Ansible脚本命令创建运行
临时命令在Ansible中使用,可以立即执行任务,您无需保存它们以备后用。本文全部关于Ansible Ad-hoc命令。
Ansible中有多个任务,您无需为此编写单独的Ansible剧本。您只需要为该任务运行ansible ad-hoc命令即可。这些是在目标主机上执行单个任务的单线命令。这些命令存在于/usr/bin/ansible
通过Ansible Ad-hoc命令可以轻松地对所有主机执行ping操作以检查它们是否正在运行,复制文件,重新启动服务器,安装软件包等任务。这是您必须了解的基本Ansible Ad-hoc命令列表。
基本命令
下面的ad-hoc命令在清单文件中的所有主机上运行ping模块。这-m是模块的选项。
root@geekflare:/home/geekflare# ansible all -m pingnode1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"}
下面提到的命令在一组主机上运行安装程序模块– 清单文件'/ etc / ansible / hosts'中存在的客户端。
root@geekflare:/home/geekflare# ansible Client -m setup -a "filter=ansible_distribution*"node1 | SUCCESS => {
"ansible_facts": {
"ansible_distribution": "Ubuntu",
"ansible_distribution_file_parsed": true,
"ansible_distribution_file_path": "/etc/os-release",
"ansible_distribution_file_variety": "Debian",
"ansible_distribution_major_version": "18",
"ansible_distribution_release": "cosmic",
"ansible_distribution_version": "18.10",
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false}
以下命令用于提示SSH密码认证。您需要–ask-pass在命令末尾添加选项。运行该命令后,它将要求您输入SSH密码。
root@geekflare:/home/geekflare# ansible Client -m ping --ask-passSSH password:node1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"}
下面的命令为您提供了以具有root特权的非root用户身份运行ad-hoc命令的功能。该选项--become提供root特权,并且-K选项要求输入密码。
root@geekflare:/home/geekflare# ansible Client -m shell -a 'fdisk -l' -u geekflare --become -KBECOME password:node1 | CHANGED | rc=0 >>Disk /dev/loop0: 14.5 MiB, 15208448 bytes, 29704 sectorsUnits: sectors of 1 * 512 = 512 bytesSector size (logical/physical): 512 bytes / 512 bytesI/O size (minimum/optimal): 512 bytes / 512 bytesDisk /dev/loop2: 42.1 MiB, 44183552 bytes, 86296 sectorsUnits: sectors of 1 * 512 = 512 bytesSector size (logical/physical): 512 bytes / 512 bytesI/O size (minimum/optimal): 512 bytes / 512 bytesDisk /dev/loop3: 149.9 MiB, 157184000 bytes, 307000 sectorsUnits: sectors of 1 * 512 = 512 bytesSector size (logical/physical): 512 bytes / 512 bytesI/O size (minimum/optimal): 512 bytes / 512 bytesDisk /dev/loop5: 140.7 MiB, 147501056 bytes, 288088 sectorsUnits: sectors of 1 * 512 = 512 bytesSector size (logical/physical): 512 bytes / 512 bytesI/O size (minimum/optimal): 512 bytes / 512 bytesDisk /dev/loop6: 151.2 MiB, 158584832 bytes, 309736 sectorsUnits: sectors of 1 * 512 = 512 bytesSector size (logical/physical): 512 bytes / 512 bytesI/O size (minimum/optimal): 512 bytes / 512 bytesDisk /dev/loop7: 14.8 MiB, 15458304 bytes, 30192 sectorsUnits: sectors of 1 * 512 = 512 bytesSector size (logical/physical): 512 bytes / 512 bytesI/O size (minimum/optimal): 512 bytes / 512 bytesDisk /dev/sda: 500 GiB, 536870912000 bytes, 1048576000 sectorsUnits: sectors of 1 * 512 = 512 bytesSector size (logical/physical): 512 bytes / 512 bytesI/O size (minimum/optimal): 512 bytes / 512 bytesDisklabel type: dosDisk identifier: 0xcef957f5Device Boot Start End Sectors Size Id Type/dev/sda1 2048 462639103 462637056 220.6G 83 Linux/dev/sda2 * 462639104 464592895 1953792 954M 83 Linux/dev/sda3 464592896 482168831 17575936 8.4G 82 Linux swap / Solaris/dev/sda4 482168832 1048573951 566405120 270.1G 83 LinuxDisk /dev/loop8: 4 MiB, 4218880 bytes, 8240 sectorsUnits: sectors of 1 * 512 = 512 bytesSector size (logical/physical): 512 bytes / 512 bytesI/O size (minimum/optimal): 512 bytes / 512 bytes
此ad-hoc命令用于通过-f选项重新引导系统以定义派生数。
root@geekflare:/home/geekflare# ansible Client -a "/sbin/reboot" -f 1
文件传输
下面的ansible ad-hoc命令用于将清单文件中定义的一组主机(客户端)的文件从源复制到目的地。输入密码后,带有“ change”参数的输出将为“ true”,这表示文件已复制到目标位置。
root@geekflare:/home/geekflare# ansible Client -m copy -a 'src=/home/geekflare/nginx.yml dest=/home/geekflare/Desktop/ owner=root mode=0644' -u root --become -KBECOME password:node1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "5631822866afd5f19b928edb3ba018385df22dd3",
"dest": "/home/geekflare/Desktop/nginx.yml",
"gid": 0,
"group": "root",
"md5sum": "0d6ffe1069fc25ad4f8ad700277c4634",
"mode": "0644",
"owner": "root",
"size": 280,
"src": "/root/.ansible/tmp/ansible-tmp-1562253463.3-214622150088155/source",
"state": "file",
"uid": 0}
运行以下命令以验证复制模块是否正常工作。复制的文件应位于上一条命令中提到的目标位置。
root@geekflare:/home/geekflare# ls Desktop/nginx.yml
我正在创建一个新目录,以在下一个临时命令中运行获取模块。
root@geekflare:/home/geekflare# mkdir exampleroot@geekflare:/home/geekflare# lsDesktop Documents example examples.desktop nginx_new.yml nginx.yml
下面的ansible ad-hoc命令用于从命令中定义的主机下载文件。在此命令中,我们使用获取模块将文件从node1服务器下载到ansible节点上的本地目标。
root@geekflare:/home/geekflare# ansible node1 -m fetch -a 'src=/etc/sudoers.d/nginx.yml dest=/home/geekflare/example/ flat=yes'node1 | SUCCESS => {
"changed": false,
"checksum": "5631822866afd5f19b928edb3ba018385df22dd3",
"dest": "/home/geekflare/example/nginx.yml",
"file": "/etc/sudoers.d/nginx.yml",
"md5sum": "0d6ffe1069fc25ad4f8ad700277c4634"}
检查文件是否已在命令中提到的目标位置下载。
root@geekflare:/home/geekflare# ls examplenginx.yml
管理包裹
下面提到的命令将nginx安装在使用apt模块提到的一组主机(客户端)上。
root@geekflare:/home/geekflare# ansible Client -m apt -a 'name=nginx state=latest' --becomenode1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"cache_update_time": 1562411227,
"cache_updated": false,
"changed": false}
下面提到的命令使用apt模块删除一组主机(客户端)上的nginx并清除所有相关配置。
root@geekflare:/home/geekflare# ansible Client -m apt -a 'name=nginx state=absent purge=yes' --becomenode1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"stderr": "",
"stderr_lines": [],
"stdout": "Reading package lists...
Building dependency tree...
Reading state information...
The following packages were automatically installed and are no longer required:
libnginx-mod-http-geoip libnginx-mod-http-image-filter
libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream
nginx-common nginx-core
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
nginx*
0 upgraded, 0 newly installed, 1 to remove and 241 not upgraded.
After this operation, 44.0 kB disk space will be freed.
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 180191 files and directories currently installed.)
Removing nginx (1.15.5-0ubuntu2.1) ...
",
"stdout_lines": [
"Reading package lists...",
"Building dependency tree...",
"Reading state information...",
"The following packages were automatically installed and are no longer required:",
" libnginx-mod-http-geoip libnginx-mod-http-image-filter",
" libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream",
" nginx-common nginx-core",
"Use 'sudo apt autoremove' to remove them.",
"The following packages will be REMOVED:",
" nginx*",
"0 upgraded, 0 newly installed, 1 to remove and 241 not upgraded.",
"After this operation, 44.0 kB disk space will be freed.",
"(Reading database ... ",
"(Reading database ... 5%",
"(Reading database ... 10%",
"(Reading database ... 15%",
"(Reading database ... 20%",
"(Reading database ... 25%",
"(Reading database ... 30%",
"(Reading database ... 35%",
"(Reading database ... 40%",
"(Reading database ... 45%",
"(Reading database ... 50%",
"(Reading database ... 55%",
"(Reading database ... 60%",
"(Reading database ... 65%",
"(Reading database ... 70%",
"(Reading database ... 75%",
"(Reading database ... 80%",
"(Reading database ... 85%",
"(Reading database ... 90%",
"(Reading database ... 95%",
"(Reading database ... 100%",
"(Reading database ... 180191 files and directories currently installed.)",
"Removing nginx (1.15.5-0ubuntu2.1) ..."
]}
管理服务
下面的ansible ad-hoc命令运行服务模块以在主机上启动nginx。状态值应启动。
root@geekflare:/home/geekflare# ansible Client -m service -a 'name=nginx state=started enabled=yes' --becomenode1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"enabled": true,
"name": "nginx",
"state": "started",
"status": {
"ActiveEnterTimestamp": "Sat 2019-07-06 08:28:02 EDT",
"ActiveEnterTimestampMonotonic": "31411371",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "sysinit.target system.slice systemd-journald.socket basic.target network.target",
"AllowIsolate": "no",
"AmbientCapabilities": "",
"AssertResult": "yes",
"AssertTimestamp": "Sat 2019-07-06 08:27:59 EDT",
"AssertTimestampMonotonic": "27694868",
"Before": "multi-user.target shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend",
"CollectMode": "inactive",
"ConditionResult": "yes",
"ConditionTimestamp": "Sat 2019-07-06 08:27:59 EDT",
"ConditionTimestampMonotonic": "27694867",
"ConfigurationDirectoryMode": "0755",
"Conflicts": "shutdown.target",
"ControlGroup": "/system.slice/nginx.service",
"ControlPID": "0",
"ExecMainStartTimestamp": "Sat 2019-07-06 08:28:02 EDT",
"ExecMainStartTimestampMonotonic": "31411353",
"ExecMainStatus": "0",
"ExecReload": "{ path=/usr/sbin/nginx ; argv[]=/usr/sbin/nginx -g daemon on; master_process on; -s reload ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/sbin/nginx ; argv[]=/usr/sbin/nginx -g daemon on; master_process on; ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStartPre": "{ path=/usr/sbin/nginx ; argv[]=/usr/sbin/nginx -t -q -g daemon on; master_process on; ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStop": "{ path=/sbin/start-stop-daemon ; argv[]=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid ; ignore_errors=yes ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/lib/systemd/system/nginx.service",
"GID": "[not set]",
"GuessMainPID": "yes",
"IOAccounting": "no",
"IOSchedulingClass": "0",
"IOSchedulingPriority": "0",
"IOWeight": "[not set]",
}}
下面运行服务模块以在主机上停止Nginx。状态值变为停止。
root@geekflare:/home/geekflare# ansible Client -m service -a 'name=nginx state=stopped' --becomenode1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "nginx",
"state": "stopped",
"status": {
"ActiveEnterTimestamp": "Sat 2019-07-06 08:28:02 EDT",
"ActiveEnterTimestampMonotonic": "31411371",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "sysinit.target system.slice systemd-journald.socket basic.target network.target",
"AllowIsolate": "no",
"AmbientCapabilities": "",
"AssertResult": "yes",
"AssertTimestamp": "Sat 2019-07-06 08:27:59 EDT",
"AssertTimestampMonotonic": "27694868",
"Before": "multi-user.target shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend",
"CollectMode": "inactive",
"ConditionResult": "yes",
"ConditionTimestamp": "Sat 2019-07-06 08:27:59 EDT",
"ConditionTimestampMonotonic": "27694867",
"ConfigurationDirectoryMode": "0755",
"Conflicts": "shutdown.target",
"ControlGroup": "/system.slice/nginx.service",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "A high performance web server and a reverse proxy server",
"DevicePolicy": "auto",
"Documentation": "man:nginx(8)",
"DynamicUser": "no",
}}
检查系统
下面提到的ansible ad-hoc命令运行一个shell模块来检查根分区上可用的磁盘。
root@geekflare:/home/geekflare# ansible Client -m shell -a 'df -h /dev/sda2' --becomenode1 | CHANGED | rc=0 >>Filesystem Size Used Avail Use% Mounted on/dev/sda2 923M 113M 748M 14% /boot
下面提到的此命令运行外壳程序模块以检查主机上的空闲内存(RAM)。
root@geekflare:/home/geekflare# ansible Client -m shell -a 'free -m' --becomenode1 | CHANGED | rc=0 >>
total used free shared buff/cache availableMem: 5101 854 2760 27 1487 3947Swap: 8581 0 8581
此命令检查每个正在运行的服务器的正常运行时间。
root@geekflare:/home/geekflare# ansible Client -a "uptime"node1 | CHANGED | rc=0 >>
11:31:17 up 1 day, 2:40, 2 users, load average: 0.23, 0.05, 0.02
收集事实
下面的ansible ad-hoc命令将为您提供系统的所有临时信息,包括系统中存在的所有变量。
root@geekflare:/home/geekflare# ansible all -m setupnode1 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"172.17.0.1",
"10.0.2.15"
],
"ansible_all_ipv6_addresses": [
"fe80::763e:c0b4:14df:b273"
],
"ansible_apparmor": {
"status": "enabled"
},
"ansible_architecture": "x86_64",
"ansible_bios_date": "12/01/2006",
"ansible_bios_version": "VirtualBox",
"ansible_cmdline": {
"BOOT_IMAGE": "/vmlinuz-4.18.0-25-generic",
"quiet": true,
"ro": true,
"root": "UUID=5f85d8b7-0ab2-48c9-9e6e-4ecfbcbdaa83",
"splash": true
},
"ansible_date_time": {
"date": "2019-07-07",
"day": "07",
"epoch": "1562525628",
"hour": "14",
"iso8601": "2019-07-07T18:53:48Z",
"iso8601_basic": "20190707T145348850596",
"iso8601_basic_short": "20190707T145348",
"iso8601_micro": "2019-07-07T18:53:48.850697Z",
"minute": "53",
"month": "07",
"second": "48",
"time": "14:53:48",
"tz": "EDT",
"tz_offset": "-0400",
"weekday": "Sunday",
"weekday_number": "0",
"weeknumber": "26",
"year": "2019"
},
"ansible_default_ipv4": {
"address": "10.0.2.15",
"alias": "enp0s3",
"broadcast": "10.0.2.255",
"gateway": "10.0.2.2",
"interface": "enp0s3",
"macaddress": "08:00:27:68:64:9a",
"mtu": 1500,
"netmask": "255.255.255.0",
"network": "10.0.2.0",
"type": "ether"
},
"ansible_default_ipv6": {},
"ansible_device_links": {
"ids": {
"sda": [
"ata-VBOX_HARDDISK_VB3a0a2351-0b6c0ed5"
],
"sda1": [
"ata-VBOX_HARDDISK_VB3a0a2351-0b6c0ed5-part1"
],
"sda2": [
"ata-VBOX_HARDDISK_VB3a0a2351-0b6c0ed5-part2"
],
"sda3": [
"ata-VBOX_HARDDISK_VB3a0a2351-0b6c0ed5-part3"
],
"sda4": [
"ata-VBOX_HARDDISK_VB3a0a2351-0b6c0ed5-part4"
],
"sr0": [
"ata-VBOX_CD-ROM_VB2-01700376"
]
},
"labels": {
"sr0": [
"VBox_GAs_6.0.2"
]
},
"masters": {},
"uuids": {
"sda1": [
"5f85d8b7-0ab2-48c9-9e6e-4ecfbcbdaa83"
],
"sda2": [
"b8b7f87b-c3bf-48ed-a44c-f9b3ce0afbe5"
],
"sda3": [
"a6c77fa6-e292-4a0d-b21f-8804f1949bbd"
],
"sda4": [
"8207f970-4d9a-47db-a5d5-f620e5b17b7b"
],
"sr0": [
"2019-01-14-14-57-19-65"
]
}
},
"ansible_devices": {
"loop0": {
"holders": [],
"host": "",
"links": {
"ids": [],
"labels": [],
"masters": [],
"uuids": []
},
"model": null,
"partitions": {},
"removable": "0",
"rotational": "1",
"sas_address": null,
"sas_device_handle": null,
"scheduler_mode": "none",
"sectors": "29704",
"sectorsize": "512",
"size": "14.50 MB",
"support_discard": "4096",
"vendor": null,
"virtual": 1
},
"loop1": {
"holders": [],
"host": "",
"links": {
"ids": [],
"labels": [],
"masters": [],
"uuids": []
},
"model": null,
"partitions": {},
"removable": "0",
"rotational": "1",
"sas_address": null,
"sas_device_handle": null,
"scheduler_mode": "none",
"sectors": "0",
"sectorsize": "512",
"size": "0.00 Bytes",
"support_discard": "4096",
"vendor": null,
"virtual": 1
},}
因此,这就是Ansible Ad-hoc命令的全部内容。继续,在您的ansible设置上尝试这些命令。使用这些命令来运行ansible模块,而无需编写任何Ansible剧本来执行这些任务。