1. 安装

以centos为例。

  1. yum install -y ansible

2. 配置

默认配置目录在/etc/ansible/,主要有以下两个配置:

  • ansible.cfg:ansible的配置文件
  • hosts:配置ansible所连接的机器IP信息

2.1. ansible.cfg

2.2. hosts

  1. # This is the default ansible 'hosts' file.
  2. #
  3. # It should live in /etc/ansible/hosts
  4. #
  5. #   - Comments begin with the '#' character
  6. #   - Blank lines are ignored
  7. #   - Groups of hosts are delimited by [header] elements
  8. #   - You can enter hostnames or ip addresses
  9. #   - A hostname/ip can be a member of multiple groups
  11. # Ex 1: Ungrouped hosts, specify before any group headers.
  13. # green.example.com
  14. # blue.example.com
  15. # 192.168.100.1
  16. # 192.168.100.10
  18. # Ex 2: A collection of hosts belonging to the 'webservers' group
  20. # [webservers]
  21. # alpha.example.org
  22. # beta.example.org
  23. # 192.168.1.100
  24. # 192.168.1.110
  26. # If you have multiple hosts following a pattern you can specify
  27. # them like this:
  29. # www[001:006].example.com
  31. # Ex 3: A collection of database servers in the 'dbservers' group
  33. # [dbservers]
  34. #
  35. # db01.intranet.mydomain.net
  36. # db02.intranet.mydomain.net
  37. # 10.25.1.56
  38. # 10.25.1.57
  40. # Here's another example of host ranges, this time there are no
  41. # leading 0s:
  43. # db-[99:101]-node.example.com
  45. [k8s]
  46. 192.168.201.52
  47. 192.168.201.53
  48. 192.168.201.54
  49. 192.168.201.55
  50. 192.168.201.56
  51. 192.168.201.57

3. ansible的命令

命令格式为:ansible [options]

  • host-pattern:即hosts文件中配置的集群名称
  • options:命令操作符

例如:ansible k8s -a ‘uname -r’

  1. [root@k8s-master ansible]# ansible k8s -a 'uname -r'
  2. 172.16.201.56 | SUCCESS | rc=0 >>
  3. 4.16.11-1.el7.elrepo.x86_64
  5. 172.16.201.55 | SUCCESS | rc=0 >>
  6. 4.16.11-1.el7.elrepo.x86_64
  8. 172.16.201.54 | SUCCESS | rc=0 >>
  9. 4.16.11-1.el7.elrepo.x86_64
  11. 172.16.201.53 | SUCCESS | rc=0 >>
  12. 4.16.11-1.el7.elrepo.x86_64
  14. 172.16.201.52 | SUCCESS | rc=0 >>
  15. 4.16.11-1.el7.elrepo.x86_64
  17. 172.16.201.57 | SUCCESS | rc=0 >>
  18. 4.16.11-1.el7.elrepo.x86_64

具体的命令信息:

  1. Usage: ansible <host-pattern> [options]
  3. Define and run a single task 'playbook' against a set of hosts
  5. Options:
  6.   -a MODULE_ARGS, --args=MODULE_ARGS
  7.                         module arguments
  8.   --ask-vault-pass      ask for vault password
  9.   -B SECONDS, --background=SECONDS
  10.                         run asynchronously, failing after X seconds
  11.                         (default=N/A)
  12.   -C, --check           don't make any changes; instead, try to predict some
  13.                         of the changes that may occur
  14.   -D, --diff            when changing (small) files and templates, show the
  15.                         differences in those files; works great with --check
  16.   -e EXTRA_VARS, --extra-vars=EXTRA_VARS
  17.                         set additional variables as key=value or YAML/JSON, if
  18.                         filename prepend with @
  19.   -f FORKS, --forks=FORKS
  20.                         specify number of parallel processes to use
  21.                         (default=5)
  22.   -h, --help            show this help message and exit
  23.   -i INVENTORY, --inventory=INVENTORY, --inventory-file=INVENTORY
  24.                         specify inventory host path or comma separated host
  25.                         list. --inventory-file is deprecated
  26.   -l SUBSET, --limit=SUBSET
  27.                         further limit selected hosts to an additional pattern
  28.   --list-hosts          outputs a list of matching hosts; does not execute
  29.                         anything else
  30.   -m MODULE_NAME, --module-name=MODULE_NAME
  31.                         module name to execute (default=command)
  32.   -M MODULE_PATH, --module-path=MODULE_PATH
  33.                         prepend colon-separated path(s) to module library
  34.                         (default=[u'/root/.ansible/plugins/modules',
  35.                         u'/usr/share/ansible/plugins/modules'])
  36.   -o, --one-line        condense output
  37.   --playbook-dir=BASEDIR
  38.                         Since this tool does not use playbooks, use this as a
  39.                         subsitute playbook directory.This sets the relative
  40.                         path for many features including roles/ group_vars/
  41.                         etc.
  42.   -P POLL_INTERVAL, --poll=POLL_INTERVAL
  43.                         set the poll interval if using -B (default=15)
  44.   --syntax-check        perform a syntax check on the playbook, but do not
  45.                         execute it
  46.   -t TREE, --tree=TREE  log output to this directory
  47.   --vault-id=VAULT_IDS  the vault identity to use
  48.   --vault-password-file=VAULT_PASSWORD_FILES
  49.                         vault password file
  50.   -v, --verbose         verbose mode (-vvv for more, -vvvv to enable
  51.                         connection debugging)
  52.   --version             show program's version number and exit
  54.   Connection Options:
  55.     control as whom and how to connect to hosts
  57.     -k, --ask-pass      ask for connection password
  58.     --private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE
  59.                         use this file to authenticate the connection
  60.     -u REMOTE_USER, --user=REMOTE_USER
  61.                         connect as this user (default=None)
  62.     -c CONNECTION, --connection=CONNECTION
  63.                         connection type to use (default=smart)
  64.     -T TIMEOUT, --timeout=TIMEOUT
  65.                         override the connection timeout in seconds
  66.                         (default=10)
  67.     --ssh-common-args=SSH_COMMON_ARGS
  68.                         specify common arguments to pass to sftp/scp/ssh (e.g.
  69.                         ProxyCommand)
  70.     --sftp-extra-args=SFTP_EXTRA_ARGS
  71.                         specify extra arguments to pass to sftp only (e.g. -f,
  72.                         -l)
  73.     --scp-extra-args=SCP_EXTRA_ARGS
  74.                         specify extra arguments to pass to scp only (e.g. -l)
  75.     --ssh-extra-args=SSH_EXTRA_ARGS
  76.                         specify extra arguments to pass to ssh only (e.g. -R)
  78.   Privilege Escalation Options:
  79.     control how and which user you become as on target hosts
  81.     -s, --sudo          run operations with sudo (nopasswd) (deprecated, use
  82.                         become)
  83.     -U SUDO_USER, --sudo-user=SUDO_USER
  84.                         desired sudo user (default=root) (deprecated, use
  85.                         become)
  86.     -S, --su            run operations with su (deprecated, use become)
  87.     -R SU_USER, --su-user=SU_USER
  88.                         run operations with su as this user (default=None)
  89.                         (deprecated, use become)
  90.     -b, --become        run operations with become (does not imply password
  91.                         prompting)
  92.     --become-method=BECOME_METHOD
  93.                         privilege escalation method to use (default=sudo),
  94.                         valid choices: [ sudo | su | pbrun | pfexec | doas |
  95.                         dzdo | ksu | runas | pmrun | enable ]
  96.     --become-user=BECOME_USER
  97.                         run operations as this user (default=root)
  98.     --ask-sudo-pass     ask for sudo password (deprecated, use become)
  99.     --ask-su-pass       ask for su password (deprecated, use become)
  100.     -K, --ask-become-pass
  101.                         ask for privilege escalation password
  103. Some modules do not make sense in Ad-Hoc (include, meta, etc)

4. ansible-playbook

  1. Usage: ansible-playbook [options] playbook.yml [playbook2 ...]
  3. Runs Ansible playbooks, executing the defined tasks on the targeted hosts.
  5. Options:
  6.   --ask-vault-pass      ask for vault password
  7.   -C, --check           don't make any changes; instead, try to predict some
  8.                         of the changes that may occur
  9.   -D, --diff            when changing (small) files and templates, show the
  10.                         differences in those files; works great with --check
  11.   -e EXTRA_VARS, --extra-vars=EXTRA_VARS
  12.                         set additional variables as key=value or YAML/JSON, if
  13.                         filename prepend with @
  14.   --flush-cache         clear the fact cache for every host in inventory
  15.   --force-handlers      run handlers even if a task fails
  16.   -f FORKS, --forks=FORKS
  17.                         specify number of parallel processes to use
  18.                         (default=5)
  19.   -h, --help            show this help message and exit
  20.   -i INVENTORY, --inventory=INVENTORY, --inventory-file=INVENTORY
  21.                         specify inventory host path or comma separated host
  22.                         list. --inventory-file is deprecated
  23.   -l SUBSET, --limit=SUBSET
  24.                         further limit selected hosts to an additional pattern
  25.   --list-hosts          outputs a list of matching hosts; does not execute
  26.                         anything else
  27.   --list-tags           list all available tags
  28.   --list-tasks          list all tasks that would be executed
  29.   -M MODULE_PATH, --module-path=MODULE_PATH
  30.                         prepend colon-separated path(s) to module library
  31.                         (default=[u'/root/.ansible/plugins/modules',
  32.                         u'/usr/share/ansible/plugins/modules'])
  33.   --skip-tags=SKIP_TAGS
  34.                         only run plays and tasks whose tags do not match these
  35.                         values
  36.   --start-at-task=START_AT_TASK
  37.                         start the playbook at the task matching this name
  38.   --step                one-step-at-a-time: confirm each task before running
  39.   --syntax-check        perform a syntax check on the playbook, but do not
  40.                         execute it
  41.   -t TAGS, --tags=TAGS  only run plays and tasks tagged with these values
  42.   --vault-id=VAULT_IDS  the vault identity to use
  43.   --vault-password-file=VAULT_PASSWORD_FILES
  44.                         vault password file
  45.   -v, --verbose         verbose mode (-vvv for more, -vvvv to enable
  46.                         connection debugging)
  47.   --version             show program's version number and exit
  49.   Connection Options:
  50.     control as whom and how to connect to hosts
  52.     -k, --ask-pass      ask for connection password
  53.     --private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE
  54.                         use this file to authenticate the connection
  55.     -u REMOTE_USER, --user=REMOTE_USER
  56.                         connect as this user (default=None)
  57.     -c CONNECTION, --connection=CONNECTION
  58.                         connection type to use (default=smart)
  59.     -T TIMEOUT, --timeout=TIMEOUT
  60.                         override the connection timeout in seconds
  61.                         (default=10)
  62.     --ssh-common-args=SSH_COMMON_ARGS
  63.                         specify common arguments to pass to sftp/scp/ssh (e.g.
  64.                         ProxyCommand)
  65.     --sftp-extra-args=SFTP_EXTRA_ARGS
  66.                         specify extra arguments to pass to sftp only (e.g. -f,
  67.                         -l)
  68.     --scp-extra-args=SCP_EXTRA_ARGS
  69.                         specify extra arguments to pass to scp only (e.g. -l)
  70.     --ssh-extra-args=SSH_EXTRA_ARGS
  71.                         specify extra arguments to pass to ssh only (e.g. -R)
  73.   Privilege Escalation Options:
  74.     control how and which user you become as on target hosts
  76.     -s, --sudo          run operations with sudo (nopasswd) (deprecated, use
  77.                         become)
  78.     -U SUDO_USER, --sudo-user=SUDO_USER
  79.                         desired sudo user (default=root) (deprecated, use
  80.                         become)
  81.     -S, --su            run operations with su (deprecated, use become)
  82.     -R SU_USER, --su-user=SU_USER
  83.                         run operations with su as this user (default=None)
  84.                         (deprecated, use become)
  85.     -b, --become        run operations with become (does not imply password
  86.                         prompting)
  87.     --become-method=BECOME_METHOD
  88.                         privilege escalation method to use (default=sudo),
  89.                         valid choices: [ sudo | su | pbrun | pfexec | doas |
  90.                         dzdo | ksu | runas | pmrun | enable ]
  91.     --become-user=BECOME_USER
  92.                         run operations as this user (default=root)
  93.     --ask-sudo-pass     ask for sudo password (deprecated, use become)
  94.     --ask-su-pass       ask for su password (deprecated, use become)
  95.     -K, --ask-become-pass
  96.                         ask for privilege escalation password