2、Ansible配置文件详解
0.配置文件
两个核心文件:ansible.cfg和hosts文件,默认都存放在/etc/ansible目录下。
ansible.cfg:主要设置一些ansible初始化的信息,比如日志存放路径、模块、插件等配置信息
hosts:机器清单,进行分组管理
1.ansible.cfg
# config file for ansible -- http://ansible.com/
# ==============================================
# nearly all parameters can be
overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults] --->通用默认配置
# some basic default
values...
inventory = /etc/ansible/hosts 这个是默认库文件位置,脚本,或者存放可通信主机的目录
#library =
/usr/share/my_modules/ Ansible默认搜寻模块的位置
remote_tmp = $HOME/.ansible/tmp Ansible 通过远程传输模块到远程主机,然后远程执行,执行后在清理现场.在有些场景下,你也许想使用默认路径希望像更换补丁一样使用
pattern = * 如果没有提供“hosts”节点,这是playbook要通信的默认主机组.默认值是对所有主机通信
forks = 5 在与主机通信时的默认并行进程数 ,默认是5d
poll_interval = 15 当具体的poll interval 没有定义时,多少时间回查一下这些任务的状态, 默认值是5秒
sudo_user = root sudo使用的默认用户 ,默认是root
#ask_sudo_pass = True 用来控制Ansible playbook 在执行sudo之前是否询问sudo密码.默认为no
#ask_pass = True 控制Ansible playbook 是否会自动默认弹出密码
transport = smart 通信机制.默认 值为’smart’。如果本地系统支持 ControlPersist技术的话,将会使用(基于OpenSSH)‘ssh’,如果不支持讲使用‘paramiko’.其他传输选项包括‘local’, ‘chroot’,’jail’等等
#remote_port = 22 远程SSH端口。 默认是22
module_lang = C 模块和系统之间通信的计算机语言,默认是C语言
# plays will gather facts by default,
which contain information about
# the remote system.
#
# smart - gather by default, but don't regather
if already gathered
# implicit - gather by default, turn off
with gather_facts: False
# explicit - do not gather
by default, must say gather_facts: True
gathering = implicit
控制默认facts收集(远程系统变量). 默认值为’implicit’, 每一次play,facts都会被收集
# additional paths to search for
roles in, colon separated
#roles_path = /etc/ansible/roles roles 路径指的是’roles/’下的额外目录,用于playbook搜索Ansible
roles
# uncomment this
to disable SSH key host checking
#host_key_checking = False 检查主机密钥
# change this for
alternative sudo implementations
sudo_exe = sudo 如果在其他远程主机上使用另一种方式执sudu操作.可以使用该参数进行更换
# what flags to pass to
sudo 传递sudo之外的参数
#sudo_flags = -H
# SSH timeout SSH超时时间
timeout = 10
# default
user to use for playbooks if
user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root 使用/usr/bin/ansible-playbook链接的默认用户名,如果不指定,会使用当前登录的用户名
# logging is
off by default unless this
path is defined
# if so defined, consider logrotate
#log_path = /var/log/ansible.log 日志文件存放路径
# default
module name for /usr/bin/ansible
#module_name = command ansible命令执行默认的模块
# use this
shell for commands executed under sudo
# you may need to change this to bin/bash in
rare instances
# if sudo is constrained
#executable = /bin/sh 在sudo环境下产生一个shell交互接口.
用户只在/bin/bash的或者sudo限制的一些场景中需要修改
# if
inventory variables overlap, does the higher precedence one win
# or are hash values merged together?
The default is 'replace'
but
# this can also be set to 'merge'.
#hash_behaviour = replace 特定的优先级覆盖变量
# list any Jinja2 extensions
to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n 允许开启Jinja2拓展模块
# if set,
always use this private
key file for authentication, same as
# if passing --private-key to
ansible or ansible-playbook
#private_key_file = /path/to/file
私钥文件存储位置
# format of string
{{ ansible_managed }} available within Jinja2
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by
{uid} on {host} 这个设置可以告知用户,Ansible修改了一个文件,并且手动写入的内容可能已经被覆盖.
# by default,
ansible-playbook will display "Skipping [host]" if
it determines a task
# should not be run on a host. Set this
to "False" if
you don't want to see these "Skipping"
# messages. NOTE: the task header will still be shown regardless of whether or
not the
# task is skipped.
#display_skipped_hosts = True 显示任何跳过任务的状态 ,默认是显示
# by default (as
of 1.3), Ansible will raise errors when attempting to
dereference
# Jinja2 variables that are not set in
templates or action lines. Uncomment this line
# to revert the behavior to pre-1.3.
#error_on_undefined_vars = False 如果所引用的变量名称错误的话, 将会导致ansible在执行步骤上失败
# by default (as
of 1.6), Ansible may display warnings based on the configuration
of the
# system running ansible itself. This may include warnings about 3rd party
packages or
# other conditions that should be resolved if
possible.
# to disable these warnings, set the
following value to False:
#system_warnings = True 允许禁用系统运行ansible相关的潜在问题警告
# by default (as
of 1.4), Ansible may display deprecation warnings for
language
# features that should no longer be used and will be removed in
future versions.
# to disable these warnings, set the
following value to False:
#deprecation_warnings = True 允许在ansible-playbook输出结果中禁用“不建议使用”警告
# (as
of 1.8), Ansible can optionally warn when usage of the shell and
# command module appear to be simplified by using a
default Ansible module
# instead. These warnings can be
silenced by adjusting the following
# setting or adding warn=yes or warn=no to the end of the command line
# parameter string.
This will for example suggest using
the git module
# instead of shelling out to the git
command.
# command_warnings = False 当shell和命令行模块被默认模块简化的时,Ansible 将默认发出警告
# set
plugin path directories here, separate with colons
action_plugins = /usr/share/ansible_plugins/action_plugins
callback_plugins =
/usr/share/ansible_plugins/callback_plugins
connection_plugins = /usr/share/ansible_plugins/connection_plugins
lookup_plugins =
/usr/share/ansible_plugins/lookup_plugins
vars_plugins =
/usr/share/ansible_plugins/vars_plugins
filter_plugins =
/usr/share/ansible_plugins/filter_plugins
# by default
callbacks are not loaded for
/bin/ansible, enable this if
you
# want, for example, a notification or logging
callback to also apply to
# /bin/ansible runs
#bin_ansible_callbacks = False 用来控制callback插件是否在运行 /usr/bin/ansible 的时候被加载. 这个模块将用于命令行的日志系统,发出通知等特性
# don't like
cows? that's
unfortunate.
# set to 1 if
you don't want cowsay support or export ANSIBLE_NOCOWS=1
#nocows = 1
默认ansible可以调用一些cowsay的特性 开启/禁用:0/1
# don't like
colors either?
# set to 1 if
you don't want colors, or export ANSIBLE_NOCOLOR=1
#nocolor = 1
输出带上颜色区别, 开启/关闭:0/1
# the CA certificate path used
for validating SSL certs. This path
# should exist on the controlling node, not the target nodes
# common locations:
# RHEL/CentOS: /etc/pki/tls/certs/ca-bundle.crt
# Fedora :
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Ubuntu :
/usr/share/ca-certificates/cacert.org/cacert.org.crt
#ca_file_path =
# the http user-agent string
to use when fetching urls. Some web server
# operators block the default urllib user
agent as it is
frequently used
# by malicious attacks/scripts, so we set it to
something unique to
# avoid issues.
#http_user_agent = ansible-agent
# if set
to a persistent type (not 'memory', for
example 'redis') fact values
# from previous runs in Ansible will
be stored. This may be useful when
# wanting to use, for example, IP information from
one group of servers
# without having to talk to them in the same
playbook run to get their
# current IP information.
fact_caching = memory
# retry files
#retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry
[privilege_escalation]
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False
[paramiko_connection]
# uncomment this
line to cause the paramiko connection plugin to not record new
host
# keys encountered. Increases
performance on new host additions. Setting works independently of the
# host key checking setting above.
#record_host_keys=False
# by default,
Ansible requests a pseudo-terminal for commands
executed under sudo. Uncomment this
# line to disable this behaviour.
#pty=False
[ssh_connection]
# ssh arguments to use
# Leaving off ControlPersist will result in
poor performance, so use
# paramiko on older platforms rather than removing it
#ssh_args = -o ControlMaster=auto -o ControlPersist=60s
# The path to use for
the ControlPath sockets. This defaults to
# "%(directory)s/ansible-ssh-%%h-%%p-%%r",
however on some systems with
# very long hostnames or very long
path names (caused by long user names
or
# deeply nested home directories) this can exceed
the character limit on
# file socket names (108 characters for
most platforms). In that case, you
# may wish to shorten the string below.
#
# Example:
# control_path = %(directory)s/%%h-%%r
#control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
# Enabling pipelining reduces
the number of SSH operations required to
# execute a module on the remote server. This can result in a
significant
# performance improvement when enabled, however when using "sudo:"
you must
# first disable 'requiretty' in
/etc/sudoers
#
# By default, this option is
disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default
on many distros).
#
#pipelining = False
# if
True, make ansible use scp if the
connection type is ssh
# (default is sftp)
#scp_if_ssh = True
[accelerate]
accelerate_port = 5099
accelerate_timeout = 30
accelerate_connect_timeout = 5.0
# The daemon timeout is
measured in minutes. This time is
measured
# from the last activity to the accelerate daemon.
accelerate_daemon_timeout = 30
# If set
to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new
key. The default
# is "no".
#accelerate_multi_key = yes
[selinux]
# file systems that require special treatment when dealing with security
context
# the default behaviour that copies the existing context
or uses the user default
# needs to be changed to use the file system dependant context.
#special_context_filesystems=nfs,vboxsf,fuse
简易配置:
[defaults]
inventory = /etc/ansible/hosts
sudo_user=root
remote_port=22
host_key_checking=False
remote_user=root
log_path=/var/log/ansible.log
module_name=command
private_key_file=/root/.ssh/id_rsa
no_log:True
2.hosts
# This is
the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#'
character
# - Blank lines are ignored
# - Groups of hosts are delimited by
[header] elements
# - You can enter hostnames or ip
addresses
# - A hostname/ip can be a member of
multiple groups
# Ex 1:
Ungrouped hosts, specify before any group headers.
green.example.com
blue.example.com
192.168.100.1
192.168.100.10
# Ex 2:
A collection of hosts belonging to the 'webservers'
group
[webservers]
alpha.example.org
beta.example.org
192.168.1.100
192.168.1.110
# If you have multiple hosts
following a pattern you can specify
# them like this:
www[001:006].example.com
# Ex 3:
A collection of database servers in the 'dbservers'
group
[dbservers]
db01.intranet.mydomain.net
db02.intranet.mydomain.net
10.25.1.56
10.25.1.57
# Here's another
example of host ranges, this time there are no
# leading 0s:
db-[99:101]-node.example.com
ansible通过Inventory来定义主机和组,使用时通过-i指定读取,默认/etc/ansible/hosts。可以存在多个Inventory,支持动态生成。
1、定义主机和组
# vim /etc/ansible/hosts
192.168.12.22 #可以直接为IP地址
nfs.magedu.com #可以是域名
ntp.magedu.com:2200 #可以:接ssh端口
[webserver] #[]内为分组名,下面都是该组组员
web[1:10].magedu.com #[1:10]表示1~10所有数字
db-[a:f].magedu.com #[a:f]表示a~f所有字母
2、定义主机变量
定义的变量可以在playbook中使用,在playbook中设定的同名变量会优先于此处变量。
other1.example.com ansible_connection=ssh ansible_ssh_user=mpdehaan #选择连接类型和连接用户
other2.example.com http_port=8800 #定义http_port端口号8800
3、定义组变量
[test]
web1.example.com
web2.example.com
[test:vars] #组变量,下面定义的变量test组内的所有主机通用
ntp_server=ntp.example.com
proxy=proxy.example.com
4、把一个组作为另一个组的子成员
[apache]
web1.example.com
[nginx]
web2.example.com
[webserver]
other1.example.com
[webserver:children]
apache
nginx
#上例中webserver包括web1.example.com、web2.example.com、other1.example.com
5、其他Inventory参数
ansible_ssh_host
将要连接的远程主机名.与你想要设定的主机的别名不同的话,可通过此变量设置.
ansible_ssh_port
ssh端口号.如果不是默认的端口号,通过此变量设置.
ansible_ssh_user
默认的 ssh 用户名
ansible_ssh_pass
ssh 密码(这种方式并不安全,我们强烈建议使用 --ask-pass 或 SSH 密钥)
ansible_sudo_pass
sudo 密码(这种方式并不安全,我们强烈建议使用 --ask-sudo-pass)
ansible_sudo_exe (new in version 1.8)
sudo 命令路径(适用于1.8及以上版本)
ansible_connection
与主机的连接类型.比如:local, ssh 或者 paramiko. Ansible 1.2 以前默认使用 paramiko.1.2 以后默认使用 'smart','smart' 方式会根据是否支持 ControlPersist, 来判断'ssh' 方式是否可行.
ansible_ssh_private_key_file
ssh 使用的私钥文件.适用于有多个密钥,而你不想使用 SSH 代理的情况.
ansible_shell_type
目标系统的shell类型.默认情况下,命令的执行使用 'sh' 语法,可设置为 'csh' 或 'fish'.
ansible_python_interpreter
目标主机的 python 路径.适用于的情况: 系统中有多个 Python, 或者命令路径不是"/usr/bin/python",比如 \*BSD, 或者 /usr/bin/python
不是 2.X 版本的 Python.我们不使用 "/usr/bin/env" 机制,因为这要求远程用户的路径设置正确,且要求 "python" 可执行程序名不可为 python以外的名字(实际有可能名为python26).
与 ansible_python_interpreter 的工作方式相同,可设定如 ruby 或 perl 的路径....
6、变量读取的四个位置
Inventory配置
Playbook中vars定义的区域
Roles中vars目录下的文件
Roles同级目录group_vars和hosts_vars目录下的文件
#设置变量时尽量沿用同一种方式。
7、ansible正则
(1)全量匹配 all与*功能相同,但*需引起来。
ansible all -m ping
ansible "*" -m ping
(2)逻辑或(or)匹配
多台主机或多个组同时执行
ansible "web1:web2" -m ping
(3)逻辑非(!)匹配
所有在web1组,但不在web2组的主机
web1:!web2
(4)逻辑与(&)匹配
web1和web2中同时存在的主机
web1:&web2
(5)模糊匹配
检查192.168.1.0/24网段所有主机存活状态。
ansible 192.168.1.* -m ping
test开头的所有组
ansible "test*" -m ping
(6)域切割,同python字符串域切割
例:
[webservers]
web1.example.com
web2.example.com
web3.example.com
webservers[0] #==web1.example.com
webservers[-1] #==web3.example.com
webservers[0:2] #第一位到第三位==web1.example.com、web2.example.com、web3.example.com
webservers[1:] #第二位到最后==web2.example.com、web3.example.com
(7)正则匹配,"~"开始表示正则匹配
ansible "~(web|data|test)\.example\.(com|org)" -m ping
2、Ansible配置文件详解的更多相关文章
- ansible配置文件详解
# ansible配置文件配置 配置项介绍 , 配置文件ansible.cfg, 运行playbook时,默认时在yaml文件所在路径寻找,然后再去/etc/ansible/下寻找 [defaults ...
- Ansible 配置文件详解
# config file for ansible -- http://ansible.com/ # ============================================== # ...
- quartz配置文件详解
quartz配置文件详解(转载) quartz学习总结: 一.关于job: 用Quartz的行话讲,作业是一个执行任务的简单Java类.任务可以是任何Java代码.只需你实现org.qu ...
- WebConfig配置文件详解
今天看到博客园一位朋友整理的一个WebConfig配置文件详解,觉得不错,转载一下: <?xml version="1.0"?> <!--注意: 除了手动编辑此文 ...
- tomcat配置文件详解
Tomcat系列之服务器的安装与配置以及各组件详解 tomcat 配置文件详解
- ubuntu nginx 安装以及配置文件详解
1.到nginx官网下载源码包.最好下载稳定版本,nginx官网http://www.nginx.org/ 2.安装nginx依赖包运行命令: sudo apt-get install libssl- ...
- Spring配置文件详解 – applicationContext.xml文件路径
Spring配置文件详解 – applicationContext.xml文件路径 Java编程 spring的配置文件applicationContext.xml的默 ...
- spring配置文件详解--真的蛮详细
spring配置文件详解--真的蛮详细 转自: http://book.51cto.com/art/201004/193743.htm 此处详细的为我们讲解了spring2.5的实现原理,感觉非常 ...
- net-snmp配置文件详解
net-snmp配置文件详解 net-snmp的配置文件是有一定的层次结构的,配置起来也很方便.网上找了很多资料,大概把这个配置文件的各个信息搞懂了一点.其实在net-snmp的EXAMPLE.con ...
随机推荐
- HDU 2224 The shortest path
The shortest path Time Limit: 1000/1000 MS (Java/Others) Memory Limit: 32768/32768 K (Java/Others ...
- faster-rcnn代码阅读1
毫无疑问,faster-rcnn是目标检测领域的一个里程碑式的算法.本文主要是本人阅读python版本的faster-rcnn代码的一个记录,算法的具体原理本文也会有介绍,但是为了对该算法有一个整体性 ...
- Android中加入水平线和垂直线
1.加入水平线 <View android:layout_height="0.5dip" android:background="#686868" and ...
- wpf datagridtemplatecolumn visibility binding
因为datagridtemplatecolumn不在Virsual Tree中,不能继承DataGrid的DataContext, 所以想要绑定到datagridtemplatecolumn的 vis ...
- oc11---结构体作为属性
// // main.m // 结构体作为对象的属性 #import <Foundation/Foundation.h> typedef struct { int year; int mo ...
- 在linux下怎么安装.bin的文件
*.bin文件安装方法: 1.运行终端到文件目录下2.在终端输入:sudo chmod +x *.bin3.再输入:sudo ./*.bin可安装到任意目录,./*.bin可安装到当前用户有权限的目录
- bzoj3673: 可持久化并查集 by zky&&3674: 可持久化并查集加强版
主席树可持久化数组,还挺好YY的 然而加强版要路径压缩.. 发现压了都RE 结果看了看数据,默默的把让fx的父亲变成fy反过来让fy的父亲变成fx 搞笑啊 #include<cstdio> ...
- Linux - Nginx的集群与负载均衡
Nginx的集群与负载均衡 集群就是一群人干同样的活,负载均衡就是保证每个人都干得差不多.或者大人干得多一些,小孩干得少一些. Nginx实现负载均衡很方便. 准备三台服务器,一台是用于访问图片(66 ...
- 搜索分析(DFS、BFS、递归、记忆化搜索)
搜索分析(DFS.BFS.递归.记忆化搜索) 1.线性查找 在数组a[]={0,1,2,3,4,5,6,7,8,9,10}中查找1这个元素. (1)普通搜索方法,一个循环从0到10搜索,这里略. (2 ...
- 从谷歌官网下载android 6.0源码、编译并刷入nexus 6p手机
版权声明:本文为博主原创文章,未经博主允许不得转载. https://blog.csdn.net/fuchaosz/article/details/52473660 1 前言 经过一周的奋战,终于从谷 ...