这里先来一个上经常用到的一个例子:
[root@361way ~]# ansible 10.212.52.252 -a 'uptime' -k
SSH password:
10.212.52.252 | success | rc=0 >>
10:10am up 27 days 19:33, 2 users, load average: 0.39, 0.34, 0.33
这条命令的执行需要按照一定格式进行执行:
Usage: ansible [options]
ansible 主机或组 -m 模块名 -a ‘模块参数’ ansible参数
其中options参数主要有:
参数 | 说明 |
---|---|
-a | ‘Arguments’, —args=’Arguments’ 命令行参数 |
-m | NAME, —module-name=NAME 执行模块的名字,默认使用 command 模块,所以如果是只执行单一命令可以不用 -m参数 |
-i PATH, | —inventory=PATH 指定库存主机文件的路径,默认为/etc/ansible/hosts. |
-u Username, | —user=Username 执行用户,使用这个远程用户名而不是当前用户 |
-U | —sud-user=SUDO_User sudo到哪个用户,默认为 root |
-k | —ask-pass 登录密码,提示输入SSH密码而不是假设基于密钥的验证 |
-K | —ask-sudo-pass 提示密码使用sudo |
-s | —sudo sudo运行 |
-S | —su 用 su 命令 |
-l | —list 显示所支持的所有模块 |
-s | —snippet 指定模块显示剧本片段 |
-f | —forks=NUM 并行任务数。NUM被指定为一个整数,默认是5。 #ansible testhosts -a “/sbin/reboot” -f 10 重启testhosts组的所有机器,每次重启10台 |
—private-key=PRIVATE_KEY_FILE | 私钥路径,使用这个文件来验证连接 |
-v | —verbose 详细信息 |
all | 针对hosts 定义的所有主机执行 |
-M MODULE_PATH, | —module-path=MODULE_PATH 要执行的模块的路径,默认为/usr/share/ansible/ |
—list-hosts | 只打印有哪些主机会执行这个 playbook 文件,不是实际执行该 playbook 文件 |
-o —one-line | 压缩输出,摘要输出.尝试一切都在一行上输出。 |
-t Directory, | —tree=Directory 将内容保存在该输出目录,结果保存在一个文件中在每台主机上。 |
-B | 后台运行超时时间 |
-P | 调查后台程序时间 |
-T Seconds, | —timeout=Seconds 时间,单位秒s |
-P NUM, | —poll=NUM 调查背景工作每隔数秒。需要- b |
-c Connection, | —connection=Connection 连接类型使用。可能的选项是paramiko(SSH),SSH和地方。当地主要是用于crontab或启动。 |
—tags=TAGS | 只执行指定标签的任务 例子:ansible-playbook test.yml –tags=copy 只执行标签为copy的那个任务 |
—list-tasks | 列出所有将被执行的任务 |
-C, | —check 只是测试一下会改变什么内容,不会真正去执行;相反,试图预测一些可能发生的变化 |
—syntax-check | 执行语法检查的剧本,但不执行它 |
-l SUBSET, | —limit=SUBSET 进一步限制所选主机/组模式 –limit=192.168.0.15 只对这个ip执行 |
—skip-tags=SKIP_TAGS | 只运行戏剧和任务不匹配这些值的标签 —skip-tags=copy_start |
-e EXTRA_VARS, | —extra-vars=EXTRA_VARS 额外的变量设置为键=值或YAML / JSON |
-l | —limit 对指定的 主机/组 执行任务 —limit=192.168.0.10,192.168.0.11 或 -l 192.168.0.10,192.168.0.11 只对这个2个ip执行任务 |
当命令执行时间比较长时,也可以放到后台执行,这里会用到-B、-P参数,如下:
ansible all -B 3600 -a "/usr/bin/long_running_operation --do-stuff" \\后台执行命令 3600s,-B 表示后执行的时间
ansible all -m async_status -a "jid=123456789" \\检查任务的状态
ansible all -B 1800 -P 60 -a "/usr/bin/long_running_operation --do-stuff" \\后台执行命令最大时间是 1800s 即 30 分钟,-P 每 60s 检查下状态默认 15s
示例如下:
[root@361way ~]# ansible 10.212.52.252 -B 3600 -P 0 -a 'watch ls'
background launch...
10.212.52.252 | success >> {
"ansible_job_id": "411650646689.13501",
"results_file": "/root/.ansible_async/411650646689.13501",
"started": 1
}
[root@361way ~]# ansible 10.212.52.252 -m async_status -a 'jid=411650646689.13501'
10.212.52.252 | success >> {
"ansible_job_id": "411650646689.13501",
"changed": false,
"finished": 0,
"results_file": "/root/.ansible_async/411650646689.13501",
"started": 1
}
不指定-P或-P参数为非0时,该任务就会按-P直接的参数一直刷新下去,直到超出-B参数指定的时间或命令执行完成:
[root@361way ~]# ansible 10.212.52.252 -B 3600 -a 'watch ls'
background launch...
10.212.52.252 | success >> {
"ansible_job_id": "397200656414.15008",
"results_file": "/root/.ansible_async/397200656414.15008",
"started": 1
}
10.212.52.252 | success >> {
"ansible_job_id": "397200656414.15008",
"changed": false,
"finished": 0,
"results_file": "/root/.ansible_async/397200656414.15008",
"started": 1
}
397200656414.15008> polling on 10.212.52.252, 3585s remaining
…………………………………………略
ansbile自身已经自带了很多模块,可以通过ansible-doc -l 进行查看。下面介绍command、shell、raw、script模块了解下其用法,这些模块都属于commands类。
注:raw模块和comand、shell 模块不同的是其没有chdir、creates、removes参数,chdir参数的作用就是先切到chdir指定的目录后,再执行后面的命令,这在后面很多模块里都会有该参数 。
command模块包含如下选项:
[root@361way ~]# ansible 10.212.52.252 -m command -a 'ps auxf|grep snmp'
10.212.52.252 | FAILED | rc=1 >>
ERROR: Unsupported option (BSD syntax)
********* simple selection ********* ********* selection by list *********
-A all processes -C by command name
-N negate selection -G by real group ID (supports names)
-a all w/ tty except session leaders -U by real user ID (supports names)
-d all except session leaders -g by session OR by effective group name
-e all processes -p by process ID
T all processes on this terminal -s processes in the sessions given
a all w/ tty, including other users -t by tty
g OBSOLETE -- DO NOT USE -u by effective user ID (supports names)
r only running processes U processes for specified users
x processes w/o controlling ttys t by tty
*********** output format ********** *********** long options ***********
-o,o user-defined -f full --Group --User --pid --cols --ppid
-j,j job control s signal --group --user --sid --rows --info
-O,O preloaded -o v virtual memory --cumulative --format --deselect
-l,l long u user-oriented --sort --tty --forest --version
-F extra full X registers --heading --no-heading --context
********* misc options *********
-V,V show version L list format codes f ASCII art forest
-m,m,-L,-T,H threads S children in sum -y change -l format
-M,Z security data c true command name -c scheduling class
-w,w wide output n numeric WCHAN,UID -H process hierarchy
[root@361way ~]# ansible 10.212.52.252 -m raw -a 'ps auxf|grep snmp'
10.212.52.252 | success | rc=0 >>
root 5580 25.0 0.0 12876 1792 pts/2 Ss+ 12:36 0:00 \_ bash -c ps auxf|grep snmp
root 5607 0.0 0.0 5720 832 pts/2 S+ 12:36 0:00 \_ grep snmp
root 24364 0.0 0.0 70416 6696 ? SNl May15 0:22 /usr/sbin/snmpd -r -A -LF i /var/log/net-snmpd.log -p /var/run/snmpd.pid
[root@361way ~]# ansible 10.212.52.252 -m shell -a 'ps auxf|grep snmp'
10.212.52.252 | success | rc=0 >>
root 5803 0.0 0.0 11308 1308 pts/2 S+ 12:36 0:00 \_ /bin/sh -c ps auxf|grep snmp
root 5805 0.0 0.0 4260 572 pts/2 S+ 12:36 0:00 \_ grep snmp
root 24364 0.0 0.0 70416 6696 ? SNl May15 0:22 /usr/sbin/snmpd -r -A -LF i /var/log/net-snmpd.log -p /var/run/snmpd.pid
上面的执行结果可以看到,我这里加了管道,command模块执行时出错,而使用raw模块和shell 模块都正常。
使用chdir的示例:
[root@361way ~]# ansible 10.212.52.252 -m command -a 'chdir=/tmp/361way touch test.file'
10.212.52.252 | success | rc=0 >>
[root@361way ~]# ansible 10.212.52.252 -m shell -a 'chdir=/tmp/361way touch test2.file'
10.212.52.252 | success | rc=0 >>
[root@361way ~]# ansible 10.212.52.252 -m raw -a 'chdir=/tmp/361way touch test3.file'
10.212.52.252 | success | rc=0 >>
从上面执行结果来看,三个命令都执行成功了。不过通过在远程主机上查看,前两个文件被成功创建:
linux-wdh1:/tmp/361way # ls /tmp/361way
test.file test2.file
使用raw模块的执行的结果文件也被正常创建了,不过不是在chdir 指定的目录,而是在当前执行用户的家目录。
linux-wdh1:~ # ls ~/test3.file
/root/test3.file
creates与removes示例:
这里我在测试主机上创建/tmp/361way/server.txt文件,执行结果如下:
[root@361way ~]# ansible 10.212.52.252 -a 'creates=/tmp/361way/server.txt uptime'
10.212.52.252 | success | rc=0 >>
skipped, since /tmp/361way/server.txt exists
[root@361way ~]# ansible 10.212.52.252 -a 'removes=/tmp/361way/server.txt uptime'
10.212.52.252 | success | rc=0 >>
15:11pm up 28 days 0:34, 2 users, load average: 0.75, 0.46, 0.39
script模块示例:
[root@361way ~]# cat script.sh
#!/bin/bash
df -hl
ifconfig
ps auxf|grep snmp
[root@361way ~]# ansible 10.212.52.252 -m script -a 'scrip.sh'
10.212.52.252 | FAILED => file or module does not exist: /root/scrip.sh
[root@361way ~]# ansible 10.212.52.252 -m script -a 'script.sh'
10.212.52.252 | success >> {
"changed": true,
"rc": 0,
"stderr": "OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\nControl socket connect(/root/.ansible/cp/ansible-ssh-10.212.52.252-22-root): Connection refused\r\ndebug1: Connecting to 10.212.52.252 [10.212.52.252] port 22.\r\ndebug1: fd 3 clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug1: permanently_set_uid: 0/0\r\ndebug1: identity file /root/.ssh/identity type -1\r\ndebug1: identity file /root/.ssh/identity-cert type -1\r\ndebug1: identity file /root/.ssh/id_rsa type -1\r\ndebug1: identity file /root/.ssh/id_rsa-cert type -1\r\ndebug1: identity file /root/.ssh/id_dsa type -1\r\ndebug1: identity file /root/.ssh/id_dsa-cert type -1\r\ndebug1: identity file /root/.ssh/id_ecdsa type -1\r\ndebug1: identity file /root/.ssh/id_ecdsa-cert type -1\r\ndebug1: Remote protocol version 2.0, remote software version OpenSSH_6.2\r\ndebug1: match: OpenSSH_6.2 pat OpenSSH*\r\ndebug1: Enabling compatibility mode for protocol 2.0\r\ndebug1: Local version string SSH-2.0-OpenSSH_5.3\r\ndebug1: SSH2_MSG_KEXINIT sent\r\ndebug1: SSH2_MSG_KEXINIT received\r\ndebug1: kex: server->client aes128-ctr hmac-md5 [email protected]\r\ndebug1: kex: client->server aes128-ctr hmac-md5 [email protected]\r\ndebug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent\r\ndebug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP\r\ndebug1: SSH2_MSG_KEX_DH_GEX_INIT sent\r\ndebug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY\r\ndebug1: Host '10.212.52.252' is known and matches the RSA host key.\r\ndebug1: Found key in /root/.ssh/known_hosts:1\r\ndebug1: ssh_rsa_verify: signature correct\r\ndebug1: SSH2_MSG_NEWKEYS sent\r\ndebug1: expecting SSH2_MSG_NEWKEYS\r\ndebug1: SSH2_MSG_NEWKEYS received\r\ndebug1: SSH2_MSG_SERVICE_REQUEST sent\r\ndebug1: SSH2_MSG_SERVICE_ACCEPT received\r\ndebug1: Authentications that can continue: publickey,password,keyboard-interactive\r\ndebug1: Next authentication method: keyboard-interactive\r\ndebug1: Enabling compression at level 6.\r\ndebug1: Authentication succeeded (keyboard-interactive).\r\ndebug1: setting up multiplex master socket\r\nControlSocket /root/.ansible/cp/ansible-ssh-10.212.52.252-22-root already exists, disabling multiplexing\r\ndebug1: channel 0: new [client-session]\r\ndebug1: Requesting [email protected]\r\ndebug1: Entering interactive session.\r\ndebug1: Sending environment.\r\ndebug1: Sending env LANG = en_US.UTF-8\r\ndebug1: Sending command: LANG=C LC_CTYPE=C /root/.ansible/tmp/ansible-tmp-1431924855.88-242473611260231/script.sh \r\ndebug1: client_input_channel_req: channel 0 rtype exit-status reply 0\r\ndebug1: client_input_channel_req: channel 0 rtype [email protected] reply 0\r\ndebug1: channel 0: free: client-session, nchannels 1\r\ndebug1: fd 1 clearing O_NONBLOCK\r\ndebug1: fd 2 clearing O_NONBLOCK\r\nConnection to 10.212.52.252 closed.\r\nTransferred: sent 1928, received 3920 bytes, in 0.1 seconds\r\nBytes per second: sent 37017.0, received 75262.7\r\ndebug1: Exit status 0\r\ndebug1: compress outgoing: raw data 537, compressed 375, factor 0.70\r\ndebug1: compress incoming: raw data 1837, compressed 1019, factor 0.55\r\n",
"stdout": "Filesystem Size Used Avail Use% Mounted on\r\n/dev/sda2 9.9G 872M 8.5G 10% /\r\nudev 3.9G 128K 3.9G 1% /dev\r\ntmpfs 3.9G 76K 3.9G 1% /dev/shm\r\n/dev/sda3 5.0G 219M 4.5G 5% /boot\r\n/dev/sda8 40G 15G 23G 40% /home\r\n/dev/sda9 9.9G 5.2G 4.3G 55% /opt\r\n/dev/sda6 5.0G 2.7G 2.1G 57% /tmp\r\n/dev/sda5 9.9G 3.4G 6.0G 36% /usr\r\n/dev/sda7 9.9G 823M 8.6G 9% /var\r\neth0 Link encap:Ethernet HWaddr 00:50:56:A8:65:7E \r\n inet addr:10.212.52.252 Bcast:10.212.52.255 Mask:255.255.255.0\r\n inet6 addr: fe80::250:56ff:fea8:657e/64 Scope:Link\r\n UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\r\n RX packets:24112135 errors:0 dropped:792372 overruns:0 frame:0\r\n TX packets:10697339 errors:0 dropped:0 overruns:0 carrier:0\r\n collisions:0 txqueuelen:1000 \r\n RX bytes:17137233328 (16343.3 Mb) TX bytes:13390377826 (12770.0 Mb)\r\n\r\nlo Link encap:Local Loopback \r\n inet addr:127.0.0.1 Mask:255.0.0.0\r\n inet6 addr: ::1/128 Scope:Host\r\n UP LOOPBACK RUNNING MTU:16436 Metric:1\r\n RX packets:3407332 errors:0 dropped:0 overruns:0 frame:0\r\n TX packets:3407332 errors:0 dropped:0 overruns:0 carrier:0\r\n collisions:0 txqueuelen:0 \r\n RX bytes:262675450 (250.5 Mb) TX bytes:262675450 (250.5 Mb)\r\n\r\nroot 25332 0.0 0.0 4260 568 pts/2 S+ 12:54 0:00 \\_ grep snmp\r\nroot 24364 0.0 0.0 70416 6696 ? SNl May15 0:22 /usr/sbin/snmpd -r -A -LF i /var/log/net-snmpd.log -p /var/run/snmpd.pid\r\n"
}
输出结果很多,看起来也很乱,不过查下stdout部分,这个部分是实际上执行后的结果。这里可以配合管道一起使用,可以如下使用:
[root@361way ~]# ansible 10.212.52.252 -m script -a 'script.sh' |egrep '>>|stdout'