Ansible mode

A, Ansible command

1, there are two ways Ansible command: Ad-Hoc, Ansible-playbooks, essentially no difference between these two methods, the Ad-Hoc for temporarily Run; Ansible-playbooks be understood as a collection of Ad-Hoc by certain rules stitched together, is the script.

2, Ansible communication mechanism is ssh, secret and secret key authentication, configuration keys in general are verified. Keys configured to use ssh-keygen.

3, use the command format:

　　ansible  <host-pattent> [options]

Explanation:

ansible     Ansible命令

<Host-pattern> is the host name Inventory defined, IP, group name of the group, or with "*" or ".": String matching type special characters like "." <> Indicates that the option is a must.

[Options] is Ansible parameter options, optional parameters.

Common options are as follows:

-m NAME, - module-name = NAME: Specifies the execution module (ansible modular functions are based).

-u USERNAME, - user = USERNAME: Specifies the remote host to perform USERNAME.

 

-s, - sudo: sudo mode when using the remote execution of commands, the equivalent of sudo command in Linux systems.

-U SUDO_USERNAME, - sudo-user = SUDO_USERNAME: 户 for sudo

Note: The above-mentioned and -U -s option has failed in the new version. The new version of the following two options:

-s, - sudo was changed -b, - become

-U, - sudo-user is changed --become-user

 

-K, --ask-become-pass: Use password authentication to use when --become or --become-user.

-f FORKS, --forks = FORKS: the number of parallel threads.

-k, --ask-pass: password to connect to the remote host, when using secret authentication is not used for Free

 

eg：

1, --- test -m -u option; -m specify ping module to yjt users to perform ping survival test. If you do not specify a user, the default on the remote machine as the root user to perform. 
[root @ Manager1 ~ 15 : 53 : 53 ] #ansible 192.168 . 4.46 -m the ping - U YJT --- note, ip needs to be configured in / etc / ansible / hosts ahead inside, if you want to test multiple hosts can here into all, of course, the premise is the need to configure the hosts file.
192.168 . 4.46 | SUCCESS => {
     " ansible_facts " : {
         " discovered_interpreter_python " : " / usr / bin / Python " 
    }, 
    " changed " : to false , 
     " of ping" : " Pong " 
} 
Tip SUCCESS on that success. 

2, the test -b; yjt users to perform ping sudo to root survival detected in this way requires the user to configure the remote host yjt / etc / sudoers file, if not. Configuring NOPASSWD, you need to add -K option. 
remote host / etc / sudoers file to add the following: 
YJT ALL = (root) NOPASSWD: ALL

[root@manager1 ~ 16:26:00]#ansible 192.168.4.46 -m ping -u yjt -b
192.168.4.46 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}

The appeal yjt ALL = (root) NOPASSWD: ALL replaced yjt ALL = (root) ALL, execution again

[root@manager1 ~ 16:37:19]#ansible 192.168.4.46 -m ping -u yjt -b
192.168.4.46 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"module_stderr": "Shared connection to 192.168.4.46 closed.\r\n",
"module_stdout": "sudo: a password is required\r\n",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}

Found error, this time due to the remote machine yjt user can not avoid close access to the root user, so that implementation into the following, plus -K (uppercase) option

[root@manager1 ~ 16:30:34]#ansible 192.168.4.46 -m ping -u yjt -b -K
BECOME password:     ---输入yjt用户的密码。
192.168.4.46 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}

二、ansible-galaxy

Biography roles for download from the official website ansible galaxy.

Command usage:

ansible-galaxy [delete|import|info|init|install|list|login|remove|search|setup] [--help] [options]

init: for initializing local roles, ready to upload the galaxy.

info: For more information on roles specified.

install: Download the roles locally.

list: list the roles that already exist locally.

remove: Delete local roles already exist.

eg: Download nginx's roles, by default stored in / etc / ansible / roles

[root @ Manager1 KVM 17 : 19 : 05 ] # ansible-Galaxy --ignore- errors install azavea.git
 - Downloading Role ' git ' ,. owned by azavea
 - Downloading Role from HTTPS: // github.com/azavea/ansible- git / Archive / 0.1.0.tar.gz 
- Extracting azavea.git to /root/.ansible/roles/ azavea.git --- here is stored in the this directory.
- azavea.git ( 0.1 . 0 ) WAS successfully Installed

Three, ansible-pull
distal pull command or script, Maximize efficiency, operation and maintenance demanding
the instruction relates to the use of another mode of operation Ansible: pull mode (default Ansible push mode). This push working mechanism commonly used model is just the opposite, that applies to the following scenarios:
1, you have a huge number of machines need to be configured, even with high concurrent threads still have to spend a lot of time; 2, you want to just start, no running on the host network connection Anisble
the Usage: ansible-pull -U <Repository> [Options] [<playbook.yml>]
Example: * / 20 * * * *C 2.1.0 -d / srv / www /.log 2> & 1
which is collectively achieved by ansible-pull Git and crontab binding, which works as follows: by pulling the specified crontab periodic Git version locally and to specify the operation mode is automatically pre-established instructions good
Note: ansible -pull often used in high-volume machine configuration scenario, a slight lack of flexibility, but the efficiency is almost unlimited upgrade, there is a high demand for the skills and operation and maintenance personnel of forward planning