0.配置文件

两个核心文件:ansible.cfg和hosts文件,默认都存放在/etc/ansible目录下。

ansible.cfg:主要设置一些ansible初始化的信息,比如日志存放路径、模块、插件等配置信息

hosts:机器清单,进行分组管理

1.ansible.cfg

# config file for ansible -- http://ansible.com/
# ==============================================

# nearly all parameters can be
overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first

[defaults]   --->通用默认配置

# some basic default
values...

inventory      = /etc/ansible/hosts     这个是默认库文件位置,脚本,或者存放可通信主机的目录
#library        =
/usr/share/my_modules/   Ansible默认搜寻模块的位置
remote_tmp     = $HOME/.ansible/tmp   Ansible 通过远程传输模块到远程主机,然后远程执行,执行后在清理现场.在有些场景下,你也许想使用默认路径希望像更换补丁一样使用
pattern        = *    如果没有提供“hosts”节点,这是playbook要通信的默认主机组.默认值是对所有主机通信
forks          = 5    在与主机通信时的默认并行进程数 ,默认是5d
poll_interval  = 15    当具体的poll interval 没有定义时,多少时间回查一下这些任务的状态, 默认值是5秒
sudo_user      = root   sudo使用的默认用户 ,默认是root
#ask_sudo_pass = True   用来控制Ansible playbook 在执行sudo之前是否询问sudo密码.默认为no
#ask_pass      = True    控制Ansible playbook 是否会自动默认弹出密码
transport      = smart   通信机制.默认 值为’smart’。如果本地系统支持 ControlPersist技术的话,将会使用(基于OpenSSH)‘ssh’,如果不支持讲使用‘paramiko’.其他传输选项包括‘local’, ‘chroot’,’jail’等等
#remote_port    = 22    远程SSH端口。 默认是22
module_lang    = C   模块和系统之间通信的计算机语言,默认是C语言

# plays will gather facts by default,
which contain information about
# the remote system.
#
# smart - gather by default, but don't regather
if already gathered
# implicit - gather by default, turn off
with gather_facts: False
# explicit - do not gather
by default, must say gather_facts: True
gathering = implicit  
控制默认facts收集(远程系统变量). 默认值为’implicit’, 每一次play,facts都会被收集

# additional paths to search for
roles in, colon separated
#roles_path    = /etc/ansible/roles   roles 路径指的是’roles/’下的额外目录,用于playbook搜索Ansible
roles

# uncomment this
to disable SSH key host checking
#host_key_checking = False    检查主机密钥

# change this for
alternative sudo implementations
sudo_exe = sudo     如果在其他远程主机上使用另一种方式执sudu操作.可以使用该参数进行更换

# what flags to pass to
sudo   传递sudo之外的参数
#sudo_flags = -H

# SSH timeout    SSH超时时间
timeout = 10

# default
user to use for playbooks if
user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root   使用/usr/bin/ansible-playbook链接的默认用户名,如果不指定,会使用当前登录的用户名

# logging is
off by default unless this
path is defined
# if so defined, consider logrotate
#log_path = /var/log/ansible.log     日志文件存放路径

# default
module name for /usr/bin/ansible
#module_name = command     ansible命令执行默认的模块

# use this
shell for commands executed under sudo
# you may need to change this to bin/bash in
rare instances
# if sudo is constrained
#executable = /bin/sh     在sudo环境下产生一个shell交互接口.
用户只在/bin/bash的或者sudo限制的一些场景中需要修改

# if
inventory variables overlap, does the higher precedence one win
# or are hash values merged together? 
The default is 'replace'
but
# this can also be set to 'merge'.
#hash_behaviour = replace    特定的优先级覆盖变量

# list any Jinja2 extensions
to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n      允许开启Jinja2拓展模块

# if set,
always use this private
key file for authentication, same as
# if passing --private-key to
ansible or ansible-playbook
#private_key_file = /path/to/file        
私钥文件存储位置

# format of string
{{ ansible_managed }} available within Jinja2
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by
{uid} on {host}   这个设置可以告知用户,Ansible修改了一个文件,并且手动写入的内容可能已经被覆盖.

# by default,
ansible-playbook will display "Skipping [host]" if
it determines a task
# should not be run on a host.  Set this
to "False" if
you don't want to see these "Skipping"
# messages. NOTE: the task header will still be shown regardless of whether or
not the
# task is skipped.
#display_skipped_hosts = True     显示任何跳过任务的状态 ,默认是显示

# by default (as
of 1.3), Ansible will raise errors when attempting to
dereference
# Jinja2 variables that are not set in
templates or action lines. Uncomment this line
# to revert the behavior to pre-1.3.
#error_on_undefined_vars = False      如果所引用的变量名称错误的话, 将会导致ansible在执行步骤上失败

# by default (as
of 1.6), Ansible may display warnings based on the configuration
of the
# system running ansible itself. This may include warnings about 3rd party
packages or
# other conditions that should be resolved if
possible.
# to disable these warnings, set the
following value to False:
#system_warnings = True    允许禁用系统运行ansible相关的潜在问题警告

# by default (as
of 1.4), Ansible may display deprecation warnings for
language
# features that should no longer be used and will be removed in
future versions.
# to disable these warnings, set the
following value to False:
#deprecation_warnings = True     允许在ansible-playbook输出结果中禁用“不建议使用”警告

# (as
of 1.8), Ansible can optionally warn when usage of the shell and
# command module appear to be simplified by using a
default Ansible module
# instead.  These warnings can be
silenced by adjusting the following
# setting or adding warn=yes or warn=no to the end of the command line
# parameter string. 
This will for example suggest using
the git module
# instead of shelling out to the git
command.
# command_warnings = False    当shell和命令行模块被默认模块简化的时,Ansible 将默认发出警告

# set
plugin path directories here, separate with colons
action_plugins     = /usr/share/ansible_plugins/action_plugins 
callback_plugins   =
/usr/share/ansible_plugins/callback_plugins
connection_plugins = /usr/share/ansible_plugins/connection_plugins
lookup_plugins     =
/usr/share/ansible_plugins/lookup_plugins
vars_plugins       =
/usr/share/ansible_plugins/vars_plugins
filter_plugins     =
/usr/share/ansible_plugins/filter_plugins

# by default
callbacks are not loaded for
/bin/ansible, enable this if
you
# want, for example, a notification or logging
callback to also apply to
# /bin/ansible runs
#bin_ansible_callbacks = False    用来控制callback插件是否在运行 /usr/bin/ansible 的时候被加载. 这个模块将用于命令行的日志系统,发出通知等特性

# don't like
cows?  that's
unfortunate.
# set to 1 if
you don't want cowsay support or export ANSIBLE_NOCOWS=1
#nocows = 1   
默认ansible可以调用一些cowsay的特性   开启/禁用:0/1

# don't like
colors either?
# set to 1 if
you don't want colors, or export ANSIBLE_NOCOLOR=1
#nocolor = 1 
输出带上颜色区别, 开启/关闭:0/1

# the CA certificate path used
for validating SSL certs. This path
# should exist on the controlling node, not the target nodes
# common locations:
# RHEL/CentOS: /etc/pki/tls/certs/ca-bundle.crt
# Fedora     :
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Ubuntu     :
/usr/share/ca-certificates/cacert.org/cacert.org.crt
#ca_file_path =

# the http user-agent string
to use when fetching urls. Some web server
# operators block the default urllib user
agent as it is
frequently used
# by malicious attacks/scripts, so we set it to
something unique to
# avoid issues.
#http_user_agent = ansible-agent

# if set
to a persistent type (not 'memory', for
example 'redis') fact values
# from previous runs in Ansible will
be stored.  This may be useful when
# wanting to use, for example, IP information from
one group of servers
# without having to talk to them in the same
playbook run to get their
# current IP information.
fact_caching = memory

# retry files
#retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry

[privilege_escalation]
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False

[paramiko_connection]

# uncomment this
line to cause the paramiko connection plugin to not record new
host
# keys encountered.  Increases
performance on new host additions.  Setting works independently of the
# host key checking setting above.
#record_host_keys=False

# by default,
Ansible requests a pseudo-terminal for commands
executed under sudo. Uncomment this
# line to disable this behaviour.
#pty=False

[ssh_connection]

# ssh arguments to use
# Leaving off ControlPersist will result in
poor performance, so use
# paramiko on older platforms rather than removing it
#ssh_args = -o ControlMaster=auto -o ControlPersist=60s

# The path to use for
the ControlPath sockets. This defaults to
# "%(directory)s/ansible-ssh-%%h-%%p-%%r",
however on some systems with
# very long hostnames or very long
path names (caused by long user names
or
# deeply nested home directories) this can exceed
the character limit on
# file socket names (108 characters for
most platforms). In that case, you
# may wish to shorten the string below.
#
# Example:
# control_path = %(directory)s/%%h-%%r
#control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r

# Enabling pipelining reduces
the number of SSH operations required to
# execute a module on the remote server. This can result in a
significant
# performance improvement when enabled, however when using "sudo:"
you must
# first disable 'requiretty' in
/etc/sudoers
#
# By default, this option is
disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default
on many distros).
#
#pipelining = False

# if
True, make ansible use scp if the
connection type is ssh
# (default is sftp)
#scp_if_ssh = True

[accelerate]
accelerate_port = 5099
accelerate_timeout = 30
accelerate_connect_timeout = 5.0

# The daemon timeout is
measured in minutes. This time is
measured
# from the last activity to the accelerate daemon.
accelerate_daemon_timeout = 30

# If set
to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new
key. The default
# is "no".
#accelerate_multi_key = yes

[selinux]
# file systems that require special treatment when dealing with security
context
# the default behaviour that copies the existing context
or uses the user default
# needs to be changed to use the file system dependant context.
#special_context_filesystems=nfs,vboxsf,fuse

简易配置:

[defaults]
inventory      = /etc/ansible/hosts
sudo_user=root
remote_port=22
host_key_checking=False
remote_user=root
log_path=/var/log/ansible.log
module_name=command
private_key_file=/root/.ssh/id_rsa
no_log:True

2.hosts

# This is
the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
#   - Comments begin with the '#'
character
#   - Blank lines are ignored
#   - Groups of hosts are delimited by
[header] elements
#   - You can enter hostnames or ip
addresses
#   - A hostname/ip can be a member of
multiple groups

# Ex 1:
Ungrouped hosts, specify before any group headers.

green.example.com
blue.example.com
192.168.100.1
192.168.100.10

# Ex 2:
A collection of hosts belonging to the 'webservers'
group

[webservers]
alpha.example.org
beta.example.org
192.168.1.100
192.168.1.110

# If you have multiple hosts
following a pattern you can specify
# them like this:

www[001:006].example.com

# Ex 3:
A collection of database servers in the 'dbservers'
group

[dbservers]

db01.intranet.mydomain.net
db02.intranet.mydomain.net
10.25.1.56
10.25.1.57

# Here's another
example of host ranges, this time there are no
# leading 0s:

db-[99:101]-node.example.com

ansible通过Inventory来定义主机和组,使用时通过-i指定读取,默认/etc/ansible/hosts。可以存在多个Inventory,支持动态生成。

1、定义主机和组

# vim /etc/ansible/hosts

192.168.12.22    #可以直接为IP地址

nfs.magedu.com    #可以是域名

ntp.magedu.com:2200    #可以:接ssh端口

[webserver]    #[]内为分组名,下面都是该组组员

web[1:10].magedu.com    #[1:10]表示1~10所有数字

db-[a:f].magedu.com    #[a:f]表示a~f所有字母

2、定义主机变量

定义的变量可以在playbook中使用,在playbook中设定的同名变量会优先于此处变量。

other1.example.com    ansible_connection=ssh    ansible_ssh_user=mpdehaan    #选择连接类型和连接用户

other2.example.com    http_port=8800    #定义http_port端口号8800

3、定义组变量

[test]

web1.example.com

web2.example.com

[test:vars]    #组变量,下面定义的变量test组内的所有主机通用

ntp_server=ntp.example.com

proxy=proxy.example.com

4、把一个组作为另一个组的子成员

[apache]

web1.example.com

[nginx]

web2.example.com

[webserver]

other1.example.com

[webserver:children]

apache

nginx

#上例中webserver包括web1.example.com、web2.example.com、other1.example.com

5、其他Inventory参数

ansible_ssh_host

将要连接的远程主机名.与你想要设定的主机的别名不同的话,可通过此变量设置.

ansible_ssh_port

ssh端口号.如果不是默认的端口号,通过此变量设置.

ansible_ssh_user

默认的 ssh 用户名

ansible_ssh_pass

ssh 密码(这种方式并不安全,我们强烈建议使用 --ask-pass 或 SSH 密钥)

ansible_sudo_pass

sudo 密码(这种方式并不安全,我们强烈建议使用 --ask-sudo-pass)

ansible_sudo_exe (new in version 1.8)

sudo 命令路径(适用于1.8及以上版本)

ansible_connection

与主机的连接类型.比如:local, ssh 或者 paramiko. Ansible 1.2 以前默认使用 paramiko.1.2 以后默认使用 'smart','smart' 方式会根据是否支持 ControlPersist, 来判断'ssh' 方式是否可行.

ansible_ssh_private_key_file

ssh 使用的私钥文件.适用于有多个密钥,而你不想使用 SSH 代理的情况.

ansible_shell_type

目标系统的shell类型.默认情况下,命令的执行使用 'sh' 语法,可设置为 'csh' 或 'fish'.

ansible_python_interpreter

目标主机的 python 路径.适用于的情况: 系统中有多个 Python, 或者命令路径不是"/usr/bin/python",比如  \*BSD, 或者 /usr/bin/python

不是 2.X 版本的 Python.我们不使用 "/usr/bin/env" 机制,因为这要求远程用户的路径设置正确,且要求 "python" 可执行程序名不可为 python以外的名字(实际有可能名为python26).

与 ansible_python_interpreter 的工作方式相同,可设定如 ruby 或 perl 的路径....

6、变量读取的四个位置

Inventory配置

Playbook中vars定义的区域

Roles中vars目录下的文件

Roles同级目录group_vars和hosts_vars目录下的文件

#设置变量时尽量沿用同一种方式。

7、ansible正则

(1)全量匹配 all与*功能相同,但*需引起来。

ansible all -m ping

ansible "*" -m ping

(2)逻辑或(or)匹配

多台主机或多个组同时执行

ansible "web1:web2" -m ping

(3)逻辑非(!)匹配

所有在web1组,但不在web2组的主机

web1:!web2

(4)逻辑与(&)匹配

web1和web2中同时存在的主机

web1:&web2

(5)模糊匹配

检查192.168.1.0/24网段所有主机存活状态。

ansible 192.168.1.* -m ping

test开头的所有组

ansible "test*" -m ping

(6)域切割,同python字符串域切割

例:

[webservers]

web1.example.com

web2.example.com

web3.example.com

webservers[0]    #==web1.example.com

webservers[-1]    #==web3.example.com

webservers[0:2]    #第一位到第三位==web1.example.com、web2.example.com、web3.example.com

webservers[1:]    #第二位到最后==web2.example.com、web3.example.com

(7)正则匹配,"~"开始表示正则匹配

ansible "~(web|data|test)\.example\.(com|org)" -m ping

2、Ansible配置文件详解的更多相关文章

  1. ansible配置文件详解

    # ansible配置文件配置 配置项介绍 , 配置文件ansible.cfg, 运行playbook时,默认时在yaml文件所在路径寻找,然后再去/etc/ansible/下寻找 [defaults ...

  2. Ansible 配置文件详解

    # config file for ansible -- http://ansible.com/ # ============================================== #  ...

  3. quartz配置文件详解

    quartz配置文件详解(转载)     quartz学习总结: 一.关于job:    用Quartz的行话讲,作业是一个执行任务的简单Java类.任务可以是任何Java代码.只需你实现org.qu ...

  4. WebConfig配置文件详解

    今天看到博客园一位朋友整理的一个WebConfig配置文件详解,觉得不错,转载一下: <?xml version="1.0"?> <!--注意: 除了手动编辑此文 ...

  5. tomcat配置文件详解

    Tomcat系列之服务器的安装与配置以及各组件详解   tomcat 配置文件详解

  6. ubuntu nginx 安装以及配置文件详解

    1.到nginx官网下载源码包.最好下载稳定版本,nginx官网http://www.nginx.org/ 2.安装nginx依赖包运行命令: sudo apt-get install libssl- ...

  7. Spring配置文件详解 – applicationContext.xml文件路径

    Spring配置文件详解 – applicationContext.xml文件路径 Java编程                 spring的配置文件applicationContext.xml的默 ...

  8. spring配置文件详解--真的蛮详细

    spring配置文件详解--真的蛮详细   转自: http://book.51cto.com/art/201004/193743.htm 此处详细的为我们讲解了spring2.5的实现原理,感觉非常 ...

  9. net-snmp配置文件详解

    net-snmp配置文件详解 net-snmp的配置文件是有一定的层次结构的,配置起来也很方便.网上找了很多资料,大概把这个配置文件的各个信息搞懂了一点.其实在net-snmp的EXAMPLE.con ...

随机推荐

  1. 洛谷——P1002 过河卒||codevs——T1010 过河卒

    https://www.luogu.org/problem/show?pid=1002#sub||http://codevs.cn/problem/1010/ 题目描述 棋盘上A点有一个过河卒,需要走 ...

  2. [WordPress]基本操作

    编辑文本 文本模式下 more 提取摘要<!--more-->

  3. HDOJ 题目5097 Page Rank(矩阵运算,模拟)

    Page Rank Time Limit: 3000/1500 MS (Java/Others)    Memory Limit: 100000/100000 K (Java/Others) Tota ...

  4. Notepad++ 设置执行 lua 和 python

    Notepad++ 设置执行 lua 和 python 一.设置 run -> 设置 cmd /k lua "$(FULL_CURRENT_PATH)" & PAUS ...

  5. Android - 找到当前类的Context

    找到当前类的Context 本文地址: http://blog.csdn.net/caroline_wendy 假设是在onContinueCreate或onCreate中, 直接使用this, 就代 ...

  6. cocos2d-x 3.0游戏实例学习笔记 《跑酷》 第六步--金币&amp;岩石加入而且管理

    说明:这里是借鉴:晓风残月前辈的博客,他是将泰然网的跑酷教程,用cocos2d-x 2.X 版本号重写的,眼下我正在学习cocos2d-X3.0 于是就用cocos2d-X 3.0重写,并做相关笔记 ...

  7. 弗拉特利定律:Illumina怎样缔造基因革命

    蕾妮·瓦林特(Renee Valint)的女儿谢尔碧(Shelby)在2000年出生时.看起来虚弱无力,就如同一仅仅耷拉着的布娃娃.谢尔碧学着走路和说话,但学得很慢.错过了儿童发展的重要阶段.到4岁时 ...

  8. Mule ESB-3.Build a webservice proxy

    自从引入ESB后,系统之间不再直接依赖.我负责的这块,主要是解决Webservice的问题.使系统A不再直接依赖系统B的Webservice. 我们选择的产品是Mule ESB.所以自然要使用Mule ...

  9. 什么是URL?网址的组成

    欢迎加入前端交流群交流知识&&获取视频资料:749539640 和 Hypertext 以及 HTTP 一样,URL是Web中的一个核心概念.它是浏览器用来检索web上公布的任何资源的 ...

  10. tomcat 启动服务器日志小结

    1.tomcat 启动服务配置: 目前主要有  ①把编译好war或者项目直接扔到webapps 目录下, 启动bin目录下的startup.bat 即可   ②  在conf目录下 修改  serve ...