使用ansible运行任务
目录
两种方式:
- ad-hoc:类似于直接在shell终端敲打命令,执行简朴的任务
- playbook:剧本,类似于shell脚本,执行复杂的任务
【注:导航器也可以执行任务,但只可以执行playbook,不可以执行ad-hoc】
ansible-1:192.168.96.202
ansible-2:192.168.96.203
ansible-3:192.168.96.204
ad-hoc
ad-hoc执行任务格式- ansible 主机/主机组 -m 模块 -a ‘模块的参数’ ansbile的参数
- eg: ansbile all -m shell -a 'useradd devops' -u root -k
- -u 指定用户
- -k 使用密码认证
测试管控- [root@localhost .ssh]# ansible all -m ping
- ansible-2 | SUCCESS => {
- "ansible_facts": {
- "discovered_interpreter_python": "/usr/bin/python"
- },
- "changed": false,
- "ping": "pong"
- }
- ansible-3 | SUCCESS => {
- "ansible_facts": {
- "discovered_interpreter_python": "/usr/bin/python"
- },
- "changed": false,
- "ping": "pong"
- }
- ansible-1 | SUCCESS => {
- "ansible_facts": {
- "discovered_interpreter_python": "/usr/bin/python"
- },
- "changed": false,
- "ping": "pong"
- }
差别安装方式的模块数量差别,ansible-core最少
第三方安装:https://galaxy.ansible.com/
查看当前系统全部的模块数量- [root@localhost .ssh]# ansible-doc -l | wc -l
- [WARNING]: template parsing did not produce documentation.
- [WARNING]: win_template parsing did not produce documentation.
- 3681
查看模块详细参数- [root@localhost .ssh]# ansible-doc -s user
- - name: Manage user accounts
- user:
- append: # If `yes', add the user to the groups specified in `groups'. If `no', user will only be added to the groups specified in `groups', removing them from
- all other groups. Mutually exclusive with `local'
- authorization: # Sets the authorization of the user. Does nothing when used with other platforms. Can set multiple authorizations using comma separation. To delete all
- authorizations, use `authorization='''. Currently supported on Illumos/Solaris.
- ...【以下省略】
- [root@localhost .ssh]# ansible-doc user
命令执行模块
一共有四种模块:
command
通过执行ansible-doc command 可以看到,conmmand模块的使用跟正常shell命令差别不大。
- [root@localhost ~]# ansible all -m command -a 'touch /opt/file1'
- [WARNING]: Consider using the file module with state=touch rather than running 'touch'.
- If you need to use command because file is insufficient you can add 'warn: false' to this
- command task or set ' command_warnings=False ' in ansible.cfg to get rid of this message.
- 【此处warning警告是说,创建文件这个命令推荐使用file模块,而不是command模块,但这并不影响正常使用,如果想关闭这个警告,在【default】下添加 command_warnings=False 即可】
- ansible-2 | CHANGED | rc=0 >>
- ansible-1 | CHANGED | rc=0 >>
- ansible-3 | CHANGED | rc=0 >> command
- [root@localhost ~]# ansible all -m command -a 'echo hellp > /opt/file4'
- ansible-1 | CHANGED | rc=0 >>
- hellp > /opt/file4
- ansible-2 | CHANGED | rc=0 >>
- hellp > /opt/file4
- ansible-3 | CHANGED | rc=0 >>
- hellp > /opt/file4
- [root@localhost ~]# ansible all -m command -a 'echo hello | echo hell0'
- ansible-2 | CHANGED | rc=0 >>
- hello | echo hell0
- ansible-3 | CHANGED | rc=0 >>
- hello | echo hell0
- ansible-1 | CHANGED | rc=0 >>
- hello | echo hell0
- [root@localhost ~]# ansible all -m command -a 'echo hello & echo hell0'
- ansible-3 | CHANGED | rc=0 >>
- hello & echo hell0
- ansible-1 | CHANGED | rc=0 >>
- hello & echo hell0
- ansible-2 | CHANGED | rc=0 >>
- hello & echo hell0
拓展-ansbile默认模块
- [root@localhost ~]# ansible all -a "echo a"
- ansible-2 | CHANGED | rc=0 >>
- a
- ansible-3 | CHANGED | rc=0 >>
- a
- ansible-1 | CHANGED | rc=0 >>
- a
可以在ansible.cfg中看到- # default module name for /usr/bin/ansible
- #module_name = command
- 这里设定了在不指定模块的情况下,默认使用的是什么模块
跟正常使用shell命令没区别,并且还拥有一些高级特性,chdir、creates- [root@localhost ~]# ansible all -m shell -a 'echo hello & echo hell0'
- ansible-3 | CHANGED | rc=0 >>
- hell0
- hello
- ansible-2 | CHANGED | rc=0 >>
- hell0
- hello
- ansible-1 | CHANGED | rc=0 >>
- hell0
- hello
- 正常使用
chdir
- 在执行后续命令前,会更改工作目录。【因为主控执行的命令,默认是在被控的家目录下执行的,使用chdir,可以修改执行的工作目录】
- [root@localhost ~]# ansible all -m shell -a 'chdir=/opt touch example-1'
- ansible-1 | CHANGED | rc=0 >>
- ansible-3 | CHANGED | rc=0 >>
- ansible-2 | CHANGED | rc=0 >>
- [root@localhost ~]# ansible all -m shell -a 'chdir=/opt ls'
- ansible-2 | CHANGED | rc=0 >>
- example-1
- ansible-1 | CHANGED | rc=0 >>
- example-1
- ansible-3 | CHANGED | rc=0 >>
- example-1
- chdir
creates
- 当文件存在,命令不执行
- [root@localhost ~]# ansible all -m shell -a "creates=/etc/shadow ls /opt/"
- ansible-3 | SUCCESS | rc=0 >>
- skipped, since /etc/shadow exists
- ansible-2 | SUCCESS | rc=0 >>
- skipped, since /etc/shadow exists
- ansible-1 | SUCCESS | rc=0 >>
- skipped, since /etc/shadow exists
- 可以看到因为/etc/shadow存在,所以后面的步骤被跳过了
- [root@localhost ~]# ansible all -m shell -a "creates=/etc/shadows ls /opt/"
- ansible-1 | CHANGED | rc=0 >>
- example-1
- ansible-3 | CHANGED | rc=0 >>
- example-1
- ansible-2 | CHANGED | rc=0 >>
- example-1
- 如果不存在,则正常执行后面的命令
- creates
- 当文件存在,命令执行
- [root@localhost ~]# ansible all -m shell -a "removes=/etc/shadow ls /opt/"
- ansible-1 | CHANGED | rc=0 >>
- example-1
- ansible-2 | CHANGED | rc=0 >>
- example-1
- ansible-3 | CHANGED | rc=0 >>
- example-1
- 当文件不存在时,命令不执行【跳过】
- [root@localhost ~]# ansible all -m shell -a "removes=/etc/shadows ls /opt/"
- ansible-2 | SUCCESS | rc=0 >>
- skipped, since /etc/shadows does not exist
- ansible-3 | SUCCESS | rc=0 >>
- skipped, since /etc/shadows does not exist
- ansible-1 | SUCCESS | rc=0 >>
- skipped, since /etc/shadows does not exist
- removes
用法与shell一模一样,只是不支持chdir、creates、removes。但支持|&- [root@localhost ~]# ansible all -m raw -a "chdir=/opt ls "
- ansible-2 | CHANGED | rc=0 >>
- Shared connection to ansible-2 closed.
- ansible-3 | CHANGED | rc=0 >>
- ansible-example
- Shared connection to ansible-3 closed.
- ansible-1 | CHANGED | rc=0 >>
- Shared connection to ansible-1 closed.
- 可以看到他并没有在/opt下执行,而是出现在了用户的家目录下。
- [root@localhost ~]# ansible all -m raw -a "echo hello > /opt/file1 |cat /opt/file1 "
- ansible-1 | CHANGED | rc=0 >>
- hello
- Shared connection to ansible-1 closed.
- ansible-3 | CHANGED | rc=0 >>
- hello
- Shared connection to ansible-3 closed.
- ansible-2 | CHANGED | rc=0 >>
- hello
- Shared connection to ansible-2 closed.
- raw可以支持<>|&
将管理端的shell脚本中的指令放到被控节点执行。
【但这并不是执行脚本,而是将脚本中的命令单独拎出来执行,只是形式上像是执行了shell脚本,所以脚本也就不需要可执行权限】- #!/bin/bash
- useradd anssh
- rm -rf /opt/*
- echo hello> /opt/hello.txt
- 脚本
- [root@localhost ~]# ansible all -m script -a "ans.sh"
- ansible-1 | CHANGED => {
- "changed": true,
- "rc": 0,
- "stderr": "Shared connection to ansible-1 closed.\r\n",
- "stderr_lines": [
- "Shared connection to ansible-1 closed."
- ],
- "stdout": "\r\n",
- "stdout_lines": [
- ""
- ]
- }
- ansible-3 | CHANGED => {
- "changed": true,
- "rc": 0,
- "stderr": "Shared connection to ansible-3 closed.\r\n",
- "stderr_lines": [
- "Shared connection to ansible-3 closed."
- ],
- "stdout": "",
- "stdout_lines": []
- }
- ansible-2 | CHANGED => {
- "changed": true,
- "rc": 0,
- "stderr": "Shared connection to ansible-2 closed.\r\n",
- "stderr_lines": [
- "Shared connection to ansible-2 closed."
- ],
- "stdout": "",
- "stdout_lines": []
- }
- script
- [root@localhost ~]# ansible all -m shell -a "id anssh ; ls /opt/ ; cat /opt/hello.txt "
- ansible-3 | CHANGED | rc=0 >>
- uid=1001(anssh) gid=1001(anssh) groups=1001(anssh)
- hello.txt
- hello
- ansible-2 | CHANGED | rc=0 >>
- uid=1001(anssh) gid=1001(anssh) groups=1001(anssh)
- hello.txt
- hello
- ansible-1 | CHANGED | rc=0 >>
- uid=1001(anssh) gid=1001(anssh) groups=1001(anssh)
- hello.txt
- hello
- 验证
file
file模块中有两个选项尤为重要
1、path
2、state- path 指定文件和目录的详细路径
- state 指定动作
- file【默认动作】查看文件或者目录的属性信息
- touch 创建文件和更新时间戳
- directory 创建目录
- absent 删除目录,删除文件,取消链接文件
- hard 硬链接
- link 软链接
- force 强制创建
- src 创建链接文件时指定源文件路径
- dest 创建链接文件时指定链接文件路径
- mode 指定权限
- owner 指定拥有人
- group 指定拥有组 file模块的选项
- [root@localhost ~]# ansible all -m file -a "path=/etc/passwd "
- ansible-3 | SUCCESS => {
- "ansible_facts": {
- "discovered_interpreter_python": "/usr/bin/python"
- },
- "changed": false,
- "gid": 0,
- "group": "root",
- "mode": "0644",
- "owner": "root",
- "path": "/etc/passwd",
- "secontext": "system_u:object_r:passwd_file_t:s0",
- "size": 1035,
- "state": "file",
- "uid": 0
- }
- ansible-1 | SUCCESS => {
- "ansible_facts": {
- "discovered_interpreter_python": "/usr/bin/python"
- },
- "changed": false,
- "gid": 0,
- "group": "root",
- "mode": "0644",
- "owner": "root",
- "path": "/etc/passwd",
- "secontext": "system_u:object_r:passwd_file_t:s0",
- "size": 1035,
- "state": "file",
- "uid": 0
- }
- ansible-2 | SUCCESS => {
- "ansible_facts": {
- "discovered_interpreter_python": "/usr/bin/python"
- },
- "changed": false,
- "gid": 0,
- "group": "root",
- "mode": "0644",
- "owner": "root",
- "path": "/etc/passwd",
- "secontext": "system_u:object_r:passwd_file_t:s0",
- "size": 1035,
- "state": "file",
- "uid": 0
- }
state
- [root@localhost ~]# ansible all -m file -a 'path=/opt/file.txt state=touch mode=777 owner=devops group=devops '
- ansible-3 | CHANGED => {
- "ansible_facts": {
- "discovered_interpreter_python": "/usr/bin/python"
- },
- "changed": true,
- "dest": "/opt/file.txt",
- "gid": 1000,
- "group": "devops",
- "mode": "0777",
- "owner": "devops",
- "secontext": "unconfined_u:object_r:usr_t:s0",
- "size": 0,
- "state": "file",
- "uid": 1000
- }
- ansible-1 | CHANGED => {
- "ansible_facts": {
- "discovered_interpreter_python": "/usr/bin/python"
- },
- "changed": true,
- "dest": "/opt/file.txt",
- "gid": 1000,
- "group": "devops",
- "mode": "0777",
- "owner": "devops",
- "secontext": "unconfined_u:object_r:usr_t:s0",
- "size": 0,
- "state": "file",
- "uid": 1000
- }
- ansible-2 | CHANGED => {
- "ansible_facts": {
- "discovered_interpreter_python": "/usr/bin/python"
- },
- "changed": true,
- "dest": "/opt/file.txt",
- "gid": 1000,
- "group": "devops",
- "mode": "0777",
- "owner": "devops",
- "secontext": "unconfined_u:object_r:usr_t:s0",
- "size": 0,
- "state": "file",
- "uid": 1000
- }
- 创建文件
mode-owner-group
<blockquote>
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。 |
