Ansible安裝完成之后就自帶很多命令,其中較常用的有7個:
- ansible
- ansible-doc
- ansible-galaxy
- ansible-init
- ansible-playbook
- ansible-pull
- ansible-vault
ansible
ansible -h
Usage: ansible <host-pattern> [options]對本機執行一個命令:
ansible 127.0.0.1 -a "date"127.0.0.1 | SUCCESS | rc=0 >>
Fri Apr 6 18:45:01 CST 2018在遠程主機上執行命令;
ansible test -a "date"172.16.1.10 | UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '172.16.1.10' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,password).\r\n", "unreachable": true
}由上可知:在遠程主機上執行命令的時候沒有權限(密碼不知道),所以我們可以在上述命令的基礎上加上-k參數:
ansible test -a "date" -kSSH password:
172.16.1.10 | SUCCESS | rc=0 >>
Fri Apr 6 18:56:52 CST 2018ansible命令的常用參數;
-a MODULE_ARGS, --args=MODULE_ARGS module arguments 命令行參數
--ask-vault-pass ask for vault password
-B SECONDS, --background=SECONDS
-C, --check don't make any changes; instead, try to predict some
-D, --diff when changing (small) files and templates, show the
-e EXTRA_VARS, --extra-vars=EXTRA_VARS
-f FORKS, --forks=FORKS # 指定執行任務時并發數量
-i INVENTORY, --inventory=INVENTORY, --inventory-file=INVENTORY #指定庫存主機文件的路徑,默認為/etc/ansible/hosts
-l SUBSET, --limit=SUBSET
--list-hosts outputs a list of matching hosts; does not execute
-m MODULE_NAME, --module-name=MODULE_NAME module name to execute (default=command) # 執行模塊的名稱,默認使用command模塊
-M MODULE_PATH, --module-path=MODULE_PATH
-u REMOTE_USER, --user=REMOTE_USER # 執行用戶,使用這個遠程用戶而不是當前用戶
-U SUDO_USER, --sudo-user=SUDO_USER # sudo到哪個用戶,默認為root
-k, --ask-pass ask for connection password # 登陸密碼,提示輸入ssh密碼
-K, --ask-become-pass # 提示密碼使用sudo -s --sudo sudo運行
--new-vault-id=NEW_VAULT_ID the new vault identity to use for rekey
--new-vault-password-file=NEW_VAULT_PASSWORD_FILES new vault password file for rekey
-o, --one-line condense output
-P POLL_INTERVAL, --poll=POLL_INTERVAL set the poll interval if using -B (default=15)
--syntax-check perform a syntax check on the playbook, but do not execute it
-t TREE, --tree=TREE log output to this directory
--vault-id=VAULT_IDS the vault identity to use
--vault-password-file=VAULT_PASSWORD_FILES vault password file
-v, --verbose verbose mode (-vvv for more, -vvvv to enable connection debugging)
--version show program's version number and exit
--private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE
-c CONNECTION, --connection=CONNECTION
-T TIMEOUT, --timeout=TIMEOUT
--ssh-common-args=SSH_COMMON_ARGS
--sftp-extra-args=SFTP_EXTRA_ARGS
--scp-extra-args=SCP_EXTRA_ARGS
--ssh-extra-args=SSH_EXTRA_ARGS
-s, --sudo run operations with sudo (nopasswd) (deprecated, use become)
-S, --su run operations with su (deprecated, use become)
-R SU_USER, --su-user=SU_USER
-b, --become run operations with become (does not imply password prompting)
--become-method=BECOME_METHOD privilege escalation method to use (default=sudo), valid choices: [ sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas | pmrun ]
--become-user=BECOME_USER run operations as this user (default=root)
--ask-sudo-pass ask for sudo password (deprecated, use become)
--ask-su-pass ask for su password (deprecated, use become)ansible-doc
ansible-doc -h
Usage: ansible-doc [-l|-s] [options] [-t <plugin type] [plugin]plugin documentation toolOptions:
-a, --all **For internal testing only** Show documentation forall plugins.
-h, --help show this help message and exit
-l, --list List available plugins
-M MODULE_PATH, --module-path=MODULE_PATHprepend colon-separated path(s) to module library(default=[u'/root/.ansible/plugins/modules',u'/usr/share/ansible/plugins/modules'])
-s, --snippet Show playbook snippet for specified plugin(s)
-t TYPE, --type=TYPE Choose which plugin type (defaults to "module")
-v, --verbose verbose mode (-vvv for more, -vvvv to enableconnection debugging)
--version show program's version number and exitSee man pages for Ansible CLI options or website for tutorials
https://docs.ansible.comansible-doc 相當于一個幫助文檔,結合-s參數
ansible-doc -s file- name: Sets attributes of files
file:attributes: # Attributes the file or directory should have. To get supported flags look at the man page for `chattr' on thetarget system. This string should contain the attributes in the same order as theone displayed by `lsattr'.follow: # This flag indicates that filesystem links, if they exist, should be followed.force: # force the creation of the symlinks in two cases: the source file does not exist (but will appear later); thedestination exists and is a file (so, we need to unlink the "path" file and createsymlink to the "src" file in place of it).group: # Name of the group that should own the file/directory, as would be fed to `chown'.mode: # Mode the file or directory should be. For those used to `/usr/bin/chmod' remember that modes are actually octalnumbers (like 0644). Leaving off the leading zero will likely have unexpectedresults. As of version 1.8, the mode may be specified as a symbolic mode (forexample, `u+rwx' or `u=rw,g=r,o=r').owner: # Name of the user that should own the file/directory, as would be fed to `chown'.path: # (required) path to the file being managed. Aliases: `dest', `name'recurse: # recursively set the specified file attributes (applies only to state=directory)selevel: # Level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the `range'. `_default'feature works as for `seuser'.serole: # Role part of SELinux file context, `_default' feature works as for `seuser'.setype: # Type part of SELinux file context, `_default' feature works as for `seuser'.seuser: # User part of SELinux file context. Will default to system policy, if applicable. If set to `_default', it will usethe `user' portion of the policy if available.src: # path of the file to link to (applies only to `state=link'). Will accept absolute, relative and nonexisting paths.Relative paths are not expanded.state: # If `directory', all immediate subdirectories will be created if they do not exist, since 1.7 they will be createdwith the supplied permissions. If `file', the file will NOT be created if it doesnot exist, see the [copy] or [template] module if you want that behavior. If`link', the symbolic link will be created or changed. Use `hard' for hardlinks. If`absent', directories will be recursively deleted, and files or symlinks will beunlinked. Note that `absent' will not cause `file' to fail if the `path' does notexist as the state did not change. If `touch' (new in 1.4), an empty file will becreated if the `path' does not exist, while an existing file or directory willreceive updated file access and modification times (similar to the way `touch`works from the command line).unsafe_writes: # Normally this module uses atomic operations to prevent data corruption or inconsistent reads from the targetfiles, sometimes systems are configured or just broken in ways that prevent this.One example are docker mounted files, they cannot be updated atomically and canonly be done in an unsafe manner. This boolean option allows ansible to fall backto unsafe methods of updating files for those cases in which you do not have anyother choice. Be aware that this is subject to race conditions and can lead to datacorruption.ansible新版已經添加了操作docker的相關模塊:
ansible-doc -l |grep dockerdocker manage docker containers
docker_container manage docker containers
docker_image Manage docker images.
docker_image_facts Inspect docker images
docker_login Log into a Docker registry.
docker_network Manage Docker networks
docker_secret Manage docker secrets.
docker_service Manage docker services and containers.
docker_volume Manage Docker volumes ansible-galaxy
從官網下載其他第三方模塊和插件。
ansible-galaxy install username.rolenameansible-init
ansible-init是對Ansible的playbook進行語法檢查的一個工具。
ansible-playbook
該命令時使用最多的命令,其通過讀取playbook文件后,執行相應的動作。
ansible-pull
ansible的另一種模式-- pull模式。跟平常使用的push模式剛好相反,適用于以下場景;
- 操作巨大數量的主機,即使使用非常高的線程還是需要很長時間;
- 在沒有網絡連接的主機上運行Ansible時;
ansible-vault
ansible-vault主要應用于配置文件中含有敏感信息的時候,不希望別人看到,這時使用這個命令可以將某些配置文件加密,屬于高級用法。主要對于playbook里涉及到配置密碼或者其他敏感信息時,可以使用該命令加密。在使用類似cat等查看命令查看加密后的配置文件時,需要輸入密碼才可以查看。這種playbook執行時,需要加上--ask-vault-pass參數,同樣需要輸入密碼之后才能執行。
 解析)
