2、Ansible配置文件详解
0.配置文件
两个核心文件:ansible.cfg和hosts文件,默认都存放在/etc/ansible目录下。
ansible.cfg:主要设置一些ansible初始化的信息,比如日志存放路径、模块、插件等配置信息
hosts:机器清单,进行分组管理
1.ansible.cfg
# config file for ansible -- http://ansible.com/
# ==============================================
# nearly all parameters can be
overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults] --->通用默认配置
# some basic default
values...
inventory = /etc/ansible/hosts 这个是默认库文件位置,脚本,或者存放可通信主机的目录
#library =
/usr/share/my_modules/ Ansible默认搜寻模块的位置
remote_tmp = $HOME/.ansible/tmp Ansible 通过远程传输模块到远程主机,然后远程执行,执行后在清理现场.在有些场景下,你也许想使用默认路径希望像更换补丁一样使用
pattern = * 如果没有提供“hosts”节点,这是playbook要通信的默认主机组.默认值是对所有主机通信
forks = 5 在与主机通信时的默认并行进程数 ,默认是5d
poll_interval = 15 当具体的poll interval 没有定义时,多少时间回查一下这些任务的状态, 默认值是5秒
sudo_user = root sudo使用的默认用户 ,默认是root
#ask_sudo_pass = True 用来控制Ansible playbook 在执行sudo之前是否询问sudo密码.默认为no
#ask_pass = True 控制Ansible playbook 是否会自动默认弹出密码
transport = smart 通信机制.默认 值为’smart’。如果本地系统支持 ControlPersist技术的话,将会使用(基于OpenSSH)‘ssh’,如果不支持讲使用‘paramiko’.其他传输选项包括‘local’, ‘chroot’,’jail’等等
#remote_port = 22 远程SSH端口。 默认是22
module_lang = C 模块和系统之间通信的计算机语言,默认是C语言
# plays will gather facts by default,
which contain information about
# the remote system.
#
# smart - gather by default, but don't regather
if already gathered
# implicit - gather by default, turn off
with gather_facts: False
# explicit - do not gather
by default, must say gather_facts: True
gathering = implicit
控制默认facts收集(远程系统变量). 默认值为’implicit’, 每一次play,facts都会被收集
# additional paths to search for
roles in, colon separated
#roles_path = /etc/ansible/roles roles 路径指的是’roles/’下的额外目录,用于playbook搜索Ansible
roles
# uncomment this
to disable SSH key host checking
#host_key_checking = False 检查主机密钥
# change this for
alternative sudo implementations
sudo_exe = sudo 如果在其他远程主机上使用另一种方式执sudu操作.可以使用该参数进行更换
# what flags to pass to
sudo 传递sudo之外的参数
#sudo_flags = -H
# SSH timeout SSH超时时间
timeout = 10
# default
user to use for playbooks if
user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root 使用/usr/bin/ansible-playbook链接的默认用户名,如果不指定,会使用当前登录的用户名
# logging is
off by default unless this
path is defined
# if so defined, consider logrotate
#log_path = /var/log/ansible.log 日志文件存放路径
# default
module name for /usr/bin/ansible
#module_name = command ansible命令执行默认的模块
# use this
shell for commands executed under sudo
# you may need to change this to bin/bash in
rare instances
# if sudo is constrained
#executable = /bin/sh 在sudo环境下产生一个shell交互接口.
用户只在/bin/bash的或者sudo限制的一些场景中需要修改
# if
inventory variables overlap, does the higher precedence one win
# or are hash values merged together?
The default is 'replace'
but
# this can also be set to 'merge'.
#hash_behaviour = replace 特定的优先级覆盖变量
# list any Jinja2 extensions
to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n 允许开启Jinja2拓展模块
# if set,
always use this private
key file for authentication, same as
# if passing --private-key to
ansible or ansible-playbook
#private_key_file = /path/to/file
私钥文件存储位置
# format of string
{{ ansible_managed }} available within Jinja2
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by
{uid} on {host} 这个设置可以告知用户,Ansible修改了一个文件,并且手动写入的内容可能已经被覆盖.
# by default,
ansible-playbook will display "Skipping [host]" if
it determines a task
# should not be run on a host. Set this
to "False" if
you don't want to see these "Skipping"
# messages. NOTE: the task header will still be shown regardless of whether or
not the
# task is skipped.
#display_skipped_hosts = True 显示任何跳过任务的状态 ,默认是显示
# by default (as
of 1.3), Ansible will raise errors when attempting to
dereference
# Jinja2 variables that are not set in
templates or action lines. Uncomment this line
# to revert the behavior to pre-1.3.
#error_on_undefined_vars = False 如果所引用的变量名称错误的话, 将会导致ansible在执行步骤上失败
# by default (as
of 1.6), Ansible may display warnings based on the configuration
of the
# system running ansible itself. This may include warnings about 3rd party
packages or
# other conditions that should be resolved if
possible.
# to disable these warnings, set the
following value to False:
#system_warnings = True 允许禁用系统运行ansible相关的潜在问题警告
# by default (as
of 1.4), Ansible may display deprecation warnings for
language
# features that should no longer be used and will be removed in
future versions.
# to disable these warnings, set the
following value to False:
#deprecation_warnings = True 允许在ansible-playbook输出结果中禁用“不建议使用”警告
# (as
of 1.8), Ansible can optionally warn when usage of the shell and
# command module appear to be simplified by using a
default Ansible module
# instead. These warnings can be
silenced by adjusting the following
# setting or adding warn=yes or warn=no to the end of the command line
# parameter string.
This will for example suggest using
the git module
# instead of shelling out to the git
command.
# command_warnings = False 当shell和命令行模块被默认模块简化的时,Ansible 将默认发出警告
# set
plugin path directories here, separate with colons
action_plugins = /usr/share/ansible_plugins/action_plugins
callback_plugins =
/usr/share/ansible_plugins/callback_plugins
connection_plugins = /usr/share/ansible_plugins/connection_plugins
lookup_plugins =
/usr/share/ansible_plugins/lookup_plugins
vars_plugins =
/usr/share/ansible_plugins/vars_plugins
filter_plugins =
/usr/share/ansible_plugins/filter_plugins
# by default
callbacks are not loaded for
/bin/ansible, enable this if
you
# want, for example, a notification or logging
callback to also apply to
# /bin/ansible runs
#bin_ansible_callbacks = False 用来控制callback插件是否在运行 /usr/bin/ansible 的时候被加载. 这个模块将用于命令行的日志系统,发出通知等特性
# don't like
cows? that's
unfortunate.
# set to 1 if
you don't want cowsay support or export ANSIBLE_NOCOWS=1
#nocows = 1
默认ansible可以调用一些cowsay的特性 开启/禁用:0/1
# don't like
colors either?
# set to 1 if
you don't want colors, or export ANSIBLE_NOCOLOR=1
#nocolor = 1
输出带上颜色区别, 开启/关闭:0/1
# the CA certificate path used
for validating SSL certs. This path
# should exist on the controlling node, not the target nodes
# common locations:
# RHEL/CentOS: /etc/pki/tls/certs/ca-bundle.crt
# Fedora :
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Ubuntu :
/usr/share/ca-certificates/cacert.org/cacert.org.crt
#ca_file_path =
# the http user-agent string
to use when fetching urls. Some web server
# operators block the default urllib user
agent as it is
frequently used
# by malicious attacks/scripts, so we set it to
something unique to
# avoid issues.
#http_user_agent = ansible-agent
# if set
to a persistent type (not 'memory', for
example 'redis') fact values
# from previous runs in Ansible will
be stored. This may be useful when
# wanting to use, for example, IP information from
one group of servers
# without having to talk to them in the same
playbook run to get their
# current IP information.
fact_caching = memory
# retry files
#retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry
[privilege_escalation]
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False
[paramiko_connection]
# uncomment this
line to cause the paramiko connection plugin to not record new
host
# keys encountered. Increases
performance on new host additions. Setting works independently of the
# host key checking setting above.
#record_host_keys=False
# by default,
Ansible requests a pseudo-terminal for commands
executed under sudo. Uncomment this
# line to disable this behaviour.
#pty=False
[ssh_connection]
# ssh arguments to use
# Leaving off ControlPersist will result in
poor performance, so use
# paramiko on older platforms rather than removing it
#ssh_args = -o ControlMaster=auto -o ControlPersist=60s
# The path to use for
the ControlPath sockets. This defaults to
# "%(directory)s/ansible-ssh-%%h-%%p-%%r",
however on some systems with
# very long hostnames or very long
path names (caused by long user names
or
# deeply nested home directories) this can exceed
the character limit on
# file socket names (108 characters for
most platforms). In that case, you
# may wish to shorten the string below.
#
# Example:
# control_path = %(directory)s/%%h-%%r
#control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
# Enabling pipelining reduces
the number of SSH operations required to
# execute a module on the remote server. This can result in a
significant
# performance improvement when enabled, however when using "sudo:"
you must
# first disable 'requiretty' in
/etc/sudoers
#
# By default, this option is
disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default
on many distros).
#
#pipelining = False
# if
True, make ansible use scp if the
connection type is ssh
# (default is sftp)
#scp_if_ssh = True
[accelerate]
accelerate_port = 5099
accelerate_timeout = 30
accelerate_connect_timeout = 5.0
# The daemon timeout is
measured in minutes. This time is
measured
# from the last activity to the accelerate daemon.
accelerate_daemon_timeout = 30
# If set
to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new
key. The default
# is "no".
#accelerate_multi_key = yes
[selinux]
# file systems that require special treatment when dealing with security
context
# the default behaviour that copies the existing context
or uses the user default
# needs to be changed to use the file system dependant context.
#special_context_filesystems=nfs,vboxsf,fuse
简易配置:
[defaults]
inventory = /etc/ansible/hosts
sudo_user=root
remote_port=22
host_key_checking=False
remote_user=root
log_path=/var/log/ansible.log
module_name=command
private_key_file=/root/.ssh/id_rsa
no_log:True
2.hosts
# This is
the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#'
character
# - Blank lines are ignored
# - Groups of hosts are delimited by
[header] elements
# - You can enter hostnames or ip
addresses
# - A hostname/ip can be a member of
multiple groups
# Ex 1:
Ungrouped hosts, specify before any group headers.
green.example.com
blue.example.com
192.168.100.1
192.168.100.10
# Ex 2:
A collection of hosts belonging to the 'webservers'
group
[webservers]
alpha.example.org
beta.example.org
192.168.1.100
192.168.1.110
# If you have multiple hosts
following a pattern you can specify
# them like this:
www[001:006].example.com
# Ex 3:
A collection of database servers in the 'dbservers'
group
[dbservers]
db01.intranet.mydomain.net
db02.intranet.mydomain.net
10.25.1.56
10.25.1.57
# Here's another
example of host ranges, this time there are no
# leading 0s:
db-[99:101]-node.example.com
ansible通过Inventory来定义主机和组,使用时通过-i指定读取,默认/etc/ansible/hosts。可以存在多个Inventory,支持动态生成。
1、定义主机和组
# vim /etc/ansible/hosts
192.168.12.22 #可以直接为IP地址
nfs.magedu.com #可以是域名
ntp.magedu.com:2200 #可以:接ssh端口
[webserver] #[]内为分组名,下面都是该组组员
web[1:10].magedu.com #[1:10]表示1~10所有数字
db-[a:f].magedu.com #[a:f]表示a~f所有字母
2、定义主机变量
定义的变量可以在playbook中使用,在playbook中设定的同名变量会优先于此处变量。
other1.example.com ansible_connection=ssh ansible_ssh_user=mpdehaan #选择连接类型和连接用户
other2.example.com http_port=8800 #定义http_port端口号8800
3、定义组变量
[test]
web1.example.com
web2.example.com
[test:vars] #组变量,下面定义的变量test组内的所有主机通用
ntp_server=ntp.example.com
proxy=proxy.example.com
4、把一个组作为另一个组的子成员
[apache]
web1.example.com
[nginx]
web2.example.com
[webserver]
other1.example.com
[webserver:children]
apache
nginx
#上例中webserver包括web1.example.com、web2.example.com、other1.example.com
5、其他Inventory参数
ansible_ssh_host
将要连接的远程主机名.与你想要设定的主机的别名不同的话,可通过此变量设置.
ansible_ssh_port
ssh端口号.如果不是默认的端口号,通过此变量设置.
ansible_ssh_user
默认的 ssh 用户名
ansible_ssh_pass
ssh 密码(这种方式并不安全,我们强烈建议使用 --ask-pass 或 SSH 密钥)
ansible_sudo_pass
sudo 密码(这种方式并不安全,我们强烈建议使用 --ask-sudo-pass)
ansible_sudo_exe (new in version 1.8)
sudo 命令路径(适用于1.8及以上版本)
ansible_connection
与主机的连接类型.比如:local, ssh 或者 paramiko. Ansible 1.2 以前默认使用 paramiko.1.2 以后默认使用 'smart','smart' 方式会根据是否支持 ControlPersist, 来判断'ssh' 方式是否可行.
ansible_ssh_private_key_file
ssh 使用的私钥文件.适用于有多个密钥,而你不想使用 SSH 代理的情况.
ansible_shell_type
目标系统的shell类型.默认情况下,命令的执行使用 'sh' 语法,可设置为 'csh' 或 'fish'.
ansible_python_interpreter
目标主机的 python 路径.适用于的情况: 系统中有多个 Python, 或者命令路径不是"/usr/bin/python",比如 \*BSD, 或者 /usr/bin/python
不是 2.X 版本的 Python.我们不使用 "/usr/bin/env" 机制,因为这要求远程用户的路径设置正确,且要求 "python" 可执行程序名不可为 python以外的名字(实际有可能名为python26).
与 ansible_python_interpreter 的工作方式相同,可设定如 ruby 或 perl 的路径....
6、变量读取的四个位置
Inventory配置
Playbook中vars定义的区域
Roles中vars目录下的文件
Roles同级目录group_vars和hosts_vars目录下的文件
#设置变量时尽量沿用同一种方式。
7、ansible正则
(1)全量匹配 all与*功能相同,但*需引起来。
ansible all -m ping
ansible "*" -m ping
(2)逻辑或(or)匹配
多台主机或多个组同时执行
ansible "web1:web2" -m ping
(3)逻辑非(!)匹配
所有在web1组,但不在web2组的主机
web1:!web2
(4)逻辑与(&)匹配
web1和web2中同时存在的主机
web1:&web2
(5)模糊匹配
检查192.168.1.0/24网段所有主机存活状态。
ansible 192.168.1.* -m ping
test开头的所有组
ansible "test*" -m ping
(6)域切割,同python字符串域切割
例:
[webservers]
web1.example.com
web2.example.com
web3.example.com
webservers[0] #==web1.example.com
webservers[-1] #==web3.example.com
webservers[0:2] #第一位到第三位==web1.example.com、web2.example.com、web3.example.com
webservers[1:] #第二位到最后==web2.example.com、web3.example.com
(7)正则匹配,"~"开始表示正则匹配
ansible "~(web|data|test)\.example\.(com|org)" -m ping
2、Ansible配置文件详解的更多相关文章
- ansible配置文件详解
# ansible配置文件配置 配置项介绍 , 配置文件ansible.cfg, 运行playbook时,默认时在yaml文件所在路径寻找,然后再去/etc/ansible/下寻找 [defaults ...
- Ansible 配置文件详解
# config file for ansible -- http://ansible.com/ # ============================================== # ...
- quartz配置文件详解
quartz配置文件详解(转载) quartz学习总结: 一.关于job: 用Quartz的行话讲,作业是一个执行任务的简单Java类.任务可以是任何Java代码.只需你实现org.qu ...
- WebConfig配置文件详解
今天看到博客园一位朋友整理的一个WebConfig配置文件详解,觉得不错,转载一下: <?xml version="1.0"?> <!--注意: 除了手动编辑此文 ...
- tomcat配置文件详解
Tomcat系列之服务器的安装与配置以及各组件详解 tomcat 配置文件详解
- ubuntu nginx 安装以及配置文件详解
1.到nginx官网下载源码包.最好下载稳定版本,nginx官网http://www.nginx.org/ 2.安装nginx依赖包运行命令: sudo apt-get install libssl- ...
- Spring配置文件详解 – applicationContext.xml文件路径
Spring配置文件详解 – applicationContext.xml文件路径 Java编程 spring的配置文件applicationContext.xml的默 ...
- spring配置文件详解--真的蛮详细
spring配置文件详解--真的蛮详细 转自: http://book.51cto.com/art/201004/193743.htm 此处详细的为我们讲解了spring2.5的实现原理,感觉非常 ...
- net-snmp配置文件详解
net-snmp配置文件详解 net-snmp的配置文件是有一定的层次结构的,配置起来也很方便.网上找了很多资料,大概把这个配置文件的各个信息搞懂了一点.其实在net-snmp的EXAMPLE.con ...
随机推荐
- 洛谷——P1002 过河卒||codevs——T1010 过河卒
https://www.luogu.org/problem/show?pid=1002#sub||http://codevs.cn/problem/1010/ 题目描述 棋盘上A点有一个过河卒,需要走 ...
- [WordPress]基本操作
编辑文本 文本模式下 more 提取摘要<!--more-->
- HDOJ 题目5097 Page Rank(矩阵运算,模拟)
Page Rank Time Limit: 3000/1500 MS (Java/Others) Memory Limit: 100000/100000 K (Java/Others) Tota ...
- Notepad++ 设置执行 lua 和 python
Notepad++ 设置执行 lua 和 python 一.设置 run -> 设置 cmd /k lua "$(FULL_CURRENT_PATH)" & PAUS ...
- Android - 找到当前类的Context
找到当前类的Context 本文地址: http://blog.csdn.net/caroline_wendy 假设是在onContinueCreate或onCreate中, 直接使用this, 就代 ...
- cocos2d-x 3.0游戏实例学习笔记 《跑酷》 第六步--金币&岩石加入而且管理
说明:这里是借鉴:晓风残月前辈的博客,他是将泰然网的跑酷教程,用cocos2d-x 2.X 版本号重写的,眼下我正在学习cocos2d-X3.0 于是就用cocos2d-X 3.0重写,并做相关笔记 ...
- 弗拉特利定律:Illumina怎样缔造基因革命
蕾妮·瓦林特(Renee Valint)的女儿谢尔碧(Shelby)在2000年出生时.看起来虚弱无力,就如同一仅仅耷拉着的布娃娃.谢尔碧学着走路和说话,但学得很慢.错过了儿童发展的重要阶段.到4岁时 ...
- Mule ESB-3.Build a webservice proxy
自从引入ESB后,系统之间不再直接依赖.我负责的这块,主要是解决Webservice的问题.使系统A不再直接依赖系统B的Webservice. 我们选择的产品是Mule ESB.所以自然要使用Mule ...
- 什么是URL?网址的组成
欢迎加入前端交流群交流知识&&获取视频资料:749539640 和 Hypertext 以及 HTTP 一样,URL是Web中的一个核心概念.它是浏览器用来检索web上公布的任何资源的 ...
- tomcat 启动服务器日志小结
1.tomcat 启动服务配置: 目前主要有 ①把编译好war或者项目直接扔到webapps 目录下, 启动bin目录下的startup.bat 即可 ② 在conf目录下 修改 serve ...