Ansible目录结构
安装完成ansible后要知道ansible主要安装的了什么,安装的目录结构是什么,每个目录做什么的
可以使用:rpm -ql ansible | less 来查看ansible安装的所有路径 输出的目录比较多,主要分为下面几类: 配置文件目录: /etc/ansible 执行文件目录: /usr/bin lib库依赖目录:/usr/lib/python2.7/site-packages/ansible help文档目录:/usr/share/doc/ansible-2.7.5 man文档目录:/usr/share/man/man1/
Ansible配置文件
对于ansible的配置文件,其实没有过多的要了解的,因为ansible默认的配置文件就是挺适合日常使用的了,一般情况下不需要进行过多的修改
ansible的配置文件在安装完成ansible后的 /etc/ansible/ansible.cfg 文件
默认配置文件如下:
# config file for ansible -- https://ansible.com/
# ===============================================
# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults]
# some basic default values...
#inventory = /etc/ansible/hosts
#library = /usr/share/my_modules/
#module_utils = /usr/share/my_module_utils/
#remote_tmp = ~/.ansible/tmp
#local_tmp = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks = 5
#poll_interval = 15
#sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
#transport = smart
#remote_port = 22
#module_lang = C
#module_set_locale = False
# plays will gather facts by default, which contain information about
# the remote system.
#
# smart - gather by default, but don't regather if already gathered
# implicit - gather by default, turn off with gather_facts: False
# explicit - do not gather by default, must say gather_facts: True
#gathering = implicit
# This only affects the gathering done by a play's gather_facts directive,
# by default gathering retrieves all facts subsets
# all - gather all subsets
# network - gather min and network facts
# hardware - gather hardware facts (longest facts to retrieve)
# virtual - gather min and virtual facts
# facter - import facts from facter
# ohai - import facts from ohai
# You can combine them using comma (ex: network,virtual)
# You can negate them using ! (ex: !hardware,!facter,!ohai)
# A minimal set of facts is always gathered.
#gather_subset = all
# some hardware related facts are collected
# with a maximum timeout of 10 seconds. This
# option lets you increase or decrease that
# timeout to something more suitable for the
# environment.
# gather_timeout = 10
# Ansible facts are available inside the ansible_facts.* dictionary
# namespace. This setting maintains the behaviour which was the default prior
# to 2.5, duplicating these variables into the main namespace, each with a
# prefix of 'ansible_'.
# This variable is set to True by default for backwards compatibility. It
# will be changed to a default of 'False' in a future release.
# ansible_facts.
# inject_facts_as_vars = True
# additional paths to search for roles in, colon separated
#roles_path = /etc/ansible/roles
# uncomment this to disable SSH key host checking
#host_key_checking = False
# change the default callback, you can only have one 'stdout' type enabled at a time.
#stdout_callback = skippy
## Ansible ships with some plugins that require whitelisting,
## this is done to avoid running all of a type by default.
## These setting lists those that you want enabled for your system.
## Custom plugins should not need this unless plugin author specifies it.
# enable callback plugins, they can output to stdout but cannot be 'stdout' type.
#callback_whitelist = timer, mail
# Determine whether includes in tasks and handlers are "static" by
# default. As of 2.0, includes are dynamic by default. Setting these
# values to True will make includes behave more like they did in the
# 1.x versions.
#task_includes_static = False
#handler_includes_static = False
# Controls if a missing handler for a notification event is an error or a warning
#error_on_missing_handler = True
# change this for alternative sudo implementations
#sudo_exe = sudo
# What flags to pass to sudo
# WARNING: leaving out the defaults might create unexpected behaviours
#sudo_flags = -H -S -n
# SSH timeout
#timeout = 10
# default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root
# logging is off by default unless this path is defined
# if so defined, consider logrotate
#log_path = /var/log/ansible.log
# default module name for /usr/bin/ansible
#module_name = command
# use this shell for commands executed under sudo
# you may need to change this to bin/bash in rare instances
# if sudo is constrained
#executable = /bin/sh
# if inventory variables overlap, does the higher precedence one win
# or are hash values merged together? The default is 'replace' but
# this can also be set to 'merge'.
#hash_behaviour = replace
# by default, variables from roles will be visible in the global variable
# scope. To prevent this, the following option can be enabled, and only
# tasks and handlers within the role will see the variables there
#private_role_vars = yes
# list any Jinja2 extensions to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
# if set, always use this private key file for authentication, same as
# if passing --private-key to ansible or ansible-playbook
#private_key_file = /path/to/file
# If set, configures the path to the Vault password file as an alternative to
# specifying --vault-password-file on the command line.
#vault_password_file = /path/to/vault_password_file
# format of string {{ ansible_managed }} available within Jinja2
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
# {file}, {host}, {uid}, and the timestamp can all interfere with idempotence
# in some situations so the default is a static string:
#ansible_managed = Ansible managed
# by default, ansible-playbook will display "Skipping [host]" if it determines a task
# should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
# messages. NOTE: the task header will still be shown regardless of whether or not the
# task is skipped.
#display_skipped_hosts = True
# by default, if a task in a playbook does not include a name: field then
# ansible-playbook will construct a header that includes the task's action but
# not the task's args. This is a security feature because ansible cannot know
# if the *module* considers an argument to be no_log at the time that the
# header is printed. If your environment doesn't have a problem securing
# stdout from ansible-playbook (or you have manually specified no_log in your
# playbook on all of the tasks where you have secret information) then you can
# safely set this to True to get more informative messages.
#display_args_to_stdout = False
# by default (as of 1.3), Ansible will raise errors when attempting to dereference
# Jinja2 variables that are not set in templates or action lines. Uncomment this line
# to revert the behavior to pre-1.3.
#error_on_undefined_vars = False
# by default (as of 1.6), Ansible may display warnings based on the configuration of the
# system running ansible itself. This may include warnings about 3rd party packages or
# other conditions that should be resolved if possible.
# to disable these warnings, set the following value to False:
#system_warnings = True
# by default (as of 1.4), Ansible may display deprecation warnings for language
# features that should no longer be used and will be removed in future versions.
# to disable these warnings, set the following value to False:
#deprecation_warnings = True
# (as of 1.8), Ansible can optionally warn when usage of the shell and
# command module appear to be simplified by using a default Ansible module
# instead. These warnings can be silenced by adjusting the following
# setting or adding warn=yes or warn=no to the end of the command line
# parameter string. This will for example suggest using the git module
# instead of shelling out to the git command.
# command_warnings = False
# set plugin path directories here, separate with colons
#action_plugins = /usr/share/ansible/plugins/action
#cache_plugins = /usr/share/ansible/plugins/cache
#callback_plugins = /usr/share/ansible/plugins/callback
#connection_plugins = /usr/share/ansible/plugins/connection
#lookup_plugins = /usr/share/ansible/plugins/lookup
#inventory_plugins = /usr/share/ansible/plugins/inventory
#vars_plugins = /usr/share/ansible/plugins/vars
#filter_plugins = /usr/share/ansible/plugins/filter
#test_plugins = /usr/share/ansible/plugins/test
#terminal_plugins = /usr/share/ansible/plugins/terminal
#strategy_plugins = /usr/share/ansible/plugins/strategy
# by default, ansible will use the 'linear' strategy but you may want to try
# another one
#strategy = free
# by default callbacks are not loaded for /bin/ansible, enable this if you
# want, for example, a notification or logging callback to also apply to
# /bin/ansible runs
#bin_ansible_callbacks = False
# don't like cows? that's unfortunate.
# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
#nocows = 1
# set which cowsay stencil you'd like to use by default. When set to 'random',
# a random stencil will be selected for each task. The selection will be filtered
# against the `cow_whitelist` option below.
#cow_selection = default
#cow_selection = random
# when using the 'random' option for cowsay, stencils will be restricted to this list.
# it should be formatted as a comma-separated list with no spaces between names.
# NOTE: line continuations here are for formatting purposes only, as the INI parser
# in python does not support them.
#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
# hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\
# stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
# don't like colors either?
# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
#nocolor = 1
# if set to a persistent type (not 'memory', for example 'redis') fact values
# from previous runs in Ansible will be stored. This may be useful when
# wanting to use, for example, IP information from one group of servers
# without having to talk to them in the same playbook run to get their
# current IP information.
#fact_caching = memory
#This option tells Ansible where to cache facts. The value is plugin dependent.
#For the jsonfile plugin, it should be a path to a local directory.
#For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0
#fact_caching_connection=/tmp
# retry files
# When a playbook fails by default a .retry file will be created in ~/
# You can disable this feature by setting retry_files_enabled to False
# and you can change the location of the files by setting retry_files_save_path
#retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry
# squash actions
# Ansible can optimise actions that call modules with list parameters
# when looping. Instead of calling the module once per with_ item, the
# module is called once with all items at once. Currently this only works
# under limited circumstances, and only with parameters named 'name'.
#squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper
# prevents logging of task data, off by default
#no_log = False
# prevents logging of tasks, but only on the targets, data is still logged on the master/controller
#no_target_syslog = False
# controls whether Ansible will raise an error or warning if a task has no
# choice but to create world readable temporary files to execute a module on
# the remote machine. This option is False by default for security. Users may
# turn this on to have behaviour more like Ansible prior to 2.1.x. See
# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
# for more secure ways to fix this than enabling this option.
#allow_world_readable_tmpfiles = False
# controls the compression level of variables sent to
# worker processes. At the default of 0, no compression
# is used. This value must be an integer from 0 to 9.
#var_compression_level = 9
# controls what compression method is used for new-style ansible modules when
# they are sent to the remote system. The compression types depend on having
# support compiled into both the controller's python and the client's python.
# The names should match with the python Zipfile compression types:
# * ZIP_STORED (no compression. available everywhere)
# * ZIP_DEFLATED (uses zlib, the default)
# These values may be set per host via the ansible_module_compression inventory
# variable
#module_compression = 'ZIP_DEFLATED'
# This controls the cutoff point (in bytes) on --diff for files
# set to 0 for unlimited (RAM may suffer!).
#max_diff_size = 1048576
# This controls how ansible handles multiple --tags and --skip-tags arguments
# on the CLI. If this is True then multiple arguments are merged together. If
# it is False, then the last specified argument is used and the others are ignored.
# This option will be removed in 2.8.
#merge_multiple_cli_flags = True
# Controls showing custom stats at the end, off by default
#show_custom_stats = True
# Controls which files to ignore when using a directory as inventory with
# possibly multiple sources (both static and dynamic)
#inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo
# This family of modules use an alternative execution path optimized for network appliances
# only update this setting if you know how this works, otherwise it can break module execution
#network_group_modules=eos, nxos, ios, iosxr, junos, vyos
# When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as
# a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain
# jinja2 templating language which will be run through the templating engine.
# ENABLING THIS COULD BE A SECURITY RISK
#allow_unsafe_lookups = False
# set default errors for all plays
#any_errors_fatal = False
[inventory]
# enable inventory plugins, default: 'host_list', 'script', 'yaml', 'ini', 'auto'
#enable_plugins = host_list, virtualbox, yaml, constructed
# ignore these extensions when parsing a directory as inventory source
#ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry
# ignore files matching these patterns when parsing a directory as inventory source
#ignore_patterns=
# If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise.
#unparsed_is_failed=False
[privilege_escalation]
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False
[paramiko_connection]
# uncomment this line to cause the paramiko connection plugin to not record new host
# keys encountered. Increases performance on new host additions. Setting works independently of the
# host key checking setting above.
#record_host_keys=False
# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
# line to disable this behaviour.
#pty=False
# paramiko will default to looking for SSH keys initially when trying to
# authenticate to remote devices. This is a problem for some network devices
# that close the connection after a key failure. Uncomment this line to
# disable the Paramiko look for keys function
#look_for_keys = False
# When using persistent connections with Paramiko, the connection runs in a
# background process. If the host doesn't already have a valid SSH key, by
# default Ansible will prompt to add the host key. This will cause connections
# running in background processes to fail. Uncomment this line to have
# Paramiko automatically add host keys.
#host_key_auto_add = True
[ssh_connection]
# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use
# paramiko on older platforms rather than removing it, -C controls compression use
#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
# The base directory for the ControlPath sockets.
# This is the "%(directory)s" in the control_path option
#
# Example:
# control_path_dir = /tmp/.ansible/cp
#control_path_dir = ~/.ansible/cp
# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,
# port and username (empty string in the config). The hash mitigates a common problem users
# found with long hostames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.
# In those cases, a "too long for Unix domain socket" ssh error would occur.
#
# Example:
# control_path = %(directory)s/%%h-%%r
#control_path =
# Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant
# performance improvement when enabled, however when using "sudo:" you must
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
#
#pipelining = False
# Control the mechanism for transferring files (old)
# * smart = try sftp and then try scp [default]
# * True = use scp only
# * False = use sftp only
#scp_if_ssh = smart
# Control the mechanism for transferring files (new)
# If set, this will override the scp_if_ssh option
# * sftp = use sftp to transfer files
# * scp = use scp to transfer files
# * piped = use 'dd' over SSH to transfer files
# * smart = try sftp, scp, and piped, in that order [default]
#transfer_method = smart
# if False, sftp will not use batch mode to transfer files. This may cause some
# types of file transfer failures impossible to catch however, and should
# only be disabled if your sftp version has problems with batch mode
#sftp_batch_mode = False
# The -tt argument is passed to ssh when pipelining is not enabled because sudo
# requires a tty by default.
#use_tty = True
# Number of times to retry an SSH connection to a host, in case of UNREACHABLE.
# For each retry attempt, there is an exponential backoff,
# so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max).
#retries = 3
[persistent_connection]
# Configures the persistent connection timeout value in seconds. This value is
# how long the persistent connection will remain idle before it is destroyed.
# If the connection doesn't receive a request before the timeout value
# expires, the connection is shutdown. The default value is 30 seconds.
#connect_timeout = 30
# Configures the persistent connection retry timeout. This value configures the
# the retry timeout that ansible-connection will wait to connect
# to the local domain socket. This value must be larger than the
# ssh timeout (timeout) and less than persistent connection idle timeout (connect_timeout).
# The default value is 15 seconds.
#connect_retry_timeout = 15
# The command timeout value defines the amount of time to wait for a command
# or RPC call before timing out. The value for the command timeout must
# be less than the value of the persistent connection idle timeout (connect_timeout)
# The default value is 10 second.
#command_timeout = 10
[accelerate]
#accelerate_port = 5099
#accelerate_timeout = 30
#accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
#accelerate_daemon_timeout = 30
# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default
# is "no".
#accelerate_multi_key = yes
[selinux]
# file systems that require special treatment when dealing with security context
# the default behaviour that copies the existing context or uses the user default
# needs to be changed to use the file system dependent context.
#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p
# Set this to yes to allow libvirt_lxc connections to work without SELinux.
#libvirt_lxc_noseclabel = yes
[colors]
#highlight = white
#verbose = blue
#warn = bright purple
#error = red
#debug = dark gray
#deprecate = purple
#skip = cyan
#unreachable = red
#ok = green
#changed = yellow
#diff_add = green
#diff_remove = red
#diff_lines = cyan
[diff]
# Always print diff when running ( same as always running with -D/--diff )
# always = no
# Set how many context lines to show in diff
# context = 3
ansible.cfg
上面的配置文件是ansible 2.7.5的版本的(版本不同可能具体的内容也会有小小的变化)
一般情况下的配置文件并不需要进行修改
下面对几个我自己常用的设置进行解释一下
默认配置 这里的配置项有很多,这里主要介绍一些常用的 [defaults] #inventory = /etc/ansible/hosts #被控端的主机列表文件 #library = /usr/share/my_modules/ #库文件存放目录 #remote_tmp = ~/.ansible/tmp #临时文件远程主机存放目录 #local_tmp = ~/.ansible/tmp #临时文件本地存放目录 #forks = 5 #默认开启的并发数 #poll_interval = 15 #默认轮询时间间隔(单位秒) #sudo_user = root #默认sudo用户 #ask_sudo_pass = True #是否需要sudo密码 #ask_pass = True #是否需要密码 #transport = smart #传输方式 #remote_port = 22 #默认远程主机的端口号 建议开启修改以下两个配置参数(取消掉注释即可) #host_key_checking = False #检查对应服务器的host_key #log_path=/var/log/ansible.log #开启ansible日志
Ansible系列命令
如何获取Ansible的系列命令呢?
使用如下命令获取:
[root@ansible ~]# ls /usr/bin/ | grep ansible | grep -v [0-9] ansible ansible-config ansible-connection ansible-console ansible-doc ansible-galaxy ansible-inventory ansible-playbook ansible-pull ansible-vault
下面我们对系列命令做一下简单的了解:
ansible
ansible命令其实在运维工作中用的最多的命令,它的主要目的或者说是主要的应用场景是:在做临时性的操作的时候(比如只想看看被控端的一台主机或者多台主机是否存活),在man中的定义是:run a command somewhere else
ansible通过ssh实现配置管理、应用部署、任务执行等功能,建议配置ansible端能基于密钥认证的方式联系各个被管理节点
语法:ansible <host-pattern> [options] 选项参数: 使用ansible --help可以查看到命令参数 这里只写一些常用的参数: --version #显示版本 -m module #指定使用的模块,默认为command -v #查看执行的详细过程(-vv、-vvvv更详细) --list-hosts #显示主机列表(可以简写为--list) -k,--ask-pass #提示输入ssh连接密码,默认使用key验证 -K,--ask-become-pass #提示执行输入sudo的密码 -C,--check #检查,并不执行 -T,--timeout=TIMEOUT #执行命令的超时时间,默认10s -u,--user=REMOTE_USER #指定远程执行的执行用户 -b,--become #代替旧版本的sudo切换 -h,--help #显示使用帮助
ansible命令在运维工作中是尤为重要的在操作的时候结合ansible的模块(ansible-doc --list命令查看模块)可以实现很多功能
ansible命令选项和常用模块详细解释:
ansible-doc
ansible-doc是查看ansible模块(插件)文档说明,针对每个模块都有详细的用法说明,功能和Linux的man命令类似
语法:ansible-doc [-l|-F|-s] [options] [-t <plugin type> ] [plugin] 参数: -a, --all #显示文档所有的模块(这个选项有个bug) -h, --help #显示使用帮助 -j, --json #将所有的模块转储为JSON格式 -l, --list #查看模块列表 -F, --list_files #显示模块的名称和模块原路径 -M MODULE_PATH, --module-path=MODULE_PATH # -s, --snippet #简介的显示模块的帮助信息 -t TYPE, --type=TYPE #指定模块类型(默认为module) -v, --verbose #查看执行的详细过程(-vv、-vvvv更详细) --version #查看版本 执行 ansible-doc 模块名 查看模块的详细信息 示例: 查看模块详细信息 [root@ansible ~]# ansible-doc ping > PING (/usr/lib/python2.7/site-packages/ansible/modules/system/ping.py) A trivial test module, this module always returns `pong' on successful contact. It does not make sense in playbooks, but it is useful from `/usr/bin/ansible' to verify the ability to login and that a usable Python is configured. This is NOT ICMP ping, this is just a trivial test module that requires Python on the remote-node. For Windows targets, use the [win_ping] module instead. For Network targets, use the [net_ping] module instead. OPTIONS (= is mandatory): - data Data to return for the `ping' return value. If this parameter is set to `crash', the module will cause an exception. [Default: pong] NOTES: * For Windows targets, use the [win_ping] module instead. * For Network targets, use the [net_ping] module instead. AUTHOR: Ansible Core Team, Michael DeHaan METADATA: status: - stableinterface supported_by: core EXAMPLES: # Test we can logon to 'webservers' and execute python with json lib. # ansible webservers -m ping # Example from an Ansible Playbook - ping: # Induce an exception to see what happens - ping: data: crash RETURN VALUES: ping: description: value provided with the data parameter returned: success type: string sample: pong 查看模块的简单信息 [root@ansible ~]# ansible-doc -s ping - name: Try to connect to host, verify a usable python and return `pong' on success ping: data: # Data to return for the `ping' return value. If this parameter is set to `crash', the module will cause an exception.
ansible-doc命令在运维工作中也是尤为重要的我们在对模块进行了解学习的时候经常会用到
ansible-doc命令选项和常用模块详细解释:
ansible-playbook
ansible-playbook是日常用的最多的命令,其工作机制是:通过读取预先编写好的playbook文件实现批量管理,要实现的功能与命令ansbile一样,可以理解为按一定的条件组成ansible的任务集
ansible-playbook命令后跟YML格式的playbook文件,执行事先编排好的任务集
语法: ansible-playbook [options] playbook.yml [playbook2 ...] 参数:大部分的参数和ansible的参数一致 可以使用:ansible-playbook --help可以查看到命令参数
ansible-playbook命令在运维工作中是使用的最多的
ansible-playbook详细使用:
ansible-galaxy
这个命令是一个下载互联网上roles集合的工具(这里提到的roles集合其实就是多个playbook文件的集合)
roles集合所在地址:https://galaxy.ansible.com
使用方法: 语法:ansible-galaxy [delete|import|info|init|install|list|login|remove|search|setup] [--help] [options] ... 参数: -h, --help #查看命令帮助 -c, --ignore-certs #忽略SSL证书验证错误 -s API_SERVER, --server=API_SERVER #API服务器地址 -v, --verbose #查看执行的详细过程(-vv、-vvvv更详细) --version #查看版本 示例: 搜索roles [root@ansible ~]# ansible-galaxy search nginx 查看search的使用帮助 [root@ansible ~]# ansible-galaxy search --help 安装roles [root@ansible ~]# ansible-galaxy install geerlingguy.nginx - downloading role 'nginx', owned by geerlingguy - downloading role from https://github.com/geerlingguy/ansible-role-nginx/archive/2.6.2.tar.gz - extracting geerlingguy.nginx to /root/.ansible/roles/geerlingguy.nginx - geerlingguy.nginx (2.6.2) was installed successfully 上面可以看到实际上就是互联网上的geerlingguy.nginx下载到本地的/root/.ansible/roles/中 查看install的使用帮助 [root@ansible ~]# ansible-galaxy install --help 删除roles [root@ansible ~]# ansible-galaxy remove geerlingguy.nginx 这个步骤就是把/root/.ansible/roles/中的geerlingguy.nginx文件夹删除 查看remove的使用帮助 [root@ansible ~]# ansible-galaxy remove --help 列出安装的roles [root@ansible ~]# ansible-galaxy list - geerlingguy.nginx, 2.6.2 查看list的使用帮助 [root@ansible ~]# ansible-galaxy list --help -------------------------------------------------------------------------------------------------------- 温馨提示: ansible-galaxy的使用方法还有很多,在语法中可以看到能执行的操作,可以使用示例中的相同方法查看各个功能的帮助信息!!! --------------------------------------------------------------------------------------------------------
ansible-pull
该指令设计到了ansible的另一种的工作模式:pull模式(ansible默认使用的是push模式),这个和通常使用的push模式的工作机制正好相反(push拉取,pull推送)
ansible的pull模式适用于:
1) 你有数量巨大的机器需要配置,即使使用高并发线程依然需要花费大量的时间
2)你要在刚启动的,没有联网的主机上执行ansible
语法:ansible-pull -U <repository> [options] [<playbook.yml>] 参数:大部分的参数和ansible的参数一直,因为不常用所有就不列举了 可以使用 ansible-pull --help查看具体的帮助 -------------------------------------------------------------------------------------------------------------------------------- 温馨提示: ansible-pull通常在配置大批量的机器的场景下使用,灵活性有小小的欠缺,但效率几乎可以无限的提升,对于运维人员的技术水平和前瞻性的规划有很高要求!!! --------------------------------------------------------------------------------------------------------------------------------
ansible-console
ansible自己的终端
语法:ansible-console [<host-pattern>] [options]
参数:大部分的参数和ansible的参数一直,因为不常用所有就不列举了
可以使用:ansible-console --help 查看帮助
使用示例:
对所有的被控端进行终端命令操作
[root@ansible ~]# ansible-console
Welcome to the ansible console.
Type help or ? to list commands.
root@all (3)[f:5]$
对/etc/ansible/hosts里面定义的某个清单列表进行终端命令操作
[root@ansible ~]# ansible-console web
Welcome to the ansible console.
Type help or ? to list commands.
root@web (2)[f:5]$
在终端可做的操作
设置并发数:forks n 例如:forks 10
切换组:cd 组名 例如:cd web
列出当前组主机列表 例如:list
列出所有的内置命令(其实就是内置的模块) 例如:?或者help
exit命令退出终端
ansible-config
查看,编辑管理ansible的配置文件
语法:ansible-config [view|dump|list] [--help] [options] [ansible.cfg]
参数:
-c CONFIG_FILE, --config=CONFIG_FILE #指定配置文件所在的路径
-h, --help #查看帮助信息
-v, --verbose #查看执行的详细过程(-vv、-vvvv更详细)
--version #查看版本
-----------------------------------------------
温馨提示:不常用(个人感觉)
-----------------------------------------------
ansible-connection
这是一个插件,指定执行模式(测试用)
ansible-inventory
查看被控制端主机清单的详细信息默认情况下它使用库存脚本,返回JSON格式
语法:ansible-inventory [options] [host|group]
参数:ansible-inventory --help 查看
示例:
[root@ansible ~]# ansible-inventory --list
{
"_meta": {
"hostvars": {
"192.168.192.129": {},
"192.168.192.130": {},
"192.168.192.131": {}
}
},
"all": {
"children": [
"db",
"ungrouped",
"web"
]
},
"db": {
"hosts": [
"192.168.192.131"
]
},
"ungrouped": {},
"web": {
"hosts": [
"192.168.192.129",
"192.168.192.130"
]
}
}
ansible-vault
ansible-vault主要用于配置文件的加密,如编写的playbook配置文件中包含敏感的信息,不希望其他人随便的看,ansible-vault可加密/解密这个配置文件
ansible-vault主要用于配置文件的加密,如编写的playbook配置文件中包含敏感的信息,不希望其他人随便的看,ansible-vault可加密/解密这个配置文件
语法:ansible-vault [create|decrypt|edit|encrypt|encrypt_string|rekey|view] [options] [vaultfile.yml]
参数:
--ask-vault-pass ask for vault password
-h, --help #查看帮助信息
--new-vault-id=NEW_VAULT_ID #设置用于rekey的新vault标识
--new-vault-password-file=NEW_VAULT_PASSWORD_FILE #新的保险库密码文件为rekey
--vault-id=VAULT_IDS #要使用的保险库标识
--vault-password-file=VAULT_PASSWORD_FILES #库密码文件
-v, --verbose #查看执行的详细过程(-vv、-vvvv更详细)
--version #查看版本
使用参数:
encrypt(加密)
decrypt(解密)
create(创建)
view(查看)
edit(编辑)
rekey(修改密码)
示例:
新建一个yml的文件,写入一些数据
[root@ansible ~]# echo "1243" > test.yml
给test.yml设置密码
[root@ansible ~]# ansible-vault encrypt test.yml
New Vault password:
Confirm New Vault password:
Encryption successful
在次查看test.yml文件
[root@ansible ~]# cat test.yml
$ANSIBLE_VAULT;1.1;AES256
62316362376261393235633834333861383330356365666362333165343164386464306134643537
3730616331656630383264373734666635386430343435640a613366623365353963623031613738
31376363336532323730383561663539313730646431646133336333303230313239643366383264
6137633461363937350a326166383662643239623931653231643039373364383664393035356336
3538
上面查看到明显被加密了
正确的查看方式(解密查看):
[root@ansible ~]# ansible-vault decrypt test.yml
Vault password:
Decryption successful
[root@ansible ~]# cat test.yml
1243
查看被加密的文件
[root@ansible ~]# ansible-vault view test.yml
Vault password:
1243
编辑被加密的文件
[root@ansible ~]# ansible-vault edit test.yml
Vault password:
创建被加密的文件
[root@ansible ~]# ansible-vault create new.yml
New Vault password:
Confirm New Vault password: