运维开发网

运维自动化之ansible的安装与使用(包括模块与playbook使用)

运维开发网 https://www.qedev.com 2020-03-19 12:07 出处:网络 作者:运维开发网整理
一、安装 1、安装第三方epel源 centos 5的epel 1 rpm -ivh http://mirrors.sohu.com/fedora-e ... ease-5-4.noarch.rpm centos 6的epel 1 rpm -ivh http://mirrors.sohu.com/fedora-e ... ease-6-8.noarch.rpm 查看系统版本 1 2 3 17:01

一、安装

1、安装第三方epel源

centos 5的epel

1

rpm -ivh http://mirrors.sohu.com/fedora-e ... ease-5-4.noarch.rpm

centos 6的epel

1

rpm -ivh http://mirrors.sohu.com/fedora-e ... ease-6-8.noarch.rpm

查看系统版本

1

2

3

17:01:30 # cat /etc/issue

CentOS release 6.5 (Final)

Kernel \r on an \m

由于是6版本所以安装6的epel

2、安装ansible

1

yum install ansible

如果需要自定义module或者想阅读源码、使用最新版本,可以去github里下载源码

1

git clone https://github.com/ansible/ansible.git

3、添加主机

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

17:22:08 # cd /etc/ansible/

root@ip-10-10-10-10:/etc/ansible

17:23:27 # ll

total 12

-rw-r--r-- 1 root root 5113 Dec 29 03:00 ansible.cfg

-rw-r--r-- 1 root root  965 Dec 29 03:00 hosts

其中ansible.cfg是配置文件,hosts是管理主机信息

17:24:44 # cat hosts

172.17.0.2:49154

172.17.0.4:49155

[zabbix]

172.17.0.2:49154

172.17.0.4:49155

[vpn]

172.17.0.10

4、使用密码登陆

ansible支持正则测试

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

16:20:57 # ansible 127* -m ping

SSH password:

127.0.0.1 | success >> {

    "changed": false,

    "ping": "pong"

}

root@ip-10-10-10-10:/etc/ansible

16:21:05 # ansible 172* -m ping

SSH password:

172.17.0.5 | success >> {

    "changed": false,

    "ping": "pong"

}

172.17.0.4 | success >> {

    "changed": false,

    "ping": "pong"

}

172.17.0.2 | success >> {

    "changed": false,

    "ping": "pong"

}

如果你有多台服务器的话,想并发运行,可以使用-f参数,默认是并发5

5、使用密钥登陆测试

1

2

3

4

5

11:30:35 # ansible vpn -m shell -a "echo $TERM" -u test --private-key=denglei -K

SSH password:

sudo password [defaults to SSH password]:

172.17.0.10 | success | rc=0 >>

xterm

二、模块应用

6、文件传输

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

11:30:44 # ansible vpn -m copy -a "src=/tmp/server dest=/tmp/server" -u test --private-key=denglei -K

SSH password:

sudo password [defaults to SSH password]:

172.17.0.10 | success >> {

    "changed": true,

    "dest": "/tmp/server",

    "gid": 505,

    "group": "test",

    "md5sum": "e8b32bc4d7b564ac6075a1418ad8841e",

    "mode": "0664",

    "owner": "test",

    "size": 7,

    "src": "/home/test/.ansible/tmp/ansible-1402630447.45-253524136818424/source",

    "state": "file",

    "uid": 503

}

去客户端查看文件是否传输过来

1

2

3

4

5

6

7

8

9

10

11

12

13

14

11:34:57 # ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=denglei -K

SSH password:

sudo password [defaults to SSH password]:

172.17.0.10 | success | rc=0 >>

total 76

-rw-r--r-- 1 root   root   41692 May 21 13:02 config

-rw-r--r-- 1 root   root    1228 Jun 12 18:24 install_pptpd_vpn.sh

-rw-rw-r-- 1 test   test       7 Jun 13 19:33 server

-rw-r--r-- 1 root   root      82 Jun 12 18:21 test.log

-rw-r--r-- 1 root   root     290 Jun 12 18:21 test.sh

-rw-r--r-- 1 root   root    2444 Apr 28  2012 vpn_centos6.sh

-rw------- 1 root   root     727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx

-rw-rw-r-- 1 zabbix zabbix  3124 Jun 12 21:32 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix     5 Jun 12 21:32 zabbix_agentd.pid

可以看到已经传过来了

看看文件内容

1

2

3

4

5

11:35:09 # ansible vpn -m shell -a "cat /tmp/server" -u test --private-key=denglei -K

SSH password:

sudo password [defaults to SSH password]:

172.17.0.10 | success | rc=0 >>

server

内容正常

还有另外一个模块file,可以修改用户与权限

下面是当前文件状态

1

2

3

4

5

13:50:07 # ansible vpn -m shell -a "ls -l /tmp/server" -u test --private-key=denglei -K

SSH password:

sudo password [defaults to SSH password]:

172.17.0.10 | success | rc=0 >>

-rw-rw-r-- 1 test test 7 Jun 13 19:33 /tmp/server

server文件是664权限,用户与组都是test

修改一下

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

13:51:17 # ansible vpn -m file -a "dest=/tmp/server mode=755 owner=root group=root" -u test --private-key=denglei -K

SSH password:

sudo password [defaults to SSH password]:

172.17.0.10 | success >> {

    "changed": true,

    "gid": 0,

    "group": "root",

    "mode": "0755",

    "owner": "root",

    "path": "/tmp/server",

    "size": 7,

    "state": "file",

    "uid": 0

}

root@ip-10-10-10-10:/etc/ansible

13:51:31 # ansible vpn -m shell -a "ls -l /tmp/server" -u test --private-key=denglei -K

SSH password:

sudo password [defaults to SSH password]:

172.17.0.10 | success | rc=0 >>

-rwxr-xr-x 1 root root 7 Jun 13 19:33 /tmp/server

7、安装软件

1

2

3

4

5

6

7

8

9

10

11

14:20:30 # ansible vpn -m yum -a "name=nmap state=installed" -u test --private-key=denglei -K

SSH password:

sudo password [defaults to SSH password]:

172.17.0.10 | success >> {

    "changed": true,

    "msg": "",

    "rc": 0,

    "results": [

        "Loaded plugins: fastestmirror, security\nLoading mirror speeds from cached hostfile\n * epel: mirrors.hust.edu.cn\nSetting up Install Process\nResolving Dependencies\n--> Running transaction check\n---> Package nmap.x86_64 2:5.51-3.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package        Arch             Version                   Repository      Size\n================================================================================\nInstalling:\n nmap           x86_64           2:5.51-3.el6              Base           2.7 M\n\nTransaction Summary\n================================================================================\nInstall       1 Package(s)\n\nTotal download size: 2.7 M\nInstalled size: 9.7 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r  Installing : 2:nmap-5.51-3.el6.x86_64                                     1/1 \n\r  Verifying  : 2:nmap-5.51-3.el6.x86_64                                     1/1 \n\nInstalled:\n  nmap.x86_64 2:5.51-3.el6                                                      \n\nComplete!\n"

    ]

}

三、playbook配置管理

8、playbook

A.进行一下shell模块操作,测试删除文件

先查看一下客户端的server-test是否存在

1

2

3

4

[iyunv@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/server-test" -u test --private-key=/root/denglei -k

SSH password:

172.17.0.10 | success | rc=0 >>

-rw-rw-r-- 1 test test 7 Jun 14 00:37 /tmp/server-test

可以看到是存在的

然后写一个删除的playbook

1

2

3

4

5

6

7

[iyunv@puppet ansible]# cat test.yml

---

- hosts: vpn

  remote_user: test

  tasks:

  - name: delete /tmp/server-test

    shell: rm -rf /tmp/server-test

运行

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

[iyunv@puppet ansible]# ansible-playbook test.yml  --private-key=/root/denglei -k

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

SSH password:

PLAY [vpn] ********************************************************************

GATHERING FACTS ***************************************************************

ok: [172.17.0.10]

TASK: [delete /tmp/server-test] ***********************************************

changed: [172.17.0.10]

PLAY RECAP ********************************************************************

172.17.0.10             : ok=2    changed=1    unreachable=0    failed=0

在查看

1

2

3

4

[iyunv@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/server-test" -u test --private-key=/root/denglei -k

SSH password:

172.17.0.10 | FAILED | rc=2 >>

ls: cannot access /tmp/server-test: No such file or directory

文件已经删除

B.进行一下template模块操作,测试文件传输

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

[iyunv@puppet ansible]# cat copy.yml

---

- hosts: vpn

  remote_user: test

  tasks:

  - name: copy local server to client /tmp/server-test

    template: src=/tmp/server dest=/tmp/server-test

[iyunv@puppet ansible]# ansible-playbook copy.yml  --private-key=/root/denglei -k

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

SSH password:

PLAY [vpn] ********************************************************************

GATHERING FACTS ***************************************************************

ok: [172.17.0.10]

TASK: [copy local server to client /tmp/server-test] **************************

changed: [172.17.0.10]

PLAY RECAP ********************************************************************

172.17.0.10             : ok=2    changed=1    unreachable=0    failed=0   

[iyunv@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/server-test" -u test --private-key=/root/denglei -k

SSH password:

172.17.0.10 | success | rc=0 >>

-rw-rw-r-- 1 test test 7 Jun 14 17:07 /tmp/server-test

C.使用service模块,测试一下服务重启

1

2

3

4

5

6

7

8

9

10

[iyunv@puppet ansible]# ansible vpn -m shell -a "/etc/init.d/pptpd stop" -u test --private-key=/root/denglei -k  -K -s

SSH password:

sudo password [defaults to SSH password]:

172.17.0.10 | success | rc=0 >>

Shutting down pptpd:                                       [  OK  ]

[iyunv@puppet ansible]# ansible vpn -m shell -a "/etc/init.d/pptpd stop" -u test --private-key=/root/denglei -k  -K -s

SSH password:

sudo password [defaults to SSH password]:

172.17.0.10 | success | rc=0 >>

Shutting down pptpd:                                       [  OK  ]

D.多项目同时更新

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

[iyunv@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k

SSH password:

172.17.0.10 | success | rc=0 >>

total 84

-rw-r--r-- 1 root   root   41692 May 21 13:02 config

-rw-r--r-- 1 root   root    1228 Jun 12 18:24 install_pptpd_vpn.sh

-rwxr-xr-x 1 root   root       7 Jun 13 19:33 server

-rw-rw-r-- 1 test   test       7 Jun 14 17:07 server-test

-rw-r--r-- 1 root   root      82 Jun 12 18:21 test.log

-rw-r--r-- 1 root   root     290 Jun 12 18:21 test.sh

-rw-r--r-- 1 root   root    2444 Apr 28  2012 vpn_centos6.sh

-rw------- 1 root   root     727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx

-rw-rw-r-- 1 zabbix zabbix  4664 Jun 14 00:30 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix     5 Jun 14 00:30 zabbix_agentd.pid

[iyunv@puppet ansible]# vim multi_copy.yml

[iyunv@puppet ansible]# cat multi_copy.yml

---

- hosts: vpn

  remote_user: test

  gather_facts: False

  tasks:

  - name: copy local server to client /tmp/server-test

    template: src=/tmp/server dest=/tmp/test-{{item}}

    with_items:

      - server-1

      - server-2

      - server-3

[iyunv@puppet ansible]# ansible-playbook multi_copy.yml --private-key=/root/denglei -k

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

SSH password:

PLAY [vpn] ********************************************************************

TASK: [copy local server to client /tmp/server-test] **************************

changed: [172.17.0.10] => (item=server-1)

changed: [172.17.0.10] => (item=server-2)

changed: [172.17.0.10] => (item=server-3)

PLAY RECAP ********************************************************************

172.17.0.10             : ok=1    changed=1    unreachable=0    failed=0   

[iyunv@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k

SSH password:

172.17.0.10 | success | rc=0 >>

total 96

-rw-r--r-- 1 root   root   41692 May 21 13:02 config

-rw-r--r-- 1 root   root    1228 Jun 12 18:24 install_pptpd_vpn.sh

-rwxr-xr-x 1 root   root       7 Jun 13 19:33 server

-rw-rw-r-- 1 test   test       7 Jun 14 17:07 server-test

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-1

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-2

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-3

-rw-r--r-- 1 root   root      82 Jun 12 18:21 test.log

-rw-r--r-- 1 root   root     290 Jun 12 18:21 test.sh

-rw-r--r-- 1 root   root    2444 Apr 28  2012 vpn_centos6.sh

-rw------- 1 root   root     727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx

-rw-rw-r-- 1 zabbix zabbix  4664 Jun 14 00:30 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix     5 Jun 14 00:30 zabbix_agentd.pid

E.根据条件进行删除

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

[iyunv@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k

SSH password:

172.17.0.10 | success | rc=0 >>

total 96

-rw-r--r-- 1 root   root   41692 May 21 13:02 config

-rw-r--r-- 1 root   root    1228 Jun 12 18:24 install_pptpd_vpn.sh

-rwxr-xr-x 1 root   root       7 Jun 13 19:33 server

-rw-rw-r-- 1 test   test       7 Jun 14 17:07 server-test

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-1

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-2

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-3

-rw-r--r-- 1 root   root      82 Jun 12 18:21 test.log

-rw-r--r-- 1 root   root     290 Jun 12 18:21 test.sh

-rw-r--r-- 1 root   root    2444 Apr 28  2012 vpn_centos6.sh

-rw------- 1 root   root     727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx

-rw-rw-r-- 1 zabbix zabbix  4664 Jun 14 00:30 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix     5 Jun 14 00:30 zabbix_agentd.pid

[iyunv@puppet ansible]# cat delete.yml

---

- hosts: vpn

  remote_user: test

  gather_facts: True

  tasks:

  - name: if system is centos,then rm /tmp/test-server-1

    shell: rm -rf /tmp/test-server-1

    when: ansible_os_family == "RedHat"

[iyunv@puppet ansible]# ansible-playbook delete.yml --private-key=/root/denglei -k

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

SSH password:

PLAY [vpn] ********************************************************************

GATHERING FACTS ***************************************************************

ok: [172.17.0.10]

TASK: [if system is centos,then rm /tmp/test-server-1] ************************

changed: [172.17.0.10]

PLAY RECAP ********************************************************************

172.17.0.10             : ok=2    changed=1    unreachable=0    failed=0   

[iyunv@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k

SSH password:

172.17.0.10 | success | rc=0 >>

total 92

-rw-r--r-- 1 root   root   41692 May 21 13:02 config

-rw-r--r-- 1 root   root    1228 Jun 12 18:24 install_pptpd_vpn.sh

-rwxr-xr-x 1 root   root       7 Jun 13 19:33 server

-rw-rw-r-- 1 test   test       7 Jun 14 17:07 server-test

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-2

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-3

-rw-r--r-- 1 root   root      82 Jun 12 18:21 test.log

-rw-r--r-- 1 root   root     290 Jun 12 18:21 test.sh

-rw-r--r-- 1 root   root    2444 Apr 28  2012 vpn_centos6.sh

-rw------- 1 root   root     727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx

-rw-rw-r-- 1 zabbix zabbix  4664 Jun 14 00:30 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix     5 Jun 14 00:30 zabbix_agentd.pid

F.debug输出

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

[iyunv@puppet ansible]# cat debug.yml

---

- hosts: vpn

  remote_user: test

  gather_facts: True

  tasks:

  - name: debug to print interface

    debug: msg="{{item}}"

    with_items: ansible_default_ipv4.address

[iyunv@puppet ansible]# ansible-playbook debug.yml --private-key=/root/denglei -k

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

SSH password:

PLAY [vpn] ********************************************************************

GATHERING FACTS ***************************************************************

ok: [172.17.0.10]

TASK: [debug to print interface] **********************************************

ok: [172.17.0.10] => (item=10.10.32.34) => {

    "item": "10.10.32.34",

    "msg": "10.10.32.34"

}

G.check模式,仅检测,但不实行

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

[iyunv@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k

SSH password:

172.17.0.10 | success | rc=0 >>

total 92

-rw-r--r-- 1 root   root   41692 May 21 13:02 config

-rw-r--r-- 1 root   root    1228 Jun 12 18:24 install_pptpd_vpn.sh

-rwxr-xr-x 1 root   root       7 Jun 13 19:33 server

-rw-rw-r-- 1 test   test       7 Jun 14 17:07 server-test

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-2

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-3

-rw-r--r-- 1 root   root      82 Jun 12 18:21 test.log

-rw-r--r-- 1 root   root     290 Jun 12 18:21 test.sh

-rw-r--r-- 1 root   root    2444 Apr 28  2012 vpn_centos6.sh

-rw------- 1 root   root     727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx

-rw-rw-r-- 1 zabbix zabbix  4664 Jun 14 00:30 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix     5 Jun 14 00:30 zabbix_agentd.pid

[iyunv@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k --check

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

SSH password:

PLAY [vpn] ********************************************************************

GATHERING FACTS ***************************************************************

ok: [172.17.0.10]

TASK: [copy local server to client /tmp/server-test] **************************

changed: [172.17.0.10] => (item=server-1)

ok: [172.17.0.10] => (item=server-2)

ok: [172.17.0.10] => (item=server-3)

PLAY RECAP ********************************************************************

172.17.0.10             : ok=2    changed=1    unreachable=0    failed=0   

PLAY RECAP ********************************************************************

172.17.0.10             : ok=2    changed=0    unreachable=0    failed=0

H.diff

使用diff与不使用作对比

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

[iyunv@puppet ansible]# ansible vpn -m shell -a "rm -rf  /tmp/test-server-1" -u test --private-key=/root/denglei -k

SSH password:

172.17.0.10 | success | rc=0 >>

[iyunv@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k

SSH password:

172.17.0.10 | success | rc=0 >>

total 92

-rw-r--r-- 1 root   root   41692 May 21 13:02 config

-rw-r--r-- 1 root   root    1228 Jun 12 18:24 install_pptpd_vpn.sh

-rwxr-xr-x 1 root   root       7 Jun 13 19:33 server

-rw-rw-r-- 1 test   test       7 Jun 14 17:07 server-test

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-2

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-3

-rw-r--r-- 1 root   root      82 Jun 12 18:21 test.log

-rw-r--r-- 1 root   root     290 Jun 12 18:21 test.sh

-rw-r--r-- 1 root   root    2444 Apr 28  2012 vpn_centos6.sh

-rw------- 1 root   root     727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx

-rw-rw-r-- 1 zabbix zabbix  4664 Jun 14 00:30 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix     5 Jun 14 00:30 zabbix_agentd.pid

[iyunv@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k --diff

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

SSH password:

PLAY [vpn] ********************************************************************

GATHERING FACTS ***************************************************************

ok: [172.17.0.10]

TASK: [copy local server to client /tmp/server-test] **************************

--- before

+++ after

@@ -1,0 +1,1 @@

+server

changed: [172.17.0.10] => (item=server-1)

ok: [172.17.0.10] => (item=server-2)

ok: [172.17.0.10] => (item=server-3)

PLAY RECAP ********************************************************************

172.17.0.10             : ok=2    changed=1    unreachable=0    failed=0

9、主机信息查看

类似puppet的fact、salt的grains

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

[iyunv@puppet ansible]# ansible vpn -m setup -u test --private-key=/root/denglei -k

SSH password:

172.17.0.10 | success >> {

    "ansible_facts": {

        "ansible_all_ipv4_addresses": [

            "10.10.32.34",

            "10.10.32.34"

        ],

        "ansible_all_ipv6_addresses": [

            "fe80::f816:3eff:fe3e:1667"

        ],

        "ansible_architecture": "x86_64",

        "ansible_bios_date": "01/01/2007",

        "ansible_bios_version": "Bochs",

        "ansible_cmdline": {

            "KEYBOARDTYPE": "pc",

            "KEYTABLE": "us",

            "LANG": "zh_CN.UTF-8",

            "quiet": true,

            "rd_NO_DM": true,

            "rd_NO_LUKS": true,

            "rd_NO_LVM": true,

            "rd_NO_MD": true,

            "rhgb": true,

            "ro": true,

            "root": "UUID=c6042d42-8edb-4bb4-a31b-2197b043500c"

        },

数据太多,我就展示部分。

10、优化ansible-playbook运行时间

默认playbook是进行客户端fact搜集,一般如果你配置里没有使用fact的话,可以关闭这样就能减少运行时间

没有优化的时候

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

[iyunv@puppet ansible]# cat shell.yml

---

- hosts: vpn

  remote_user: test

#  gather_facts: False

  tasks:

  - name: echo hi

    shell: echo "hi"

[iyunv@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

SSH password:

PLAY [vpn] ********************************************************************

GATHERING FACTS ***************************************************************

ok: [172.17.0.10]

TASK: [echo hi] ***************************************************************

changed: [172.17.0.10]

PLAY RECAP ********************************************************************

172.17.0.10             : ok=2    changed=1    unreachable=0    failed=0   

real    0m8.396s

user    0m0.796s

sys 0m0.158s

[iyunv@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

SSH password:

PLAY [vpn] ********************************************************************

GATHERING FACTS ***************************************************************

ok: [172.17.0.10]

TASK: [echo hi] ***************************************************************

changed: [172.17.0.10]

PLAY RECAP ********************************************************************

172.17.0.10             : ok=2    changed=1    unreachable=0    failed=0   

real    0m3.309s

user    0m0.724s

sys 0m0.108s

[iyunv@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

SSH password:

PLAY [vpn] ********************************************************************

GATHERING FACTS ***************************************************************

ok: [172.17.0.10]

TASK: [echo hi] ***************************************************************

changed: [172.17.0.10]

PLAY RECAP ********************************************************************

172.17.0.10             : ok=2    changed=1    unreachable=0    failed=0   

real    0m3.409s

user    0m0.716s

sys 0m0.099s

可以看到第一次8s,后2次都是3s

下面是优化后(未使用fact)

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

[iyunv@puppet ansible]# cat shell.yml

---

- hosts: vpn

  remote_user: test

  gather_facts: False

  tasks:

  - name: echo hi

    shell: echo "hi"

[iyunv@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

SSH password:

PLAY [vpn] ********************************************************************

TASK: [echo hi] ***************************************************************

changed: [172.17.0.10]

PLAY RECAP ********************************************************************

172.17.0.10             : ok=1    changed=1    unreachable=0    failed=0   

real    0m2.758s

user    0m0.585s

sys 0m0.096s

[iyunv@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

SSH password:

PLAY [vpn] ********************************************************************

TASK: [echo hi] ***************************************************************

changed: [172.17.0.10]

PLAY RECAP ********************************************************************

172.17.0.10             : ok=1    changed=1    unreachable=0    failed=0   

real    0m2.359s

user    0m0.565s

sys 0m0.077s

运行时间就是2s

11、自定义模块

默认的模块放到/usr/share/ansible

在这个目录创建一个目录hostname,然后把下面文件放到此目录

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

15:03:26 # cat /usr/share/ansible/hostname/hostname

#!/bin/bash

#This script is modify system hostname

set -e

# This is potentially dangerous

source ${1}

OLDHOSTNAME="$(hostname)"

CHANGED="False"

if [ ! -z "$hostname" -a "${hostname}x" != "${OLDHOSTNAME}x" ];

then

hostname $hostname

OLDHOSTNAME="$hostname"

CHANGED="True"

fi

echo "hostname=${OLDHOSTNAME} changed=${CHANGED}"

exit 0

查看一下vpn的当前hostname

1

2

3

4

15:03:29 # ansible vpn -m shell -a "hostname" -u test --private-key=denglei -k

SSH password:

172.17.0.10 | success | rc=0 >>

ip-10-10-32-34

然后编写playbook

1

2

3

4

5

6

15:04:14 # cat /etc/ansible/hostname.yml

- name: Test the hostname file

  hosts: vpn

  tasks:

    - name: Set the hostname

      hostname: hostname=ip-10-10-32-34

运行这个模块

1

2

3

4

5

6

7

8

9

10

11

12

13

15:04:37 # ansible-playbook hostname.yml -u test --private-key=denglei -M /usr/share/ansible/hostname -k

SSH password:

PLAY [Test the hostname file] *************************************************

GATHERING FACTS ***************************************************************

ok: [172.17.0.10]

TASK: [Set the hostname] ******************************************************

ok: [172.17.0.10]

PLAY RECAP ********************************************************************

172.17.0.10             : ok=2    changed=0    unreachable=0    failed=0

然后修改一下hostname.yml的主机名

1

2

3

4

5

6

16:20:00 # cat hostname.yml

- name: Test the hostname file

  hosts: vpn

  tasks:

    - name: Set the hostname

      hostname: hostname=ip-10-10-32-34-test

在playbook运行

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

16:26:46 # ansible-playbook hostname.yml -u test --private-key=denglei -M /usr/share/ansible/hostname -k -K -s

SSH password:

sudo password [defaults to SSH password]:

PLAY [Test the hostname file] *************************************************

GATHERING FACTS ***************************************************************

ok: [172.17.0.10]

TASK: [Set the hostname] ******************************************************

changed: [172.17.0.10]

PLAY RECAP ********************************************************************

172.17.0.10             : ok=2    changed=1    unreachable=0    failed=0   

root@ip-10-10-10-10:/etc/ansible

16:26:55 # ansible vpn -m shell -a "hostname" -u test --private-key=denglei -k

SSH password:

172.17.0.10 | success | rc=0 >>

ip-10-10-32-34-test

12、playbook扩展var

扩展var就是在playbook的yml里写入变量,在执行的时候制定变量从而执行,大大的提供了重复使用率

下面做个测试

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

[iyunv@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k

SSH password:

172.17.0.10 | success | rc=0 >>

total 96

-rw-r--r-- 1 root   root   41692 May 21 13:02 config

-rw-r--r-- 1 root   root    1228 Jun 12 18:24 install_pptpd_vpn.sh

-rwxr-xr-x 1 root   root       7 Jun 13 19:33 server

-rw-rw-r-- 1 test   test       7 Jun 14 17:07 server-test

-rw-rw-r-- 1 test   test       7 Jun 18 01:44 test-server-1

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-2

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-3

-rw-r--r-- 1 root   root      82 Jun 12 18:21 test.log

-rw-r--r-- 1 root   root     290 Jun 12 18:21 test.sh

-rw-r--r-- 1 root   root    2444 Apr 28  2012 vpn_centos6.sh

-rw------- 1 root   root     727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx

-rw-rw-r-- 1 zabbix zabbix  4664 Jun 14 00:30 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix     5 Jun 14 00:30 zabbix_agentd.pid

可以看到有test-server-1文件

在看看playbook文件内容

1

2

3

4

5

6

7

8

9

[iyunv@puppet ansible]# cat delete_vars.yml

---

- hosts: {{host}}

  remote_user: {{user}}

  gather_facts: {{gather}}

  tasks:

  - name: if system is centos,then rm /tmp/test-server-1

    shell: rm -rf /tmp/test-server-1

    when: ansible_os_family == "RedHat"

执行前先检测一下语法是否有问题,使用--synctax-check

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

[iyunv@puppet ansible]#   ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=False" -k --syntax-check

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

ERROR: Syntax Error while loading YAML script, delete_vars.yml

Note: The error may actually appear before this position: line 2, column 11

---

- hosts: {{host}}

          ^

This one looks easy to fix.  YAML thought it was looking for the start of a

hash/dictionary and was confused to see a second "{".  Most likely this was

meant to be an ansible template evaluation instead, so we have to give the

parser a small hint that we wanted a string instead. The solution here is to

just quote the entire value.

For instance, if the original line was:

    app_path: {{ base_path }}/foo

It should be written as:

    app_path: "{{ base_path }}/foo"

We could be wrong, but this one looks like it might be an issue with

missing quotes.  Always quote template expression brackets when they

start a value. For instance:            

    with_items:

      - {{ foo }}

Should be written as:

    with_items:

      - "{{ foo }}"      

This one looks easy to fix.  YAML thought it was looking for the start of a

hash/dictionary and was confused to see a second "{".  Most likely this was

meant to be an ansible template evaluation instead, so we have to give the

parser a small hint that we wanted a string instead. The solution here is to

just quote the entire value.

For instance, if the original line was:

    app_path: {{ base_path }}/foo

It should be written as:

    app_path: "{{ base_path }}/foo"

可以看到有问题

解决方法是把var的变量前后添加""或者''

1

2

3

4

5

6

7

8

9

[iyunv@puppet ansible]# cat delete_vars.yml

---

- hosts: "{{host}}"

  remote_user: "{{user}}"

  gather_facts: "{{gather}}"

  tasks:

  - name: if system is centos,then rm /tmp/test-server-1

    shell: rm -rf /tmp/test-server-1

    when: ansible_os_family == "RedHat"

然后再检测一下

1

2

3

4

5

6

7

[iyunv@puppet ansible]#   ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=False" -k --syntax-check

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

playbook: delete_vars.yml

没有问题了,在运行一下

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

[iyunv@puppet ansible]#   ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=False" -k

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

SSH password:

PLAY [vpn] ********************************************************************

TASK: [if system is centos,then rm /tmp/test-server-1] ************************

fatal: [172.17.0.10] => error while evaluating conditional: ansible_os_family == "RedHat"

FATAL: all hosts have already failed -- aborting

PLAY RECAP ********************************************************************

           to retry, use: --limit @/root/delete_vars.retry

172.17.0.10             : ok=0    changed=0    unreachable=1    failed=0

无法运行,原因是我yml里制定了获取fact信息后,判断如果是redhat系列系统才删除,而我在运行的指定不收集fact,下面在指定收集fact

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

[iyunv@puppet ansible]#   ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=True" -k

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

SSH password:

PLAY [vpn] ********************************************************************

GATHERING FACTS ***************************************************************

ok: [172.17.0.10]

TASK: [if system is centos,then rm /tmp/test-server-1] ************************

changed: [172.17.0.10]

PLAY RECAP ********************************************************************

172.17.0.10             : ok=2    changed=1    unreachable=0    failed=0

可以看到运行成功了

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

[iyunv@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k

SSH password:

172.17.0.10 | success | rc=0 >>

total 92

-rw-r--r-- 1 root   root   41692 May 21 13:02 config

-rw-r--r-- 1 root   root    1228 Jun 12 18:24 install_pptpd_vpn.sh

-rwxr-xr-x 1 root   root       7 Jun 13 19:33 server

-rw-rw-r-- 1 test   test       7 Jun 14 17:07 server-test

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-2

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-3

-rw-r--r-- 1 root   root      82 Jun 12 18:21 test.log

-rw-r--r-- 1 root   root     290 Jun 12 18:21 test.sh

-rw-r--r-- 1 root   root    2444 Apr 28  2012 vpn_centos6.sh

-rw------- 1 root   root     727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx

-rw-rw-r-- 1 zabbix zabbix  4664 Jun 14 00:30 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix     5 Jun 14 00:30 zabbix_agentd.pid

文件删除了

13、tags

使用tag可以让playbook选择性的运行程序

查看一下客户端情况

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

[iyunv@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k

SSH password:

172.17.0.10 | success | rc=0 >>

total 92

-rw-r--r-- 1 root   root   41692 May 21 13:02 config

-rw-r--r-- 1 root   root    1228 Jun 12 18:24 install_pptpd_vpn.sh

-rwxr-xr-x 1 root   root       7 Jun 13 19:33 server

-rw-rw-r-- 1 test   test       7 Jun 14 17:07 server-test

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-2

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-3

-rw-r--r-- 1 root   root      82 Jun 12 18:21 test.log

-rw-r--r-- 1 root   root     290 Jun 12 18:21 test.sh

-rw-r--r-- 1 root   root    2444 Apr 28  2012 vpn_centos6.sh

-rw------- 1 root   root     727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx

-rw-rw-r-- 1 zabbix zabbix  4664 Jun 14 00:30 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix     5 Jun 14 00:30 zabbix_agentd.pid

带有tag的yml文件

1

2

3

4

5

6

7

8

9

10

11

12

13

14

[iyunv@puppet ansible]# cat delete_vars_tags.yml

---

- hosts: "{{host}}"

  remote_user: "{{user}}"

  gather_facts: "{{gather}}"

  tasks:

  - name: if system is centos,then rm /tmp/test-server-1

    shell: rm -rf /tmp/test-server-1

    when: ansible_os_family == "RedHat"

    tags: server-1

  - name: if system is centos,then rm /tmp/test-server-2

    shell: rm -rf /tmp/test-server-2

    when: ansible_os_family == "RedHat"

    tags: server-2

做一下错误检测

1

2

3

4

5

6

7

[iyunv@puppet ansible]#   ansible-playbook delete_vars_tags.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=True" --tags server-2 -k --syntax-check

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

playbook: delete_vars_tags.yml

没问题在运行

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

[iyunv@puppet ansible]#   ansible-playbook delete_vars_tags.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=True" --tags server-2 -k

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

SSH password:

PLAY [vpn] ********************************************************************

GATHERING FACTS ***************************************************************

ok: [172.17.0.10]

TASK: [if system is centos,then rm /tmp/test-server-2] ************************

changed: [172.17.0.10]

PLAY RECAP ********************************************************************

172.17.0.10             : ok=2    changed=1    unreachable=0    failed=0

查看一下客户端的文件情况

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

[iyunv@puppet ansible]#  ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k

SSH password:

172.17.0.10 | success | rc=0 >>

total 88

-rw-r--r-- 1 root   root   41692 May 21 13:02 config

-rw-r--r-- 1 root   root    1228 Jun 12 18:24 install_pptpd_vpn.sh

-rwxr-xr-x 1 root   root       7 Jun 13 19:33 server

-rw-rw-r-- 1 test   test       7 Jun 14 17:07 server-test

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-3

-rw-r--r-- 1 root   root      82 Jun 12 18:21 test.log

-rw-r--r-- 1 root   root     290 Jun 12 18:21 test.sh

-rw-r--r-- 1 root   root    2444 Apr 28  2012 vpn_centos6.sh

-rw------- 1 root   root     727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx

-rw-rw-r-- 1 zabbix zabbix  4664 Jun 14 00:30 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix     5 Jun 14 00:30 zabbix_agentd.pid

从上面测试可以看到,如果playbook使用了tag,并且在运行中指定tag,那么运行的时候仅允许此tag的信息

下面是测试运行时候不带tag的情况

先创建文件

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

[iyunv@puppet ansible]# cat copy.yml

---

- hosts: vpn

  remote_user: test

  tasks:

  - name: copy local server to client /tmp/server-test

    template: src=/tmp/server dest=/tmp/test-{{item}}

    with_items:

      - server-1

      - server-2

      - server-3

[iyunv@puppet ansible]#   ansible-playbook copy.yml --private-key=/root/denglei  -k

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

SSH password:

PLAY [vpn] ********************************************************************

GATHERING FACTS ***************************************************************

ok: [172.17.0.10]

TASK: [copy local server to client /tmp/server-test] **************************

changed: [172.17.0.10] => (item=server-1)

changed: [172.17.0.10] => (item=server-2)

ok: [172.17.0.10] => (item=server-3)

PLAY RECAP ********************************************************************

172.17.0.10             : ok=2    changed=1    unreachable=0    failed=0   

[iyunv@puppet ansible]#  ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k

SSH password:

172.17.0.10 | success | rc=0 >>

total 96

-rw-r--r-- 1 root   root   41692 May 21 13:02 config

-rw-r--r-- 1 root   root    1228 Jun 12 18:24 install_pptpd_vpn.sh

-rwxr-xr-x 1 root   root       7 Jun 13 19:33 server

-rw-rw-r-- 1 test   test       7 Jun 14 17:07 server-test

-rw-rw-r-- 1 test   test       7 Jun 19 19:02 test-server-1

-rw-rw-r-- 1 test   test       7 Jun 19 19:02 test-server-2

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-3

-rw-r--r-- 1 root   root      82 Jun 12 18:21 test.log

-rw-r--r-- 1 root   root     290 Jun 12 18:21 test.sh

-rw-r--r-- 1 root   root    2444 Apr 28  2012 vpn_centos6.sh

-rw------- 1 root   root     727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx

-rw-rw-r-- 1 zabbix zabbix  4664 Jun 14 00:30 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix     5 Jun 14 00:30 zabbix_agentd.pid

然后再不指定tag运行

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

[iyunv@puppet ansible]#   ansible-playbook delete_vars_tags.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=True"  -k

[WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (ie. yum update gmp).

SSH password:

PLAY [vpn] ********************************************************************

GATHERING FACTS ***************************************************************

ok: [172.17.0.10]

TASK: [if system is centos,then rm /tmp/test-server-1] ************************

changed: [172.17.0.10]

TASK: [if system is centos,then rm /tmp/test-server-2] ************************

changed: [172.17.0.10]

PLAY RECAP ********************************************************************

172.17.0.10             : ok=3    changed=2    unreachable=0    failed=0   

[iyunv@puppet ansible]#  ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k

SSH password:

172.17.0.10 | success | rc=0 >>

total 88

-rw-r--r-- 1 root   root   41692 May 21 13:02 config

-rw-r--r-- 1 root   root    1228 Jun 12 18:24 install_pptpd_vpn.sh

-rwxr-xr-x 1 root   root       7 Jun 13 19:33 server

-rw-rw-r-- 1 test   test       7 Jun 14 17:07 server-test

-rw-rw-r-- 1 test   test       7 Jun 18 00:50 test-server-3

-rw-r--r-- 1 root   root      82 Jun 12 18:21 test.log

-rw-r--r-- 1 root   root     290 Jun 12 18:21 test.sh

-rw-r--r-- 1 root   root    2444 Apr 28  2012 vpn_centos6.sh

-rw------- 1 root   root     727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx

-rw-rw-r-- 1 zabbix zabbix  4664 Jun 14 00:30 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix     5 Jun 14 00:30 zabbix_agentd.pid

可以看到如果不知道tag,那么运行的时候,会全部运行。

FAQ:

1、出现Error: ansible requires a json module, none found!

1

2

3

4

5

6

SSH password:

172.17.0.4 | FAILED >> {

    "failed": true,

    "msg": "Error: ansible requires a json module, none found!",

    "parsed": false

}

原因是python版本过低,要不升级python要不就安装python-simplejson,下面是官方的话

1

On the managed nodes, you only need Python 2.4 or later, but if you are running less than Python 2.5 on the remotes, you will also need:

安装完成后,在查看

1

2

3

4

5

SSH password:

172.17.0.4 | success >> {

    "changed": false,

    "ping": "pong"

}

2、默认ansible是使用key验证的,如果使用密码登陆的服务器,使用ansible的话,要不修改ansible.cfg配置文件的 ask_pass      = True给取消注释,要不就在运行命令时候加上-k,这个意思是-k, --ask-pass        ask for SSH password

3、如果客户端不在know_hosts里将会报错

1

2

3

paramiko: The authenticity of host '172.17.0.5' can't be established.

The ssh-rsa key fingerprint is 397c139fd4b0d763fcffaee346a4bf6b.

Are you sure you want to continue connecting (yes/no)?

如果想解决此问题,需要修改ansible.cfg的#host_key_checking = False取消注释

4、如果出现

1

2

3

[iyunv@puppet ansible]# ansible zabbix -m shell -a "echo $TERM" -u denglei --private-key=/root/denglei

172.17.0.2 | FAILED => FAILED: not a valid DSA private key file

172.17.0.4 | FAILED => FAILED: not a valid DSA private key file

需要你在最后添加参数-k

1

2

3

4

5

6

7

[iyunv@puppet ansible]# ansible zabbix -m shell -a "echo $TERM" -u denglei --private-key=/root/denglei -kSSH password: 172.17.0.2 | success | rc=0 >>xterm172.17.0.4 | success | rc=0 >>xterm
0

精彩评论

暂无评论...
验证码 换一张
取 消