Configuration method of ansible list file, configuration of configuration file, usage of temporary command
1. Build ansible list
1. List of definitions
Inventories define a batch of hosts that Ansible will manage. These hosts can also be assigned into groups for centralized management. Groups can contain subgroups, and hosts can be members of multiple groups. A manifest can also set variables that apply to the hosts and groups it defines.
There are two ways to define a list:
- Static Host List: Text File Definitions
- Dynamic Host Inventory: Generated by script or other program as needed using an external information provider
2. Use a static list to specify managed hosts
Each section begins with the host group name enclosed in square brackets. This is followed by the hostname or IP address of each managed host in the group, one per line.
[root@localhost ~]# vim /etc/ansible/hosts
## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
# If you have multiple hosts following a pattern you can specify
# them like this:
## www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
3. Verification checklist
[root@localhost ~]# vim /etc/ansible/hosts
green.example.com
blue.example.com
192.168.100.1
192.168.100.10 //取消此四行的注释
//验证green主机是否存在于清单
[root@localhost ~]# ansible green.example.com --list-hosts
hosts (1):
green.example.com
//列出清单中的所有主机
[root@localhost ~]# ansible all --list-hosts
hosts (4):
green.example.com
blue.example.com
192.168.100.1
192.168.100.10
[root@localhost ~]# vim /etc/ansible/hosts
[webservers]
alpha.example.org
beta.example.org
192.168.1.100
192.168.1.110 //取消此主机组的注释
//列出指定主机组
[root@localhost ~]# ansible webservers --list-hosts
hosts (4):
alpha.example.org
beta.example.org
192.168.1.100
192.168.1.110
If the inventory contains hosts and hostgroups with the same name, the ansible command will display a warning and target the host. Host groups are ignored.
[root@localhost ~]# vim /etc/ansible/hosts
[webservers]
webservers //添加一个和主机组相同名称的主机
alpha.example.org
beta.example.org
192.168.1.100
192.168.1.110
//会列出主机并警告
[root@localhost ~]# ansible webservers --list-hosts
[WARNING]: Found both group and host with same name: webservers
hosts (1):
webservers
4. Override the location of the manifest file
The /etc/ansible/hosts file is considered the default static inventory file for the system. However, it is common practice not to use this file, but to define a different location for the inventory file in the Ansible configuration file.
//修改默认清单文件位置
[root@localhost ~]# cd /etc/ansible/
[root@localhost ansible]# touch inventory
[root@localhost ansible]# vim ansible.cfg
inventory = /etc/ansible/inventory //取消注释并修改指定位置
5. Build checklist
//写入内容
[root@localhost ansible]# vim inventory
192.168.183.137
[webservers]
192.168.183.135
192.168.183.136
//列出默认清单文件中的所有受管主机
[root@localhost ansible]# ansible all --list-hosts
hosts (3):
192.168.183.137
192.168.183.135
192.168.183.136
//列出不属于任何主机组的受管主机
[root@localhost ansible]# ansible ungrouped --list-hosts
hosts (1):
192.168.183.137
//列出属于某组的受管主机
[root@localhost ansible]# ansible webservers --list-hosts
hosts (2):
192.168.183.135
192.168.183.136
Two, ansible configuration file
Some common parameters in Ansible configuration files
[root@localhost ~]# vim /etc/ansible/ansible.cfg
······
[defaults]
# some basic default values...
inventory = /etc/ansible/inventory
#library = /usr/share/my_modules/
#module_utils = /usr/share/my_module_utils/
#remote_tmp = ~/.ansible/tmp
#local_tmp = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks = 5
#poll_interval = 15
#sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
#transport = smart
#remote_port = 22
#module_lang = C
#module_set_locale = False
······
| parameter | effect |
|---|---|
| inventory | Defines Ansible's default host configuration file, which defaults to /etc/ansible/hosts |
| library | Defines the location of Ansible's default search module, which defaults to the /etc/ansible/my_modules/ directory |
| remote_tmp | Ansible remote execution temporary files are defined |
| pattern | The host that Ansible communicates with is defined, and the parameter defaults to *, which means communicating with all hosts |
| forks | Defines the number of parallel processes for Ansible, the default is 5 |
| poll_interval | Defines the polling frequency or polling interval |
| sudo_user | Defines the sudo remote execution username |
| ask_sudo_pass | Defines whether a password is required to use sudo |
| ask_pass | Defines whether a password is required |
| transport | Defines the communication mechanism of Ansible |
| remote_port | Defines the communication port of Ansible, the default is 22 |
| module_lang | Defines the language for communication between Ansible modules and systems |
| gathering | Control the collection of facts information |
| roles_path | Used to search roles in Ansible |
| host_key_checking | for checking the host key |
| sudo_exe | Used to specify sudo to execute commands remotely |
| sudo_flags | Used to pass parameters other than sudo |
| timeout | Used to set the SSH timeout |
| remote_user | Used to set the remote login username |
| log_path | Used to specify the Ansible log file, by default /var/log/ansible.log |
| module_name | Used to specify the execution module of Ansible by default, the default is command |
| executable | Used to specify the shell environment for Ansible execution |
| hash_behavior | Used to specify specific priority override variables |
| jinjia2_extensions | Set to allow the jinjia2 extension module to be enabled |
| private_key_file | Used to specify the storage location of the private key file |
| display_skipped_hosts | Used to display the status of any skipped tasks |
| system_warnings | Used to disable the system from displaying ansible potential problem warnings |
| deprecation_warnings | Playbook output disables "deprecated" warnings |
| command_warnings | The command module Ansible issues warnings by default |
| pipelining | Used to enable pipe SSH channel optimization |
3. Usage of interim orders
One of the simplest temporary commands uses the ping module. This module does not perform an ICMP ping , but instead checks whether a Python-based module can be run on the managed host. For example, the following temporary command determines whether all managed hosts in the inventory can run standard modules:
[root@localhost ~]# vim /etc/ansible/inventory
web1 ansible_user=root ansible_password=runtime
[root@localhost ~]# vim /etc/hosts
192.168.183.140 web1
[root@localhost ~]# ssh web1
[root@localhost ~]# ansible web1 -m ping
web1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
Ansible common modules
| Module category | module |
|---|---|
| file module | copy: Copies a local file to a managed host file: Sets the permissions and other attributes of a file lineinfile: Ensures whether a specific line is in a file or not synchronize: Synchronizes content using rsync |
| package module | package:使用操作系统本机的自动检测软件包管理器管理软件包 yum:使用yum管理软件包 apt:使用APT管理软件包 dnf:使用dnf管理软件包 gem:管理Ruby gem pip:从PyPI管理Python软件包 |
| 系统模块 | firewalld:使用firewalld管理防火墙 reboot:重启计算机 service:管理服务 user:添加、删除和管理用户帐户 |
| Net Tools模块 | get_url:通过HTTP、HTTPS或FTP下载文件 nmcli:管理网络 uri:与Web服务交互 |
临时命令使用user模块来确保runtime用户存在于web1上并且其UID为4000:
[root@localhost ~]# ansible web1 -m user -a 'name=runtime uid=4000 state=present'
web1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 4000,
"home": "/home/runtime",
"name": "runtime",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 4000
}
[root@localhost ~]# ansible all -a 'id runtime'
web1 | CHANGED | rc=0 >>
uid=4000(runtime) gid=4000(runtime) groups=4000(runtime)