Ansible学习之ansible-pull命令

想要知道ansible-pull是用来做什么的，就需要了解Ansible的工作模，Ansible的工作模式有两种：

1. push模式
   push推送，这是Ansible的默认模式，在主控机上编排好playbook文件，push到远程主机上来执行。
2. pull模式
   pull模式就是现在要介绍的ansible-pull命令来完成的功能，与push推送模式反向，pull模式是远程主机 拉去git仓库的playbook文件进行执行；这需要远程主机安装ansible和git。

pull模式的优点如下：

1. 斜体样式不需要主控机

2. 可以并行执行playbook任务，并且速度非常快

3. 连接有节点启动更加安全

pull 模式的工作流程：
图片来之网络

1. 每台远程主机上都需要安装Ansible 和git(svn)
2. 所有的配置及playbooks 都存放在git 仓库
3. 远程主机的ansible-pull 计划任务会定期检查给定的git 的tag 或者分支
4. ansible-pull 执行特定的playbooks 即local.yml 或者hostname.yml
5. 每次更改playbooks 只需要提交到git 即可

实验测试:

在gitee上创建一个用于测试的库：pull-test

将这个库下载下来，并创建playbook剧本文件上传到pull-test库

#touchfile-playbook.yaml 内容如下

# cat touchfile-playbook.yaml
---
- hosts: localhost
  remote_user: root
  gather_facts: no
  tasks:
    - name: Create a file
      file:
        path: /opt/script/ansible-pull-empty.txt
        state:  touch
        mode: 0664

git clone https://gitee.com/crazy-stone-man/pull-test.git
cd pull-test/
git remote add ansible-pull https://gitee.com/crazy-stone-man/pull-test.git
git add touchfile-playbook.yaml
git commit -m "touch a file"
git push ansible-pull

可以在gitee仓库上查看文件是否被推送上去

# ansible-pull -U https://gitee.com/crazy-stone-man/pull-test.git touchfileplaybook.yaml

• -U　指定playbook的URL。

• -i: 指定inventory文件　我这里忽略了，默认是　／ｅｔｃ／ａｎｓｉｂｌｅ／ｈｏｓｔｓ

  看看效果：

[root@localhost script]# ansible-pull -U https://gitee.com/crazy-stone-man/pull-test.git touchfileplaybook.yaml 
Starting Ansible Pull at 2024-09-30 05:43:15
/usr/bin/ansible-pull -U https://gitee.com/crazy-stone-man/pull-test.git touchfileplaybook.yaml
[WARNING]: Could not match supplied host pattern, ignoring: localhost.localdomain
localhost [WARNING]:| SUCCESS  Your git => {
    "version isafter": "2 too old t9daba82f0co fully sub39887ca15pport the eb0dce51bddepth arguad3c0066b"ment. Fall, 
    "being back tfore": "29o full chedaba82f0cbckouts.
39887ca15eb0dce51bdad3c0066b", 
    "changed": false, 
    "remote_url_changed": false
}
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
[WARNING]: Could not match supplied host pattern, ignoring: localhost.localdomain

PLAY [localhost] ********************************************************************************************************************************************

TASK [Create a file] ****************************************************************************************************************************************
changed: [localhost]

PLAY RECAP **************************************************************************************************************************************************
localhost                  : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[root@localhost script]# ls
ansible-pull-empty.txt

执行成功了！

修改ｐｌａｙｂｏｏｋ文件重新上传，再次执行ａｎｓｉｂｌｅ－ｐｕｌｌ

---
- hosts: localhost
  remote_user: root
  gather_facts: no
  tasks:
    - name: Create a file
      file:
        path: /opt/script/ansible-pull-empty.txt
        state:  absent	＃删除掉文件

[root@localhost script]# ansible-pull -U https://gitee.com/crazy-stone-man/pull-test.git touchfileplaybook.yaml 
Starting Ansible Pull at 2024-09-30 05:49:41
/usr/bin/ansible-pull -U https://gitee.com/crazy-stone-man/pull-test.git touchfileplaybook.yaml
[WARNING]: Could not match supplied host pattern, ignoring: localhost.localdomain
localhost [WARNING]:| CHANGED  Your git => {
    "version isafter": "d too old tbfda18ce36o fully su79910c8316pport the 5477f9dd84depth argu5e8f875aa"ment. Fall, 
    "being back tfore": "29o full chedaba82f0cbckouts.
39887ca15eb0dce51bdad3c0066b", 
    "changed": true, 
    "remote_url_changed": false
}
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
[WARNING]: Could not match supplied host pattern, ignoring: localhost.localdomain

PLAY [localhost] ********************************************************************************************************************************************

TASK [Create a file] ****************************************************************************************************************************************
changed: [localhost]

PLAY RECAP **************************************************************************************************************************************************
localhost                  : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[root@localhost script]# ls
[root@localhost script]# 

可以看到已经被删除了！

学习更多ａｎｓｉｂｌｅ－ｐｕｌｌ功能使用

ａｎｓｉｂｌｅ－ｐｕｌｌ	－－ｈｅｌｐ

我创建的git仓库是公开的，在真实环境是不能公开的，而且最好是限制IP

加入定时任务：

定时去拉取playbook文件执行

*/5 * * * * ansible-pull -C master -d /tmp/ansible-pull -i /etc/ansible/hosts -U https://gitee.com/crazy-stone-man/pull-test.git  -o

• -C 指定分支 checkout功能
• -d Ansible Pull 将要使用的工作目录。它会将仓库克隆到这个目录，或者在该目录中查找已经克隆的仓库。
• -i 指定 inventory 文件路径
• -U 指定存储 playbook 的远程 Git 仓库的 URL。
• -o 只有playbook 远程Git仓库更新才执行

参考连接：https://blog.csdn.net/yuezhilangniao/article/details/115799713