原文  http://dl528888.blog.51cto.com/2382721/1435415

我使用过puppet(地址是http://dl528888.blog.51cto.com/2382721/1040552)与salt(地址是http://dl528888.blog.51cto.com/2382721/1312503),但这2个软件都需要安装客户端,并且更新很快,每次更新都是令人蛋疼的事,尤其是salt,喜欢他的命令功能,但bug太多,不敢在公司线上使用,puppet虽然稳定,但弄命令执行的时候,需要mco配置,非常麻烦,我公司由于跟多家公司合作,很多业务没办法安装客户端,所以没办法使用puppet与salt(虽然salt有ssh,但不太好使),最后找到了ansible,他既有命令执行也有配置管理,关键开发它的语言是python,paramiko进行ssh连接,跟我之前开发的自动管理软件都是使用paramiko进行操作(http://dl528888.blog.51cto.com/2382721/1159510),不需要安装客户端,满足我的需求,下面给大家介绍一下我是如何使用的。

一、安装

1、安装第三方epel源

centos 5的epel

  1. rpm -ivh http://mirrors.sohu.com/fedora-epel/5/x86_64/epel-release-5-4.noarch.rpm
  1. rpm -ivh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm
  1. 17:01:30 # cat /etc/issue
  2. CentOS release 6.5 (Final)
  3. Kernel \r on an \m

由于是6版本所以安装6的epel

  1. yum install ansible

如果需要自定义module或者想阅读源码、使用最新版本,可以去github里下载源码

  1. git clone https://github.com/ansible/ansible.git
  1. 17:22:08 # cd /etc/ansible/
  2. root@ip-10-10-10-10:/etc/ansible
  3. 17:23:27 # ll
  4. total 12
  5. -rw-r--r-- 1 root root 5113 Dec 29 03:00 ansible.cfg
  6. -rw-r--r-- 1 root root 965 Dec 29 03:00 hosts
  7. 其中ansible.cfg是配置文件,hosts是管理主机信息
  8. 17:24:44 # cat hosts
  9. 172.17.0.2:49154
  10. 172.17.0.4:49155
  11. [zabbix]
  12. 172.17.0.2:49154
  13. 172.17.0.4:49155
  14. [vpn]
  15. 172.17.0.10
  1. 16:20:57 # ansible 127* -m ping
  2. SSH password:
  3. 127.0.0.1 | success >> {
  4. "changed": false,
  5. "ping": "pong"
  6. }
  7.  
  8. root@ip-10-10-10-10:/etc/ansible
  9. 16:21:05 # ansible 172* -m ping
  10. SSH password:
  11. 172.17.0.5 | success >> {
  12. "changed": false,
  13. "ping": "pong"
  14. }
  15.  
  16. 172.17.0.4 | success >> {
  17. "changed": false,
  18. "ping": "pong"
  19. }
  20.  
  21. 172.17.0.2 | success >> {
  22. "changed": false,
  23. "ping": "pong"
  24. }

如果你有多台服务器的话,想并发运行,可以使用-f参数,默认是并发5

  1. 11:30:35 # ansible vpn -m shell -a "echo $TERM" -u test --private-key=denglei -K
  2. SSH password:
  3. sudo password [defaults to SSH password]:
  4. 172.17.0.10 | success | rc=0 >>
  5. xterm
  1. 11:30:44 # ansible vpn -m copy -a "src=/tmp/server dest=/tmp/server" -u test --private-key=denglei -K
  2. SSH password:
  3. sudo password [defaults to SSH password]:
  4. 172.17.0.10 | success >> {
  5. "changed": true,
  6. "dest": "/tmp/server",
  7. "gid": 505,
  8. "group": "test",
  9. "md5sum": "e8b32bc4d7b564ac6075a1418ad8841e",
  10. "mode": "0664",
  11. "owner": "test",
  12. "size": 7,
  13. "src": "/home/test/.ansible/tmp/ansible-1402630447.45-253524136818424/source",
  14. "state": "file",
  15. "uid": 503
  16. }

去客户端查看文件是否传输过来

  1. 11:34:57 # ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=denglei -K
  2. SSH password:
  3. sudo password [defaults to SSH password]:
  4. 172.17.0.10 | success | rc=0 >>
  5. total 76
  6. -rw-r--r-- 1 root root 41692 May 21 13:02 config
  7. -rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh
  8. -rw-rw-r-- 1 test test 7 Jun 13 19:33 server
  9. -rw-r--r-- 1 root root 82 Jun 12 18:21 test.log
  10. -rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh
  11. -rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh
  12. -rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
  13. -rw-rw-r-- 1 zabbix zabbix 3124 Jun 12 21:32 zabbix_agentd.log
  14. -rw-rw-r-- 1 zabbix zabbix 5 Jun 12 21:32 zabbix_agentd.pid
  1. 11:35:09 # ansible vpn -m shell -a "cat /tmp/server" -u test --private-key=denglei -K
  2. SSH password:
  3. sudo password [defaults to SSH password]:
  4. 172.17.0.10 | success | rc=0 >>
  5. server

还有另外一个模块file,可以修改用户与权限

  1. 13:50:07 # ansible vpn -m shell -a "ls -l /tmp/server" -u test --private-key=denglei -K
  2. SSH password:
  3. sudo password [defaults to SSH password]:
  4. 172.17.0.10 | success | rc=0 >>
  5. -rw-rw-r-- 1 test test 7 Jun 13 19:33 /tmp/server

server文件是664权限,用户与组都是test

  1. 13:51:17 # ansible vpn -m file -a "dest=/tmp/server mode=755 owner=root group=root" -u test --private-key=denglei -K
  2. SSH password:
  3. sudo password [defaults to SSH password]:
  4. 172.17.0.10 | success >> {
  5. "changed": true,
  6. "gid": 0,
  7. "group": "root",
  8. "mode": "0755",
  9. "owner": "root",
  10. "path": "/tmp/server",
  11. "size": 7,
  12. "state": "file",
  13. "uid": 0
  14. }
  15.  
  16. root@ip-10-10-10-10:/etc/ansible
  17. 13:51:31 # ansible vpn -m shell -a "ls -l /tmp/server" -u test --private-key=denglei -K
  18. SSH password:
  19. sudo password [defaults to SSH password]:
  20. 172.17.0.10 | success | rc=0 >>
  21. -rwxr-xr-x 1 root root 7 Jun 13 19:33 /tmp/server
  1. 14:20:30 # ansible vpn -m yum -a "name=nmap state=installed" -u test --private-key=denglei -K
  2. SSH password:
  3. sudo password [defaults to SSH password]:
  4. 172.17.0.10 | success >> {
  5. "changed": true,
  6. "msg": "",
  7. "rc": 0,
  8. "results": [
  9. "Loaded plugins: fastestmirror, security\nLoading mirror speeds from cached hostfile\n * epel: mirrors.hust.edu.cn\nSetting up Install Process\nResolving Dependencies\n--> Running transaction check\n---> Package nmap.x86_64 2:5.51-3.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n nmap x86_64 2:5.51-3.el6 Base 2.7 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\n\nTotal download size: 2.7 M\nInstalled size: 9.7 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : 2:nmap-5.51-3.el6.x86_64 1/1 \n\r Verifying : 2:nmap-5.51-3.el6.x86_64 1/1 \n\nInstalled:\n nmap.x86_64 2:5.51-3.el6 \n\nComplete!\n"
  10. ]
  11. }

三、playbook配置管理

A.进行一下shell模块操作,测试删除文件

先查看一下客户端的server-test是否存在

  1. [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/server-test" -u test --private-key=/root/denglei -k
  2. SSH password:
  3. 172.17.0.10 | success | rc=0 >>
  4. -rw-rw-r-- 1 test test 7 Jun 14 00:37 /tmp/server-test

然后写一个删除的playbook

  1. [root@puppet ansible]# cat test.yml
  2. ---
  3. - hosts: vpn
  4. remote_user: test
  5. tasks:
  6. - name: delete /tmp/server-test
  7. shell: rm -rf /tmp/server-test
  1. [root@puppet ansible]# ansible-playbook test.yml --private-key=/root/denglei -k
  2. [WARNING]: The version of gmp you have installed has a known issue regarding
  3. timing vulnerabilities when used with pycrypto. If possible, you should update
  4. it (ie. yum update gmp).
  5.  
  6. SSH password:
  7.  
  8. PLAY [vpn] ********************************************************************
  9.  
  10. GATHERING FACTS ***************************************************************
  11. ok: [172.17.0.10]
  12.  
  13. TASK: [delete /tmp/server-test] ***********************************************
  14. changed: [172.17.0.10]
  15.  
  16. PLAY RECAP ********************************************************************
  17. 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0
  1. [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/server-test" -u test --private-key=/root/denglei -k
  2. SSH password:
  3. 172.17.0.10 | FAILED | rc=2 >>
  4. ls: cannot access /tmp/server-test: No such file or directory

B.进行一下template模块操作,测试文件传输

  1. [root@puppet ansible]# cat copy.yml
  2. ---
  3. - hosts: vpn
  4. remote_user: test
  5. tasks:
  6. - name: copy local server to client /tmp/server-test
  7. template: src=/tmp/server dest=/tmp/server-test
  8. [root@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k
  9. [WARNING]: The version of gmp you have installed has a known issue regarding
  10. timing vulnerabilities when used with pycrypto. If possible, you should update
  11. it (ie. yum update gmp).
  12.  
  13. SSH password:
  14.  
  15. PLAY [vpn] ********************************************************************
  16.  
  17. GATHERING FACTS ***************************************************************
  18. ok: [172.17.0.10]
  19.  
  20. TASK: [copy local server to client /tmp/server-test] **************************
  21. changed: [172.17.0.10]
  22.  
  23. PLAY RECAP ********************************************************************
  24. 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0
  25.  
  26. [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/server-test" -u test --private-key=/root/denglei -k
  27. SSH password:
  28. 172.17.0.10 | success | rc=0 >>
  29. -rw-rw-r-- 1 test test 7 Jun 14 17:07 /tmp/server-test

C.使用service模块,测试一下服务重启

  1. [root@puppet ansible]# ansible vpn -m shell -a "/etc/init.d/pptpd stop" -u test --private-key=/root/denglei -k -K -s
  2. SSH password:
  3. sudo password [defaults to SSH password]:
  4. 172.17.0.10 | success | rc=0 >>
  5. Shutting down pptpd: [ OK ]
  6. [root@puppet ansible]# ansible vpn -m shell -a "/etc/init.d/pptpd stop" -u test --private-key=/root/denglei -k -K -s
  7. SSH password:
  8. sudo password [defaults to SSH password]:
  9. 172.17.0.10 | success | rc=0 >>
  10. Shutting down pptpd: [ OK ]
  1. [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
  2. SSH password:
  3. 172.17.0.10 | success | rc=0 >>
  4. total 84
  5. -rw-r--r-- 1 root root 41692 May 21 13:02 config
  6. -rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh
  7. -rwxr-xr-x 1 root root 7 Jun 13 19:33 server
  8. -rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test
  9. -rw-r--r-- 1 root root 82 Jun 12 18:21 test.log
  10. -rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh
  11. -rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh
  12. -rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
  13. -rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
  14. -rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
  15.  
  16. [root@puppet ansible]# vim multi_copy.yml
  17. [root@puppet ansible]# cat multi_copy.yml
  18. ---
  19. - hosts: vpn
  20. remote_user: test
  21. gather_facts: False
  22. tasks:
  23. - name: copy local server to client /tmp/server-test
  24. template: src=/tmp/server dest=/tmp/test-{{item}}
  25. with_items:
  26. - server-1
  27. - server-2
  28. - server-3
  29. [root@puppet ansible]# ansible-playbook multi_copy.yml --private-key=/root/denglei -k
  30. [WARNING]: The version of gmp you have installed has a known issue regarding
  31. timing vulnerabilities when used with pycrypto. If possible, you should update
  32. it (ie. yum update gmp).
  33.  
  34. SSH password:
  35.  
  36. PLAY [vpn] ********************************************************************
  37.  
  38. TASK: [copy local server to client /tmp/server-test] **************************
  39. changed: [172.17.0.10] => (item=server-1)
  40. changed: [172.17.0.10] => (item=server-2)
  41. changed: [172.17.0.10] => (item=server-3)
  42.  
  43. PLAY RECAP ********************************************************************
  44. 172.17.0.10 : ok=1 changed=1 unreachable=0 failed=0
  45.  
  46. [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
  47. SSH password:
  48. 172.17.0.10 | success | rc=0 >>
  49. total 96
  50. -rw-r--r-- 1 root root 41692 May 21 13:02 config
  51. -rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh
  52. -rwxr-xr-x 1 root root 7 Jun 13 19:33 server
  53. -rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test
  54. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-1
  55. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2
  56. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3
  57. -rw-r--r-- 1 root root 82 Jun 12 18:21 test.log
  58. -rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh
  59. -rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh
  60. -rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
  61. -rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
  62. -rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
  1. [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
  2. SSH password:
  3. 172.17.0.10 | success | rc=0 >>
  4. total 96
  5. -rw-r--r-- 1 root root 41692 May 21 13:02 config
  6. -rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh
  7. -rwxr-xr-x 1 root root 7 Jun 13 19:33 server
  8. -rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test
  9. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-1
  10. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2
  11. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3
  12. -rw-r--r-- 1 root root 82 Jun 12 18:21 test.log
  13. -rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh
  14. -rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh
  15. -rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
  16. -rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
  17. -rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
  18.  
  19. [root@puppet ansible]# cat delete.yml
  20. ---
  21. - hosts: vpn
  22. remote_user: test
  23. gather_facts: True
  24. tasks:
  25. - name: if system is centos,then rm /tmp/test-server-1
  26. shell: rm -rf /tmp/test-server-1
  27. when: ansible_os_family == "RedHat"
  28.  
  29. [root@puppet ansible]# ansible-playbook delete.yml --private-key=/root/denglei -k
  30. [WARNING]: The version of gmp you have installed has a known issue regarding
  31. timing vulnerabilities when used with pycrypto. If possible, you should update
  32. it (ie. yum update gmp).
  33.  
  34. SSH password:
  35.  
  36. PLAY [vpn] ********************************************************************
  37.  
  38. GATHERING FACTS ***************************************************************
  39. ok: [172.17.0.10]
  40.  
  41. TASK: [if system is centos,then rm /tmp/test-server-1] ************************
  42. changed: [172.17.0.10]
  43.  
  44. PLAY RECAP ********************************************************************
  45. 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0
  46.  
  47. [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
  48. SSH password:
  49. 172.17.0.10 | success | rc=0 >>
  50. total 92
  51. -rw-r--r-- 1 root root 41692 May 21 13:02 config
  52. -rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh
  53. -rwxr-xr-x 1 root root 7 Jun 13 19:33 server
  54. -rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test
  55. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2
  56. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3
  57. -rw-r--r-- 1 root root 82 Jun 12 18:21 test.log
  58. -rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh
  59. -rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh
  60. -rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
  61. -rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
  62. -rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid

F.debug输出

  1. [root@puppet ansible]# cat debug.yml
  2. ---
  3. - hosts: vpn
  4. remote_user: test
  5. gather_facts: True
  6. tasks:
  7. - name: debug to print interface
  8. debug: msg="{{item}}"
  9. with_items: ansible_default_ipv4.address
  10. [root@puppet ansible]# ansible-playbook debug.yml --private-key=/root/denglei -k
  11. [WARNING]: The version of gmp you have installed has a known issue regarding
  12. timing vulnerabilities when used with pycrypto. If possible, you should update
  13. it (ie. yum update gmp).
  14.  
  15. SSH password:
  16.  
  17. PLAY [vpn] ********************************************************************
  18.  
  19. GATHERING FACTS ***************************************************************
  20. ok: [172.17.0.10]
  21.  
  22. TASK: [debug to print interface] **********************************************
  23. ok: [172.17.0.10] => (item=10.10.32.34) => {
  24. "item": "10.10.32.34",
  25. "msg": "10.10.32.34"
  26. }

G.check模式,仅检测,但不实行

  1. [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
  2. SSH password:
  3. 172.17.0.10 | success | rc=0 >>
  4. total 92
  5. -rw-r--r-- 1 root root 41692 May 21 13:02 config
  6. -rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh
  7. -rwxr-xr-x 1 root root 7 Jun 13 19:33 server
  8. -rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test
  9. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2
  10. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3
  11. -rw-r--r-- 1 root root 82 Jun 12 18:21 test.log
  12. -rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh
  13. -rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh
  14. -rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
  15. -rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
  16. -rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
  17.  
  18. [root@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k --check
  19. [WARNING]: The version of gmp you have installed has a known issue regarding
  20. timing vulnerabilities when used with pycrypto. If possible, you should update
  21. it (ie. yum update gmp).
  22.  
  23. SSH password:
  24.  
  25. PLAY [vpn] ********************************************************************
  26.  
  27. GATHERING FACTS ***************************************************************
  28. ok: [172.17.0.10]
  29.  
  30. TASK: [copy local server to client /tmp/server-test] **************************
  31. changed: [172.17.0.10] => (item=server-1)
  32. ok: [172.17.0.10] => (item=server-2)
  33. ok: [172.17.0.10] => (item=server-3)
  34.  
  35. PLAY RECAP ********************************************************************
  36. 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0
  37.  
  38. PLAY RECAP ********************************************************************
  39. 172.17.0.10 : ok=2 changed=0 unreachable=0 failed=0

使用diff与不使用作对比

  1. [root@puppet ansible]# ansible vpn -m shell -a "rm -rf /tmp/test-server-1" -u test --private-key=/root/denglei -k
  2. SSH password:
  3. 172.17.0.10 | success | rc=0 >>
  4.  
  5. [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
  6. SSH password:
  7. 172.17.0.10 | success | rc=0 >>
  8. total 92
  9. -rw-r--r-- 1 root root 41692 May 21 13:02 config
  10. -rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh
  11. -rwxr-xr-x 1 root root 7 Jun 13 19:33 server
  12. -rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test
  13. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2
  14. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3
  15. -rw-r--r-- 1 root root 82 Jun 12 18:21 test.log
  16. -rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh
  17. -rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh
  18. -rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
  19. -rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
  20. -rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
  21.  
  22. [root@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k --diff
  23. [WARNING]: The version of gmp you have installed has a known issue regarding
  24. timing vulnerabilities when used with pycrypto. If possible, you should update
  25. it (ie. yum update gmp).
  26.  
  27. SSH password:
  28.  
  29. PLAY [vpn] ********************************************************************
  30.  
  31. GATHERING FACTS ***************************************************************
  32.  
  33. ok: [172.17.0.10]
  34.  
  35. TASK: [copy local server to client /tmp/server-test] **************************
  36. --- before
  37. +++ after
  38. @@ -1,0 +1,1 @@
  39. +server
  40.  
  41. changed: [172.17.0.10] => (item=server-1)
  42.  
  43. ok: [172.17.0.10] => (item=server-2)
  44.  
  45. ok: [172.17.0.10] => (item=server-3)
  46.  
  47. PLAY RECAP ********************************************************************
  48. 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0

类似puppet的fact、salt的grains

  1. [root@puppet ansible]# ansible vpn -m setup -u test --private-key=/root/denglei -k
  2. SSH password:
  3. 172.17.0.10 | success >> {
  4. "ansible_facts": {
  5. "ansible_all_ipv4_addresses": [
  6. "10.10.32.34",
  7. "10.10.32.34"
  8. ],
  9. "ansible_all_ipv6_addresses": [
  10. "fe80::f816:3eff:fe3e:1667"
  11. ],
  12. "ansible_architecture": "x86_64",
  13. "ansible_bios_date": "01/01/2007",
  14. "ansible_bios_version": "Bochs",
  15. "ansible_cmdline": {
  16. "KEYBOARDTYPE": "pc",
  17. "KEYTABLE": "us",
  18. "LANG": "zh_CN.UTF-8",
  19. "quiet": true,
  20. "rd_NO_DM": true,
  21. "rd_NO_LUKS": true,
  22. "rd_NO_LVM": true,
  23. "rd_NO_MD": true,
  24. "rhgb": true,
  25. "ro": true,
  26. "root": "UUID=c6042d42-8edb-4bb4-a31b-2197b043500c"
  27. },

数据太多,我就展示部分。

10、优化ansible-playbook运行时间

默认playbook是进行客户端fact搜集,一般如果你配置里没有使用fact的话,可以关闭这样就能减少运行时间

  1. [root@puppet ansible]# cat shell.yml
  2. ---
  3. - hosts: vpn
  4. remote_user: test
  5. # gather_facts: False
  6. tasks:
  7. - name: echo hi
  8. shell: echo "hi"
  9. [root@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k
  10. [WARNING]: The version of gmp you have installed has a known issue regarding
  11. timing vulnerabilities when used with pycrypto. If possible, you should update
  12. it (ie. yum update gmp).
  13.  
  14. SSH password:
  15.  
  16. PLAY [vpn] ********************************************************************
  17.  
  18. GATHERING FACTS ***************************************************************
  19. ok: [172.17.0.10]
  20.  
  21. TASK: [echo hi] ***************************************************************
  22. changed: [172.17.0.10]
  23.  
  24. PLAY RECAP ********************************************************************
  25. 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0
  26.  
  27. real 0m8.396s
  28. user 0m0.796s
  29. sys 0m0.158s
  30. [root@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k
  31. [WARNING]: The version of gmp you have installed has a known issue regarding
  32. timing vulnerabilities when used with pycrypto. If possible, you should update
  33. it (ie. yum update gmp).
  34.  
  35. SSH password:
  36.  
  37. PLAY [vpn] ********************************************************************
  38.  
  39. GATHERING FACTS ***************************************************************
  40. ok: [172.17.0.10]
  41.  
  42. TASK: [echo hi] ***************************************************************
  43. changed: [172.17.0.10]
  44.  
  45. PLAY RECAP ********************************************************************
  46. 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0
  47.  
  48. real 0m3.309s
  49. user 0m0.724s
  50. sys 0m0.108s
  51. [root@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k
  52. [WARNING]: The version of gmp you have installed has a known issue regarding
  53. timing vulnerabilities when used with pycrypto. If possible, you should update
  54. it (ie. yum update gmp).
  55.  
  56. SSH password:
  57.  
  58. PLAY [vpn] ********************************************************************
  59.  
  60. GATHERING FACTS ***************************************************************
  61. ok: [172.17.0.10]
  62.  
  63. TASK: [echo hi] ***************************************************************
  64. changed: [172.17.0.10]
  65.  
  66. PLAY RECAP ********************************************************************
  67. 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0
  68.  
  69. real 0m3.409s
  70. user 0m0.716s
  71. sys 0m0.099s

可以看到第一次8s,后2次都是3s

下面是优化后(未使用fact)

  1. [root@puppet ansible]# cat shell.yml
  2. ---
  3. - hosts: vpn
  4. remote_user: test
  5. gather_facts: False
  6. tasks:
  7. - name: echo hi
  8. shell: echo "hi"
  9. [root@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k
  10. [WARNING]: The version of gmp you have installed has a known issue regarding
  11. timing vulnerabilities when used with pycrypto. If possible, you should update
  12. it (ie. yum update gmp).
  13.  
  14. SSH password:
  15.  
  16. PLAY [vpn] ********************************************************************
  17.  
  18. TASK: [echo hi] ***************************************************************
  19. changed: [172.17.0.10]
  20.  
  21. PLAY RECAP ********************************************************************
  22. 172.17.0.10 : ok=1 changed=1 unreachable=0 failed=0
  23.  
  24. real 0m2.758s
  25. user 0m0.585s
  26. sys 0m0.096s
  27. [root@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k
  28. [WARNING]: The version of gmp you have installed has a known issue regarding
  29. timing vulnerabilities when used with pycrypto. If possible, you should update
  30. it (ie. yum update gmp).
  31.  
  32. SSH password:
  33.  
  34. PLAY [vpn] ********************************************************************
  35.  
  36. TASK: [echo hi] ***************************************************************
  37. changed: [172.17.0.10]
  38.  
  39. PLAY RECAP ********************************************************************
  40. 172.17.0.10 : ok=1 changed=1 unreachable=0 failed=0
  41.  
  42. real 0m2.359s
  43. user 0m0.565s
  44. sys 0m0.077s

默认的模块放到/usr/share/ansible

在这个目录创建一个目录hostname,然后把下面文件放到此目录

  1. 15:03:26 # cat /usr/share/ansible/hostname/hostname
  2. #!/bin/bash
  3. #This script is modify system hostname
  4. set -e
  5. # This is potentially dangerous
  6. source ${1}
  7. OLDHOSTNAME="$(hostname)"
  8. CHANGED="False"
  9. if [ ! -z "$hostname" -a "${hostname}x" != "${OLDHOSTNAME}x" ];
  10. then
  11. hostname $hostname
  12. OLDHOSTNAME="$hostname"
  13. CHANGED="True"
  14. fi
  15. echo "hostname=${OLDHOSTNAME} changed=${CHANGED}"
  16. exit 0

查看一下vpn的当前hostname

  1. 15:03:29 # ansible vpn -m shell -a "hostname" -u test --private-key=denglei -k
  2. SSH password:
  3. 172.17.0.10 | success | rc=0 >>
  4. ip-10-10-32-34
  1. 15:04:14 # cat /etc/ansible/hostname.yml
  2. - name: Test the hostname file
  3. hosts: vpn
  4. tasks:
  5. - name: Set the hostname
  6. hostname: hostname=ip-10-10-32-34
  1. 15:04:37 # ansible-playbook hostname.yml -u test --private-key=denglei -M /usr/share/ansible/hostname -k
  2. SSH password:
  3.  
  4. PLAY [Test the hostname file] *************************************************
  5.  
  6. GATHERING FACTS ***************************************************************
  7. ok: [172.17.0.10]
  8.  
  9. TASK: [Set the hostname] ******************************************************
  10. ok: [172.17.0.10]
  11.  
  12. PLAY RECAP ********************************************************************
  13. 172.17.0.10 : ok=2 changed=0 unreachable=0 failed=0

然后修改一下hostname.yml的主机名

  1. 16:20:00 # cat hostname.yml
  2. - name: Test the hostname file
  3. hosts: vpn
  4. tasks:
  5. - name: Set the hostname
  6. hostname: hostname=ip-10-10-32-34-test
  1. 16:26:46 # ansible-playbook hostname.yml -u test --private-key=denglei -M /usr/share/ansible/hostname -k -K -s
  2. SSH password:
  3. sudo password [defaults to SSH password]:
  4.  
  5. PLAY [Test the hostname file] *************************************************
  6.  
  7. GATHERING FACTS ***************************************************************
  8. ok: [172.17.0.10]
  9.  
  10. TASK: [Set the hostname] ******************************************************
  11. changed: [172.17.0.10]
  12.  
  13. PLAY RECAP ********************************************************************
  14. 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0
  15.  
  16. root@ip-10-10-10-10:/etc/ansible
  17. 16:26:55 # ansible vpn -m shell -a "hostname" -u test --private-key=denglei -k
  18. SSH password:
  19. 172.17.0.10 | success | rc=0 >>
  20. ip-10-10-32-34-test

扩展var就是在playbook的yml里写入变量,在执行的时候制定变量从而执行,大大的提供了重复使用率

  1. [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
  2. SSH password:
  3. 172.17.0.10 | success | rc=0 >>
  4. total 96
  5. -rw-r--r-- 1 root root 41692 May 21 13:02 config
  6. -rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh
  7. -rwxr-xr-x 1 root root 7 Jun 13 19:33 server
  8. -rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test
  9. -rw-rw-r-- 1 test test 7 Jun 18 01:44 test-server-1
  10. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2
  11. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3
  12. -rw-r--r-- 1 root root 82 Jun 12 18:21 test.log
  13. -rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh
  14. -rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh
  15. -rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
  16. -rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
  17. -rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid

可以看到有test-server-1文件

在看看playbook文件内容

  1. [root@puppet ansible]# cat delete_vars.yml
  2. ---
  3. - hosts: {{host}}
  4. remote_user: {{user}}
  5. gather_facts: {{gather}}
  6. tasks:
  7. - name: if system is centos,then rm /tmp/test-server-1
  8. shell: rm -rf /tmp/test-server-1
  9. when: ansible_os_family == "RedHat"

执行前先检测一下语法是否有问题,使用--synctax-check

  1. [root@puppet ansible]# ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=False" -k --syntax-check
  2. [WARNING]: The version of gmp you have installed has a known issue regarding
  3. timing vulnerabilities when used with pycrypto. If possible, you should update
  4. it (ie. yum update gmp).
  5.  
  6. ERROR: Syntax Error while loading YAML script, delete_vars.yml
  7. Note: The error may actually appear before this position: line 2, column 11
  8.  
  9. ---
  10. - hosts: {{host}}
  11. ^
  12. This one looks easy to fix. YAML thought it was looking for the start of a
  13. hash/dictionary and was confused to see a second "{". Most likely this was
  14. meant to be an ansible template evaluation instead, so we have to give the
  15. parser a small hint that we wanted a string instead. The solution here is to
  16. just quote the entire value.
  17.  
  18. For instance, if the original line was:
  19.  
  20. app_path: {{ base_path }}/foo
  21.  
  22. It should be written as:
  23.  
  24. app_path: "{{ base_path }}/foo"
  25.  
  26. We could be wrong, but this one looks like it might be an issue with
  27. missing quotes. Always quote template expression brackets when they
  28. start a value. For instance:
  29.  
  30. with_items:
  31. - {{ foo }}
  32.  
  33. Should be written as:
  34.  
  35. with_items:
  36. - "{{ foo }}"
  37.  
  38. This one looks easy to fix. YAML thought it was looking for the start of a
  39. hash/dictionary and was confused to see a second "{". Most likely this was
  40. meant to be an ansible template evaluation instead, so we have to give the
  41. parser a small hint that we wanted a string instead. The solution here is to
  42. just quote the entire value.
  43.  
  44. For instance, if the original line was:
  45.  
  46. app_path: {{ base_path }}/foo
  47.  
  48. It should be written as:
  49.  
  50. app_path: "{{ base_path }}/foo"

解决方法是把var的变量前后添加""或者''

  1. [root@puppet ansible]# cat delete_vars.yml
  2. ---
  3. - hosts: "{{host}}"
  4. remote_user: "{{user}}"
  5. gather_facts: "{{gather}}"
  6. tasks:
  7. - name: if system is centos,then rm /tmp/test-server-1
  8. shell: rm -rf /tmp/test-server-1
  9. when: ansible_os_family == "RedHat"
  1. [root@puppet ansible]# ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=False" -k --syntax-check
  2. [WARNING]: The version of gmp you have installed has a known issue regarding
  3. timing vulnerabilities when used with pycrypto. If possible, you should update
  4. it (ie. yum update gmp).
  5.  
  6. playbook: delete_vars.yml

没有问题了,在运行一下

  1. [root@puppet ansible]# ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=False" -k
  2. [WARNING]: The version of gmp you have installed has a known issue regarding
  3. timing vulnerabilities when used with pycrypto. If possible, you should update
  4. it (ie. yum update gmp).
  5.  
  6. SSH password:
  7.  
  8. PLAY [vpn] ********************************************************************
  9.  
  10. TASK: [if system is centos,then rm /tmp/test-server-1] ************************
  11. fatal: [172.17.0.10] => error while evaluating conditional: ansible_os_family == "RedHat"
  12.  
  13. FATAL: all hosts have already failed -- aborting
  14.  
  15. PLAY RECAP ********************************************************************
  16. to retry, use: --limit @/root/delete_vars.retry
  17.  
  18. 172.17.0.10 : ok=0 changed=0 unreachable=1 failed=0

无法运行,原因是我yml里制定了获取fact信息后,判断如果是redhat系列系统才删除,而我在运行的指定不收集fact,下面在指定收集fact

  1. [root@puppet ansible]# ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=True" -k
  2. [WARNING]: The version of gmp you have installed has a known issue regarding
  3. timing vulnerabilities when used with pycrypto. If possible, you should update
  4. it (ie. yum update gmp).
  5.  
  6. SSH password:
  7.  
  8. PLAY [vpn] ********************************************************************
  9.  
  10. GATHERING FACTS ***************************************************************
  11. ok: [172.17.0.10]
  12.  
  13. TASK: [if system is centos,then rm /tmp/test-server-1] ************************
  14. changed: [172.17.0.10]
  15.  
  16. PLAY RECAP ********************************************************************
  17. 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0
  1. [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
  2. SSH password:
  3. 172.17.0.10 | success | rc=0 >>
  4. total 92
  5. -rw-r--r-- 1 root root 41692 May 21 13:02 config
  6. -rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh
  7. -rwxr-xr-x 1 root root 7 Jun 13 19:33 server
  8. -rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test
  9. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2
  10. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3
  11. -rw-r--r-- 1 root root 82 Jun 12 18:21 test.log
  12. -rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh
  13. -rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh
  14. -rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
  15. -rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
  16. -rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid

13、tags

使用tag可以让playbook选择性的运行程序

  1. [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
  2. SSH password:
  3. 172.17.0.10 | success | rc=0 >>
  4. total 92
  5. -rw-r--r-- 1 root root 41692 May 21 13:02 config
  6. -rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh
  7. -rwxr-xr-x 1 root root 7 Jun 13 19:33 server
  8. -rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test
  9. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2
  10. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3
  11. -rw-r--r-- 1 root root 82 Jun 12 18:21 test.log
  12. -rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh
  13. -rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh
  14. -rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
  15. -rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
  16. -rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
  1. [root@puppet ansible]# cat delete_vars_tags.yml
  2. ---
  3. - hosts: "{{host}}"
  4. remote_user: "{{user}}"
  5. gather_facts: "{{gather}}"
  6. tasks:
  7. - name: if system is centos,then rm /tmp/test-server-1
  8. shell: rm -rf /tmp/test-server-1
  9. when: ansible_os_family == "RedHat"
  10. tags: server-1
  11. - name: if system is centos,then rm /tmp/test-server-2
  12. shell: rm -rf /tmp/test-server-2
  13. when: ansible_os_family == "RedHat"
  14. tags: server-2
  1. [root@puppet ansible]# ansible-playbook delete_vars_tags.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=True" --tags server-2 -k --syntax-check
  2. [WARNING]: The version of gmp you have installed has a known issue regarding
  3. timing vulnerabilities when used with pycrypto. If possible, you should update
  4. it (ie. yum update gmp).
  5.  
  6. playbook: delete_vars_tags.yml
  1. [root@puppet ansible]# ansible-playbook delete_vars_tags.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=True" --tags server-2 -k
  2. [WARNING]: The version of gmp you have installed has a known issue regarding
  3. timing vulnerabilities when used with pycrypto. If possible, you should update
  4. it (ie. yum update gmp).
  5.  
  6. SSH password:
  7.  
  8. PLAY [vpn] ********************************************************************
  9.  
  10. GATHERING FACTS ***************************************************************
  11. ok: [172.17.0.10]
  12.  
  13. TASK: [if system is centos,then rm /tmp/test-server-2] ************************
  14. changed: [172.17.0.10]
  15.  
  16. PLAY RECAP ********************************************************************
  17. 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0

查看一下客户端的文件情况

  1. [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
  2. SSH password:
  3. 172.17.0.10 | success | rc=0 >>
  4. total 88
  5. -rw-r--r-- 1 root root 41692 May 21 13:02 config
  6. -rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh
  7. -rwxr-xr-x 1 root root 7 Jun 13 19:33 server
  8. -rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test
  9. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3
  10. -rw-r--r-- 1 root root 82 Jun 12 18:21 test.log
  11. -rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh
  12. -rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh
  13. -rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
  14. -rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
  15. -rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid

从上面测试可以看到,如果playbook使用了tag,并且在运行中指定tag,那么运行的时候仅允许此tag的信息

下面是测试运行时候不带tag的情况

  1. [root@puppet ansible]# cat copy.yml
  2. ---
  3. - hosts: vpn
  4. remote_user: test
  5. tasks:
  6. - name: copy local server to client /tmp/server-test
  7. template: src=/tmp/server dest=/tmp/test-{{item}}
  8. with_items:
  9. - server-1
  10. - server-2
  11. - server-3
  12. [root@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k
  13. [WARNING]: The version of gmp you have installed has a known issue regarding
  14. timing vulnerabilities when used with pycrypto. If possible, you should update
  15. it (ie. yum update gmp).
  16.  
  17. SSH password:
  18.  
  19. PLAY [vpn] ********************************************************************
  20.  
  21. GATHERING FACTS ***************************************************************
  22. ok: [172.17.0.10]
  23.  
  24. TASK: [copy local server to client /tmp/server-test] **************************
  25. changed: [172.17.0.10] => (item=server-1)
  26. changed: [172.17.0.10] => (item=server-2)
  27. ok: [172.17.0.10] => (item=server-3)
  28.  
  29. PLAY RECAP ********************************************************************
  30. 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0
  31.  
  32. [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
  33. SSH password:
  34. 172.17.0.10 | success | rc=0 >>
  35. total 96
  36. -rw-r--r-- 1 root root 41692 May 21 13:02 config
  37. -rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh
  38. -rwxr-xr-x 1 root root 7 Jun 13 19:33 server
  39. -rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test
  40. -rw-rw-r-- 1 test test 7 Jun 19 19:02 test-server-1
  41. -rw-rw-r-- 1 test test 7 Jun 19 19:02 test-server-2
  42. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3
  43. -rw-r--r-- 1 root root 82 Jun 12 18:21 test.log
  44. -rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh
  45. -rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh
  46. -rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
  47. -rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
  48. -rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
  1. [root@puppet ansible]# ansible-playbook delete_vars_tags.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=True" -k
  2. [WARNING]: The version of gmp you have installed has a known issue regarding
  3. timing vulnerabilities when used with pycrypto. If possible, you should update
  4. it (ie. yum update gmp).
  5.  
  6. SSH password:
  7.  
  8. PLAY [vpn] ********************************************************************
  9.  
  10. GATHERING FACTS ***************************************************************
  11. ok: [172.17.0.10]
  12.  
  13. TASK: [if system is centos,then rm /tmp/test-server-1] ************************
  14. changed: [172.17.0.10]
  15.  
  16. TASK: [if system is centos,then rm /tmp/test-server-2] ************************
  17. changed: [172.17.0.10]
  18.  
  19. PLAY RECAP ********************************************************************
  20. 172.17.0.10 : ok=3 changed=2 unreachable=0 failed=0
  21.  
  22. [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
  23. SSH password:
  24. 172.17.0.10 | success | rc=0 >>
  25. total 88
  26. -rw-r--r-- 1 root root 41692 May 21 13:02 config
  27. -rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh
  28. -rwxr-xr-x 1 root root 7 Jun 13 19:33 server
  29. -rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test
  30. -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3
  31. -rw-r--r-- 1 root root 82 Jun 12 18:21 test.log
  32. -rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh
  33. -rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh
  34. -rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
  35. -rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
  36. -rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid

可以看到如果不知道tag,那么运行的时候,会全部运行。

FAQ:

1、出现Error: ansible requires a json module, none found!

  1. SSH password:
  2. 172.17.0.4 | FAILED >> {
  3. "failed": true,
  4. "msg": "Error: ansible requires a json module, none found!",
  5. "parsed": false
  6. }

原因是python版本过低,要不升级python要不就安装python-simplejson,下面是官方的话

  1. On the managed nodes, you only need Python 2.4 or later, but if you are running less than Python 2.5 on the remotes, you will also need:
  1. SSH password:
  2. 172.17.0.4 | success >> {
  3. "changed": false,
  4. "ping": "pong"
  5. }

2、默认ansible是使用key验证的,如果使用密码登陆的服务器,使用ansible的话,要不修改ansible.cfg配置文件的ask_pass      = True给取消注释,要不就在运行命令时候加上-k,这个意思是-k, --ask-pass        ask for SSH password

3、如果客户端不在know_hosts里将会报错

  1. paramiko: The authenticity of host '172.17.0.5' can't be established.
  2. The ssh-rsa key fingerprint is 397c139fd4b0d763fcffaee346a4bf6b.
  3. Are you sure you want to continue connecting (yes/no)?

如果想解决此问题,需要修改ansible.cfg的#host_key_checking = False取消注释

4、如果出现

  1. [root@puppet ansible]# ansible zabbix -m shell -a "echo $TERM" -u denglei --private-key=/root/denglei
  2. 172.17.0.2 | FAILED => FAILED: not a valid DSA private key file
  3. 172.17.0.4 | FAILED => FAILED: not a valid DSA private key file

需要你在最后添加参数-k

  1. [root@puppet ansible]# ansible zabbix -m shell -a "echo $TERM" -u denglei --private-key=/root/denglei -k
  2. SSH password:
  3. 172.17.0.2 | success | rc=0 >>
  4. xterm
  5.  
  6. 172.17.0.4 | success | rc=0 >>
  7. xterm

运维自动化之ansible的安装与使用(包括模块与playbook使用)(转发)的更多相关文章

  1. 运维自动化之ansible的安装与使用 转

    运维自动化之ansible的安装与使用 随着服务器数量的增长,我们需要一个批量工具去提高工作效率,之前用的是puppet,ansible的简单,适用让我眼前一亮,决定写一篇ansible从安装到基本配 ...

  2. 运维自动化神器ansible之user模块

    运维自动化神器ansible之user模块 一.概述   user模块 可管理远程主机上的 用户,比如创建用户.修改用户.删除用户.为用户创建密钥对等操作. 二.参数介绍   name: 用于指定操作 ...

  3. 运维自动化工具ansible

    企业级自动化运维工具应用实战ansible 公司计划在年底做一次大型市场促销活动,全面冲刺下交易额,为明年的上市做准备.公司要求各业务组对年底大促做准备,运维部要求所有业务容量进行三倍的扩容,并搭建出 ...

  4. 运维自动化之ansible

    Ansible简介 Ansible是一个简单的自动化运维管理工具,基于Python语言实现,由Paramiko和PyYAML两个关键模块构建,可用于自动化部署应用.配置.编排task(持续交付.无宕机 ...

  5. 运维自动化神器ansible之group模块

    ansible之group模块 group模块是用来添加或者删除组 首先使用ansible-doc来查看用法 [root@note0 ansible]# ansible-doc -s group - ...

  6. Ligg.WinOa-000: Windows运维自动化编程实战--前言

        本开源项目Ligg.WinOa是一个基于Ligg.EasyWinApp的Windows运维自动化应用.通过Ligg.EasyWinForm生成2个功能界面:管理员工具箱和用户工具箱:通过Lig ...

  7. 自动化运维工具之 Ansible 介绍及安装使用

    一.初识Ansible 介绍: Absible 使用 模块(Modules)来定义配置任务.模块可以用标准脚本语言(Python,Bash,Ruby,等等)编写,这是一个很好的做法,使每个模块幂等.A ...

  8. 自动化运维工具之ansible

    自动化运维工具之ansible   一,ansible简介 ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet.cfengine.chef.func.fab ...

  9. Ansible 运维自动化 ( 配置管理工具 )

    背景 出差背景,要搞项目的自动化部署.因为只直接对接生产分发,机器又非常多,这样以往使用的bat只能作为应急方案了,还是得考虑使用专业化的工具来做这个事情! 当下有许多的运维自动化工具( 配置管理 ) ...

随机推荐

  1. svn下目录说明

    Branch 目录 : 该SVN 的Branch目录下存放的是:跟工程项目相关的各个工程版本分支.该目录下面的版本分支可能会被修改合并.不是稳定的版本. Document 目录:该SVN 的Docum ...

  2. mkdir:批量创建文件夹

    问题:mkdir dir[0-9]创建文件夹时,并没有如预期创建dir0~dir9这几个文件夹,而是创建了dir[0-9]这一个文件夹. 网上看了些相关资料,发现以前对[0-9]的理解不够透彻: &q ...

  3. Sharepoint2013 中想要将网站另存为模板步骤

    Sharepoint2013 中想要将网站另存为模板步骤 第一步:使用SPD打开想要另存为模板的网站,找到网站选项: 第二步:点击打开网站选项,找到一个SaveSiteAsTemplateEnable ...

  4. C#之Textbox实现自动提示容、自动补齐内容

    今发现一个博文挺有意思,实现的功能很有意思但方法却很简单,特此转过来,以备以后查阅. 先上原博文地址:http://blog.csdn.net/testcs_dn/article/details/45 ...

  5. C#之键值对

    1.初始化一个键值对 //初始化定义一个键值对,注意最后的括号 Dictionary<int, string> dic = new Dictionary<int, string> ...

  6. centos7.0 安装LNMP运行环境

    LNMP作为php流行的运行环境,而最近需要搭建一个内部的php论坛.记录下LNMP的安装: 1.安装mysql 请参考:centos7 安装mysql5.7.11注意事项 2.安装php yum i ...

  7. Linux历史

    1.Linux是一套免费使用和自由传播的类Unix操作系统,是一个基于POSIX标准和UNIX的多用户.多任务.支持多线程和多CPU的操作系统.它能运行主要的UNIX工具软件.应用程序和网络协议.它支 ...

  8. Java for LeetCode 218 The Skyline Problem【HARD】

    A city's skyline is the outer contour of the silhouette formed by all the buildings in that city whe ...

  9. Python~if,while,for~顺序,判断,循环

    if A: for -in : while x: if A:elif:else:       不能直接用int进行迭代,而必须加个range.     range(len(L))     int ob ...

  10. 数据结构-链表实现删除全部特定元素x

    链表节点类定义: template <class T> class SingleList; template <class T> class Node { private: T ...