ansible命令介绍

一、ansible命令介绍

这里先来一个上经常用到的一个例子:

[root@361way ~]# ansible 10.212.52.252 -a 'uptime' -k
SSH password:
10.212.52.252 | success | rc=0 >>
10:10am  up 27 days 19:33,  2 users,  load average: 0.39, 0.34, 0.33

这条命令的执行需要按照一定格式进行执行:
Usage: ansible [options]
ansible 主机或组 -m 模块名 -a ‘模块参数’ ansible参数

  • 主机和组,是在/etc/ansible/hosts 里进行指定的部分
  • 模块名,可以通过ansible-doc -l 查看目前安装的模块,默认不指定时,使用的是command模块,具体可以查看/etc/ansible/ansible.cfg 的“#module_name = command ” 部分,默认模块可以在该配置文件中进行修改;
  • 模块参数,可以通过 “ansible-doc 模块名” 查看具体的用法及后面的参数;
  • ansible参数,可以通过ansible命令的帮忙信息里查看到,这里有很多参数可以供选择,如是否需要输入密码、是否sudo等。

1、参数介绍

其中options参数主要有:

参数 说明
-a ‘Arguments’, —args=’Arguments’ 命令行参数
-m NAME, —module-name=NAME 执行模块的名字,默认使用 command 模块,所以如果是只执行单一命令可以不用 -m参数
-i PATH, —inventory=PATH 指定库存主机文件的路径,默认为/etc/ansible/hosts.
-u Username, —user=Username 执行用户,使用这个远程用户名而不是当前用户
-U —sud-user=SUDO_User sudo到哪个用户,默认为 root
-k —ask-pass 登录密码,提示输入SSH密码而不是假设基于密钥的验证
-K —ask-sudo-pass 提示密码使用sudo
-s —sudo sudo运行
-S —su 用 su 命令
-l —list 显示所支持的所有模块
-s —snippet 指定模块显示剧本片段
-f —forks=NUM 并行任务数。NUM被指定为一个整数,默认是5。 #ansible testhosts -a “/sbin/reboot” -f 10 重启testhosts组的所有机器,每次重启10台
—private-key=PRIVATE_KEY_FILE 私钥路径,使用这个文件来验证连接
-v —verbose 详细信息
all 针对hosts 定义的所有主机执行
-M MODULE_PATH, —module-path=MODULE_PATH 要执行的模块的路径,默认为/usr/share/ansible/
—list-hosts 只打印有哪些主机会执行这个 playbook 文件,不是实际执行该 playbook 文件
-o —one-line 压缩输出,摘要输出.尝试一切都在一行上输出。
-t Directory, —tree=Directory 将内容保存在该输出目录,结果保存在一个文件中在每台主机上。
-B 后台运行超时时间
-P 调查后台程序时间
-T Seconds, —timeout=Seconds 时间,单位秒s
-P NUM, —poll=NUM 调查背景工作每隔数秒。需要- b
-c Connection, —connection=Connection 连接类型使用。可能的选项是paramiko(SSH),SSH和地方。当地主要是用于crontab或启动。
—tags=TAGS 只执行指定标签的任务 例子:ansible-playbook test.yml –tags=copy 只执行标签为copy的那个任务
—list-tasks 列出所有将被执行的任务
-C, —check 只是测试一下会改变什么内容,不会真正去执行;相反,试图预测一些可能发生的变化
—syntax-check 执行语法检查的剧本,但不执行它
-l SUBSET, —limit=SUBSET 进一步限制所选主机/组模式 –limit=192.168.0.15 只对这个ip执行
—skip-tags=SKIP_TAGS 只运行戏剧和任务不匹配这些值的标签 —skip-tags=copy_start
-e EXTRA_VARS, —extra-vars=EXTRA_VARS 额外的变量设置为键=值或YAML / JSON
-l —limit 对指定的 主机/组 执行任务 —limit=192.168.0.10,192.168.0.11 或 -l 192.168.0.10,192.168.0.11 只对这个2个ip执行任务

2、案例介绍:

当命令执行时间比较长时,也可以放到后台执行,这里会用到-B、-P参数,如下:
ansible all -B 3600 -a "/usr/bin/long_running_operation --do-stuff" \\后台执行命令 3600s,-B 表示后执行的时间
ansible all -m async_status -a "jid=123456789"  \\检查任务的状态
ansible all -B 1800 -P 60 -a "/usr/bin/long_running_operation --do-stuff" \\后台执行命令最大时间是 1800s 即 30 分钟,-P 每 60s 检查下状态默认 15s
示例如下:
[root@361way ~]# ansible 10.212.52.252 -B 3600 -P 0 -a 'watch ls'
background launch...
10.212.52.252 | success >> {
"ansible_job_id": "411650646689.13501",
"results_file": "/root/.ansible_async/411650646689.13501",
"started": 1
}
[root@361way ~]# ansible 10.212.52.252 -m async_status -a 'jid=411650646689.13501'
10.212.52.252 | success >> {
"ansible_job_id": "411650646689.13501",
"changed": false,
"finished": 0,
"results_file": "/root/.ansible_async/411650646689.13501",
"started": 1
}
不指定-P或-P参数为非0时,该任务就会按-P直接的参数一直刷新下去,直到超出-B参数指定的时间或命令执行完成:

[root@361way ~]# ansible 10.212.52.252 -B 3600  -a 'watch ls'
background launch...
10.212.52.252 | success >> {
"ansible_job_id": "397200656414.15008",
"results_file": "/root/.ansible_async/397200656414.15008",
"started": 1
}
10.212.52.252 | success >> {
"ansible_job_id": "397200656414.15008",
"changed": false,
"finished": 0,
"results_file": "/root/.ansible_async/397200656414.15008",
"started": 1
}
397200656414.15008> polling on 10.212.52.252, 3585s remaining
…………………………………………略

二、command模块

ansbile自身已经自带了很多模块,可以通过ansible-doc -l 进行查看。下面介绍command、shell、raw、script模块了解下其用法,这些模块都属于commands类。

  • command模块,该模块通过-a跟上要执行的命令可以直接执行,不过命令里如果有带有如下字符部分则执行不成功 “ so variables like $HOME and operations like “<”, “>”, “|”, and “&” will not work (use the shell module if you need these features).”;
  • shell 模块,用法其本和command一样,不过的是其是通过/bin/sh进行执行,所以shell 模块可以执行任何命令,就像在本机执行一样,“ It is almost exactly like the command module but runs the command through a shell (/bin/sh) on the remote node.”;
  • raw模块,用法和shell 模块一样 ,其也可以执行任意命令,就像在本机执行一样,“Executes a low-down and dirty SSH command, not going through the module subsystem. There is no change handler support for this module. This module does not require python on the remote system”
  • script模块,其是将管理端的shell 在被管理主机上执行,其原理是先将shell 复制到远程主机,再在远程主机上执行,原理类似于raw模块,“This module does not require python on the remote system, much like the raw module.” 。

注:raw模块和comand、shell 模块不同的是其没有chdir、creates、removes参数,chdir参数的作用就是先切到chdir指定的目录后,再执行后面的命令,这在后面很多模块里都会有该参数 。

command模块包含如下选项:

  • creates:一个文件名,当该文件存在,则该命令不执行
  • free_form:要执行的linux指令
  • chdir:在执行指令之前,先切换到该指定的目录
  • removes:一个文件名,当该文件不存在,则该选项不执行
  • executable:切换shell来执行指令,该执行路径必须是一个绝对路径

command模块、raw模块、shell模块示例:

[root@361way ~]# ansible 10.212.52.252 -m command -a 'ps auxf|grep snmp'
10.212.52.252 | FAILED | rc=1 >>
ERROR: Unsupported option (BSD syntax)
********* simple selection *********  ********* selection by list *********
-A all processes                      -C by command name
-N negate selection                   -G by real group ID (supports names)
-a all w/ tty except session leaders  -U by real user ID (supports names)
-d all except session leaders         -g by session OR by effective group name
-e all processes                      -p by process ID
T  all processes on this terminal     -s processes in the sessions given
a  all w/ tty, including other users  -t by tty
g  OBSOLETE -- DO NOT USE             -u by effective user ID (supports names)
r  only running processes             U  processes for specified users
x  processes w/o controlling ttys     t  by tty
*********** output format **********  *********** long options ***********
-o,o user-defined  -f full            --Group --User --pid --cols --ppid
-j,j job control   s  signal          --group --user --sid --rows --info
-O,O preloaded -o  v  virtual memory  --cumulative --format --deselect
-l,l long          u  user-oriented   --sort --tty --forest --version
-F   extra full    X  registers       --heading --no-heading --context
********* misc options *********
-V,V  show version      L  list format codes  f  ASCII art forest
-m,m,-L,-T,H  threads   S  children in sum    -y change -l format
-M,Z  security data     c  true command name  -c scheduling class
-w,w  wide output       n  numeric WCHAN,UID  -H process hierarchy
[root@361way ~]# ansible 10.212.52.252 -m raw -a 'ps auxf|grep snmp'
10.212.52.252 | success | rc=0 >>
root      5580 25.0  0.0  12876  1792 pts/2    Ss+  12:36   0:00      \_ bash -c ps auxf|grep snmp
root      5607  0.0  0.0   5720   832 pts/2    S+   12:36   0:00          \_ grep snmp
root     24364  0.0  0.0  70416  6696 ?        SNl  May15   0:22 /usr/sbin/snmpd -r -A -LF i /var/log/net-snmpd.log -p /var/run/snmpd.pid
[root@361way ~]# ansible 10.212.52.252 -m shell -a 'ps auxf|grep snmp'
10.212.52.252 | success | rc=0 >>
root      5803  0.0  0.0  11308  1308 pts/2    S+   12:36   0:00              \_ /bin/sh -c ps auxf|grep snmp
root      5805  0.0  0.0   4260   572 pts/2    S+   12:36   0:00                  \_ grep snmp
root     24364  0.0  0.0  70416  6696 ?        SNl  May15   0:22 /usr/sbin/snmpd -r -A -LF i /var/log/net-snmpd.log -p /var/run/snmpd.pid

上面的执行结果可以看到,我这里加了管道,command模块执行时出错,而使用raw模块和shell 模块都正常。

使用chdir的示例:

[root@361way ~]# ansible 10.212.52.252 -m command -a 'chdir=/tmp/361way touch test.file'
10.212.52.252 | success | rc=0 >>
[root@361way ~]# ansible 10.212.52.252 -m shell -a 'chdir=/tmp/361way touch test2.file'
10.212.52.252 | success | rc=0 >>
[root@361way ~]# ansible 10.212.52.252 -m raw -a 'chdir=/tmp/361way touch test3.file'
10.212.52.252 | success | rc=0 >>

从上面执行结果来看,三个命令都执行成功了。不过通过在远程主机上查看,前两个文件被成功创建:
linux-wdh1:/tmp/361way # ls /tmp/361way
test.file test2.file

使用raw模块的执行的结果文件也被正常创建了,不过不是在chdir 指定的目录,而是在当前执行用户的家目录。
linux-wdh1:~ # ls ~/test3.file
/root/test3.file

creates与removes示例:
这里我在测试主机上创建/tmp/361way/server.txt文件,执行结果如下:

[root@361way ~]# ansible 10.212.52.252 -a 'creates=/tmp/361way/server.txt uptime'
10.212.52.252 | success | rc=0 >>
skipped, since /tmp/361way/server.txt exists
[root@361way ~]# ansible 10.212.52.252 -a 'removes=/tmp/361way/server.txt uptime'
10.212.52.252 | success | rc=0 >>
15:11pm  up 28 days  0:34,  2 users,  load average: 0.75, 0.46, 0.39

script模块示例:

[root@361way ~]# cat script.sh
#!/bin/bash
df -hl
ifconfig
ps auxf|grep snmp
[root@361way ~]# ansible 10.212.52.252 -m script -a 'scrip.sh'
10.212.52.252 | FAILED => file or module does not exist: /root/scrip.sh
[root@361way ~]# ansible 10.212.52.252 -m script -a 'script.sh'
10.212.52.252 | success >> {
"changed": true,
"rc": 0,
"stderr": "OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\nControl socket connect(/root/.ansible/cp/ansible-ssh-10.212.52.252-22-root): Connection refused\r\ndebug1: Connecting to 10.212.52.252 [10.212.52.252] port 22.\r\ndebug1: fd 3 clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug1: permanently_set_uid: 0/0\r\ndebug1: identity file /root/.ssh/identity type -1\r\ndebug1: identity file /root/.ssh/identity-cert type -1\r\ndebug1: identity file /root/.ssh/id_rsa type -1\r\ndebug1: identity file /root/.ssh/id_rsa-cert type -1\r\ndebug1: identity file /root/.ssh/id_dsa type -1\r\ndebug1: identity file /root/.ssh/id_dsa-cert type -1\r\ndebug1: identity file /root/.ssh/id_ecdsa type -1\r\ndebug1: identity file /root/.ssh/id_ecdsa-cert type -1\r\ndebug1: Remote protocol version 2.0, remote software version OpenSSH_6.2\r\ndebug1: match: OpenSSH_6.2 pat OpenSSH*\r\ndebug1: Enabling compatibility mode for protocol 2.0\r\ndebug1: Local version string SSH-2.0-OpenSSH_5.3\r\ndebug1: SSH2_MSG_KEXINIT sent\r\ndebug1: SSH2_MSG_KEXINIT received\r\ndebug1: kex: server->client aes128-ctr hmac-md5 [email protected]\r\ndebug1: kex: client->server aes128-ctr hmac-md5 [email protected]\r\ndebug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent\r\ndebug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP\r\ndebug1: SSH2_MSG_KEX_DH_GEX_INIT sent\r\ndebug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY\r\ndebug1: Host '10.212.52.252' is known and matches the RSA host key.\r\ndebug1: Found key in /root/.ssh/known_hosts:1\r\ndebug1: ssh_rsa_verify: signature correct\r\ndebug1: SSH2_MSG_NEWKEYS sent\r\ndebug1: expecting SSH2_MSG_NEWKEYS\r\ndebug1: SSH2_MSG_NEWKEYS received\r\ndebug1: SSH2_MSG_SERVICE_REQUEST sent\r\ndebug1: SSH2_MSG_SERVICE_ACCEPT received\r\ndebug1: Authentications that can continue: publickey,password,keyboard-interactive\r\ndebug1: Next authentication method: keyboard-interactive\r\ndebug1: Enabling compression at level 6.\r\ndebug1: Authentication succeeded (keyboard-interactive).\r\ndebug1: setting up multiplex master socket\r\nControlSocket /root/.ansible/cp/ansible-ssh-10.212.52.252-22-root already exists, disabling multiplexing\r\ndebug1: channel 0: new [client-session]\r\ndebug1: Requesting [email protected]\r\ndebug1: Entering interactive session.\r\ndebug1: Sending environment.\r\ndebug1: Sending env LANG = en_US.UTF-8\r\ndebug1: Sending command: LANG=C LC_CTYPE=C /root/.ansible/tmp/ansible-tmp-1431924855.88-242473611260231/script.sh \r\ndebug1: client_input_channel_req: channel 0 rtype exit-status reply 0\r\ndebug1: client_input_channel_req: channel 0 rtype [email protected] reply 0\r\ndebug1: channel 0: free: client-session, nchannels 1\r\ndebug1: fd 1 clearing O_NONBLOCK\r\ndebug1: fd 2 clearing O_NONBLOCK\r\nConnection to 10.212.52.252 closed.\r\nTransferred: sent 1928, received 3920 bytes, in 0.1 seconds\r\nBytes per second: sent 37017.0, received 75262.7\r\ndebug1: Exit status 0\r\ndebug1: compress outgoing: raw data 537, compressed 375, factor 0.70\r\ndebug1: compress incoming: raw data 1837, compressed 1019, factor 0.55\r\n",
"stdout": "Filesystem      Size  Used Avail Use% Mounted on\r\n/dev/sda2       9.9G  872M  8.5G  10% /\r\nudev            3.9G  128K  3.9G   1% /dev\r\ntmpfs           3.9G   76K  3.9G   1% /dev/shm\r\n/dev/sda3       5.0G  219M  4.5G   5% /boot\r\n/dev/sda8        40G   15G   23G  40% /home\r\n/dev/sda9       9.9G  5.2G  4.3G  55% /opt\r\n/dev/sda6       5.0G  2.7G  2.1G  57% /tmp\r\n/dev/sda5       9.9G  3.4G  6.0G  36% /usr\r\n/dev/sda7       9.9G  823M  8.6G   9% /var\r\neth0      Link encap:Ethernet  HWaddr 00:50:56:A8:65:7E  \r\n          inet addr:10.212.52.252  Bcast:10.212.52.255  Mask:255.255.255.0\r\n          inet6 addr: fe80::250:56ff:fea8:657e/64 Scope:Link\r\n          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1\r\n          RX packets:24112135 errors:0 dropped:792372 overruns:0 frame:0\r\n          TX packets:10697339 errors:0 dropped:0 overruns:0 carrier:0\r\n          collisions:0 txqueuelen:1000 \r\n          RX bytes:17137233328 (16343.3 Mb)  TX bytes:13390377826 (12770.0 Mb)\r\n\r\nlo        Link encap:Local Loopback  \r\n          inet addr:127.0.0.1  Mask:255.0.0.0\r\n          inet6 addr: ::1/128 Scope:Host\r\n          UP LOOPBACK RUNNING  MTU:16436  Metric:1\r\n          RX packets:3407332 errors:0 dropped:0 overruns:0 frame:0\r\n          TX packets:3407332 errors:0 dropped:0 overruns:0 carrier:0\r\n          collisions:0 txqueuelen:0 \r\n          RX bytes:262675450 (250.5 Mb)  TX bytes:262675450 (250.5 Mb)\r\n\r\nroot     25332  0.0  0.0   4260   568 pts/2    S+   12:54   0:00          \\_ grep snmp\r\nroot     24364  0.0  0.0  70416  6696 ?        SNl  May15   0:22 /usr/sbin/snmpd -r -A -LF i /var/log/net-snmpd.log -p /var/run/snmpd.pid\r\n"
}

输出结果很多,看起来也很乱,不过查下stdout部分,这个部分是实际上执行后的结果。这里可以配合管道一起使用,可以如下使用:

[root@361way ~]# ansible 10.212.52.252 -m script -a 'script.sh' |egrep '>>|stdout'

你可能感兴趣的:(Ansible)