ansible(3)--ansible的相关命令行工具

---

目录

• 1 ansible命令详解
• 2 ansible-doc显示模块帮助信息
• 3 ansible-playbook
• 4 ansible-galaxy
• 5 ansible-console

---

1 ansible命令详解

ansible命令的语法格式如下：

ansible <host-pattern> [-m module_name] [-a args]

host-pattern使用说明：

# 匹配所有主机all
ansible all -m ping 

# 通配符
ansible "*" -m ping    <==匹配所有主机同all
ansible 10.0.0.* -m ping   <==匹配10.0.0网段的所有主机

# 与：在webservers组；并且在dbservers中的主机；
ansible "webservers:&dbservers" -m ping 

# 或：在webservers组，或者在appservers中的主机；
ansible "webservers:appservers" -m ping 

# 非：在webservers组，但不在apps组中的主机
ansible 'webservers:!apps' -m ping 

#属于web或db但不属于app排除ftp组内的主机
ansible 'web:db:&app:!ftp' -m ping

# 正则表达式:匹配以web或者db服务支持的所有example.com域名
ansible "~(web|db).*\.example\.com" -m ping

选项说明如下：

选项	说明
-m module	指定模块，默认为command
-a args	模块参数，没有参数可忽略
--version	显示版本
--list-hosts	显示主机列表，可简写 --list
-k, --ask-pass	当使用ssh密码认证时，提示输入ssh连接密码，默认基于秘钥验证
-K, --ask-become-pass	提示输入sudo时的口令
-C, --check	仅检查，并不执行
-T, --timeout=TIMEOUT	执行命令的超时时间，默认10s
-U, --user=REMOTE_USER	远程执行命令的用户
-b, --become	代替旧版的sudo 切换
-v	详细过程 –vv 、-vvv更详细

• 示例一：使用秘钥验证ansible是否成功安装，使用ping模块检测：

  [root@xuzhichao ~]# ansible all -m ping
  192.168.20.23 | SUCCESS => {
      "ansible_facts": {
          "discovered_interpreter_python": "/usr/bin/python"
      },
      "changed": false,
      "ping": "pong"
  }
  192.168.20.22 | SUCCESS => {
      "ansible_facts": {
          "discovered_interpreter_python": "/usr/bin/python"
      },
      "changed": false,
      "ping": "pong"
  }
  

• 示例二：使用ssh密码的方式管理被控端：

  [root@xuzhichao ~]# ansible all -m ping -k
  SSH password:
  192.168.20.22 | SUCCESS => {
      "ansible_facts": {
          "discovered_interpreter_python": "/usr/bin/python"
      },
      "changed": false,
      "ping": "pong"
  }
  192.168.20.23 | SUCCESS => {
      "ansible_facts": {
          "discovered_interpreter_python": "/usr/bin/python"
      },
      "changed": false,
      "ping": "pong"
  }
  

• 示例三：使用普通用户xu在远程主机在使用sudo切换到root身份执行命令：

  [root@nginx02 ~]# visudo
  xu      ALL=(ALL)       ALL
  
  #第一个密码是ssh的密码（可以通过key验证解决），第二个密码是sudo的密码（可以通过visudo中的NOPASSWD选项解决）
  [root@xuzhichao ~]# ansible all -u xu -a "id" -k -K -b
  SSH password:
  BECOME password[defaults to SSH password]:
  192.168.20.22 | CHANGED | rc=0 >>
  uid=0(root) gid=0(root) groups=0(root)
  192.168.20.23 | CHANGED | rc=0 >>
  uid=0(root) gid=0(root) groups=0(root)
  

2 ansible-doc显示模块帮助信息

ansible-doc语法格式如下：

ansible-doc [options] [module…]

常用选项如下：

选项	说明
-a	显示所有模块的文档
-l, --list	列出可用模块
-s, --snippet	显示指定模块的playbook片段

• 示例一：查看shell模块的帮助信息：

  [root@xuzhichao ~]# ansible-doc shell
  > SHELL    (/usr/lib/python2.7/site-packages/ansible/modules/commands/shell.py)
  
          The `shell' module takes the command name followed by a list of space-delimited arguments. Either a free form command
          or `cmd' parameter is required, see the examples. It is almost exactly like the [command] module but runs the command
          through a shell (`/bin/sh') on the remote node. For Windows targets, use the [win_shell] module instead.
  
    * This module is maintained by The Ansible Core Team
    * note: This module has a corresponding action plugin.
  
  OPTIONS (= is mandatory):    <==模块选项
  
  - chdir
          Change into this directory before running the command.
          [Default: (null)]
          type: path
          version_added: 0.6
  
  - cmd
          The command to run followed by optional arguments.
          [Default: (null)]
          type: str
  
  - creates
          A filename, when it already exists, this step will *not* be run.
          [Default: (null)]
          type: path
  
  EXAMPLES:      <==使用示例
  
  - name: Execute the command in remote shell; stdout goes to the specified file on the remote.
    shell: somescript.sh >> somelog.txt
  
  - name: Change the working directory to somedir/ before executing the command.
    shell: somescript.sh >> somelog.txt
    args:
      chdir: somedir/
  
  # You can also use the 'args' form to provide the options.
  - name: This command will change the working directory to somedir/ and will only run when somedir/somelog.txt doesn't exist.
    shell: somescript.sh >> somelog.txt
    args:
      chdir: somedir/
      creates: somelog.txt
  
  # You can also use the 'cmd' parameter instead of free form format.
  - name: This command will change the working directory to somedir/.
    shell:
      cmd: ls -l | grep log
      chdir: somedir/
  
  - name: Run a command that uses non-posix shell-isms (in this example /bin/sh doesn't handle redirection and wildcards together but bash does)
    shell: cat < /tmp/*txt
    args:
      executable: /bin/bash
  
  - name: Run a command using a templated variable (always use quote filter to avoid injection)
    shell: cat {{ myfile|quote }}
  
  # You can use shell to run other executables to perform actions inline
  - name: Run expect to wait for a successful PXE boot via out-of-band CIMC
    shell: |
      set timeout 300
      spawn ssh admin@{{ cimc_host }}
  
      expect "password:"
      send "{{ cimc_password }}\n"
  

• 示例二：查看ansible共加载了多少模块：

  [root@xuzhichao ~]# ansible-doc -l | wc -l
  3387
  

• 示例三：查看模块的简要说明，主要包括用法和选项：

  [root@xuzhichao ~]# ansible-doc -s shell
  - name: Execute shell commands on targets
    shell:
        chdir:                 # Change into this directory before running the command.
        cmd:                   # The command to run followed by optional arguments.
        creates:               # A filename, when it already exists, this step will *not* be run.
        executable:            # Change the shell used to execute the command. This expects an absolute path to the executable.
        free_form:             # The shell module takes a free form command to run, as a string. There is no actual parameter named 'free form'. See the
                                 examples on how to use this module.
        removes:               # A filename, when it does not exist, this step will *not* be run.
        stdin:                 # Set the stdin of the command directly to the specified value.
        stdin_add_newline:     # Whether to append a newline to stdin data.
        warn:                  # Whether to enable task warnings.
  

3 ansible-playbook

功能：用于执行配置好的剧本。

语法格式为：

ansible-playbook <filename.yml> ... [options]

常用选项如下：

选项	说明
-C，--check	只检测可能会发生的改变，但不真正执行操作
--list-hosts	列出运行任务的主机
--limit 主机列表	只针对主机列表中的主机执行
-v	显示过程 -vv -vvv 更详细
--syntax-check	检查语法
-e	向playbook命令中传递变量
-i	指定inventory主机清单文件，默认为/etc/ansible/roles

示例：

#只检测
ansible-playbook file.yml --check

#执行剧本
ansible-playbook file.yml

#执行剧本，只针对hosts中的websrvs组
ansible-playbook file.yml --limit websrvs

4 ansible-galaxy

• 主要功能：管理从 https://galaxy.ansible.com 下载的各种roles；

• 获取galaxy：

  从https://galaxy.ansible.com获取，选取相应roles，复制下载命令

• 列出所有已安装的galaxy：

  [root@xuzhichao ~]# ansible-galaxy list
  # /root/.ansible/roles
  - geerlingguy.apache, 3.1.4
  # /usr/share/ansible/roles
  # /etc/ansible/roles
  

• 安装galaxy：

  [root@xuzhichao ~]# ansible-galaxy install geerlingguy.apache
  - downloading role 'apache', owned by geerlingguy
  - downloading role from https://github.com/geerlingguy/ansible-role-apache/archive/3.1.4.tar.gz
  - extracting geerlingguy.apache to /root/.ansible/roles/geerlingguy.apache
  - geerlingguy.apache (3.1.4) was installed successfully
  

• 删除galaxy：

  [root@xuzhichao ~]# ansible-galaxy remove geerlingguy.apache
  - successfully removed geerlingguy.apache
  

5 ansible-console

Ansible-console：2.0+新增，可交互执行命令。

使用示例如下：

[root@xuzhichao ~]# ansible-console
Welcome to the ansible console.
Type help or ? to list commands.

root@all (2)[f:5]# forks 5     <==设置并发数
root@all (2)[f:5]# cd NginxWebs   <==切换主机组
root@NginxWebs (2)[f:5]# list   <==列出主机组的成员
192.168.20.22
192.168.20.23
root@NginxWebs (2)[f:5]# shell df  <==直接输入模块和服务名，不需要加-m和-a
192.168.20.23 | CHANGED | rc=0 >>
Filesystem              1K-blocks    Used Available Use% Mounted on
devtmpfs                   485896       0    485896   0% /dev
tmpfs                      497840       0    497840   0% /dev/shm
tmpfs                      497840    7864    489976   2% /run
tmpfs                      497840       0    497840   0% /sys/fs/cgroup
/dev/mapper/centos-root  52403200 3284320  49118880   7% /
/dev/sda1                 1038336  139940    898396  14% /boot
/dev/mapper/centos-home 154057220  119636 153937584   1% /data
tmpfs                       99572       0     99572   0% /run/user/0
192.168.20.22 | CHANGED | rc=0 >>
Filesystem              1K-blocks    Used Available Use% Mounted on
devtmpfs                   485896       0    485896   0% /dev
tmpfs                      497840       0    497840   0% /dev/shm
tmpfs                      497840    7924    489916   2% /run
tmpfs                      497840       0    497840   0% /sys/fs/cgroup
/dev/mapper/centos-root  52403200 3338584  49064616   7% /
/dev/sda1                 1038336  139940    898396  14% /boot
/dev/mapper/centos-home 154057220  202628 153854592   1% /data
tmpfs                       99572       0     99572   0% /run/user/0
root@NginxWebs (2)[f:5]# help    <==列出所有的内置命令

Documented commands (type help <topic>):
========================================
EOF
a10
a10_server
a10_server_axapi3
a10_service_group
a10_virtual_server
accelerate
aci
......