(1). 怎么為任務設置環(huán)境變量爱只?
- name: set environment
shell: echo $PATH $SOME >> /tmp/a.txt
environment:
PATH: "{{ ansible_env.PATH }}:/thingy/bin"
SOME: value
(2). 不同的用戶登錄不同的主機民镜?
在主機清單里設置
[webservers`]
asdf.example.com ansible_port=5000 ansible_user=alice ansible_pass=123456
jkl.example.com ansible_port=5001 ansible_user=bob ansible_pass=654321
也可以指定連接類型
[testcluster]
localhost ansible_connection=local
/path/to/chroot1 ansible_connection=chroot
foo.example.com
bar.example.com
(3). 通過跳轉主機訪問無法訪問的主機
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q user@gateway.example.com"'
ansible_ssh_common_args: '-o ProxyCommand="sshpass -f /etc/tpasswd ssh xx@10.10.10.1 -p 66677 nc %h %p"'
(4). 關閉cowsay功能
export ANSIBLE_NOCOWS=1
(5). 關閉ssh在首次連接時出現(xiàn)檢查keys 的提示
export ANSIBLE_HOST_KEY_CHECKING=False
(6). 查看主機名的所有清單變量嫁佳?
ansible -m debug -a "var=hostvars['hostname']" localhost
(7). 通過拼接字符串乾蛤,來獲取接口ip地址
{{ hostvars[inventory_hostname]['ansible_' + which_interface]['ipv4']['address'] }}
(8). 獲取組中第一個主機的ip地址
{{ hostvars[groups['webservers'][0]]['ansible_eth0']['ipv4']['address'] }}
(9). 在任務中設置變量
- set_fact: headnode={{ groups[['webservers'][0]] }}
- debug: msg={{ headnode}}
(10). 如何獲取shell變量砸西?
vars:
local_home: "{{ lookup('env','HOME') }}"
tasks:
- debug: var=local_home
在ansible1.4版本以上力喷,可以使用以下方式獲取
- debug: var=ansible_env.HOME
(11). 在模板中如何遍歷某一組內的所有主機?
{% for host in groups['db_servers'] %}
{{ host }}
{% endfor %}
獲取ip地址
{% for host in groups['db_servers'] %}
{{ hostvars[host]['ansible_eth0']['ipv4']['address'] }}
{% endfor %}
(12). 加密hosts主機清單文件
有時候我們主機清單里面會有些密碼信息眷昆,但是不想讓別人看到蜒秤。這種情況可以用ansible-vault來達到此目的。
[root@node1 ansible]# cat db_hosts
localhost ansible_connection=local
[root@node1 ansible]# ansible-vault encrypt db_hosts
New Vault password:
Confirm New Vault password:
Encryption successful
[root@node1 ansible]# ansible -i db_hosts localhost -m ping
ERROR! Decryption failed
Decryption failed
[root@node1 ansible]# ansible -i db_hosts --ask-vault-pass localhost -m ping
Vault password:
localhost | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@node1 ansible]# cat db_hosts
$ANSIBLE_VAULT;1.1;AES256
61663966666265363465653064386666326234353433346163633838366532366236313032303636
6437313333333936396164663031633566613233343161650a333163333732616130343762636135
30303864663138643661393234336433313465623830333832663165393964353961323261373130
3135626236626435640a396338616563646532623966333337366365636665663563666432333539
61663632633130623733316232353836663366623136636432616332376266383263356264303765
6133616235363066356164653232326139643862653464623037
(13). service 模塊啟動服務沒效果隙赁?
首先檢查下service httpd status的信息垦藏,是不是有
httpd is stopped
這種字符梆暖,沒有的話伞访,在服務啟動腳本里,在case語句里添加以下方法
status)
status -p ${pidfile} $httpd
RETVAL=$?
;;
# bash變量
# httpd=${HTTPD-/usr/sbin/httpd}
# pidfile=${PIDFILE-/var/run/httpd/httpd.pid}
從而達到service http status有stopped的字樣轰驳。
(14). 遞歸目錄中的模版文件
- name: Copying the templated jinja2 files
template: src={{item}} dest={{RUN_TIME}}/{{ item | regex_replace(role_path+'/templates','') | regex_replace('\.j2', '') }}
with_items: "{{ lookup('pipe','find {{role_path}}/templates -type f').split('\n') }}"
(15). 目標主機的python為2.7版本厚掷,且需要使用yum模塊
需要增加下列變量,指定python版本為2.6
- hosts: servers
vars:
- ansible_python_interpreter: /usr/bin/python2.6.6
(16). 遠程遍歷拷貝文件
- name : get files in /path/
shell : ls /path/*
register: path_files
- name: fetch these back to the local Ansible host for backup purposes
fetch:
src : /path/"{{item}}"
dest: /path/to/backups/
with_items: "{{ path_files.stdout_lines }}"
(17). 獲取主機清單中組的ip地址
- shell: "ping -c 1 {{item}} | grep icmp_seq | gawk -F'[()]' '{print $2}'"
with_inventory_hostnames: test2
register: testip
- debug: "msg={{ item.stdout }}"
with_items: "{{ testip.results }}"
(18). 保留ansbile遠程執(zhí)行的模塊文件级解,并調試模塊
添加ANSIBLE_KEEP_REMOTE_FILES=1
環(huán)境變量
`$ ANSIBLE_KEEP_REMOTE_FILES=1 ansible localhost -m ping -a 'data=debugging_session' -vvv`
sing module file /usr/lib/python2.6/site-packages/ansible/modules/core/system/ping.py
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1489477306.61-275734926719932 `" && echo ansible-tmp-1489477306.61-275734926719932="` echo ~/.ansible/tmp/ansible-tmp-1489477306.61-275734926719932 `" ) && sleep 0'
<localhost> PUT /tmp/tmpv4EenK TO /root/.ansible/tmp/ansible-tmp-1489477306.61-275734926719932/ping.py
<localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1489477306.61-275734926719932/ /root/.ansible/tmp/ansible-tmp-1489477306.61-275734926719932/ping.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1489477306.61-275734926719932/ping.py && sleep 0'
localhost | SUCCESS => {
"changed": false,
"invocation": {
"module_args": {
"data": "debugging_session"
},
"module_name": "ping"
},
"ping": "debugging_session"
}
模塊文件是由base64編碼的字符串文件冒黑,可使用explode將字符串轉換成可執(zhí)行的python文件
$ python /root/.ansible/tmp/ansible-tmp-1489477306.61-275734926719932/ping.py explode
Module expanded into:
/root/.ansible/tmp/ansible-tmp-1489477306.61-275734926719932/debug_dir
$ tree /root/.ansible/tmp/ansible-tmp-1489477306.61-275734926719932/debug_dir/
/root/.ansible/tmp/ansible-tmp-1489477306.61-275734926719932/debug_dir/
├── ansible
│ ├── __init__.py
│ └── module_utils
│ ├── basic.py
│ ├── __init__.py
│ ├── pycompat24.py
│ ├── six.py
│ └── _text.py
├── ansible_module_ping.py
└── args
ansible_module_ping.py
是模塊本身的代碼。
args
文件包含一個JSON字符串勤哗。 該字符串是一個包含模塊參數(shù)和其他變量的字典抡爹。
ansible
目錄包含由ansible_module_ping模塊使用的ansible.module_utils的代碼文件。
如果修改了debug_dir
文件中的代碼之后芒划,需要使用execute執(zhí)行代碼
$ python /root/.ansible/tmp/ansible-tmp-1489477306.61-275734926719932/ping.py execute
{"invocation": {"module_args": {"data": "debugging_session"}}, "changed": false, "ping": "debugging_session"}
(19). 提升權限
Ansible ad-hoc命令
ansible -i hosts node1 -m shell -a "whoami" --become --become-method=su --become-user=root --ask-su-pass
SU password:
192.168.77.130 | SUCCESS | rc=0 >>
root
Ansible-playbook命令
cat test.yml
---
- hosts: node1
gather_facts: no
tasks:
- name: I'm become to root.
shell: whoami
register: w
become: true
become_user: "root"
become_method: "su"
- debug: var=w.stdout
[root@base ~]# ansible-playbook -i hosts test.yml --ask-su-pass
SUDO password:
PLAY [node1] ****************************************************************************************************************************************
TASK [I'm become to root.] **************************************************************************************************************************
changed: [192.168.77.130]
TASK [debug] ****************************************************************************************************************************************
ok: [192.168.77.130] => {
"w.stdout": "root"
}
PLAY RECAP ******************************************************************************************************************************************
192.168.77.130 : ok=2 changed=1 unreachable=0 failed=0
如果不想在執(zhí)行過程中輸入提升用戶的密碼冬竟,可以在hosts文件中配置ansible_become_pass變量設置密碼欧穴。
# cat hosts
[node1]
192.168.77.130 ansible_ssh_user=test ansible_ssh_pass=123456 ansible_become_pass=123456
參數(shù)解釋
- become 開啟提升權限
- become-method 提升權限的方式,有sudo泵殴,su涮帘,runas等。
- become-user 提升權限的用戶
- ansible_become_pass 提升權限的用戶密碼
- ask-su-pass 告訴程序提升權限的用戶密碼
(20). 變量嵌套
在動態(tài)取變量的時候笑诅,我們第一時間就會寫出"{{ t_var[{{ n }}] }}"
的引用命令调缨,但這類引用在jinja2的語法中是錯誤的,可以使用下列方式解決此引用問題吆你。
- hosts: localhost
gather_facts: no
vars:
- t_var: ['1','2']
- n: "1"
tasks:
- shell: "echo {% if n %} {% set number = n | int %} {{ t_var[number]}} {% endif %}"
ansible-playbook test.yml -vv
Using /etc/ansible/ansible.cfg as config file
[WARNING]: provided hosts list is empty, only localhost is available
PLAYBOOK: test.yml ***************************************************************************************************************
1 plays in test.yml
PLAY [localhost] *****************************************************************************************************************
META: ran handlers
TASK [command] *******************************************************************************************************************
task path: /etc/ansible/test.yml:10
changed: [localhost] => {"changed": true, "cmd": "echo 2 ", "delta": "0:00:00.012834", "end": "2017-09-12 10:40:44.959595", "rc": 0, "start": "2017-09-12 10:40:44.946761", "stderr": "", "stderr_lines": [], "stdout": "2", "stdout_lines": ["2"]}
META: ran handlers
META: ran handlers
PLAY RECAP ***********************************************************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0
(21). 環(huán)境變量找不到的問題
我們在ansible直接執(zhí)行命令弦叶,不帶有絕對路徑,就會報出找不到命令的提示信息:
ansible node2 -m shell -a "openresty -v"
192.168.77.130 | FAILED | rc=127 >>
/bin/sh: openresty: 未找到命令
此時我們應該使用下列命令避免早处。
ansible node2 -m shell -a "source /etc/profile; openresty -v"
192.168.77.130 | SUCCESS | rc=0 >>
nginx version: openresty/1.11.2.3
ansible 的ssh登陸屬于交互式的非登陸shell
詳細說明請移步到 ssh連接遠程主機執(zhí)行腳本的環(huán)境變量問題
(22). 獲取redis的info信息
- hosts: localhost
gather_facts: false
tasks:
- name: "query redis info"
expect:
command: "telnet 127.0.0.1 6379"
responses:
"Escape":
- "auth test\ninfo\nquit\n"
ignore_errors: true
register: result
- name: "show the variable"
debug:
var: result
更多文章請看 Ansible 專題文章總覽