~~~~~~~~~~~~~~~~~~ .. code:: shell ansible compute[0] -m synchronize -a 'src=/etc/deny.list dest=/etc/deny.list mode=pull' 2. playbook 参数 ---------------- :: Options: --ask-vault-pass #ask for vault password #加密playbook文件时提示输入密码 -C, --check #don't make any changes; instead, try to predict some of the changes that may occur #模拟执行,不会真正在机器上执行(查看执行会产生什么变化) -D, --diff #when changing (small) files and templates, show the differences in those files; works great with --check #当更新的文件数及内容较少时,该选项可显示这些文件不同的地方,该选项结合-C用会有较好的效果 -e EXTRA_VARS, --extra-vars=EXTRA_VARS #set additional variables as key=value or YAML/JSON #在Playbook中引入外部参数变量 --flush-cache #clear the fact cache #将fact清除到的远程主机缓存 --force-handlers #run handlers even if a task fails #强制运行handlers的任务,即使在任务失败的情况下 -f FORKS, --forks=FORKS #specify number of parallel processes to use(default=5) #并行任务数。FORKS被指定为一个整数,默认是5 -h, --help #show this help message and exit #打开帮助文档API -i INVENTORY, --inventory-file=INVENTORY #specify inventory host path (default=/etc/ansible/hosts) or comma separated host list. #指定要读取的Inventory文件 -l SUBSET, --limit=SUBSET #further limit selected hosts to an additional pattern #限定执行的主机范围 --list-hosts #outputs a list of matching hosts; does not execute anything else #列出执行匹配到的主机,但并不会执行 --list-tags #list all available tags #列出所有可用的tags --list-tasks #list all tasks that would be executed #列出所有即将被执行的任务 -M MODULE_PATH, --module-path=MODULE_PATH #specify path(s) to module library (default=None) #要执行的模块的路径 --new-vault-password-file=NEW_VAULT_PASSWORD_FILE #new vault password file for rekey # --output=OUTPUT_FILE #output file name for encrypt or decrypt; use - for stdout # --skip-tags=SKIP_TAGS #only run plays and tasks whose tags do not match these values #跳过指定的tags任务 --start-at-task=START_AT_TASK #start the playbook at the task matching this name #从第几条任务(START_AT_TASK)开始执行 --step #one-step-at-a-time: confirm each task before running #逐步执行Playbook定义的任务,并经人工确认后继续执行下一步任务 --syntax-check #perform a syntax check on the playbook, but do not execute it #检查Playbook中的语法书写,并不实际执行 -t TAGS, --tags=TAGS #only run plays and tasks tagged with these values #指定执行该tags的任务 --vault-password-file=VAULT_PASSWORD_FILE #vault password file # -v, --verbose #verbose mode (-vvv for more, -vvvv to enable connection debugging) #执行详细输出 --version #show program's version number and exit #显示版本 Connection Options: control as whom and how to connect to hosts -k, --ask-pass #ask for connection password # --private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE #use this file to authenticate the connection # -u REMOTE_USER, --user=REMOTE_USER #connect as this user (default=None) #指定远程主机以USERNAME运行命令 -c CONNECTION, --connection=CONNECTION #connection type to use (default=smart) #指定连接方式,可用选项paramiko (SSH)、ssh、local,local方式常用于crontab和kickstarts -T TIMEOUT, --timeout=TIMEOUT #override the connection timeout in seconds(default=10) #SSH连接超时时间设定,默认10s --ssh-common-args=SSH_COMMON_ARGS #specify common arguments to pass to sftp/scp/ssh (e.g.ProxyCommand) # --sftp-extra-args=SFTP_EXTRA_ARGS #specify extra arguments to pass to sftp only (e.g. -f, -l) # --scp-extra-args=SCP_EXTRA_ARGS #specify extra arguments to pass to scp only (e.g. -l) # --ssh-extra-args=SSH_EXTRA_ARGS #specify extra arguments to pass to ssh only (e.g. -R) # Privilege Escalation Options: control how and which user you become as on target hosts -s, --sudo #run operations with sudo (nopasswd) (deprecated, use become) #相当于Linux系统下的sudo命令 -U SUDO_USER, --sudo-user=SUDO_USER #desired sudo user (default=root) (deprecated, use become) #使用sudo,相当于Linux下的sudo命令 -S, --su #run operations with su (deprecated, use become) # -R SU_USER, --su-user=SU_USER #run operations with su as this user (default=root)(deprecated, use become) -b, --become #run operations with become (does not imply password prompting) # --become-method=BECOME_METHOD #privilege escalation method to use (default=sudo),valid choices: [ sudo | su | pbrun | pfexec | doas |dzdo | ksu | runas ] # --become-user=BECOME_USER #run operations as this user (default=root) # --ask-sudo-pass #ask for sudo password (deprecated, use become) #传递sudo密码到远程主机,来保证sudo命令的正常运行 --ask-su-pass #ask for su password (deprecated, use become) # -K, --ask-become-pass #ask for privilege escalation password 快速传送门 ---------- 1. `Ansible 配置全解 `__ .. |image0| image:: http://image.iswbm.com/20200602135014.png