ansible入门指南 - ansible的常用命令
ansible的常用命令
运行ansible命令的时候会使用 ansible.cfg
配置文件
配置文件优先级为 ANSIBLE_CONFIG 指定的文件
> ~/.ansible.cfg
> /etc/ansible/ansible.cfg
ansible
ansible命令可以用来运行 ad-hoc
指令
ansible-config
配置文件相关的功能, 可以运行以下命令生成一个默认的配置文件
ansible-config init --disabled > ansible.cfg
ansible-console
交互式的解释器, 用来指向ansible tasks, 可以用来同时在多个服务器上执行同一个命令
(base) ➜ chino@chino-igs ~/examples/ansible ansible-console -i inventory.yaml all
Welcome to the ansible console. Type help or ? to list commands.
chino@all (3)[f:5]$ echo $USER
tomcat | CHANGED | rc=0 >>
chino
tomcat2 | CHANGED | rc=0 >>
chino
tomcat1 | CHANGED | rc=0 >>
chino
chino@all (3)[f:5]$ pwd
tomcat1 | CHANGED | rc=0 >>
/home/chino
tomcat2 | CHANGED | rc=0 >>
/home/chino
tomcat | CHANGED | rc=0 >>
/home/chino
chino@all (3)[f:5]$
也可以使用--become-user, 在所有机器上同时以root用户身份执行任务
(base) ➜ chino@chino-igs ~/repos/examples/ansible ansible-console -i inventory.yaml all --become-user root --become
Welcome to the ansible console. Type help or ? to list commands.
chino@all (3)[f:5]# whoami
tomcat | CHANGED | rc=0 >>
root
tomcat2 | CHANGED | rc=0 >>
root
tomcat1 | CHANGED | rc=0 >>
root
chino@all (3)[f:5]#
ansible-doc
ansible-doc 命令用来查看模块的信息
# 查看user模块的输入输出
ansible-doc user
# 查看user模块的playbook片段
ansible-doc -s user
ansible-galaxy
用来操作role或者collection
ansible-inventory
查看inventory信息
(base) ➜ chino@chino-igs ~/repos/examples/ansible ansible-inventory -i inventory.yaml --graph
@all:
|--@ungrouped:
|--@prod:
| |--tomcat1
| |--tomcat2
|--@uat:
| |--tomcat
ansible-playbook
在目标主机上执行指定的playbook
ansible-pull
一般用于机器从远程代码库上拉playbook, 然后本地执行. 可以用来执行定期巡检任务
ansible-pull -i localhost, -U git@xxx.com:test/test.git playbook.yaml
ansible-vault
用于加密变量文件, 保护密码等敏感信息
# 创建加密的vars.yaml文件, 按照提示输入密码
ansible-vault create vars.yaml
# 查看加密的文件内容
ansible-vault view vars.yaml
# 解密文件
ansible-vault decrypt vars.yaml
# 加密变量, password保存密码
ansible-vault encrypt_string --vault-password-file password "testencryptstr" --name myencstr
# 输出
Encryption successful
myencstr: !vault |
$ANSIBLE_VAULT;1.1;AES256
35333334383837333233616438623739376331303739636331613663363563306439326461303366
6464336536613431386432613366613565316466653937630a613961616263613835636264313131
30616538393337343862666163336366306138623534316665396365323939633565313164666236
6561396537383738350a653634386237646537356435643136623133323234646135383566343434
3834
# 输出的变量保存到myencvar.yaml文件中, 然后运行下面的命令解密字符串
ansible localhost -m ansible.builtin.debug -a var="myencstr" -e "@myencvar.yaml" --vault-id password
# 输出结果
[WARNING]: No inventory was parsed, only implicit localhost is available
localhost | SUCCESS => {
"myencstr": "testencryptstr"
}