网站关闭公告代码中国十大电商公司排名
张小明 2026/1/12 6:37:50
网站关闭公告代码,中国十大电商公司排名,国内最好的在线网站建设,dede网站白屏文章目录02-Ansible 基本使用Ansible 清单Ansible 软件包中文件主机清单静态主机清单最简单的静态清单主机组主机组嵌套范围简写动态主机清单ansible-inventory 命令管理 ANSIBLE 配置文件配置文件位置和优先级配置文件解析配置文件示例ansible-config 命令ansible-config view…文章目录02-Ansible 基本使用Ansible 清单Ansible 软件包中文件主机清单静态主机清单最简单的静态清单主机组主机组嵌套范围简写动态主机清单ansible-inventory 命令管理 ANSIBLE 配置文件配置文件位置和优先级配置文件解析配置文件示例ansible-config 命令ansible-config viewansible-config dumpansible-config listlocalhost 连接运行 AD HOC 命令实验环境ansible AD HOC 命令Ansible 部分模块基础执行command/shell 模块ansible-doc 命令command模块shell 模块raw 模块ansible AD HOC 命令选项02-Ansible 基本使用Ansible 清单Ansible 软件包中文件[dyxcontroller ~]# rpm -ql ansible配置文件目录 /etc/ansible执行文件目录 /usr/binlib依赖库目录 /usr/lib/python2.7/site-packages/ansible插件 /usr/share/ansible/pluginsHelp文档目录 /usr/share/doc/ansibleMan文档目录/usr/share/man/man1/主机清单Inventory 定义Ansible将要管理的一批主机。这些主机也可以分配到组中以进行集中管理 组可以包含子组主机也可以是多个组的成员。清单还可以设置应用到它所定义的主机和组的变量。通过以下方式定义主机清单:**静态主机清单**以文本文件的方式来定义。**动态主机清单**使用外部信息提供程序通过脚本或其他程序来自动生成。目的是从启动环境中获取主机清单例如openstack、kubernetes、zabbix等。静态主机清单主机清单支持多种格式例如ini、yaml、脚本等。本次课程使用 ini 格式。最简单的静态清单受管节点的主机名或IP地址的列表每行一个。示例[dyxcontroller ~]# vim inventory[dyxcontroller ~]# cat inventoryweb1.example.com web2.example.com db1.example.com db2.example.com192.168.0.42验证主机是否在inventory中[dyxcontroller ~]# ansible --list-hosts -i inventory web1.example.comhosts(1): web1.example.com[dyxcontroller ~]# ansible --list-hosts -i inventory 192.168.0.42hosts(1):192.168.0.42ansible命令通过–inventory PATHNAME或-i PATHNAME选项在命令行中指定清单文件的位置其中PATHNAME是所需清单文件的路径。主机组还可以将受管节点组织为主机组。通过主机组更加有效地对一系列系统运行Ansible。格式[groupname]hostnamehostip示例[dyxcontroller ~]# vim inventory[dyxcontroller ~]# cat inventoryapp1.examlpe.com[webservers]web1.example.com web2[dbservers]db1.example.com db2.example.com192.0.2.42192.0.2.3验证[dyxcontroller ~]# ansible --list-hosts -i inventory webservershosts(2): web1.example.com web2# 注意192.0.2.43属于dbservers组[dyxcontroller ~]# ansible --list-hosts -i inventory dbservershosts(4): db1.example.com db2.example.com192.0.2.42192.0.2.3有两个组总是存在的all包含inventory中所有主机。ungroupedinventory中列出的但不属于任何组的主机。验证[dyxcontroller ~]# ansible --list-hosts -i inventory allhosts(7): app1.examlpe.com web1.example.com web2 db1.example.com db2.example.com192.0.2.42192.0.2.3[dyxcontroller ~]# ansible --list-hosts -i inventory ungroupedhosts(1): app1.examlpe.com根据需要将主机分配在多个组中例如根据主机的角色、其物理位置以及是否在生产环境中等因素。[dyxcontroller ~]# vim inventory[dyxcontroller ~]# cat inventory[webservers]web1.example.com web2192.168.3.7[dbservers]db1.example.com db2.example.com192.0.2.42[eastdc]web1.example.com db1.example.com[westdc]web2 db2验证[dyxcontroller ~]# ansible --list-hosts -i inventory webservershosts(3): web1.example.com web2192.168.3.7[dyxcontroller ~]# ansible --list-hosts -i inventory eastdchosts(2): web1.example.com db1.example.com主机组嵌套一个主机组还可以属于另外一个主机组。示例[dyxcontroller ~]# vim inventory[dyxcontroller ~]# cat inventory[webservers]web1.example.com web2192.168.3.7[dbservers]db1.example.com db2.example.com192.0.2.42[eastdc]web1.example.com db1.example.com[westdc]web2 db2[dc:children]eastdc westdc验证[dyxcontroller ~]# ansible --list-hosts -i inventory dchosts(4): web1.example.com db1.example.com web2 db2子组中的主机组必须定义否则会出现语法上的报错。示例[dyxcontroller ~]# vim inventory[dyxcontroller ~]# cat inventory[webservers]web1.example.com web2192.168.3.7[dbservers]db1.example.com db2.example.com192.0.2.42[eastdc]web1.example.com db1.example.com[westdc]web2 db2[dc:children]eastdc westdcnode1验证torydc[WARNING]: * Failed to parse /dyx/inventory with yaml plugin: We were unable toreadeither as JSON nor YAML, these are the errors we got from each: JSON: No JSON object could be decoded Syntax Errorwhileloading YAML. did notfindexpecteddocument startThe error appears to bein/root/inventory:line2,column1, but may be elsewhereinthefiledepending on the exact syntax problem. The offending line appears to be:[webservers]web1.example.com ^ here[WARNING]: * Failed to parse /root/inventory with ini plugin: /root/inventory:22: Section[dc:children]includes undefined group: node[WARNING]: Unable to parse /root/inventory as an inventorysource[WARNING]: No inventory was parsed, only implicit localhost is available[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not matchallhosts(4): web1.example.com db1.example.com web2 db2范围简写通过指定主机名称或IP地址的范围来简化Ansible主机清单。您可以指定数字或字母范围。语法[start:end]示例[dyxcontroller ~]# vim inventory# 代表192.168.4.0-192.168.7.255[priv]192.168.[4:7].[0:255]#代表01,02...10[hosts]host[01:10].example.com# 代表a b c[servers]server[a:c].example.com验证[dyxcontroller ~]# ansible --list-hosts -i inventory hostshosts(10): host01.example.com host02.example.com host03.example.com host04.example.com host05.example.com host06.example.com host07.example.com host08.example.com host09.example.com host10.example.com[dyxcontroller ~]# ansible --list-hosts -i inventory servershosts(3): servera.example.com serverb.example.com serverc.example.com以下是错误的范围示例[dyxcontroller ~]# vim inventory[servers]server[0a:2c].example.com验证[dyxcontroller ~]# ansible --list-hosts -i inventory all[WARNING]: * Failed to parse /root/inventory with yaml plugin: We were unable toreadeither as JSON nor YAML, these are the errors we got from each: JSON: No JSON object could be decoded Syntax Errorwhileloading YAML. did notfindexpecteddocument startThe error appears to bein/root/inventory:line2,column1, but may be elsewhereinthefiledepending on the exact syntax problem. The offending line appears to be:[serevers]server[0a:2c].example.com ^ here[WARNING]: * Failed to parse /root/inventory with ini plugin: invalid literalforint()with base10:0a[WARNING]: Unable to parse /root/inventory as an inventorysource[WARNING]: No inventory was parsed, only implicit localhost is available[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not matchallhosts(0):动态主机清单使用外部数据提供的信息动态生成Ansible清单信息。本课程内容不做进一步讨论。ansible-inventory 命令通过不同的格式查看清单文件。[dyxcontroller ~]# ansible-inventory --helpusage: ansible-inventory[-h][--version][-v][-i INVENTORY][--vault-id VAULT_IDS][--ask-vault-pass|--vault-password-file VAULT_PASSWORD_FILES][--playbook-dir BASEDIR][--list][--host HOST][--graph][-y][--toml][--vars][--export][--output OUTPUT_FILE][host|group]positional arguments:host|group optional arguments: --ask-vault-pass askforvault password --export When doing an --list, representina way that is optimizedforexport,not as an accurate representation of how Ansible has processed it --output OUTPUT_FILE When doing --list, send the inventory to afileinstead of to thescreen--playbook-dir BASEDIR Since this tool does not use playbooks, use this as a substitute playbook directory.This sets the relative pathformany features including roles/ group_vars/ etc. --toml Use TOMLformatinstead of default JSON, ignoredfor--graph --vars Add vars to graph display, ignored unless used with --graph --vault-id VAULT_IDS the vault identity to use --vault-password-file VAULT_PASSWORD_FILES vault passwordfile--version show programs version number, configfilelocation, configured module search path, module location, executable location andexit-h, --help show thishelpmessage andexit-i INVENTORY, --inventory INVENTORY, --inventory-file INVENTORY specify inventoryhostpath or comma separatedhostlist. --inventory-file is deprecated -v, --verbose verbose mode(-vvvformore, -vvvv toenableconnection debugging)-y, --yaml Use YAMLformatinstead of default JSON, ignoredfor--graph Actions: One of following must be used on invocation, ONLY ONE!--graph create inventory graph,ifsupplying pattern it must be a valid group name --host HOST Output specifichostinfo, works as inventory script --list Output all hosts info, works as inventory script Show Ansible inventory information, by default it uses the inventory script JSONformat示例清单[dyxcontroller ~]# vim inventoryapp1.example.com[webservers]web1.example.com web2.example.com192.168.3.7[dbservers]db1.example.com db2.example.com192.0.2.42[eastdc]web1.example.com db1.example.com[westdc]web2.example.com db2.example.com[dc:children]eastdc westdc验证# 树形结构显示[dyxcontroller ~]# ansible-inventory -i inventory --graphall:|--dbservers:||--192.0.2.42||--db1.example.com||--db2.example.com|--dc:||--eastdc:|||--db1.example.com|||--web1.example.com||--westdc:|||--db2.example.com|||--web2.example.com|--ungrouped:||--app1.example.com|--webservers:||--192.168.3.7||--web1.example.com||--web2.example.com# yaml格式显示[dyxcontroller ~]# ansible-inventory -i inventory --list -yall: children: dbservers: hosts:192.0.2.42:{}db1.example.com:{}db2.example.com:{}dc: children: eastdc: hosts: db1.example.com:{}web1.example.com:{}westdc: hosts: db2.example.com:{}web2.example.com:{}ungrouped: hosts: app1.example.com:{}webservers: hosts:192.168.3.7:{}web1.example.com:{}web2.example.com:{}管理 ANSIBLE 配置文件配置文件位置和优先级环境变量 ANSIBLE_CONFIG./ansible.cfg当前位置中的 ansible.cfg当前位置一般是项目目录。~/.ansible.cfg/etc/ansible/ansible.cfg从上到下优先级越来越低。建议在当前目录下定义ansible.cfg文件。验证优先级# 环境准备[dyxcontroller ~]$mkdirwebcdweb# 查看ansible命令当前使用的配置文件[dyxcontroller web]$ ansible --version ansible2.9.27 configfile/etc/ansible/ansible.cfgconfigured module search path[u/home/dyx/.ansible/plugins/modules, u/usr/share/ansible/plugins/modules]ansible python module location/usr/lib/python2.7/site-packages/ansible executable location/bin/ansible python version2.7.5(default, Oct142020,14:45:30)[GCC4.8.520150623(Red Hat4.8.5-44)]# 或者[dyxcontroller web]$ ansible --version|grepconfig fileconfigfile/etc/ansible/ansible.cfg[dyxcontroller web]$touch~/.ansible.cfg[dyxcontroller web]$ ansible --version|grepconfig fileconfigfile/home/dyx/.ansible.cfg[dyxcontroller web]$touchansible.cfg[dyxcontroller web]$ ansible --version|grepconfig fileconfigfile/home/dyx/web/ansible.cfg[dyxcontroller web]$exportANSIBLE_CONFIG/opt/ansible.cfg[dyxcontroller web]$sudotouch/opt/ansible.cfg[dyxcontroller web]$ ansible --version|grepconfig fileconfigfile/opt/ansible.cfg[dyxcontroller web]$unsetANSIBLE_CONFIG[dyxcontroller web]$ ansible --version|grepconfig fileconfigfile/home/dyx/web/ansible.cfg配置文件解析ansible 默认配置文件 /etc/ansible/ansible.cfg。Ansible 配置文件包括以下部分[dyxcontroller web]$grep^\[/etc/ansible/ansible.cfg[defaults][inventory][privilege_escalation][paramiko_connection][ssh_connection][persistent_connection][accelerate][selinux][colors][diff]常用参数解析如下[defaults]# inventory 指定清单文件路径inventory/etc/ansible/hosts# 并发执行同一个任务的主机数量forks5# ansible检查任务是否执行完成的时间间隔poll_interval15# 连接登录到受管主机时是否提示输入密码ask_passTrue# 控制facts如何收集# smart - 如果facts已经收集过了就不收集了。# implicit - facts收集剧本中使用gather_facts: False关闭facts收集。# explicit - facts不收集剧本中使用gather_facts: True关闭facts收集。gatheringimplicit# 收集facts范围# all - gather all subsets# network - gather min and network facts# hardware - gather hardware facts (longest facts to retrieve)# virtual - gather min and virtual facts# facter - import facts from facter# ohai - import facts from ohai# You can combine them using comma (ex: network,virtual)# You can negate them using ! (ex: !hardware,!facter,!ohai)# A minimal set of facts is always gathered.gather_subsetall# 收集facts超时时间gather_timeout10# 变量注入通过ansible_facts引用inject_facts_as_varsTrue# 定义角色路径以冒号分隔roles_path/etc/ansible/roles# SSH是否检验 host keyhost_key_checkingFalse# 连接登录到受管主机时使用的用户身份remote_userroot# ansible 命令和ansible-playbook 命令输出内容存放位置log_path/var/log/ansible.log# ansible 命令默认模块module_namecommand# ssh 私钥文件位置private_key_file/path/to/file# 默认ansible-vault命令的密码文件vault_password_file/path/to/vault_password_file# 定义ansible_managed变量值ansible_managedAnsible managed# 剧本执行过程中遇到未定义的变量不报错error_on_undefined_varsFalse# 系统告警启用system_warningsTrue# 下架告警启用deprecation_warningsTrue# 使用command和shell模块时是否提示告警command_warningsFalse# facts保存在哪里例如redisfact_cachingmemory[inventory]# 启用的清单插件, 默认为: host_list, script, auto, yaml, ini, toml#enable_plugins host_list, virtualbox, yaml, constructed# 当清单源是一个目录的时候忽略这些后缀的清单文件#ignore_extensions .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini,.cfg, .retry[privilege_escalation]# 连接到受管主机后是否需要进行权限提升或切换用户becomeTrue# 使用何种方式进行用户切换或提权become_methodsudo# 用户切换或提权后的对应用户become_userroot# 进行用户切换或提权时是否提示输入密码become_ask_passFalse说明“#” 和 ;开头的行作为注释配置文件示例对于基本操作 使用[defaults]和[privilege_escalation]即可。配置文件示例[dyxcontroller web]$vimansible.cfg[dyxcontroller web]$catansible.cfg[defaults]remote_userdyxinventory./inventory[privilege_escalation]becometruebecome_userrootbecome_methodsudobecome_ask_passfalse编辑inventory[dyxcontroller web]$viminventory[dyxcontroller web]$catinventory node[1:4]最终效果[dyxcontroller web]$ ansible all -ahostnamenode4|CHANGED|rc0node4.dyx.cloud node2|CHANGED|rc0node2.dyx.cloud node3|CHANGED|rc0node3.dyx.cloud node1|CHANGED|rc0node1.dyx.cloudansible-config 命令用于分析ansible命令的配置。[dyxcontroller web]$ ansible-config -h usage: ansible-config[-h][--version][-v]{list,dump,view}... View ansible configuration. positional arguments:{list,dump,view}list Print all config optionsdump Dump configurationview View configurationfileoptional arguments: --version show programs version number, configfilelocation, configured module search path, module location, executable location andexit-h, --help show thishelpmessage andexit-v, --verbose verbose mode(-vvvformore, -vvvv toenableconnection debugging)ansible-config view查看当前ansible配合文件内容。[dyxcontroller web]$ ansible --version|grepfileconfigfile/home/dyx/web/ansible.cfg[dyxcontroller web]$ ansible-config view[defaults]remote_userdyxinventory./inventory[privilege_escalation]becometruebecome_userrootbecome_methodsudobecome_ask_passfalseansible-config dump当前ansible生效的所有配置包括所有默认值[dyxcontroller web]$ ansible-config dump ACTION_WARNINGS(default)True AGNOSTIC_BECOME_PROMPT(default)True ALLOW_WORLD_READABLE_TMPFILES(default)False ANSIBLE_CONNECTION_PATH(default)None ANSIBLE_COW_PATH(default)None ANSIBLE_COW_SELECTION(default)default ANSIBLE_COW_WHITELIST(default)[bud-frogs,bunny,cheese,daemon,default,d ANSIBLE_FORCE_COLOR(default) False ANSIBLE_NOCOLOR(default) False ANSIBLE_NOCOWS(default) False ANSIBLE_PIPELINING(default) False ANSIBLE_SSH_ARGS(default) -C -o ControlMasterauto -o ControlPersist60s ANSIBLE_SSH_CONTROL_PATH(default) None ANSIBLE_SSH_CONTROL_PATH_DIR(default) ~/.ansible/cp ANSIBLE_SSH_EXECUTABLE(default) ssh ANSIBLE_SSH_RETRIES(default) 0 ANY_ERRORS_FATAL(default) False BECOME_ALLOW_SAME_USER(default) False BECOME_PLUGIN_PATH(default) [u/home/dyx/.ansible/plugins/become, u/usr/share/ansible CACHE_PLUGIN(default)memory CACHE_PLUGIN_CONNECTION(default)None CACHE_PLUGIN_PREFIX(default)ansible_facts CACHE_PLUGIN_TIMEOUT(default)86400COLLECTIONS_PATHS(default)[u/home/dyx/.ansible/collections, u/usr/share/ansible/col COLOR_CHANGED(default) yellow COLOR_CONSOLE_PROMPT(default) white COLOR_DEBUG(default) dark gray COLOR_DEPRECATE(default) purple COLOR_DIFF_ADD(default) green COLOR_DIFF_LINES(default) cyan COLOR_DIFF_REMOVE(default) red COLOR_ERROR(default) red COLOR_HIGHLIGHT(default) white COLOR_OK(default) green COLOR_SKIP(default) cyan COLOR_UNREACHABLE(default) bright red COLOR_VERBOSE(default) blue COLOR_WARN(default) bright purple COMMAND_WARNINGS(default) True CONDITIONAL_BARE_VARS(default) True CONNECTION_FACTS_MODULES(default) {iosxr: iosxr_facts, voss: voss_facts, cisco COVERAGE_REMOTE_OUTPUT(default)None COVERAGE_REMOTE_WHITELIST(default)* DEFAULT_ACTION_PLUGIN_PATH(default)[u/home/dyx/.ansible/plugins/action, u/usr/share DEFAULT_ALLOW_UNSAFE_LOOKUPS(default) False DEFAULT_ASK_PASS(default) False DEFAULT_ASK_VAULT_PASS(default) False DEFAULT_BECOME(/home/dyx/web/ansible.cfg) True DEFAULT_BECOME_ASK_PASS(/home/dyx/web/ansible.cfg) False DEFAULT_BECOME_EXE(default) None DEFAULT_BECOME_FLAGS(default) DEFAULT_BECOME_METHOD(/home/dyx/web/ansible.cfg) sudo DEFAULT_BECOME_USER(/home/dyx/web/ansible.cfg) root DEFAULT_CACHE_PLUGIN_PATH(default) [u/home/dyx/.ansible/plugins/cache, u/usr/share/a DEFAULT_CALLABLE_WHITELIST(default)[]DEFAULT_CALLBACK_PLUGIN_PATH(default)[u/home/dyx/.ansible/plugins/callback, u/usr/s DEFAULT_CALLBACK_WHITELIST(default) [] DEFAULT_CLICONF_PLUGIN_PATH(default) [u/home/dyx/.ansible/plugins/cliconf, u/usr/sha DEFAULT_CONNECTION_PLUGIN_PATH(default)[u/home/dyx/.ansible/plugins/connection, u/u DEFAULT_DEBUG(default) False DEFAULT_EXECUTABLE(default) /bin/sh DEFAULT_FACT_PATH(default) None DEFAULT_FILTER_PLUGIN_PATH(default) [u/home/dyx/.ansible/plugins/filter, u/usr/shareansible-config list查看所有配置参数用途配置位置等。[dyxcontroller web]$ ansible-config list ACTION_WARNINGS: default:truedescription:[By default Ansible will issue a warning when received from a task action(module or action plugin), These warnings can be silenced by adjusting this setting to False.]env: -{name: ANSIBLE_ACTION_WARNINGS}ini: -{key: action_warnings, section: defaults}name: Toggle action warnings type: boolean version_added:2.5AGNOSTIC_BECOME_PROMPT: default:truedescription: Display an agnostic become prompt instead of displaying a prompt containin thecommandline supplied become method env: -{name: ANSIBLE_AGNOSTIC_BECOME_PROMPT}ini: -{key: agnostic_become_prompt, section: privilege_escalation}name: Display an agnostic become prompt type: boolean version_added:2.5yaml:{key: privilege_escalation.agnostic_become_prompt}ALLOW_WORLD_READABLE_TMPFILES:localhost 连接默认Ansible连接到受管主机的协议为 smart 通常采用最有效的方式 - SSH。如本地清单中并未指定localhostAnsible会隐式设置localhost并使用local连接类型连接localhost。local连接类型会忽略remote_user的设置并且直接在本地系统上运行命令。如果使用了特权提升此时ansible将会在运行sudo时使用运行Ansible命令的账户的身份进行提权而非remote_user所指定的账户。更改localhost连接方式清单中包涵 localhost。运行 AD HOC 命令实验环境[laogaocontroller ~]$mkdirwebcdweb[laogaocontroller web]$catansible.cfgEOF [defaults] remote_user laogao inventory ./inventory [privilege_escalation] become True become_user root become_method sudo become_ask_pass False EOF[laogaocontroller web]$catinventoryEOF node1 node2 node3 node4 EOFansible AD HOC 命令命令作用快速执行单个Ansible任务而不需要将它保存下来供以后再次运行。它们是简单的在线操作无需编写playbook即可运行。**快速测试和更改很有用。**例如您可以使用临时命令确保一组服务器上的/ etc/hosts文件中存在某一特定的行。您可以使用另一个临时命令在许多不同的计算机上高效重启一项服务或者确保特定的软件包为最新版本。命令语法ansible host-pattern -m module[-amodule arguments][-i inventory]host-pattern是inventory中定义的主机或主机组可以为ip、hostname、inventory中的group组名、具有“,”或“*”或“:”等特殊字符的匹配型字符串是必选项。-m modulemodule是一个小程序用于实现具体任务。-a ‘module arguments’是模块的参数。-i inventory指定inventory文件。命令执行结果颜色说明Ansible的返回结果都非常友好用3种颜色来表示执行结果红色表示执行过程有异常一般会中止剩余所有的任务。绿色表示目标主机已经是预期状态不需要更改 。黄色表示命令执行结束后目标有状态变化并设置为预期状态所有任务均正常执行。Ansible 部分模块Ansible 模块存放位置/usr/lib/python*/site-packages/ansible官网https://docs.ansible.com/projects/ansible/latest/collections/index_module.html。文件模块copy: 将控制主机上的文件复制到受管节点类似于scpfile: 设置文件的权限和其他属性lineinfile: 确保特定行是否在文件中synchronize: 使用rsync将控制主机上的文件同步到受管节点软件包模块package: 自动检测操作系统软件包管理器yum: 使用 YUM 软件包管理器管理软件包apt: 使用 APT 软件包管理器管理软件包gem: 管理 Rubygempip: 从 PyPI 管理 Python 软件包系统模块ansible.posix.firewalld: 使用firewalld管理任意端口和服务reboot: 重新启动计算机service: 管理服务user、group: 管理用户和组帐户NetTools模块get_url: 通过HTTP、HTTPS或FTP下载文件nmcli: 管理网络uri: 与 Web 服务交互ansible AD HCO命令案例基础执行command/shell 模块command是默认模块无需显式指定 -m 适用于执行无shell特性管道、重定向、环境变量的简单命令示例 1查看远程主机主机名[dyxcontroller web]$ ansible all -mcommand-ahostnamenode2|CHANGED|rc0node2.dyx.cloud node4|CHANGED|rc0node4.dyx.cloud node3|CHANGED|rc0node3.dyx.cloud node1|CHANGED|rc0node1.dyx.cloud[dyxcontroller web]$ ansible all -ahostnamenode2|CHANGED|rc0node2.dyx.cloud node4|CHANGED|rc0node4.dyx.cloud node3|CHANGED|rc0node3.dyx.cloud node1|CHANGED|rc0node1.dyx.cloud示例 2检查远程主机操作系统版本[dyxcontroller web]$ ansible all -mcommand-acat /etc/os-release[dyxcontroller web]$ ansible all -acat /etc/os-release示例 3查看远程主机内存使用情况[dyxcontroller web]$ ansible all -afree -hnode2|CHANGED|rc0total usedfreeshared buff/cache available Mem:1.9G 472M1.2G 12M 312M1.3G Swap:3.9G 0B3.9G node3|CHANGED|rc0total usedfreeshared buff/cache available Mem:1.9G 475M1.2G 12M 311M1.3G Swap:3.9G 0B3.9G node4|CHANGED|rc0total usedfreeshared buff/cache available Mem:1.9G 479M1.2G 12M 312M1.3G Swap:3.9G 0B3.9G node1|CHANGED|rc0total usedfreeshared buff/cache available Mem:1.9G 474M1.2G 12M 311M1.3G Swap:3.9G 0B3.9G示例 4统计远程主机指定目录文件数量# 注这里lswc是两个命令但未用管道符command不支持管道实际是执行ls -l /var/log/nginx后通过wc统计若需管道需用shell模块[dyxcontroller web]$ ansible all -als -l /etc |wc -l[dyxcontroller web]$ ansible all -m shell -als -l /etc |wc -lnode2|CHANGED|rc0276node4|CHANGED|rc0276node3|CHANGED|rc0276node1|CHANGED|rc0276示例 5创建空文件[dyxcontroller web]$ ansible all -atouch /tmp/ansible_test.txt[WARNING]: Consider using thefilemodule withstatetouch rather than runningtouch.If you need to usecommandbecausefileis insufficient you canaddwarn: falseto thiscommandtask orsetcommand_warningsFalseinansible.cfg to get rid of this message. node3|CHANGED|rc0node2|CHANGED|rc0node4|CHANGED|rc0node1|CHANGED|rc0示例 6检查远程服务进程[dyxcontroller web]$ ansible all -aps aux# ✅ 正确仅执行ps aux后续过滤可在本地处理ansible all -aps aux | grep sshd# ❌ 错误command不支持管道需改用shell[dyxcontroller web]$ ansible all -m shell -aps aux |grep sshdnode2|CHANGED|rc0root12180.00.21129004316? Ss12:240:00 /usr/sbin/sshd -D root19030.00.31679486784? Ss12:250:00 sshd: rootpts/0 root40570.00.21567765584? Ss15:360:00 sshd: dyx[priv]dyx40600.00.11570882824? S15:360:00 sshd: dyxpts/1 root53060.00.01132801192pts/1 S15:390:00 /bin/sh -cpsaux|grepsshd root53080.00.0112812940pts/1 S15:390:00grepsshd node4|CHANGED|rc0root12180.00.21129004316? Ss12:240:00 /usr/sbin/sshd -D root19060.00.31679486780? Ss12:250:00 sshd: rootpts/0 root40500.00.21567765588? Ss15:360:00 sshd: dyx[priv]dyx40540.00.11570882816? S15:360:00 sshd: dyxpts/1 root52980.00.01132801192pts/1 S15:400:00 /bin/sh -cpsaux|grepsshd root53000.00.0112812940pts/1 S15:400:00grepsshd node3|CHANGED|rc0root12180.00.21129004312? Ss12:240:00 /usr/sbin/sshd -D root19080.00.31679486780? Ss12:250:00 sshd: rootpts/0 root40020.00.21567765584? Ss15:360:00 sshd: dyx[priv]dyx40060.00.11570882820? S15:360:00 sshd: dyxpts/1 root52500.00.01132801192pts/1 S15:400:00 /bin/sh -cpsaux|grepsshd root52520.00.0112812940pts/1 S15:400:00grepsshd node1|CHANGED|rc0root12090.00.21129004316? Ss12:240:00 /usr/sbin/sshd -D root19040.00.31679486776? Ss12:250:00 sshd: rootpts/0 root39810.00.21567765592? Ss15:360:00 sshd: dyx[priv]dyx39840.00.11570882820? S15:360:00 sshd: dyxpts/1 root52320.00.01132801192pts/1 S15:400:00 /bin/sh -cpsaux|grepsshd root52340.00.0112812944pts/1 S15:400:00grepsshd示例 7查看远程主机磁盘挂载信息ansible all -amount | grep /sys# ❌ 错误含管道改用shell[dyxcontroller web]$ ansible all -amount# ✅ 正确查看所有挂载本地筛选/sys示例 8验证远程主机端口连通性基础版# 检查80端口是否监听需安装nc[dyxcontroller web]$ ansible all -anc -zv 127.0.0.1 22node3|CHANGED|rc0Ncat: Version7.50(https://nmap.org/ncat)Ncat: Connected to127.0.0.1:22. Ncat:0bytes sent,0bytes receivedin0.01seconds. node1|CHANGED|rc0Ncat: Version7.50(https://nmap.org/ncat)Ncat: Connected to127.0.0.1:22. Ncat:0bytes sent,0bytes receivedin0.01seconds. node2|CHANGED|rc0Ncat: Version7.50(https://nmap.org/ncat)Ncat: Connected to127.0.0.1:22. Ncat:0bytes sent,0bytes receivedin0.01seconds. node4|CHANGED|rc0Ncat: Version7.50(https://nmap.org/ncat)Ncat: Connected to127.0.0.1:22. Ncat:0bytes sent,0bytes receivedin0.01seconds.示例 9查看远程主机指定文件的最后 10 行ansible all -atail -10 /var/log/messages示例 10查看IP地址[dyxcontroller web]$ ansible all -aip -br anode1|CHANGED|rc0lo UNKNOWN127.0.0.1/8 ::1/128 ens33 UP192.168.108.11/24 fe80::9f3f:8d41:73d1:d531/64 fe80::af36:4fe7:4616:f9d6/64 virbr0 DOWN192.168.122.1/24 virbr0-nic DOWN node3|CHANGED|rc0lo UNKNOWN127.0.0.1/8 ::1/128 ens33 UP192.168.108.13/24 fe80::af36:4fe7:4616:f9d6/64 fe80::9f3f:8d41:73d1:d531/64 fe80::8c56:cea:5e7a:8aa5/64 virbr0 DOWN192.168.122.1/24 virbr0-nic DOWN node2|CHANGED|rc0lo UNKNOWN127.0.0.1/8 ::1/128 ens33 UP192.168.108.12/24 fe80::af36:4fe7:4616:f9d6/64 fe80::9f3f:8d41:73d1:d531/64 fe80::8c56:cea:5e7a:8aa5/64 virbr0 DOWN192.168.122.1/24 virbr0-nic DOWN node4|CHANGED|rc0lo UNKNOWN127.0.0.1/8 ::1/128 ens33 UP192.168.108.14/24 fe80::af36:4fe7:4616:f9d6/64 fe80::9f3f:8d41:73d1:d531/64 fe80::8c56:cea:5e7a:8aa5/64 virbr0 DOWN192.168.122.1/24 virbr0-nic DOWNansible-doc 命令[dyxcontroller web]$ ansible-doc -h usage: ansible-doc[-h][--version][-v][-M MODULE_PATH][--playbook-dir BASEDIR][-t{become,cache,callback,cliconf,connection,httpapi,inventory,lookup,netconf,shell,module,strategy,vars}][-j][-F|-l|-s|--metadata-dump][plugin[plugin...]]plugin documentation tool positional arguments: plugin Plugin optional arguments: --metadata-dump **For internal testing only** Dump json metadataforall plugins. --playbook-dir BASEDIR Since this tool does not use playbooks, use this as a substitute playbook directory.This sets the relative pathformany features including roles/ group_vars/ etc. --version show programs version number, config file location, configured module search path, module location, executable location and exit -F, --list_files Show plugin names and their source files without summaries (implies --list) -M MODULE_PATH, --module-path MODULE_PATH prepend colon-separated path(s) to module library (def ault~/.ansible/plugins/modules:/usr/share/ansible/plu gins/modules) -h, --help show this help message and exit -j, --json Change output into json format. -l, --list List available plugins -s, --snippet Show playbook snippet for specified plugin(s) -t {become,cache,callback,cliconf,connection,httpapi,inventory,lookup,netconf,shell,module,strategy,vars}, --type {become,cache,callback,cliconf,connection,httpapi,inventory,lookup,netconf,shell,module,strategy,vars} Choose which plugin type (defaults to module). Available plugin types are : (become, cache, callback, cliconf, connection, httpapi, inventory, lookup, netconf, shell, module, strategy, vars)-v, --verbose verbose mode(-vvvformore, -vvvv toenableconnection debugging)SeemanpagesforAnsible CLI options or websitefortutorials https://docs.ansible.com示例# 查看模块清单及说明[dyxcontroller web]$ ansible-doc -l fortios_router_community_list Configure community li... azure_rm_devtestlab_info Get Azure DevTest Lab... ecs_taskdefinition register a task defini... avi_alertscriptconfig Moduleforsetup of Al... tower_receive Receive assets from An.........# 查看模块清单及位置[dyxcontroller web]$ ansible-doc -F fortios_router_community_list /usr/lib/python2.7/site-pac azure_rm_devtestlab_info /usr/lib/python2.7/site-pac ecs_taskdefinition /usr/lib/python2.7/site-pac avi_alertscriptconfig /usr/lib/python2.7/site-pac tower_receive /usr/lib/python2.7/site-pac netapp_e_iscsi_target /usr/lib/python2.7/site-pac azure_rm_acs /usr/lib/python2.7/site-pac......# 查看特定模块说明文档[dyxcontroller web]$ ansible-doc userUSER(/usr/lib/python2.7/site-packages/ansible/modules/system/user.py)Manage user accounts and user attributes. For Windows targets, use the[win_user]module instead. * This module is maintained by The Ansible Core Team * This module is maintained by The Ansible Core Team OPTIONS(is mandatory): - append Ifyes,addthe user to thegroupsspecifiedingroups. Ifno, user will only be added to thegroupsspecifiedingroups, removing them from all other groups. Mutually exclusive withlocal[Default: False]type: bool# 提示信息NOTES: * There are specific requirements per platform on user management utilities. However they generally come pre- installed with the system and Ansible will require they are present at runtime. If they are not, a descriptive error message will be shown. * On SunOS platforms, the shadowfileis backed up automatically since this module edits it directly. On other platforms, the shadowfileis backed up by the underlying tools used by this module. * On macOS, this module usesdscl to create, modify, and delete accounts.dseditgroup is used to modify group membership. Accounts are hidden from the login window by modifying/Library/Preferences/com.apple.loginwindow.plist.# 作者AUTHOR: Stephen Fromm(sfromm)# METADATA描述了谁在维护该模块。# status记录了模块开发状态。# stableinterface: 模块的关键字稳定将尽力确保不删除关键字或更改其含义。# preview: 模块处于技术预览阶段可能不稳定其关键字可能会更改或者它可能需要本身会受到不兼容更改的库或Web服务。# deprecated: 未来某一发行版中将不再提供。# removed: 模块已从发行版中移除但因文档需要存在存根以帮助之前的用户迁移到新的模块。METADATA: status: - stableinterface# supported_by记录了哪些社区在维护该模块:# coreAnsible核心开发人员维护始终随Ansible提供。# curated模块由社区中的合作伙伴或公司提交并维护。这些模块的维护者必须留意报告的任何问题或者调取针对该模块提出的请求。在社区维护人员批准了更改后上游 “core” 开发人员审核对策划模块提出的更改。核心提交者也确保因为Ansible引擎中的变化而对这些模块造成的任何问题得到修正。这些模块目前随Ansible提供但是可能会在未来某个时候另外打包。# community模块不受到core上游开发人员、合作伙伴或公司的支持完全由一般开源社区维护。此类别中的模块仍然完全可用但对问题的响应速度完全取决于社区。这些模块目前也随Ansible提供但是可能会在未来某个时候另外打包。supported_by: core# 模块使用示例EXAMPLES: - name: Add the userjohndwith a specific uid and a primary group ofadminuser: name: johnd comment: John Doe uid:1040group: admin......# 模块返回值说明RETURN VALUES: append: description: Whether or not to append the user togroupsreturned: When state ispresentand the user exists type: bool sample: True comment: description: Comment section frompasswdfile, usually the user name returned: When user exists......如果现有的模块无法实现现有需求用户也可以自行编写模块Ansible会从变量ANSIBLE_LIBRARY中查找模块如果该变量未设置将会从ansible.cfg配置文件library设置的位置查找模块copy模块文件/目录拷贝核心作用从控制端拷贝文件 / 目录到远程主机支持权限、属主、内容直接写入等。案例 1基础文件拷贝指定源和目标[dyxcontroller web]$touch/tmp/local_file.txt[dyxcontroller web]$ ansible all -m copy -asrc/tmp/local_file.txt dest/opt/remote_file.txt#验证[rootnode1 ~]# ls /opt |grep remoteremote_file.txt说明将控制端 /tmp/local_file.txt 拷贝到远程主机 /opt/remote_file.txt 备注目标文件已存在时会覆盖默认行为。案例 2拷贝并设置权限 属主属组[dyxcontroller web]$sudoyuminstall-y httpd[dyxcontroller web]$ ansible all -m copy -asrc/etc/httpd/conf/httpd.conf dest/tmp/feiyy ownerdyx grouproot mode0644 backupyes#验证[rootnode1 ~]# ls /tmp|grep feiyyfeiyy说明拷贝 nginx 配置文件到远程 web 服务器设置属主 nginx 、属组 nginx 权限 0644 backupyes 覆盖前自动备份原文件后缀为时间戳。在此拷贝[rootcontroller ~]# echo hhh /etc/httpd/conf/httpd.conf[dyxcontroller web]$ ansible all -m copy -asrc/etc/httpd/conf/httpd.conf dest/tmp/feiyy ownerdyx grouproot mode0644 backupyes#验证[rootnode1 ~]# ls /tmp|grep feiyyfeiyy feiyy.6832.2025-12-1516:42:21~command模块command 模块允许管理员在受管节点的命令行中运行任意命令。要运行的命令通过-a选项指定为该模块的参数。[dyxcontroller web]$ ansible node1 -mcommand-ahostnamenode1|CHANGED|rc0node1.dyx.cloud[dyxcontroller web]$ ansible node1 -mcommand-ahostname-o node1|CHANGED|rc0|(stdout)node1.dyx.cloud说明command 模块执行的远程命令不受受管节点上的shell处理无法访问shell环境变量也不能执行重定向和传送等shell操作。如果临时命令没有指定模块Ansible默认使用command模块。shell 模块shell模块允许您将要执行的命令作为参数传递给该模块。 Ansible随后对受管节点远程执行该命令。与command模块不同的是 这些命令将通过受管节点上的shell进行处理。因此可以访问shell环境变量也可使用重定向和管道等shell操作。[dyxcontroller web]$ ansible node1 -mcommand-asetnode1|FAILED|rc2[Errno2]No suchfileor directory[dyxcontroller web]$ ansible node1 -m shell -asetnode1|CHANGED|rc0BASH/bin/shBASHOPTScmdhist:extquote:force_fignore:hostcomplete:interactive_comments:progcomp:promptvars:sourcepathBASH_ALIASES()BASH_ARGC()BASH_ARGV()BASH_CMDS()BASH_EXECUTION_STRINGsetBASH_LINENO()BASH_SOURCE()BASH_VERSINFO([0]4[1]2[2]46[3]2[4]release[5]x86_64-redhat-linux-gnu)BASH_VERSION4.2.46(2)-releaseDIRSTACK()EUID0GROUPS()HOME/rootHOSTNAMEnode1.dyx.cloudHOSTTYPEx86_64IFS LANGen_US.UTF-8LOGNAMErootLS_COLORSrs0:di01;34:ln01;36:mh00:pi40;33:so01;35:do01;35:bd40;33;01:cd40;33;01:or40;31;01:mi01;05;37;41:su37;41:sg30;43:ca30;41:tw30;42:ow34;42:st37;44:ex01;32:*.tar01;31:*.tgz01;31:*.arc01;31:*.arj01;31:*.taz01;31:*.lha01;31:*.lz401;31:*.lzh01;31:*.lzma01;31:*.tlz01;31:*.txz01;31:*.tzo01;31:*.t7z01;31:*.zip01;31:*.z01;31:*.Z01;31:*.dz01;31:*.gz01;31:*.lrz01;31:*.lz01;31:*.lzo01;31:*.xz01;31:*.bz201;31:*.bz01;31:*.tbz01;31:*.tbz201;31:*.tz01;31:*.deb01;31:*.rpm01;31:*.jar01;31:*.war01;31:*.ear01;31:*.sar01;31:*.rar01;31:*.alz01;31:*.ace01;31:*.zoo01;31:*.cpio01;31:*.7z01;31:*.rz01;31:*.cab01;31:*.jpg01;35:*.jpeg01;35:*.gif01;35:*.bmp01;35:*.pbm01;35:*.pgm01;35:*.ppm01;35:*.tga01;35:*.xbm01;35:*.xpm01;35:*.tif01;35:*.tiff01;35:*.png01;35:*.svg01;35:*.svgz01;35:*.mng01;35:*.pcx01;35:*.mov01;35:*.mpg01;35:*.mpeg01;35:*.m2v01;35:*.mkv01;35:*.webm01;35:*.ogm01;35:*.mp401;35:*.m4v01;35:*.mp4v01;35:*.vob01;35:*.qt01;35:*.nuv01;35:*.wmv01;35:*.asf01;35:*.rm01;35:*.rmvb01;35:*.flc01;35:*.avi01;35:*.fli01;35:*.flv01;35:*.gl01;35:*.dl01;35:*.xcf01;35:*.xwd01;35:*.yuv01;35:*.cgm01;35:*.emf01;35:*.axv01;35:*.anx01;35:*.ogv01;35:*.ogx01;35:*.aac01;36:*.au01;36:*.flac01;36:*.mid01;36:*.midi01;36:*.mka01;36:*.mp301;36:*.mpc01;36:*.ogg01;36:*.ra01;36:*.wav01;36:*.axa01;36:*.oga01;36:*.spx01;36:*.xspf01;36:MACHTYPEx86_64-redhat-linux-gnuMAIL/var/mail/dyxOPTERR1OPTIND1OSTYPElinux-gnuPATH/sbin:/bin:/usr/sbin:/usr/binPOSIXLY_CORRECTyPPID2405PS4 PWD/home/dyxSHELL/bin/bashSHELLOPTSbraceexpand:hashall:interactive-comments:posixSHLVL2SUDO_COMMAND/bin/sh -c echo BECOME-SUCCESS-msrwdmrluwtjkhtfvqdhffcuglwtfjqc ; /usr/bin/python /home/dyx/.ansible/tmp/ansible-tmp-1765848154.46-2146-236870616870838/AnsiballZ_command.pySUDO_GID1001SUDO_UID1001SUDO_USERdyxTERMxtermUID0USERrootUSERNAMErootXDG_SESSION_ID3_/usr/bin/python**注意**command和shell模块要求被管理主机安装Python。raw 模块raw 模块可以直接在远端主机shell中执行命令远端主机不需要安装Python特别是针对网络设备。在大部分场景中不推荐使用command、shell、raw模块执行命令因为这些模块不具有幂等性。[dyxcontroller web]$ ansible node1 -m raw -aecho hello world /tmp/hello.txtnode1|CHANGED|rc0Shared connection to node1 closed.# 此处多了一个现实断开连接相当于通过ssh连接到受管节点执行命令。[dyxcontroller web]$ ansible node1 -acat /tmp/hello.txtnode1|CHANGED|rc0hello world# 对比shell模块[dyxcontroller web]$ ansible node1 -m shell -aecho hello ansible /tmp/hello.txtnode1|CHANGED|rc0ansible AD HOC 命令选项临时命令选项优先级高于配置文件中配置配置文件指令命令行选项inventory-iremote_user-uask_pass-k,–ask_passbecome–become,-bbecome_method–become_methodbecome_user–become_userbecome_ask_pass–ask-become-pass,-K