Ansible基本命令

时间 2019-11-09

标签 ansible 基本命令繁體版

原文原文链接

Ansible安装完成以后就自带不少命令，其中较经常使用的有7个：web

ansible
ansible-doc
ansible-galaxy
ansible-init
ansible-playbook
ansible-pull
ansible-vault

ansible

ansible -h
Usage: ansible <host-pattern> [options]

　　对本机执行一个命令：docker

ansible 127.0.0.1 -a "date"

127.0.0.1 | SUCCESS | rc=0 >>
Fri Apr  6 18:45:01 CST 2018

　　在远程主机上执行命令;网络

ansible test -a "date"

172.16.1.10 | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Warning: Permanently added '172.16.1.10' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,password).\r\n", 
    "unreachable": true
}

由上可知：在远程主机上执行命令的时候没有权限（密码不知道），因此咱们能够在上述命令的基础上加上-k参数：并发

ansible test -a "date" -k

SSH password: 
172.16.1.10 | SUCCESS | rc=0 >>
Fri Apr  6 18:56:52 CST 2018

　　ansible命令的经常使用参数;app

-a MODULE_ARGS, --args=MODULE_ARGS module arguments  命令行参数
--ask-vault-pass      ask for vault password
-B SECONDS, --background=SECONDS
-C, --check           don't make any changes; instead, try to predict some
-D, --diff            when changing (small) files and templates, show the
-e EXTRA_VARS, --extra-vars=EXTRA_VARS
-f FORKS, --forks=FORKS     # 指定执行任务时并发数量
-i INVENTORY, --inventory=INVENTORY, --inventory-file=INVENTORY  #指定库存主机文件的路径，默认为/etc/ansible/hosts                
-l SUBSET, --limit=SUBSET
--list-hosts          outputs a list of matching hosts; does not execute
-m MODULE_NAME, --module-name=MODULE_NAME module name to execute (default=command)  # 执行模块的名称，默认使用command模块
-M MODULE_PATH, --module-path=MODULE_PATH
-u REMOTE_USER, --user=REMOTE_USER      # 执行用户，使用这个远程用户而不是当前用户
-U SUDO_USER, --sudo-user=SUDO_USER     # sudo到哪一个用户，默认为root
-k, --ask-pass  ask for connection password     # 登录密码，提示输入ssh密码
-K, --ask-become-pass       # 提示密码使用sudo -s --sudo sudo运行
--new-vault-id=NEW_VAULT_ID the new vault identity to use for rekey
--new-vault-password-file=NEW_VAULT_PASSWORD_FILES new vault password file for rekey
-o, --one-line        condense output
-P POLL_INTERVAL, --poll=POLL_INTERVAL set the poll interval if using -B (default=15)
--syntax-check        perform a syntax check on the playbook, but do not execute it
-t TREE, --tree=TREE  log output to this directory
--vault-id=VAULT_IDS  the vault identity to use
--vault-password-file=VAULT_PASSWORD_FILES vault password file
-v, --verbose         verbose mode (-vvv for more, -vvvv to enable connection debugging)
--version             show program's version number and exit
--private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE
-c CONNECTION, --connection=CONNECTION              
-T TIMEOUT, --timeout=TIMEOUT               
--ssh-common-args=SSH_COMMON_ARGS          
--sftp-extra-args=SFTP_EXTRA_ARGS                    
--scp-extra-args=SCP_EXTRA_ARGS       
--ssh-extra-args=SSH_EXTRA_ARGS
-s, --sudo          run operations with sudo (nopasswd) (deprecated, use become)  
-S, --su            run operations with su (deprecated, use become)
-R SU_USER, --su-user=SU_USER
-b, --become        run operations with become (does not imply password prompting)
--become-method=BECOME_METHOD privilege escalation method to use (default=sudo), valid choices: [ sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas | pmrun ]
--become-user=BECOME_USER run operations as this user (default=root)
--ask-sudo-pass     ask for sudo password (deprecated, use become)
--ask-su-pass       ask for su password (deprecated, use become)

ansible-doc

ansible-doc -h
Usage: ansible-doc [-l|-s] [options] [-t <plugin type] [plugin]

plugin documentation tool

Options:
-a, --all             **For internal testing only** Show documentation for
                        all plugins.
-h, --help            show this help message and exit
-l, --list            List available plugins
-M MODULE_PATH, --module-path=MODULE_PATH
                        prepend colon-separated path(s) to module library
                        (default=[u'/root/.ansible/plugins/modules',
                        u'/usr/share/ansible/plugins/modules'])
-s, --snippet         Show playbook snippet for specified plugin(s)
-t TYPE, --type=TYPE  Choose which plugin type (defaults to "module")
-v, --verbose         verbose mode (-vvv for more, -vvvv to enable
                        connection debugging)
--version             show program's version number and exit

See man pages for Ansible CLI options or website for tutorials
https://docs.ansible.com

ansible-doc 至关于一个帮助文档，结合-s参数ssh

ansible-doc -s file

- name: Sets attributes of files
file:
attributes: # Attributes the file or directory should have. To get supported flags look at the man page for `chattr' on the
target system. This string should contain the attributes in the same order as the
one displayed by `lsattr'.
follow: # This flag indicates that filesystem links, if they exist, should be followed.
force: # force the creation of the symlinks in two cases: the source file does not exist (but will appear later); the
destination exists and is a file (so, we need to unlink the "path" file and create
symlink to the "src" file in place of it).
group: # Name of the group that should own the file/directory, as would be fed to `chown'.
mode: # Mode the file or directory should be. For those used to `/usr/bin/chmod' remember that modes are actually octal
numbers (like 0644). Leaving off the leading zero will likely have unexpected
results. As of version 1.8, the mode may be specified as a symbolic mode (for
example, `u+rwx' or `u=rw,g=r,o=r').
owner: # Name of the user that should own the file/directory, as would be fed to `chown'.
path: # (required) path to the file being managed. Aliases: `dest', `name'
recurse: # recursively set the specified file attributes (applies only to state=directory)
selevel: # Level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the `range'. `_default'
feature works as for `seuser'.
serole: # Role part of SELinux file context, `_default' feature works as for `seuser'.
setype: # Type part of SELinux file context, `_default' feature works as for `seuser'.
seuser: # User part of SELinux file context. Will default to system policy, if applicable. If set to `_default', it will use
the `user' portion of the policy if available.
src: # path of the file to link to (applies only to `state=link'). Will accept absolute, relative and nonexisting paths.
Relative paths are not expanded.
state: # If `directory', all immediate subdirectories will be created if they do not exist, since 1.7 they will be created
with the supplied permissions. If `file', the file will NOT be created if it does
not exist, see the [copy] or [template] module if you want that behavior. If
`link', the symbolic link will be created or changed. Use `hard' for hardlinks. If
`absent', directories will be recursively deleted, and files or symlinks will be
unlinked. Note that `absent' will not cause `file' to fail if the `path' does not
exist as the state did not change. If `touch' (new in 1.4), an empty file will be
created if the `path' does not exist, while an existing file or directory will
receive updated file access and modification times (similar to the way `touch`
works from the command line).
unsafe_writes: # Normally this module uses atomic operations to prevent data corruption or inconsistent reads from the target
files, sometimes systems are configured or just broken in ways that prevent this.
One example are docker mounted files, they cannot be updated atomically and can
only be done in an unsafe manner. This boolean option allows ansible to fall back
to unsafe methods of updating files for those cases in which you do not have any
other choice. Be aware that this is subject to race conditions and can lead to data
corruption.

　　ansible新版已经添加了操做docker的相关模块：ide

ansible-doc -l |grep docker

docker                                    manage docker containers                                                                           
docker_container                          manage docker containers                                                                           
docker_image                              Manage docker images.                                                                              
docker_image_facts                        Inspect docker images                                                                              
docker_login                              Log into a Docker registry.                                                                        
docker_network                            Manage Docker networks                                                                             
docker_secret                             Manage docker secrets.                                                                             
docker_service                            Manage docker services and containers.                                                             
docker_volume                             Manage Docker volumes

ansible-galaxy

　　从官网下载其余第三方模块和插件。工具

ansible-galaxy install username.rolename

ansible-init

　　ansible-init是对Ansible的playbook进行语法检查的一个工具。ui

ansible-playbook

　　该命令时使用最多的命令，其经过读取playbook文件后，执行相应的动做。this

ansible-pull

　　ansible的另外一种模式-- pull模式。跟日常使用的push模式恰好相反，适用于如下场景;

操做巨大数量的主机，即便使用很是高的线程仍是须要很长时间；
在没有网络链接的主机上运行Ansible时；

ansible-vault

　　ansible-vault主要应用于配置文件中含有敏感信息的时候，不但愿别人看到，这时使用这个命令能够将某些配置文件加密，属于高级用法。主要对于playbook里涉及到配置密码或者其余敏感信息时，可使用该命令加密。在使用相似cat等查看命令查看加密后的配置文件时，须要输入密码才能够查看。这种playbook执行时，须要加上--ask-vault-pass参数，一样须要输入密码以后才能执行。