β

Ansible使用文档

傻东の学习笔记 279 阅读
 

ansible 是一个开源的 运维 自动化 工具,可以对多台 服务器 分组进行管理。通过ssh连接主机进行操作,不用在目标机器上安装客户端,只需要加入ssh密钥,比较方便。它本质上就是是在目标机器上执行一系列命令,完成任务。也可以自己写playbook,完成一整套操作。

ansible: ansible

ansible-shell: ansible-shell

安装

yum install ansible
brew install ansible
pip install ansible

hosts

ansible_ssh_host
 The name of the host to connect to, if different from the alias you wish to give to it.
ansible_ssh_port
 The ssh port number, if not 22
ansible_ssh_user
 The default ssh user name to use.
ansible_ssh_pass
 The ssh password to use (this is insecure, we strongly recommend using --ask-pass or SSH keys)
ansible_sudo
 The boolean to decide if sudo should be used for this host. Defaults to false.
ansible_sudo_pass
 The sudo password to use (this is insecure, we strongly recommend using --ask-sudo-pass)
ansible_sudo_exe (new in version 1.8)
 The sudo command path.
ansible_connection
 Connection type of the host. Candidates are local, ssh or paramiko. The default is paramiko before Ansible 1.2, and 'smart' afterwards which detects whether usage of 'ssh' would be feasible based on whether ControlPersist is supported.
ansible_ssh_private_key_file
 Private key file used by ssh. Useful if using multiple keys and you don't want to use SSH agent.
ansible_shell_type
 The shell type of the target system. By default commands are formatted using 'sh'-style syntax by default. Setting this to 'csh' or 'fish' will cause commands executed on target systems to follow those shell's syntax instead.
ansible_python_interpreter
 The target host python path. This is useful for systems with more
 than one Python or not located at "/usr/bin/python" such as \*BSD, or where /usr/bin/python
 is not a 2.X series Python. We do not use the "/usr/bin/env" mechanism as that requires the remote user's
 path to be set right and also assumes the "python" executable is named python, where the executable might
 be named something like "python26".
ansible\_\*\_interpreter
 Works for anything such as ruby or perl and works just like ansible_python_interpreter.
 This replaces shebang of modules which will run on that host.
[group]
hostname ansible_ssh_host=ip ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_private_key_file=/path/to/ssh_private ansible_ssh_pass=123123

ansible.cfg

# config file for ansible -- http://ansible.com/
# ==============================================
# nearly all parameters can be overridden in ansible-playbook 
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults]
# some basic default values...
inventory   = /usr/local/etc/ansible/hosts
#library    = /usr/share/my_modules/
remote_tmp   = $HOME/.ansible/tmp
pattern    = *
forks     = 5
poll_interval = 15
sudo_user   = root
#ask_sudo_pass = True
#ask_pass   = True
transport   = smart
#remote_port  = 22
module_lang  = C
# plays will gather facts by default, which contain information about
# the remote system.
#
# smart - gather by default, but don't regather if already gathered
# implicit - gather by default, turn off with gather_facts: False
# explicit - do not gather by default, must say gather_facts: True
gathering = implicit
# additional paths to search for roles in, colon separated
#roles_path  = /etc/ansible/roles
# uncomment this to disable SSH key host checking
#host_key_checking = False
# change this for alternative sudo implementations
sudo_exe = sudo
# what flags to pass to sudo
#sudo_flags = -H
# SSH timeout
timeout = 10
# default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root
# logging is off by default unless this path is defined
# if so defined, consider logrotate
#log_path = /var/log/ansible.log
# default module name for /usr/bin/ansible
#module_name = command
# use this shell for commands executed under sudo
# you may need to change this to bin/bash in rare instances
# if sudo is constrained
#executable = /bin/sh
# if inventory variables overlap, does the higher precedence one win
# or are hash values merged together? The default is 'replace' but
# this can also be set to 'merge'.
#hash_behaviour = replace
# list any Jinja2 extensions to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
# if set, always use this private key file for authentication, same as 
# if passing --private-key to ansible or ansible-playbook
#private_key_file = /Volumes/DATA/Doc/工作/工作文档/Key/ssh_private.pub
# format of string {{ ansible_managed }} available within Jinja2 
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
# by default, ansible-playbook will display "Skipping [host]" if it determines a task
# should not be run on a host. Set this to "False" if you don't want to see these "Skipping" 
# messages. NOTE: the task header will still be shown regardless of whether or not the 
# task is skipped.
#display_skipped_hosts = True
# by default (as of 1.3), Ansible will raise errors when attempting to dereference 
# Jinja2 variables that are not set in templates or action lines. Uncomment this line
# to revert the behavior to pre-1.3.
#error_on_undefined_vars = False
# by default (as of 1.6), Ansible may display warnings based on the configuration of the
# system running ansible itself. This may include warnings about 3rd party packages or
# other conditions that should be resolved if possible.
# to disable these warnings, set the following value to False:
#system_warnings = True
# by default (as of 1.4), Ansible may display deprecation warnings for language
# features that should no longer be used and will be removed in future versions.
# to disable these warnings, set the following value to False:
#deprecation_warnings = True
# (as of 1.8), Ansible can optionally warn when usage of the shell and
# command module appear to be simplified by using a default Ansible module
# instead. These warnings can be silenced by adjusting the following
# setting or adding warn=yes or warn=no to the end of the command line 
# parameter string. This will for example suggest using the git module
# instead of shelling out to the git command.
# command_warnings = False
# set plugin path directories here, separate with colons
action_plugins   = /usr/share/ansible_plugins/action_plugins
callback_plugins  = /usr/share/ansible_plugins/callback_plugins
connection_plugins = /usr/share/ansible_plugins/connection_plugins
lookup_plugins   = /usr/share/ansible_plugins/lookup_plugins
vars_plugins    = /usr/share/ansible_plugins/vars_plugins
filter_plugins   = /usr/share/ansible_plugins/filter_plugins
# by default callbacks are not loaded for /bin/ansible, enable this if you
# want, for example, a notification or logging callback to also apply to 
# /bin/ansible runs
#bin_ansible_callbacks = False
# don't like cows? that's unfortunate.
# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 
#nocows = 1
# don't like colors either?
# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
#nocolor = 1
# the CA certificate path used for validating SSL certs. This path 
# should exist on the controlling node, not the target nodes
# common locations:
# RHEL/CentOS: /etc/pki/tls/certs/ca-bundle.crt
# Fedora   : /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Ubuntu   : /usr/share/ca-certificates/cacert.org/cacert.org.crt
#ca_file_path = 
# the http user-agent string to use when fetching urls. Some web server
# operators block the default urllib user agent as it is frequently used
# by malicious attacks/scripts, so we set it to something unique to 
# avoid issues.
#http_user_agent = ansible-agent
# if set to a persistent type (not 'memory', for example 'redis') fact values
# from previous runs in Ansible will be stored. This may be useful when
# wanting to use, for example, IP information from one group of servers
# without having to talk to them in the same playbook run to get their
# current IP information.
fact_caching = memory
# retry files
#retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry
[privilege_escalation]
#become=True
#become_method='sudo'
#become_user='root'
#become_ask_pass=False
[paramiko_connection]
# uncomment this line to cause the paramiko connection plugin to not record new host
# keys encountered. Increases performance on new host additions. Setting works independently of the
# host key checking setting above.
#record_host_keys=False
# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
# line to disable this behaviour.
#pty=False
[ssh_connection]
# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use 
# paramiko on older platforms rather than removing it
#ssh_args = -o ControlMaster=auto -o ControlPersist=60s
# The path to use for the ControlPath sockets. This defaults to
# "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with
# very long hostnames or very long path names (caused by long user names or 
# deeply nested home directories) this can exceed the character limit on
# file socket names (108 characters for most platforms). In that case, you 
# may wish to shorten the string below.
# 
# Example: 
# control_path = %(directory)s/%%h-%%r
#control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
# Enabling pipelining reduces the number of SSH operations required to 
# execute a module on the remote server. This can result in a significant 
# performance improvement when enabled, however when using "sudo:" you must 
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
# 
#pipelining = False
# if True, make ansible use scp if the connection type is ssh 
# (default is sftp)
#scp_if_ssh = True
[accelerate]
accelerate_port = 5099
accelerate_timeout = 30
accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
accelerate_daemon_timeout = 30 
# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default
# is "no".
#accelerate_multi_key = yes

module

authorized_key        Adds or removes an SSH authorized key
command            Executes a command on a remote node
composer           Dependency Manager for PHP
copy             Copies files to remote locations.
cpanm             Manages Perl library dependencies.
cron             Manage cron.d and crontab entries.
django_manage         Manages a Django application.
easy_install         Installs Python libraries
fetch             Fetches a file from remote nodes
file             Sets attributes of files
filesystem          Makes file system on block device
git              Deploy software (or files) from git checkouts
github_hooks         Manages github service hooks.
group             Add or remove groups
hg              Manages Mercurial (hg) repositories.
hostname           Manage hostname
htpasswd           manage user files for basic authentication
ini_file           Tweak settings in INI files
mail             Send an email
modprobe           Add or remove kernel modules
mongodb_user         Adds or removes a user from a MongoDB database.
mount             Control active and configured mount points
mysql_db           Add or remove MySQL databases from a remote host.
mysql_replication       Manage MySQL replication
mysql_user          Adds or removes a user from a MySQL database.
mysql_variables        Manage MySQL global variables
nagios            Perform common tasks in Nagios related to downtime and notifications.
ping             Try to connect to host and return `pong' on success.
pip              Manages Python library dependencies.
redis             Various redis commands, slave and flush
replace            Replace all instances of a particular string in a file using a back-referenced regular expression.
script            Runs a local script on a remote node after transferring it
seboolean           Toggles SELinux booleans.
selinux            Change policy and state of SELinux
service            Manage services.
shell             Execute commands in nodes.
stat             retrieve file or file system status
subversion          Deploys a subversion repository.
synchronize          Uses rsync to make synchronizing file paths in your playbooks quick and easy.
sysctl            Manage entries in sysctl.conf.
template           Templates a file out to a remote server.
user             Manage user accounts
yum              Manages packages with the `yum' package manager

使用示例

uptime/loadaverage
ansible host -a uptime

svn
ansible host -m subversion -a "dest=path repo=svn://path username=username password=pass"

service
ansible host -m service -a "name=nginx state=reload"

 
作者:傻东の学习笔记
寻找大师, 模仿大师, 跟随大师, 洞察大师, 成为大师!
原文地址:Ansible使用文档, 感谢原作者分享。

发表评论