1、Ansible可以在同一时间对多个不同的的系统同时操作。主要得益于通过ansible的inventory来选择系统。默认路径在/etc/ansible/hosts.如果有不同的或者多个inventory文件,可以在 命令行使用-i设置文件。
这是一种可配置的库,在同一时间可以使用多个inventory文件,可以使来世不同格式的文件如YAML、ini、etc、动态inventory等,在版本2.4中引入,ansible有inventory 插件制作灵活的和可定制的插件。
2、主机和组
inventory文件可以有多种格式,取决于拥有的inventory插件。举个例子,对于/etc/ansible/hosts中是INI格式也是默认的格式,格式如下:
192.168.1.107
[webservers]
192.168.1.108
192.168.1.103
[dbservers]
192.168.1.109
中括号中的是组名,组名下的是主机,这个分类根据自己的实际情况来。
ymal格式:
all:
hosts:
192.168.1.107:
children:
webservers:
192.168.1.108:
192.168.1.103:
dbservers:
192.168.1.109:
all:
hosts:
192.168.1.107:40022
children:
webservers:
192.168.1.108:
192.168.1.103:
dbservers:
192.168.1.109:
官方的这句话没怎么理解:
如果有主机的SSH端口不是标准的22端口,可在主机名之后加上端口号,用冒号分隔.SSH 配置文件中列出的端口号不会在 paramiko 连接中使用,会在 openssh 连接中使用.
大概是说paramiko不会使用吧。
如果有一个静态IP地址,但是又无法被解析,但是又想设置别名,可以通过变量的方法实现:
fonzie ansible_port=40022 ansible_host=192.168.1.07
旧版中的变量中间有ssh,ansible_ssh_port
YMAL格式为:
all:
hosts:
fonzie:
ansible_host: 192.168.1.107
ansible_port: 40022
children:
webservers:
192.168.1.108:
192.168.1.103:
dbservers:
192.168.1.109:
[webservers]
web[01:50].example.com
这个区间是顾头又顾尾的,就是区间是多少,就在那里结束,这个和python中的列表切片还有区别的。
[webservers]
web[a:f].example.com
还可以设置很多其他参数
[targets]
localhost ansible_connection=local
other1.example.com ansible_connection=ssh ansible_user=mpdehaan
other2.example.com ansible_connection=ssh ansible_user=mdehaan
3、主机变量
分配变量是很容易做到的,这些变量可以在playbooks中使用
[fonzie]
192.168.1.108 http_port=80 maxRequestsPerChild=808
192.168.1.109 http_port=8080 maxRequestsPerChild=909
4、主变量
定义一个属于整个组的变量
[atlanta]
host1
host2
[atlanta:vars]
ntp_server=ntp.atlanta.example.com
proxy=proxy.atlanta.example.com
atlanta:
hosts:
hosts1:
hosts2:
vars:
ntp_server: ntp.atlanta.exmaple.com
proxy: proxy.atlanta.exmaple.com
组嵌套在ini中为:children,在yaml中为children:
[example]
hosts1
hosts2
[fonzie]
hosts2
hosts3
[southeast:children]
example
fonzie
[southeast:vars]
some_server=foo.southeast.example.com
halon_system_timeout=30
self_destruct_countdown=60
escape_pods=2
[usa:children]
southeast
northeast
southwest
northwest
all:
children:
usa:
children:
southeast:
children:
example:
hosts:
hosts1:
hosts2:
fonzie:
hosts:
hosts2:
hosts3:
vars:
some_server: foo.southeast.example.com
halon_system_timeout: 30
self_destruct_countdown: 60
escape_pods: 2
northeast:
northwest:
southwest
6、分文件定义Host和Group变量
这里没怎么理解,有兴趣的可以参考官方文档:http://docs.ansible.com/ansible/latest/intro_inventory.html
7、openssh变量
ansible_host
The name of the host to connect to, if different from the alias you wish to give to it.
ansible_port
The ssh port number, if not 22
ansible_user
The default ssh user name to use.
Specific to the SSH connection:
ansible_ssh_pass
The ssh password to use (never store this variable in plain text; always use a vault. See Variables and Vaults)
ansible_ssh_private_key_file
Private key file used by ssh. Useful if using multiple keys and you don’t want to use SSH agent.
ansible_ssh_common_args
This setting is always appended to the default command line for sftp, scp, and ssh. Useful to configure a ProxyCommand for a certain host (or group).
ansible_sftp_extra_args
This setting is always appended to the default sftp command line.
ansible_scp_extra_args
This setting is always appended to the default scp command line.
ansible_ssh_extra_args
This setting is always appended to the default ssh command line.
ansible_ssh_pipelining
Determines whether or not to use SSH pipelining. This can override the pipelining setting in ansible.cfg.
ansible_ssh_executable (added in version 2.2)
This setting overrides the default behavior to use the system ssh. This can override the ssh_executable setting in ansible.cfg.
Privilege escalation (see Ansible Privilege Escalation for further details):
ansible_become
Equivalent to ansible_sudo or ansible_su, allows to force privilege escalation
ansible_become_method
Allows to set privilege escalation method
ansible_become_user
Equivalent to ansible_sudo_user or ansible_su_user, allows to set the user you become through privilege escalation
ansible_become_pass
Equivalent to ansible_sudo_pass or ansible_su_pass, allows you to set the privilege escalation password (never store this variable in plain text; always use a vault. See Variables and Vaults)
ansible_become_exe
Equivalent to ansible_sudo_exe or ansible_su_exe, allows you to set the executable for the escalation method selected
ansible_become_flags
Equivalent to ansible_sudo_flags or ansible_su_flags, allows you to set the flags passed to the selected escalation method. This can be also set globally in ansible.cfg in the sudo_flags option
Remote host environment parameters:
ansible_shell_type
The shell type of the target system. You should not use this setting unless you have set the ansible_shell_executable to a non-Bourne (sh) compatible shell. By default commands are formatted using sh-style syntax. Setting this to csh or fish will cause commands executed on target systems to follow those shell’s syntax instead.
ansible_python_interpreter
The target host python path. This is useful for systems with more than one Python or not located at /usr/bin/python such as *BSD, or where /usr/bin/python is not a 2.X series Python. We do not use the /usr/bin/env mechanism as that requires the remote user’s path to be set right and also assumes the python executable is named python, where the executable might be named something like python2.6.
ansible_*_interpreter
Works for anything such as ruby or perl and works just like ansible_python_interpreter. This replaces shebang of modules which will run on that host.
New in version 2.1.
ansible_shell_executable
This sets the shell the ansible controller will use on the target machine, overrides executable in ansible.cfg which defaults to /bin/sh. You should really only change it if is not possible to use /bin/sh (i.e. /bin/sh is not installed on the target machine or cannot be run from sudo.).
8、非ssh连接的变量
local
This connector can be used to deploy the playbook to the control machine itself.
docker
This connector deploys the playbook directly into Docker containers using the local Docker client. The following parameters are processed by this connector:
true
the
become_user
will be used to operate within the container.
- name: create jenkins container
docker_container:
docker_host: myserver.net:4243
name: my_jenkins
image: jenkins
- name: add container to inventory
add_host:
name: my_jenkins
ansible_connection: docker
ansible_docker_extra_args: "--tlsverify --tlscacert=/path/to/ca.pem --tlscert=/path/to/client-cert.pem --tlskey=/path/to/client-key.pem -H=tcp://myserver.net:4243"
ansible_user: jenkins
changed_when: false
- name: create directory for ssh keys
delegate_to: my_jenkins
file:
path: "/var/jenkins_home/.ssh/jupiter"
state: directory
这次学习还有很多没有理解的,需要继续学习。