02-Ansible 基本使用

The star"'2025-12-17 16:13

文章目录

  • [02-Ansible 基本使用](#02-Ansible 基本使用)
    • [Ansible 清单](#Ansible 清单)
    • [管理 ANSIBLE 配置文件](#管理 ANSIBLE 配置文件)
    • [运行 AD HOC 命令](#运行 AD HOC 命令)
      • 实验环境
      • [ansible AD HOC 命令](#ansible AD HOC 命令)
      • [Ansible 部分模块](#Ansible 部分模块)
      • [基础执行(command/shell 模块)](#基础执行(command/shell 模块))
      • [ansible-doc 命令](#ansible-doc 命令)
      • command模块
      • [shell 模块](#shell 模块)
      • [raw 模块](#raw 模块)
      • [ansible AD HOC 命令选项](#ansible AD HOC 命令选项)

02-Ansible 基本使用

Ansible 清单

Ansible 软件包中文件

bash 复制代码 
[dyx@controller ~]# rpm -ql ansible

  • 配置文件目录 /etc/ansible

  • 执行文件目录 /usr/bin

  • lib依赖库目录 /usr/lib/python2.7/site-packages/ansible

  • 插件 /usr/share/ansible/plugins

  • Help文档目录 /usr/share/doc/ansible

  • Man文档目录/usr/share/man/man1/

主机清单

Inventory 定义Ansible将要管理的一批主机。这些主机也可以分配到组中,以进行集中管理 组可以包含

子组,主机也可以是多个组的成员。清单还可以设置应用到它所定义的主机和组的变量。

通过以下方式定义主机清单:

  • **静态主机清单:**以文本文件的方式来定义。

  • **动态主机清单:**使用外部信息提供程序通过脚本或其他程序来自动生成。目的是从启动环境中获取主机清单,例如openstack、kubernetes、zabbix等。

静态主机清单

主机清单支持多种格式,例如ini、yaml、脚本等。

本次课程使用 ini 格式。

最简单的静态清单

受管节点的主机名或IP地址的列表,每行一个。

示例:

bash 复制代码 
[dyx@controller ~]# vim inventory
[dyx@controller ~]# cat inventory
web1.example.com
web2.example.com
db1.example.com
db2.example.com
192.168.0.42

验证主机是否在inventory中

bash 复制代码 
[dyx@controller ~]# ansible --list-hosts -i inventory web1.example.com
  hosts (1):
    web1.example.com
[dyx@controller ~]# ansible --list-hosts -i inventory 192.168.0.42
  hosts (1):
    192.168.0.42

ansible命令通过--inventory PATHNAME或-i PATHNAME选项在命令行中指定清单文件的位置,其中PATHNAME是所需清单文件的路径。

主机组

还可以将受管节点组织为主机组。通过主机组,更加有效地对一系列系统运行Ansible。

格式:

bash 复制代码 
[groupname]
hostname
hostip

示例:

bash 复制代码 
[dyx@controller ~]# vim inventory
[dyx@controller ~]# cat inventory
app1.examlpe.com

[webservers]
web1.example.com
web2

[dbservers]
db1.example.com
db2.example.com
192.0.2.42

192.0.2.3

验证:

bash 复制代码 
[dyx@controller ~]# ansible --list-hosts -i inventory webservers
  hosts (2):
    web1.example.com
    web2

# 注意:192.0.2.43属于dbservers组
[dyx@controller ~]# ansible --list-hosts -i inventory dbservers
  hosts (4):
    db1.example.com
    db2.example.com
    192.0.2.42
    192.0.2.3

有两个组总是存在的:

  • all:包含inventory中所有主机。

  • ungrouped:inventory中列出的,但不属于任何组的主机。

验证:

bash 复制代码 
[dyx@controller ~]# ansible --list-hosts -i inventory all
  hosts (7):
    app1.examlpe.com
    web1.example.com
    web2
    db1.example.com
    db2.example.com
    192.0.2.42
    192.0.2.3
[dyx@controller ~]# ansible --list-hosts -i inventory ungrouped
  hosts (1):
    app1.examlpe.com

根据需要,将主机分配在多个组中,例如根据主机的角色、其物理位置以及是否在生产环境中等因素。

bash 复制代码 
[dyx@controller ~]# vim inventory
[dyx@controller ~]# cat inventory
[webservers]
web1.example.com
web2
192.168.3.7

[dbservers]
db1.example.com
db2.example.com
192.0.2.42

[eastdc]
web1.example.com
db1.example.com

[westdc]
web2
db2

验证:

bash 复制代码 
[dyx@controller ~]# ansible --list-hosts -i inventory webservers
  hosts (3):
    web1.example.com
    web2
    192.168.3.7
    
[dyx@controller ~]# ansible --list-hosts -i inventory eastdc
  hosts (2):
    web1.example.com
    db1.example.com
主机组嵌套

一个主机组还可以属于另外一个主机组。

示例:

bash 复制代码 
[dyx@controller ~]# vim inventory
[dyx@controller ~]# cat inventory
[webservers]
web1.example.com
web2
192.168.3.7

[dbservers]
db1.example.com
db2.example.com
192.0.2.42

[eastdc]
web1.example.com
db1.example.com

[westdc]
web2
db2

[dc:children]
eastdc
westdc

验证:

bash 复制代码 
[dyx@controller ~]# ansible --list-hosts -i inventory dc
  hosts (4):
    web1.example.com
    db1.example.com
    web2
    db2

子组中的主机组必须定义,否则会出现语法上的报错。

示例:

bash 复制代码 
[dyx@controller ~]# vim inventory
[dyx@controller ~]# cat inventory
[webservers]
web1.example.com
web2
192.168.3.7

[dbservers]
db1.example.com
db2.example.com
192.0.2.42

[eastdc]
web1.example.com
db1.example.com

[westdc]
web2
db2

[dc:children]
eastdc
westdc
`node1`

验证:

bash 复制代码 
tory dc
[WARNING]:  * Failed to parse /dyx/inventory with yaml plugin: We were unable to read
either as JSON nor YAML, these are the errors we got from each: JSON: No JSON object
could be decoded  Syntax Error while loading YAML.   did not find expected <document
start>  The error appears to be in '/root/inventory': line 2, column 1, but may be
elsewhere in the file depending on the exact syntax problem.  The offending line appears
to be:  [webservers] web1.example.com ^ here
[WARNING]:  * Failed to parse /root/inventory with ini plugin: /root/inventory:22:
Section [dc:children] includes undefined group: node
[WARNING]: Unable to parse /root/inventory as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the
implicit localhost does not match 'all'
  hosts (4):
    web1.example.com
    db1.example.com
    web2
    db2
范围简写

通过指定主机名称或IP地址的范围来简化Ansible主机清单。您可以指定数字或字母范围。

语法:[start:end]

示例:

bash 复制代码 
[dyx@controller ~]# vim inventory
# 代表192.168.4.0-192.168.7.255
[priv]
192.168.[4:7].[0:255]
#代表01,02...10
[hosts]
host[01:10].example.com
# 代表a b c
[servers]
server[a:c].example.com

验证:

bash 复制代码 
[dyx@controller ~]# ansible --list-hosts -i inventory hosts
  hosts (10):
    host01.example.com
    host02.example.com
    host03.example.com
    host04.example.com
    host05.example.com
    host06.example.com
    host07.example.com
    host08.example.com
    host09.example.com
    host10.example.com
[dyx@controller ~]# ansible --list-hosts -i inventory servers
  hosts (3):
    servera.example.com
    serverb.example.com
    serverc.example.com

以下是错误的范围示例:

bash 复制代码 
[dyx@controller ~]# vim inventory
[servers]
server[0a:2c].example.com

验证:

bash 复制代码 
[dyx@controller ~]# ansible --list-hosts -i inventory all
[WARNING]:  * Failed to parse /root/inventory with yaml plugin: We were unable to read
either as JSON nor YAML, these are the errors we got from each: JSON: No JSON object
could be decoded  Syntax Error while loading YAML.   did not find expected <document
start>  The error appears to be in '/root/inventory': line 2, column 1, but may be
elsewhere in the file depending on the exact syntax problem.  The offending line appears
to be:  [serevers] server[0a:2c].example.com ^ here
[WARNING]:  * Failed to parse /root/inventory with ini plugin: invalid literal for int()
with base 10: `'0a'`
[WARNING]: Unable to parse /root/inventory as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the
implicit localhost does not match 'all'
  hosts (0):

动态主机清单

使用外部数据提供的信息动态生成Ansible清单信息。

本课程内容不做进一步讨论。

ansible-inventory 命令

通过不同的格式查看清单文件。

bash 复制代码 
[dyx@controller ~]# ansible-inventory --help
usage: ansible-inventory [-h] [--version] [-v] [-i INVENTORY]
                         [--vault-id VAULT_IDS]
                         [--ask-vault-pass | --vault-password-file VAULT_PASSWORD_FILES]
                         [--playbook-dir BASEDIR] [--list] [--host HOST]
                         [--graph] [-y] [--toml] [--vars] [--export]
                         [--output OUTPUT_FILE]
                         [host|group]

positional arguments:
  host|group

optional arguments:
  --ask-vault-pass      ask for vault password
  --export              When doing an --list, represent in a way that is
                        optimized for export,not as an accurate representation
                        of how Ansible has processed it
  --output OUTPUT_FILE  When doing --list, send the inventory to a file
                        instead of to the screen
  --playbook-dir BASEDIR
                        Since this tool does not use playbooks, use this as a
                        substitute playbook directory.This sets the relative
                        path for many features including roles/ group_vars/
                        etc.
  --toml                Use TOML format instead of default JSON, ignored for
                        --graph
  --vars                Add vars to graph display, ignored unless used with
                        --graph
  --vault-id VAULT_IDS  the vault identity to use
  --vault-password-file VAULT_PASSWORD_FILES
                        vault password file
  --version             show program's version number, config file location,
                        configured module search path, module location,
                        executable location and exit
  -h, --help            show this help message and exit
  -i INVENTORY, --inventory INVENTORY, --inventory-file INVENTORY
                        specify inventory host path or comma separated host
                        list. --inventory-file is deprecated
  -v, --verbose         verbose mode (-vvv for more, -vvvv to enable
                        connection debugging)
  -y, --yaml            Use YAML format instead of default JSON, ignored for
                        --graph

Actions:
  One of following must be used on invocation, ONLY ONE!

  --graph               create inventory graph, if supplying pattern it must
                        be a valid group name
  --host HOST           Output specific host info, works as inventory script
  --list                Output all hosts info, works as inventory script

Show Ansible inventory information, by default it uses the inventory script
JSON format

示例清单:

bash 复制代码 
[dyx@controller ~]# vim inventory
app1.example.com

[webservers]
web1.example.com
web2.example.com
192.168.3.7

[dbservers]
db1.example.com
db2.example.com
192.0.2.42

[eastdc]
web1.example.com
db1.example.com

[westdc]
web2.example.com
db2.example.com

[dc:children]
eastdc
westdc

验证:

bash 复制代码 
# 树形结构显示
[dyx@controller ~]#  ansible-inventory -i inventory --graph
@all:
  |--@dbservers:
  |  |--192.0.2.42
  |  |--db1.example.com
  |  |--db2.example.com
  |--@dc:
  |  |--@eastdc:
  |  |  |--db1.example.com
  |  |  |--web1.example.com
  |  |--@westdc:
  |  |  |--db2.example.com
  |  |  |--web2.example.com
  |--@ungrouped:
  |  |--app1.example.com
  |--@webservers:
  |  |--192.168.3.7
  |  |--web1.example.com
  |  |--web2.example.com

# yaml格式显示
[dyx@controller ~]#  ansible-inventory -i inventory --list -y
all:
  children:
    dbservers:
      hosts:
        192.0.2.42: {}
        db1.example.com: {}
        db2.example.com: {}
    dc:
      children:
        eastdc:
          hosts:
            db1.example.com: {}
            web1.example.com: {}
        westdc:
          hosts:
            db2.example.com: {}
            web2.example.com: {}
    ungrouped:
      hosts:
        app1.example.com: {}
    webservers:
      hosts:
        192.168.3.7: {}
        web1.example.com: {}
        web2.example.com: {}

管理 ANSIBLE 配置文件

配置文件位置和优先级

  1. 环境变量 ANSIBLE_CONFIG
  2. ./ansible.cfg,当前位置中的 ansible.cfg,当前位置一般是项目目录。
  3. ~/.ansible.cfg
  4. /etc/ansible/ansible.cfg

从上到下,优先级越来越低。

建议:在当前目录下定义ansible.cfg文件。

验证优先级

bash 复制代码 
# 环境准备
[dyx@controller ~]$ mkdir web && cd web

# 查看ansible命令当前使用的配置文件
[dyx@controller web]$ ansible --version
ansible 2.9.27
  config file = `/etc/ansible/ansible.cfg`
  configured module search path = [u'/home/dyx/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible
  python version = 2.7.5 (default, Oct 14 2020, 14:45:30) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
  
# 或者
[dyx@controller web]$ ansible --version |grep 'config file'
  config file = /etc/ansible/ansible.cfg
  
[dyx@controller web]$ touch ~/.ansible.cfg
[dyx@controller web]$ ansible --version |grep 'config file'
  config file = /home/dyx/.ansible.cfg


[dyx@controller web]$ touch ansible.cfg
[dyx@controller web]$ ansible --version |grep 'config file'
  config file = /home/dyx/web/ansible.cfg
  
[dyx@controller web]$ export ANSIBLE_CONFIG=/opt/ansible.cfg
[dyx@controller web]$ sudo touch /opt/ansible.cfg
[dyx@controller web]$ ansible --version |grep 'config file'
  config file = /opt/ansible.cfg
[dyx@controller web]$ unset ANSIBLE_CONFIG
[dyx@controller web]$ ansible --version |grep 'config file'
  config file = /home/dyx/web/ansible.cfg

配置文件解析

ansible 默认配置文件 /etc/ansible/ansible.cfg。

Ansible 配置文件包括以下部分:

bash 复制代码 
[dyx@controller web]$ grep "^\[" /etc/ansible/ansible.cfg
[defaults]
[inventory]
[privilege_escalation]
[paramiko_connection]
[ssh_connection]
[persistent_connection]
[accelerate]
[selinux]
[colors]
[diff]

常用参数解析如下:

bash 复制代码 
[defaults]
# inventory 指定清单文件路径
inventory = /etc/ansible/hosts

# 并发执行同一个任务的主机数量
forks = 5

# ansible检查任务是否执行完成的时间间隔
poll_interval = 15

# 连接登录到受管主机时是否提示输入密码
ask_pass = True

# 控制facts如何收集
# smart - 如果facts已经收集过了,就不收集了。
# implicit - facts收集,剧本中使用gather_facts: False关闭facts收集。
# explicit - facts不收集,剧本中使用gather_facts: True关闭facts收集。
gathering = implicit

# 收集facts范围
# all - gather all subsets
# network - gather min and network facts
# hardware - gather hardware facts (longest facts to retrieve)
# virtual - gather min and virtual facts
# facter - import facts from facter
# ohai - import facts from ohai
# You can combine them using comma (ex: network,virtual)
# You can negate them using ! (ex: !hardware,!facter,!ohai)
# A minimal set of facts is always gathered.
gather_subset = all

# 收集facts超时时间
gather_timeout = 10

# 变量注入,通过ansible_facts引用
inject_facts_as_vars = True

# 定义角色路径,以冒号分隔
roles_path = /etc/ansible/roles

# SSH是否检验 host key
host_key_checking = False

# 连接登录到受管主机时使用的用户身份
remote_user = root

# ansible 命令和ansible-playbook 命令输出内容存放位置
log_path = /var/log/ansible.log

# ansible 命令默认模块
module_name = command

# ssh 私钥文件位置
private_key_file = /path/to/file

# 默认ansible-vault命令的密码文件
vault_password_file = /path/to/vault_password_file

# 定义ansible_managed变量值
ansible_managed = Ansible managed

# 剧本执行过程中,遇到未定义的变量不报错
error_on_undefined_vars = False

# 系统告警启用
system_warnings = True

# 下架告警启用
deprecation_warnings = True

# 使用command和shell模块时,是否提示告警
command_warnings = False

# facts保存在哪里,例如redis
fact_caching = memory

[inventory]
# 启用的清单插件, 默认为: 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml'
#enable_plugins = host_list, virtualbox, yaml, constructed
# 当清单源是一个目录的时候,忽略这些后缀的清单文件
#ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini,
.cfg, .retry

[privilege_escalation]
# 连接到受管主机后是否需要进行权限提升或切换用户
become=True

# 使用何种方式进行用户切换或提权
become_method=sudo

# 用户切换或提权后的对应用户
become_user=root

# 进行用户切换或提权时是否提示输入密码
become_ask_pass=False

说明:"#" 和 ";"开头的行,作为注释

配置文件示例

对于基本操作, 使用 [defaults][privilege_escalation] 即可。

配置文件示例

bash 复制代码 
[dyx@controller web]$ vim ansible.cfg
[dyx@controller web]$ cat ansible.cfg
[defaults]
remote_user=dyx
inventory=./inventory

[privilege_escalation]
become=true
become_user=root
become_method=sudo
become_ask_pass=false

编辑inventory

bash 复制代码 
[dyx@controller web]$ vim inventory
[dyx@controller web]$ cat inventory
node[1:4]

最终效果:

bash 复制代码 
[dyx@controller web]$ ansible all -a hostname
node4 | CHANGED | rc=0 >>
node4.dyx.cloud
node2 | CHANGED | rc=0 >>
node2.dyx.cloud
node3 | CHANGED | rc=0 >>
node3.dyx.cloud
node1 | CHANGED | rc=0 >>
node1.dyx.cloud

ansible-config 命令

用于分析ansible命令的配置。

bash 复制代码 
[dyx@controller web]$ ansible-config -h
usage: ansible-config [-h] [--version] [-v] {list,dump,view} ...

View ansible configuration.

positional arguments:
  {list,dump,view}
   ` list            Print all config options`
    `dump            Dump configuration`
   ` view            View configuration file`

optional arguments:
  --version         show program's version number, config file location,
                    configured module search path, module location, executable
                    location and exit
  -h, --help        show this help message and exit
  -v, --verbose     verbose mode (-vvv for more, -vvvv to enable connection
                    debugging)
ansible-config view

查看当前ansible配合文件内容。

bash 复制代码 
[dyx@controller web]$ ansible --version |grep file
  config file = /home/dyx/web/ansible.cfg

[dyx@controller web]$ ansible-config view
[defaults]
remote_user=dyx
inventory=./inventory

[privilege_escalation]
become=true
become_user=root
become_method=sudo
become_ask_pass=false
ansible-config dump

当前ansible生效的所有配置,包括所有默认值

bash 复制代码 
[dyx@controller web]$ ansible-config dump
ACTION_WARNINGS(default) = True
AGNOSTIC_BECOME_PROMPT(default) = True
ALLOW_WORLD_READABLE_TMPFILES(default) = False
ANSIBLE_CONNECTION_PATH(default) = None
ANSIBLE_COW_PATH(default) = None
ANSIBLE_COW_SELECTION(default) = default
ANSIBLE_COW_WHITELIST(default) = ['bud-frogs', 'bunny', 'cheese', 'daemon', 'default', 'd
ANSIBLE_FORCE_COLOR(default) = False
ANSIBLE_NOCOLOR(default) = False
ANSIBLE_NOCOWS(default) = False
ANSIBLE_PIPELINING(default) = False
ANSIBLE_SSH_ARGS(default) = -C -o ControlMaster=auto -o ControlPersist=60s
ANSIBLE_SSH_CONTROL_PATH(default) = None
ANSIBLE_SSH_CONTROL_PATH_DIR(default) = ~/.ansible/cp
ANSIBLE_SSH_EXECUTABLE(default) = ssh
ANSIBLE_SSH_RETRIES(default) = 0
ANY_ERRORS_FATAL(default) = False
BECOME_ALLOW_SAME_USER(default) = False
BECOME_PLUGIN_PATH(default) = [u'/home/dyx/.ansible/plugins/become', u'/usr/share/ansible
CACHE_PLUGIN(default) = memory
CACHE_PLUGIN_CONNECTION(default) = None
CACHE_PLUGIN_PREFIX(default) = ansible_facts
CACHE_PLUGIN_TIMEOUT(default) = 86400
COLLECTIONS_PATHS(default) = [u'/home/dyx/.ansible/collections', u'/usr/share/ansible/col
COLOR_CHANGED(default) = yellow
COLOR_CONSOLE_PROMPT(default) = white
COLOR_DEBUG(default) = dark gray
COLOR_DEPRECATE(default) = purple
COLOR_DIFF_ADD(default) = green
COLOR_DIFF_LINES(default) = cyan
COLOR_DIFF_REMOVE(default) = red
COLOR_ERROR(default) = red
COLOR_HIGHLIGHT(default) = white
COLOR_OK(default) = green
COLOR_SKIP(default) = cyan
COLOR_UNREACHABLE(default) = bright red
COLOR_VERBOSE(default) = blue
COLOR_WARN(default) = bright purple
COMMAND_WARNINGS(default) = True
CONDITIONAL_BARE_VARS(default) = True
CONNECTION_FACTS_MODULES(default) = {'iosxr': 'iosxr_facts', 'voss': 'voss_facts', 'cisco
COVERAGE_REMOTE_OUTPUT(default) = None
COVERAGE_REMOTE_WHITELIST(default) = *
DEFAULT_ACTION_PLUGIN_PATH(default) = [u'/home/dyx/.ansible/plugins/action', u'/usr/share
DEFAULT_ALLOW_UNSAFE_LOOKUPS(default) = False
DEFAULT_ASK_PASS(default) = False
DEFAULT_ASK_VAULT_PASS(default) = False
DEFAULT_BECOME(/home/dyx/web/ansible.cfg) = True
DEFAULT_BECOME_ASK_PASS(/home/dyx/web/ansible.cfg) = False
DEFAULT_BECOME_EXE(default) = None
DEFAULT_BECOME_FLAGS(default) =
DEFAULT_BECOME_METHOD(/home/dyx/web/ansible.cfg) = sudo
DEFAULT_BECOME_USER(/home/dyx/web/ansible.cfg) = root
DEFAULT_CACHE_PLUGIN_PATH(default) = [u'/home/dyx/.ansible/plugins/cache', u'/usr/share/a
DEFAULT_CALLABLE_WHITELIST(default) = []
DEFAULT_CALLBACK_PLUGIN_PATH(default) = [u'/home/dyx/.ansible/plugins/callback', u'/usr/s
DEFAULT_CALLBACK_WHITELIST(default) = []
DEFAULT_CLICONF_PLUGIN_PATH(default) = [u'/home/dyx/.ansible/plugins/cliconf', u'/usr/sha
DEFAULT_CONNECTION_PLUGIN_PATH(default) = [u'/home/dyx/.ansible/plugins/connection', u'/u
DEFAULT_DEBUG(default) = False
DEFAULT_EXECUTABLE(default) = /bin/sh
DEFAULT_FACT_PATH(default) = None
DEFAULT_FILTER_PLUGIN_PATH(default) = [u'/home/dyx/.ansible/plugins/filter', u'/usr/share
ansible-config list

查看所有配置参数用途,配置位置等。

bash 复制代码 
[dyx@controller web]$ ansible-config list
ACTION_WARNINGS:
  default: true
  description: [By default Ansible will issue a warning when received from a task
      action (module or action plugin), These warnings can be silenced by adjusting
      this setting to False.]
  env:
  - {name: ANSIBLE_ACTION_WARNINGS}
  ini:
  - {key: action_warnings, section: defaults}
  name: Toggle action warnings
  type: boolean
  version_added: '2.5'
AGNOSTIC_BECOME_PROMPT:
  default: true
  description: Display an agnostic become prompt instead of displaying a prompt containin
    the command line supplied become method
  env:
  - {name: ANSIBLE_AGNOSTIC_BECOME_PROMPT}
  ini:
  - {key: agnostic_become_prompt, section: privilege_escalation}
  name: Display an agnostic become prompt
  type: boolean
  version_added: '2.5'
  yaml: {key: privilege_escalation.agnostic_become_prompt}
ALLOW_WORLD_READABLE_TMPFILES:

localhost 连接

默认Ansible连接到受管主机的协议为 smart (通常采用最有效的方式 - SSH)。如本地清单中并未指定localhost,Ansible会隐式设置

localhost,并使用local连接类型连接localhost。

local连接类型会忽略remote_user的设置,并且直接在本地系统上运行命令。

如果使用了特权提升,此时ansible将会在运行sudo时使用运行Ansible命令的账户的身份进行提权,而非remote_user所指定的账户。

更改 localhost 连接方式:清单中包涵 localhost。

运行 AD HOC 命令

实验环境

bash 复制代码 
[laogao@controller ~]$ mkdir web && cd web

[laogao@controller web]$ cat > ansible.cfg <<'EOF'

[defaults]
remote_user = laogao
inventory = ./inventory

[privilege_escalation]
become = True
become_user = root
become_method = sudo
become_ask_pass = False
EOF

[laogao@controller web]$ cat > inventory <<'EOF'
node1
node2
node3
node4
EOF

ansible AD HOC 命令

命令作用

快速执行单个Ansible任务,而不需要将它保存下来供以后再次运行。它们是简单的在线操作,无需编写playbook即可运行。

**快速测试和更改很有用。**例如,您可以使用临时命令确保一组服务器上的/ etc/hosts文件中存在某一特定的行。您可以使用另一个临时

命令在许多不同的计算机上高效重启一项服务,或者确保特定的软件包为最新版本。

命令语法

bash 复制代码 
ansible host-pattern -m module [-a 'module arguments'] [-i inventory]

  • host-pattern,是inventory中定义的主机或主机组,可以为ip、hostname、inventory中的group组名、具有","或"*"或":"等特殊字符的匹配型字符串,是必选项。

  • -m module,module是一个小程序,用于实现具体任务。

  • -a 'module arguments',是模块的参数。

  • -i inventory,指定inventory文件。

命令执行结果颜色说明

Ansible的返回结果都非常友好,用3种颜色来表示执行结果:

  • 红色:表示执行过程有异常,一般会中止剩余所有的任务。

  • 绿色:表示目标主机已经是预期状态,不需要更改 。

  • 黄色:表示命令执行结束后目标有状态变化,并设置为预期状态,所有任务均正常执行。

Ansible 部分模块

Ansible 模块存放位置:/usr/lib/python*/site-packages/ansible

官网:https://docs.ansible.com/projects/ansible/latest/collections/index_module.html。

  • 文件模块

    • copy : 将控制主机上的文件复制到受管节点,类似于scp
    • file: 设置文件的权限和其他属性
    • lineinfile: 确保特定行是否在文件中
    • synchronize : 使用 rsync 将控制主机上的文件同步到受管节点

  • 软件包模块

    • package: 自动检测操作系统软件包管理器
    • yum: 使用 YUM 软件包管理器管理软件包
    • apt: 使用 APT 软件包管理器管理软件包
    • gem: 管理 Rubygem
    • pip: 从 PyPI 管理 Python 软件包

  • 系统模块

    • ansible.posix.firewalld : 使用firewalld管理任意端口和服务
    • reboot: 重新启动计算机
    • service: 管理服务
    • user、group: 管理用户和组帐户

  • NetTools模块

    • get_url: 通过HTTP、HTTPS或FTP下载文件
    • nmcli: 管理网络
    • uri: 与 Web 服务交互

ansible AD HCO命令案例:

基础执行(command/shell 模块)

command 是默认模块(无需显式指定 -m ),适用于执行 shell 特性(管道、重定向、环境变量) 的简单命令

示例 1:查看远程主机主机名

bash 复制代码 
[dyx@controller web]$ ansible all -m command -a "hostname"
node2 | CHANGED | rc=0 >>
node2.dyx.cloud
node4 | CHANGED | rc=0 >>
node4.dyx.cloud
node3 | CHANGED | rc=0 >>
node3.dyx.cloud
node1 | CHANGED | rc=0 >>
node1.dyx.cloud
[dyx@controller web]$ ansible all  -a "hostname"
node2 | CHANGED | rc=0 >>
node2.dyx.cloud
node4 | CHANGED | rc=0 >>
node4.dyx.cloud
node3 | CHANGED | rc=0 >>
node3.dyx.cloud
node1 | CHANGED | rc=0 >>
node1.dyx.cloud

示例 2:检查远程主机操作系统版本

bash 复制代码 
[dyx@controller web]$ ansible all -m command -a "cat /etc/os-release"

[dyx@controller web]$ ansible all  -a "cat /etc/os-release"

示例 3:查看远程主机内存使用情况

bash 复制代码 
[dyx@controller web]$ ansible all  -a "free -h"
node2 | CHANGED | rc=0 >>
              total        used        free      shared  buff/cache   available
Mem:           1.9G        472M        1.2G         12M        312M        1.3G
Swap:          3.9G          0B        3.9G
node3 | CHANGED | rc=0 >>
              total        used        free      shared  buff/cache   available
Mem:           1.9G        475M        1.2G         12M        311M        1.3G
Swap:          3.9G          0B        3.9G
node4 | CHANGED | rc=0 >>
              total        used        free      shared  buff/cache   available
Mem:           1.9G        479M        1.2G         12M        312M        1.3G
Swap:          3.9G          0B        3.9G
node1 | CHANGED | rc=0 >>
              total        used        free      shared  buff/cache   available
Mem:           1.9G        474M        1.2G         12M        311M        1.3G
Swap:          3.9G          0B        3.9G

示例 4:统计远程主机指定目录文件数量

bash 复制代码 
# 注:这里ls+wc是两个命令,但未用管道符(command不支持管道),实际是执行`ls -l /var/log/nginx`后通过wc统计,若需管道需用shell模块
[dyx@controller web]$ ansible all -a "ls -l /etc |wc -l"

[dyx@controller web]$ ansible all -m shell -a "ls -l /etc |wc -l"
node2 | CHANGED | rc=0 >>
276
node4 | CHANGED | rc=0 >>
276
node3 | CHANGED | rc=0 >>
276
node1 | CHANGED | rc=0 >>
276

示例 5:创建空文件

bash 复制代码 
[dyx@controller web]$ ansible all -a "touch /tmp/ansible_test.txt"
[WARNING]: Consider using the file module with state=touch rather than running 'touch'.
If you need to use command because file is insufficient you can add 'warn: false' to
this command task or set 'command_warnings=False' in ansible.cfg to get rid of this
message.
node3 | CHANGED | rc=0 >>

node2 | CHANGED | rc=0 >>

node4 | CHANGED | rc=0 >>

node1 | CHANGED | rc=0 >>

示例 6:检查远程服务进程

bash 复制代码 
[dyx@controller web]$ ansible all -a "ps aux" # ✅ 正确:仅执行ps aux,后续过滤可在本地处理
ansible all -a "ps aux | grep sshd" # ❌ 错误:command不支持管道,需改用shell
[dyx@controller web]$ ansible all -m shell -a "ps aux |grep sshd"
node2 | CHANGED | rc=0 >>
root       1218  0.0  0.2 112900  4316 ?        Ss   12:24   0:00 /usr/sbin/sshd -D
root       1903  0.0  0.3 167948  6784 ?        Ss   12:25   0:00 sshd: root@pts/0
root       4057  0.0  0.2 156776  5584 ?        Ss   15:36   0:00 sshd: dyx [priv]
dyx        4060  0.0  0.1 157088  2824 ?        S    15:36   0:00 sshd: dyx@pts/1
root       5306  0.0  0.0 113280  1192 pts/1    S+   15:39   0:00 /bin/sh -c ps aux |grep sshd
root       5308  0.0  0.0 112812   940 pts/1    S+   15:39   0:00 grep sshd
node4 | CHANGED | rc=0 >>
root       1218  0.0  0.2 112900  4316 ?        Ss   12:24   0:00 /usr/sbin/sshd -D
root       1906  0.0  0.3 167948  6780 ?        Ss   12:25   0:00 sshd: root@pts/0
root       4050  0.0  0.2 156776  5588 ?        Ss   15:36   0:00 sshd: dyx [priv]
dyx        4054  0.0  0.1 157088  2816 ?        S    15:36   0:00 sshd: dyx@pts/1
root       5298  0.0  0.0 113280  1192 pts/1    S+   15:40   0:00 /bin/sh -c ps aux |grep sshd
root       5300  0.0  0.0 112812   940 pts/1    S+   15:40   0:00 grep sshd
node3 | CHANGED | rc=0 >>
root       1218  0.0  0.2 112900  4312 ?        Ss   12:24   0:00 /usr/sbin/sshd -D
root       1908  0.0  0.3 167948  6780 ?        Ss   12:25   0:00 sshd: root@pts/0
root       4002  0.0  0.2 156776  5584 ?        Ss   15:36   0:00 sshd: dyx [priv]
dyx        4006  0.0  0.1 157088  2820 ?        S    15:36   0:00 sshd: dyx@pts/1
root       5250  0.0  0.0 113280  1192 pts/1    S+   15:40   0:00 /bin/sh -c ps aux |grep sshd
root       5252  0.0  0.0 112812   940 pts/1    S+   15:40   0:00 grep sshd
node1 | CHANGED | rc=0 >>
root       1209  0.0  0.2 112900  4316 ?        Ss   12:24   0:00 /usr/sbin/sshd -D
root       1904  0.0  0.3 167948  6776 ?        Ss   12:25   0:00 sshd: root@pts/0
root       3981  0.0  0.2 156776  5592 ?        Ss   15:36   0:00 sshd: dyx [priv]
dyx        3984  0.0  0.1 157088  2820 ?        S    15:36   0:00 sshd: dyx@pts/1
root       5232  0.0  0.0 113280  1192 pts/1    S+   15:40   0:00 /bin/sh -c ps aux |grep sshd
root       5234  0.0  0.0 112812   944 pts/1    S+   15:40   0:00 grep sshd

示例 7:查看远程主机磁盘挂载信息

bash 复制代码 
ansible all -a "mount | grep /sys" # ❌ 错误:含管道,改用shell
[dyx@controller web]$ ansible all -a "mount"# ✅ 正确:查看所有挂载,本地筛选/sys

示例 8:验证远程主机端口连通性(基础版)

bash 复制代码 
# 检查80端口是否监听(需安装nc)
[dyx@controller web]$ ansible all -a "nc -zv 127.0.0.1 22"
node3 | CHANGED | rc=0 >>
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 127.0.0.1:22.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
node1 | CHANGED | rc=0 >>
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 127.0.0.1:22.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
node2 | CHANGED | rc=0 >>
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 127.0.0.1:22.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
node4 | CHANGED | rc=0 >>
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 127.0.0.1:22.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.

示例 9:查看远程主机指定文件的最后 10 行

bash 复制代码 
ansible all -a "tail -10 /var/log/messages"

示例 10:查看IP地址

bash 复制代码 
[dyx@controller web]$ ansible all -a "ip -br a"
node1 | CHANGED | rc=0 >>
lo               UNKNOWN        127.0.0.1/8 ::1/128
ens33            UP             192.168.108.11/24 fe80::9f3f:8d41:73d1:d531/64 fe80::af36:4fe7:4616:f9d6/64
virbr0           DOWN           192.168.122.1/24
virbr0-nic       DOWN
node3 | CHANGED | rc=0 >>
lo               UNKNOWN        127.0.0.1/8 ::1/128
ens33            UP             192.168.108.13/24 fe80::af36:4fe7:4616:f9d6/64 fe80::9f3f:8d41:73d1:d531/64 fe80::8c56:cea:5e7a:8aa5/64
virbr0           DOWN           192.168.122.1/24
virbr0-nic       DOWN
node2 | CHANGED | rc=0 >>
lo               UNKNOWN        127.0.0.1/8 ::1/128
ens33            UP             192.168.108.12/24 fe80::af36:4fe7:4616:f9d6/64 fe80::9f3f:8d41:73d1:d531/64 fe80::8c56:cea:5e7a:8aa5/64
virbr0           DOWN           192.168.122.1/24
virbr0-nic       DOWN
node4 | CHANGED | rc=0 >>
lo               UNKNOWN        127.0.0.1/8 ::1/128
ens33            UP             192.168.108.14/24 fe80::af36:4fe7:4616:f9d6/64 fe80::9f3f:8d41:73d1:d531/64 fe80::8c56:cea:5e7a:8aa5/64
virbr0           DOWN           192.168.122.1/24
virbr0-nic       DOWN

ansible-doc 命令

bash 复制代码 
[dyx@controller web]$ ansible-doc -h
usage: ansible-doc [-h] [--version] [-v] [-M MODULE_PATH]
                   [--playbook-dir BASEDIR]
                   [-t {become,cache,callback,cliconf,connection,httpapi,inventory,lookup,netconf,shell,module,strategy,vars}]
                   [-j] [-F | -l | -s | --metadata-dump]
                   [plugin [plugin ...]]

plugin documentation tool

positional arguments:
  plugin                Plugin

optional arguments:
  --metadata-dump       **For internal testing only** Dump json metadata for
                        all plugins.
  --playbook-dir BASEDIR
                        Since this tool does not use playbooks, use this as a
                        substitute playbook directory.This sets the relative
                        path for many features including roles/ group_vars/
                        etc.
  --version             show program's version number, config file location,
                        configured module search path, module location,
                        executable location and exit
  -F, --list_files      Show plugin names and their source files without
                        summaries (implies --list)
  -M MODULE_PATH, --module-path MODULE_PATH
                        prepend colon-separated path(s) to module library (def
                        ault=~/.ansible/plugins/modules:/usr/share/ansible/plu
                        gins/modules)
  -h, --help            show this help message and exit
  -j, --json            Change output into json format.
  -l, --list            List available plugins
  -s, --snippet         Show playbook snippet for specified plugin(s)
  -t {become,cache,callback,cliconf,connection,httpapi,inventory,lookup,netconf,shell,module,strategy,vars}, --type {become,cache,callback,cliconf,connection,httpapi,inventory,lookup,netconf,shell,module,strategy,vars}
                        Choose which plugin type (defaults to "module").
                        Available plugin types are : ('become', 'cache',
                        'callback', 'cliconf', 'connection', 'httpapi',
                        'inventory', 'lookup', 'netconf', 'shell', 'module',
                        'strategy', 'vars')
  -v, --verbose         verbose mode (-vvv for more, -vvvv to enable
                        connection debugging)

See man pages for Ansible CLI options or website for tutorials
https://docs.ansible.com

示例:

bash 复制代码 
# 查看模块清单及说明
[dyx@controller web]$ ansible-doc -l
fortios_router_community_list                                 Configure community li...
azure_rm_devtestlab_info                                      Get Azure DevTest Lab ...
ecs_taskdefinition                                            register a task defini...
avi_alertscriptconfig                                         Module for setup of Al...
tower_receive                                                 Receive assets from An...
... ...

# 查看模块清单及位置
[dyx@controller web]$ ansible-doc -F
fortios_router_community_list                                 /usr/lib/python2.7/site-pac
azure_rm_devtestlab_info                                      /usr/lib/python2.7/site-pac
ecs_taskdefinition                                            /usr/lib/python2.7/site-pac
avi_alertscriptconfig                                         /usr/lib/python2.7/site-pac
tower_receive                                                 /usr/lib/python2.7/site-pac
netapp_e_iscsi_target                                         /usr/lib/python2.7/site-pac
azure_rm_acs                                                  /usr/lib/python2.7/site-pac
... ...

# 查看特定模块说明文档
[dyx@controller web]$ ansible-doc user
> USER    (/usr/lib/python2.7/site-packages/ansible/modules/system/user.py)

        Manage user accounts and user attributes. For Windows targets,
        use the [win_user] module instead.

  * This module is maintained by The Ansible Core Team
  * This module is maintained by The Ansible Core Team
OPTIONS (= is mandatory):

- append
        If `yes', add the user to the groups specified in `groups'.
        If `no', user will only be added to the groups specified in
        `groups', removing them from all other groups.
        Mutually exclusive with `local'
        [Default: False]
        type: bool
# 提示信息
NOTES:
      * There are specific requirements per platform on user
        management utilities. However they generally come pre-
        installed with the system and Ansible will require they
        are present at runtime. If they are not, a descriptive
        error message will be shown.
      * On SunOS platforms, the shadow file is backed up
        automatically since this module edits it directly. On
        other platforms, the shadow file is backed up by the
        underlying tools used by this module.
      * On macOS, this module uses `dscl' to create, modify, and
        delete accounts. `dseditgroup' is used to modify group
        membership. Accounts are hidden from the login window by
        modifying
        `/Library/Preferences/com.apple.loginwindow.plist'.

# 作者
AUTHOR: Stephen Fromm (@sfromm)
# METADATA描述了谁在维护该模块。
# status记录了模块开发状态。
# stableinterface: 模块的关键字稳定,将尽力确保不删除关键字或更改其含义。
# preview: 模块处于技术预览阶段,可能不稳定,其关键字可能会更改,或者它可能需要本身会受到不兼容更改的库或Web服务。
# deprecated: 未来某一发行版中将不再提供。
# removed: 模块已从发行版中移除,但因文档需要存在存根,以帮助之前的用户迁移到新的模块。
        METADATA:
          status:
          - stableinterface
# supported_by记录了哪些社区在维护该模块:
# core:Ansible核心开发人员维护,始终随Ansible提供。
# curated:模块由社区中的合作伙伴或公司提交并维护。这些模块的维护者必须留意报告的任何问题,或者调取针对该模块提出的请求。在社区维护人员批准了更改后,上游 "core" 开发人员审核对策划模块提出的更改。核心提交者也确保因为Ansible引擎中的变化而对这些模块造成的任何问题得到修正。这些模块目前随Ansible提供,但是可能会在未来某个时候另外打包。
# community:模块不受到core上游开发人员、合作伙伴或公司的支持,完全由一般开源社区维护。此类别中的模块仍然完全可用,但对问题的响应速度完全取决于社区。这些模块目前也随Ansible提供,但是可能会在未来某个时候另外打包。
          supported_by: core

# 模块使用示例
EXAMPLES:

- name: Add the user 'johnd' with a specific uid and a primary group of 'admin'
  user:
    name: johnd
    comment: John Doe
    uid: 1040
    group: admin
... ...

# 模块返回值说明
RETURN VALUES:

append:
  description: Whether or not to append the user to groups
  returned: When state is 'present' and the user exists
  type: bool
  sample: True
comment:
  description: Comment section from passwd file, usually the user name
  returned: When user exists
... ...

如果现有的模块无法实现现有需求,用户也可以自行编写模块:

  • Ansible会从变量ANSIBLE_LIBRARY中查找模块

  • 如果该变量未设置,将会从ansible.cfg配置文件library设置的位置查找模块

copy 模块(文件 / 目录拷贝)

核心作用:从控制端拷贝文件 / 目录到远程主机,支持权限、属主、内容直接写入等。

案例 1:基础文件拷贝(指定源和目标)

bash 复制代码 
[dyx@controller web]$ touch /tmp/local_file.txt
[dyx@controller web]$ ansible all -m copy -a "src=/tmp/local_file.txt dest=/opt/remote_file.txt"

#验证
[root@node1 ~]# ls /opt |grep remote
remote_file.txt

  • 说明:将控制端 /tmp/local_file.txt 拷贝到远程主机 /opt/remote_file.txt ;

  • 备注:目标文件已存在时会覆盖(默认行为)。

案例 2:拷贝并设置权限 + 属主属组

bash 复制代码 
[dyx@controller web]$ sudo yum install -y httpd
[dyx@controller web]$ ansible all -m copy -a "src=/etc/httpd/conf/httpd.conf dest=/tmp/feiyy owner=dyx group=root mode=0644 backup=yes"

#验证
[root@node1 ~]# ls /tmp|grep feiyy
feiyy
  • 说明:
    • 拷贝 nginx 配置文件到远程 web 服务器;
    • 设置属主 nginx 、属组 nginx ,权限 0644 ;
    • backup=yes :覆盖前自动备份原文件(后缀为时间戳)。

在此拷贝

bash 复制代码 
[root@controller ~]# echo hhh >/etc/httpd/conf/httpd.conf

[dyx@controller web]$ ansible all -m copy -a "src=/etc/httpd/conf/httpd.conf dest=/tmp/feiyy owner=dyx group=root mode=0644 backup=yes"

#验证
[root@node1 ~]# ls /tmp|grep feiyy
feiyy
feiyy.6832.2025-12-15@16:42:21~

command模块

command 模块允许管理员在受管节点的命令行中运行任意命令。要运行的命令通过-a选项指定为该模块的参数。

bash 复制代码 
[dyx@controller web]$ ansible node1 -m command -a 'hostname'
node1 | CHANGED | rc=0 >>
node1.dyx.cloud
[dyx@controller web]$ ansible node1 -m command -a 'hostname' -o
node1 | CHANGED | rc=0 | (stdout) node1.dyx.cloud

说明:

  • command 模块执行的远程命令不受受管节点上的shell处理,无法访问shell环境变量,也不能执行重定向和传送等shell操作。

  • 如果临时命令没有指定模块,Ansible默认使用command模块。

shell 模块

shell模块允许您将要执行的命令作为参数传递给该模块。 Ansible随后对受管节点远程执行该命令。与command模块不同的是, 这些命令

将通过受管节点上的shell进行处理。因此,可以访问shell环境变量,也可使用重定向和管道等shell操作。

bash 复制代码 
[dyx@controller web]$ ansible node1 -m command -a set
node1 | FAILED | rc=2 >>
[Errno 2] No such file or directory

[dyx@controller web]$ ansible node1 -m shell -a set
node1 | CHANGED | rc=0 >>
BASH=/bin/sh
BASHOPTS=cmdhist:extquote:force_fignore:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath
BASH_ALIASES=()
BASH_ARGC=()
BASH_ARGV=()
BASH_CMDS=()
BASH_EXECUTION_STRING=set
BASH_LINENO=()
BASH_SOURCE=()
BASH_VERSINFO=([0]="4" [1]="2" [2]="46" [3]="2" [4]="release" [5]="x86_64-redhat-linux-gnu")
BASH_VERSION='4.2.46(2)-release'
DIRSTACK=()
EUID=0
GROUPS=()
HOME=/root
HOSTNAME=node1.dyx.cloud
HOSTTYPE=x86_64
IFS='
'
LANG=en_US.UTF-8
LOGNAME=root
LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:'
MACHTYPE=x86_64-redhat-linux-gnu
MAIL=/var/mail/dyx
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/sbin:/bin:/usr/sbin:/usr/bin
POSIXLY_CORRECT=y
PPID=2405
PS4='+ '
PWD=/home/dyx
SHELL=/bin/bash
SHELLOPTS=braceexpand:hashall:interactive-comments:posix
SHLVL=2
SUDO_COMMAND='/bin/sh -c echo BECOME-SUCCESS-msrwdmrluwtjkhtfvqdhffcuglwtfjqc ; /usr/bin/python /home/dyx/.ansible/tmp/ansible-tmp-1765848154.46-2146-236870616870838/AnsiballZ_command.py'
SUDO_GID=1001
SUDO_UID=1001
SUDO_USER=dyx
TERM=xterm
UID=0
USER=root
USERNAME=root
XDG_SESSION_ID=3
_=/usr/bin/python

**注意:**command和shell模块要求被管理主机安装Python。

raw 模块

raw 模块,可以直接在远端主机shell中执行命令,远端主机不需要安装 Python(特别是针对网络设备)。在大部分场景中,不推荐使用command、shell、raw模块执行命令,因为这些模块不具有幂等性。

bash 复制代码 
[dyx@controller web]$ ansible node1 -m raw -a 'echo "hello world" > /tmp/hello.txt'
node1 | CHANGED | rc=0 >>
Shared connection to node1 closed.
# 此处多了一个现实:断开连接,相当于通过ssh连接到受管节点执行命令。

[dyx@controller web]$ ansible node1 -a 'cat /tmp/hello.txt'
node1 | CHANGED | rc=0 >>
hello world

# 对比shell模块
[dyx@controller web]$ ansible node1 -m shell -a 'echo "hello ansible " > /tmp/hello.txt'
node1 | CHANGED | rc=0 >>

ansible AD HOC 命令选项

临时命令选项优先级高于配置文件中配置

配置文件指令 命令行选项
inventory -i
remote_user -u
ask_pass -k,--ask_pass
become --become,-b
become_method --become_method
become_user --become_user
become_ask_pass --ask-become-pass,-K
相关推荐
元气满满-樱2 小时前
Ansible变量定义以及引用
ansible
wanhengidc2 小时前
巨 椰 云手机 满足多元需求
运维·服务器·安全·智能手机·云计算
^乘风破浪^2 小时前
Ubuntu部署Xingrin(星环)企业级漏洞扫描与资产管理平台
linux·运维·ubuntu
Lueeee.2 小时前
内核模块符号的导出
linux·运维·服务器
C语言魔术师2 小时前
【linux】linux进程概念(四)(环境变量)
linux·运维·服务器
松涛和鸣2 小时前
DAY32 Linux Thread Programming
linux·运维·数据库·算法·list
Xyz996_3 小时前
Ansible进行Nginx编译安装的详细步骤
运维·ansible
云和数据.ChenGuang3 小时前
自动化运维工程师之ansible启动rpcbind和nfs服务
运维·服务器·运维技术·数据库运维工程师·运维教程
yimengsama3 小时前
VMWare虚拟机如何连接U盘
linux·运维·服务器·网络·windows·经验分享·远程工作
热门推荐
01GitHub 镜像站点02UV安装并设置国内源03Linux下V2Ray安装配置指南04Open-AutoGLM Windows 安装部署教程05【AutoGLM部署】本地私有化部署AI手机Agent06在VSCode配置Java开发环境的保姆级教程(适配各类AI编程IDE)07Cursor 又偷偷更新,这个功能太实用:Visual Editor for Cursor Browser08BongoCat - 跨平台键盘猫动画工具09安娜的档案(Anna’s Archive) 镜像网站/国内最新可访问入口(持续更新)10Labelme从安装到标注:零基础完整指南