• 1. 安装
  • 2. 配置
    • 2.1. ansible.cfg
    • 2.2. hosts
  • 3. ansible的命令
  • 4. ansible-playbook

    1. 安装

    以centos为例。

    1. yum install -y ansible

    2. 配置

    默认配置目录在/etc/ansible/,主要有以下两个配置:

    • ansible.cfg:ansible的配置文件
    • hosts:配置ansible所连接的机器IP信息

    2.1. ansible.cfg

    2.2. hosts

    1. # This is the default ansible 'hosts' file.
    2. #
    3. # It should live in /etc/ansible/hosts
    4. #
    5. #   - Comments begin with the '#' character
    6. #   - Blank lines are ignored
    7. #   - Groups of hosts are delimited by [header] elements
    8. #   - You can enter hostnames or ip addresses
    9. #   - A hostname/ip can be a member of multiple groups
    11. # Ex 1: Ungrouped hosts, specify before any group headers.
    13. # green.example.com
    14. # blue.example.com
    15. # 192.168.100.1
    16. # 192.168.100.10
    18. # Ex 2: A collection of hosts belonging to the 'webservers' group
    20. # [webservers]
    21. # alpha.example.org
    22. # beta.example.org
    23. # 192.168.1.100
    24. # 192.168.1.110
    26. # If you have multiple hosts following a pattern you can specify
    27. # them like this:
    29. # www[001:006].example.com
    31. # Ex 3: A collection of database servers in the 'dbservers' group
    33. # [dbservers]
    34. #
    35. # db01.intranet.mydomain.net
    36. # db02.intranet.mydomain.net
    37. # 10.25.1.56
    38. # 10.25.1.57
    40. # Here's another example of host ranges, this time there are no
    41. # leading 0s:
    43. # db-[99:101]-node.example.com
    45. [k8s]
    46. 192.168.201.52
    47. 192.168.201.53
    48. 192.168.201.54
    49. 192.168.201.55
    50. 192.168.201.56
    51. 192.168.201.57

    3. ansible的命令

    命令格式为:ansible [options]

    • host-pattern:即hosts文件中配置的集群名称
    • options:命令操作符

    例如:ansible k8s -a ‘uname -r’

    1. [root@k8s-master ansible]# ansible k8s -a 'uname -r'
    2. 172.16.201.56 | SUCCESS | rc=0 >>
    3. 4.16.11-1.el7.elrepo.x86_64
    5. 172.16.201.55 | SUCCESS | rc=0 >>
    6. 4.16.11-1.el7.elrepo.x86_64
    8. 172.16.201.54 | SUCCESS | rc=0 >>
    9. 4.16.11-1.el7.elrepo.x86_64
    11. 172.16.201.53 | SUCCESS | rc=0 >>
    12. 4.16.11-1.el7.elrepo.x86_64
    14. 172.16.201.52 | SUCCESS | rc=0 >>
    15. 4.16.11-1.el7.elrepo.x86_64
    17. 172.16.201.57 | SUCCESS | rc=0 >>
    18. 4.16.11-1.el7.elrepo.x86_64

    具体的命令信息:

    1. Usage: ansible <host-pattern> [options]
    3. Define and run a single task 'playbook' against a set of hosts
    5. Options:
    6.   -a MODULE_ARGS, --args=MODULE_ARGS
    7.                         module arguments
    8.   --ask-vault-pass      ask for vault password
    9.   -B SECONDS, --background=SECONDS
    10.                         run asynchronously, failing after X seconds
    11.                         (default=N/A)
    12.   -C, --check           don't make any changes; instead, try to predict some
    13.                         of the changes that may occur
    14.   -D, --diff            when changing (small) files and templates, show the
    15.                         differences in those files; works great with --check
    16.   -e EXTRA_VARS, --extra-vars=EXTRA_VARS
    17.                         set additional variables as key=value or YAML/JSON, if
    18.                         filename prepend with @
    19.   -f FORKS, --forks=FORKS
    20.                         specify number of parallel processes to use
    21.                         (default=5)
    22.   -h, --help            show this help message and exit
    23.   -i INVENTORY, --inventory=INVENTORY, --inventory-file=INVENTORY
    24.                         specify inventory host path or comma separated host
    25.                         list. --inventory-file is deprecated
    26.   -l SUBSET, --limit=SUBSET
    27.                         further limit selected hosts to an additional pattern
    28.   --list-hosts          outputs a list of matching hosts; does not execute
    29.                         anything else
    30.   -m MODULE_NAME, --module-name=MODULE_NAME
    31.                         module name to execute (default=command)
    32.   -M MODULE_PATH, --module-path=MODULE_PATH
    33.                         prepend colon-separated path(s) to module library
    34.                         (default=[u'/root/.ansible/plugins/modules',
    35.                         u'/usr/share/ansible/plugins/modules'])
    36.   -o, --one-line        condense output
    37.   --playbook-dir=BASEDIR
    38.                         Since this tool does not use playbooks, use this as a
    39.                         subsitute playbook directory.This sets the relative
    40.                         path for many features including roles/ group_vars/
    41.                         etc.
    42.   -P POLL_INTERVAL, --poll=POLL_INTERVAL
    43.                         set the poll interval if using -B (default=15)
    44.   --syntax-check        perform a syntax check on the playbook, but do not
    45.                         execute it
    46.   -t TREE, --tree=TREE  log output to this directory
    47.   --vault-id=VAULT_IDS  the vault identity to use
    48.   --vault-password-file=VAULT_PASSWORD_FILES
    49.                         vault password file
    50.   -v, --verbose         verbose mode (-vvv for more, -vvvv to enable
    51.                         connection debugging)
    52.   --version             show program's version number and exit
    54.   Connection Options:
    55.     control as whom and how to connect to hosts
    57.     -k, --ask-pass      ask for connection password
    58.     --private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE
    59.                         use this file to authenticate the connection
    60.     -u REMOTE_USER, --user=REMOTE_USER
    61.                         connect as this user (default=None)
    62.     -c CONNECTION, --connection=CONNECTION
    63.                         connection type to use (default=smart)
    64.     -T TIMEOUT, --timeout=TIMEOUT
    65.                         override the connection timeout in seconds
    66.                         (default=10)
    67.     --ssh-common-args=SSH_COMMON_ARGS
    68.                         specify common arguments to pass to sftp/scp/ssh (e.g.
    69.                         ProxyCommand)
    70.     --sftp-extra-args=SFTP_EXTRA_ARGS
    71.                         specify extra arguments to pass to sftp only (e.g. -f,
    72.                         -l)
    73.     --scp-extra-args=SCP_EXTRA_ARGS
    74.                         specify extra arguments to pass to scp only (e.g. -l)
    75.     --ssh-extra-args=SSH_EXTRA_ARGS
    76.                         specify extra arguments to pass to ssh only (e.g. -R)
    78.   Privilege Escalation Options:
    79.     control how and which user you become as on target hosts
    81.     -s, --sudo          run operations with sudo (nopasswd) (deprecated, use
    82.                         become)
    83.     -U SUDO_USER, --sudo-user=SUDO_USER
    84.                         desired sudo user (default=root) (deprecated, use
    85.                         become)
    86.     -S, --su            run operations with su (deprecated, use become)
    87.     -R SU_USER, --su-user=SU_USER
    88.                         run operations with su as this user (default=None)
    89.                         (deprecated, use become)
    90.     -b, --become        run operations with become (does not imply password
    91.                         prompting)
    92.     --become-method=BECOME_METHOD
    93.                         privilege escalation method to use (default=sudo),
    94.                         valid choices: [ sudo | su | pbrun | pfexec | doas |
    95.                         dzdo | ksu | runas | pmrun | enable ]
    96.     --become-user=BECOME_USER
    97.                         run operations as this user (default=root)
    98.     --ask-sudo-pass     ask for sudo password (deprecated, use become)
    99.     --ask-su-pass       ask for su password (deprecated, use become)
    100.     -K, --ask-become-pass
    101.                         ask for privilege escalation password
    103. Some modules do not make sense in Ad-Hoc (include, meta, etc)

    4. ansible-playbook

    1. Usage: ansible-playbook [options] playbook.yml [playbook2 ...]
    3. Runs Ansible playbooks, executing the defined tasks on the targeted hosts.
    5. Options:
    6.   --ask-vault-pass      ask for vault password
    7.   -C, --check           don't make any changes; instead, try to predict some
    8.                         of the changes that may occur
    9.   -D, --diff            when changing (small) files and templates, show the
    10.                         differences in those files; works great with --check
    11.   -e EXTRA_VARS, --extra-vars=EXTRA_VARS
    12.                         set additional variables as key=value or YAML/JSON, if
    13.                         filename prepend with @
    14.   --flush-cache         clear the fact cache for every host in inventory
    15.   --force-handlers      run handlers even if a task fails
    16.   -f FORKS, --forks=FORKS
    17.                         specify number of parallel processes to use
    18.                         (default=5)
    19.   -h, --help            show this help message and exit
    20.   -i INVENTORY, --inventory=INVENTORY, --inventory-file=INVENTORY
    21.                         specify inventory host path or comma separated host
    22.                         list. --inventory-file is deprecated
    23.   -l SUBSET, --limit=SUBSET
    24.                         further limit selected hosts to an additional pattern
    25.   --list-hosts          outputs a list of matching hosts; does not execute
    26.                         anything else
    27.   --list-tags           list all available tags
    28.   --list-tasks          list all tasks that would be executed
    29.   -M MODULE_PATH, --module-path=MODULE_PATH
    30.                         prepend colon-separated path(s) to module library
    31.                         (default=[u'/root/.ansible/plugins/modules',
    32.                         u'/usr/share/ansible/plugins/modules'])
    33.   --skip-tags=SKIP_TAGS
    34.                         only run plays and tasks whose tags do not match these
    35.                         values
    36.   --start-at-task=START_AT_TASK
    37.                         start the playbook at the task matching this name
    38.   --step                one-step-at-a-time: confirm each task before running
    39.   --syntax-check        perform a syntax check on the playbook, but do not
    40.                         execute it
    41.   -t TAGS, --tags=TAGS  only run plays and tasks tagged with these values
    42.   --vault-id=VAULT_IDS  the vault identity to use
    43.   --vault-password-file=VAULT_PASSWORD_FILES
    44.                         vault password file
    45.   -v, --verbose         verbose mode (-vvv for more, -vvvv to enable
    46.                         connection debugging)
    47.   --version             show program's version number and exit
    49.   Connection Options:
    50.     control as whom and how to connect to hosts
    52.     -k, --ask-pass      ask for connection password
    53.     --private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE
    54.                         use this file to authenticate the connection
    55.     -u REMOTE_USER, --user=REMOTE_USER
    56.                         connect as this user (default=None)
    57.     -c CONNECTION, --connection=CONNECTION
    58.                         connection type to use (default=smart)
    59.     -T TIMEOUT, --timeout=TIMEOUT
    60.                         override the connection timeout in seconds
    61.                         (default=10)
    62.     --ssh-common-args=SSH_COMMON_ARGS
    63.                         specify common arguments to pass to sftp/scp/ssh (e.g.
    64.                         ProxyCommand)
    65.     --sftp-extra-args=SFTP_EXTRA_ARGS
    66.                         specify extra arguments to pass to sftp only (e.g. -f,
    67.                         -l)
    68.     --scp-extra-args=SCP_EXTRA_ARGS
    69.                         specify extra arguments to pass to scp only (e.g. -l)
    70.     --ssh-extra-args=SSH_EXTRA_ARGS
    71.                         specify extra arguments to pass to ssh only (e.g. -R)
    73.   Privilege Escalation Options:
    74.     control how and which user you become as on target hosts
    76.     -s, --sudo          run operations with sudo (nopasswd) (deprecated, use
    77.                         become)
    78.     -U SUDO_USER, --sudo-user=SUDO_USER
    79.                         desired sudo user (default=root) (deprecated, use
    80.                         become)
    81.     -S, --su            run operations with su (deprecated, use become)
    82.     -R SU_USER, --su-user=SU_USER
    83.                         run operations with su as this user (default=None)
    84.                         (deprecated, use become)
    85.     -b, --become        run operations with become (does not imply password
    86.                         prompting)
    87.     --become-method=BECOME_METHOD
    88.                         privilege escalation method to use (default=sudo),
    89.                         valid choices: [ sudo | su | pbrun | pfexec | doas |
    90.                         dzdo | ksu | runas | pmrun | enable ]
    91.     --become-user=BECOME_USER
    92.                         run operations as this user (default=root)
    93.     --ask-sudo-pass     ask for sudo password (deprecated, use become)
    94.     --ask-su-pass       ask for su password (deprecated, use become)
    95.     -K, --ask-become-pass
    96.                         ask for privilege escalation password