ansible基础及常见知识点
1、 ansible普通用户执行sudo命令
# ansible -i hosts test01 -a 'ls /root' -u 'yukw' -b
test01 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"module_stderr": "Shared connection to 10.0.8.80 closed.\r\n",
"module_stdout": "sudo: 需要密码\r\n",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
[ root @ cs-ansible 10.0.8.252 ] /data/services/ansible-test
# ansible -i hosts test01 -a 'ls /root' -u 'yukw' -b -K
BECOME password:
test01 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"module_stderr": "Shared connection to 10.0.8.80 closed.\r\n",
"module_stdout": "\r\nyukw 不在 sudoers 文件中。此事将被报告。\r\n",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
[ root @ cs-ansible 10.0.8.252 ] /data/services/ansible-test
# ansible -i hosts test01 -a 'ls /root' -u 'yukw' -b -K
BECOME password:
test01 | CHANGED | rc=0 >>
aa.txt
[ root @ cs-ansible 10.0.8.252 ] /data/services/ansible-test
# ansible -i hosts test01 -a 'ls /root' -u 'yukw' -b -K
BECOME password:
test01 | CHANGED | rc=0 >>
nohup.out
set.sh
# ansible -i hosts test01 -a 'ls /tmp' -u 'yukw' -k
SSH password:
test01 | CHANGED | rc=0 >>
ansible_command_payload_sTef9T
hsperfdata_yfbkf
positions.yaml
systemd-private-8646b95de5734ab59354856a7f4b51e4-ntpd.service-TZubA0
ww.txt
1、普通用户必须加入到sudoers文件中
参数详解:
-u:指定用户
-b:sudo到特定用户执行,默认是root,在ansible.cfg配置文件中 #sudo_user = root 决定
-K:用户密码,如果已经在sudoers文件中设置了免密(NOPASSWD),则可以去掉
-k:通过账号密码的方式认证
2、ansible开启tomcat服务
## 注意事项
1、在远端机器上添加环境变量(强烈要求以后都将java/nginx/mvn等环境变量写入~/.bashrc ,然后source一下~/.bash_profile)
$ vim ~/.bashrc
export JAVA_HOME=/usr/java/jdk1.8.0_101
export PATH=/usr/java/jdk1.8.0_101/bin:/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/.local/bin:/root/bin
export CLASSPATH=.:/usr/java/jdk1.8.0_101/lib/dt.jar:/usr/java/jdk1.8.0_101/lib/tools.jar
$ source ~/.bash_profile
通过ansible批量添加命令
$ ansible -i hosts Zhanjian_Cms_Publish -m blockinfile -a 'path=~/.bashrc block="export JAVA_HOME=/usr/java/jdk1.8.0_101\nexport PATH=/usr/java/jdk1.8.0_101/bin:/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/.local/bin:/root/bin\nexport CLASSPATH=.:/usr/java/jdk1.8.0_101/lib/dt.jar:/usr/java/jdk1.8.0_101/lib/tools.jar" create=yes'
$ ansible -i hosts Zhanjian_Cms_Publish -m shell -a 'source ~/.bash_profile'
2、ansible远程调用startup.sh启动tomcat,启动不生效。
解决方法:
ansible调用shell脚本启动tomcat需要加上nohup…&
- name: start the tomcat
shell:
cmd: "nohup {{ tomcat_publish_dir}}/bin/startup.sh &"
register: start_tomcat_ret3、ansible的Host-pattern
4、ansible的yml文件加解密
[root@cs-ansible ansible-test]# cat mail.yml
---
- hosts: docker
gather_facts: no
roles:
- role: test
[root@cs-ansible ansible-test]# ansible-vault encrypt mail.yml
New Vault password:
Confirm New Vault password:
Encryption successful
[root@cs-ansible ansible-test]# cat mail.yml
$ANSIBLE_VAULT;1.1;AES256
33303637653132333762393935303863326266323665373233316434613162653535633230346266
6338393266333131373738333566326133623731373939300a376361316165323630636634663935
61383661363739323838363433303639613932333739653963363266383862336561373962353862
6436306535663864610a353535633765383534643237643834323737346435373330346433646332
62303161396535333030363662663866643066373039343866343731373638643162366433356634
38653437623363333737643063616564313665656437663866396634386135626666343430356335
63363335366134313837663336613536376663393333663733373663366238326139643564353330
32363635626162343464
[root@cs-ansible ansible-test]# ansible-vault decrypt mail.yml
Vault password:
Decryption successful
[root@cs-ansible ansible-test]# cat mail.yml
---
- hosts: docker
gather_facts: no
roles:
- role: test
5、一个task触发过个handler
6、过滤变量
[root@cs-ansible ansible-test]# ansible -i hosts docker -m setup -a 'filter=ansible_fqdn'
cs-docker01 | SUCCESS => {
"ansible_facts": {
"ansible_fqdn": "docker-work01",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
[root@cs-ansible ansible-test]# ansible -i hosts docker -m setup -a 'filter=*address*'7、hosts中定义变量
一个是针对组里面的单个主机,一个是针对组里面的所有主机
8、jinja2模板语法for循环
第一种
[root@cs-ansible ansible-test]# cat 2.yml
---
- hosts: docker
remote_user: root
vars:
ports:
- 81
- 82
- 83
tasks:
- name: template config
template:
src: nginx.conf.j2
dest: /tmp/nginx.conf
[root@cs-ansible ansible-test]# cat nginx.conf.j2
{% for port in ports %}
listen: {{ port }}
{% endfor %}
[root@cs-ansible ansible-test]# ansible-playbook -i hosts 2.yml
PLAY [docker] *******************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************
ok: [cs-docker01]
TASK [template config] **********************************************************************************************************
changed: [cs-docker01]
PLAY RECAP **********************************************************************************************************************
cs-docker01 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@cs-ansible ansible-test]# ansible -i hosts docker -a 'ls /tmp'
cs-docker01 | CHANGED | rc=0 >>
aa.txt
ansible_command_payload_BO8SKv
hsperfdata_root
nginx.conf
plugin860345368
rsync_fail_log.sh
systemd-private-ef8225ccd8de408ebfab34e1da5e0451-ntpd.service-fS8U7Z
test.conf
yukw
[root@cs-ansible ansible-test]# ansible -i hosts docker -a 'cat /tmp/nginx.conf'
cs-docker01 | CHANGED | rc=0 >>
listen: 81
listen: 82
listen: 83
第二种
[root@cs-ansible ansible-test]# cat 3.yml
---
- hosts: docker
remote_user: root
vars:
ports:
- web1:
port: 81
name: web1.kk.com
rootdir: /data/website1
- web2:
port: 82
name: web2.kk.com
rootdir: /data/website2
- web3:
port: 83
name: web3.kk.com
rootdir: /data/website3
tasks:
- name: template config
template:
src: for3.conf.j2
dest: /tmp/for3.conf
[root@cs-ansible ansible-test]# cat for3.conf.j2
{% for p in ports %}
listen: {{ p.port }}
servername: {{ p.name }}
documentroot: {{ p.rootdir }}
{% endfor %}
[root@cs-ansible ansible-test]# ansible-playbook -i hosts -C 3.yml
PLAY [docker] *******************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************
ok: [cs-docker01]
TASK [template config] **********************************************************************************************************
changed: [cs-docker01]
PLAY RECAP **********************************************************************************************************************
cs-docker01 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@cs-ansible ansible-test]# ansible-playbook -i hosts 3.yml
PLAY [docker] *******************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************
ok: [cs-docker01]
TASK [template config] **********************************************************************************************************
changed: [cs-docker01]
PLAY RECAP **********************************************************************************************************************
cs-docker01 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@cs-ansible ansible-test]# ansible -i hosts docker -a 'ls /tmp'
cs-docker01 | CHANGED | rc=0 >>
aa.txt
ansible_command_payload_21sDcT
for3.conf
hsperfdata_root
nginx.conf
plugin860345368
rsync_fail_log.sh
systemd-private-ef8225ccd8de408ebfab34e1da5e0451-ntpd.service-fS8U7Z
test.conf
yukw
[root@cs-ansible ansible-test]# ansible -i hosts docker -a 'cat /tmp/for3.conf'
cs-docker01 | CHANGED | rc=0 >>
listen: 81
servername: web1.kk.com
documentroot: /data/website1
listen: 82
servername: web2.kk.com
documentroot: /data/website2
listen: 83
servername: web3.kk.com
documentroot: /data/website3
第三种(for+if)
[root@cs-ansible ansible-test]# cat 4.yml
---
- hosts: docker
remote_user: root
vars:
ports:
- web1:
port: 81
#name: web1.kk.com
rootdir: /data/website1
- web2:
port: 82
name: web2.kk.com
rootdir: /data/website2
- web3:
port: 83
#name: web3.kk.com
rootdir: /data/website3
tasks:
- name: template config
template:
src: for4.conf.j2
dest: /tmp/for4.conf
[root@cs-ansible ansible-test]# cat for4.conf.j2
{% for p in ports %}
listen: {{ p.port }}
{% if p.name is defined %}
servername: {{ p.name }}
{% endif %}
documentroot: {{ p.rootdir }}
{% endfor %}
[root@cs-ansible ansible-test]# ansible-playbook -i hosts -C 4.yml
PLAY [docker] *******************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************
ok: [cs-docker01]
TASK [template config] **********************************************************************************************************
changed: [cs-docker01]
PLAY RECAP **********************************************************************************************************************
cs-docker01 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@cs-ansible ansible-test]# ansible-playbook -i hosts 4.yml
PLAY [docker] *******************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************
ok: [cs-docker01]
TASK [template config] **********************************************************************************************************
changed: [cs-docker01]
PLAY RECAP **********************************************************************************************************************
cs-docker01 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@cs-ansible ansible-test]# ansible -i hosts docker -a 'ls /tmp'
cs-docker01 | CHANGED | rc=0 >>
aa.txt
ansible_command_payload_iYjF7U
for3.conf
for4.conf
hsperfdata_root
nginx.conf
plugin860345368
rsync_fail_log.sh
systemd-private-ef8225ccd8de408ebfab34e1da5e0451-ntpd.service-fS8U7Z
test.conf
yukw
[root@cs-ansible ansible-test]# ansible -i hosts docker -a 'ls /tmp/for4.conf'
cs-docker01 | CHANGED | rc=0 >>
/tmp/for4.conf
[root@cs-ansible ansible-test]# ansible -i hosts docker -a 'cat /tmp/for4.conf'
cs-docker01 | CHANGED | rc=0 >>
listen: 81
documentroot: /data/website1
listen: 82
servername: web2.kk.com
documentroot: /data/website2
listen: 83
documentroot: /data/website3