0.ansible
命令参数详解:
[root@localhost ~]# ansible
Usage: ansible <host-pattern> [options]
Options:
-a MODULE_ARGS, --args=MODULE_ARGS 模块的参数,如果执行默认COMMAND的模块,即是命令参数,如:“date”,"pwd"等等
module
arguments 模块参数
-k, --ask-pass ask for
SSH password 登录密码,提示输入SSH密码而不是假设基于密钥的验证
--ask-su-pass ask for
su password su切换密码
-K, --ask-sudo-pass ask for
sudo password 提示密码使用sudo,sudo表示提权操作
--ask-vault-pass ask for
vault password
-B SECONDS, --background=SECONDS 后台运行超时时间
run asynchronously,
failing after X seconds
(default=N/A)
-C, --check don't make any
changes; instead, try to predict some 只是测试一下会改变什么内容,不会真正去执行;相反,试图预测一些可能发生的变化
of the changes
that may occur
-c CONNECTION,
--connection=CONNECTION 连接类型使用。可能的选项是paramiko(SSH),SSH和地方。当地主要是用于crontab或启动。
connection type
to use (default=smart)
-f FORKS, --forks=FORKS 并行任务数。NUM被指定为一个整数,默认是5
specify number of
parallel processes to use
(default=5)
-h, --help show this
help message and exit 打开帮助文档API
-i INVENTORY,
--inventory-file=INVENTORY 指定库存主机文件的路径,默认为/etc/ansible/hosts
specify inventory
host file
(default=/etc/ansible/hosts)
-l SUBSET, --limit=SUBSET 进一步限制所选主机/组模式 --limit=192.168.91.135 只对这个ip执行
further limit
selected hosts to an additional pattern
--list-hosts outputs a list of matching hosts;
does not execute
anything else
-m MODULE_NAME,
--module-name=MODULE_NAME 执行模块的名字,默认使用 command 模块,所以如果是只执行单一命令可以不用 -m参数
module name to
execute (default=command)
-M MODULE_PATH, --module-path=MODULE_PATH 要执行的模块的路径,默认为/usr/share/ansible/
specify path(s)
to module library
(default=/usr/share/ansible/)
-o, --one-line condense output 压缩输出,摘要输出.尝试一切都在一行上输出。
-P POLL_INTERVAL, --poll=POLL_INTERVAL 调查背景工作每隔数秒。需要- b
set the poll
interval if using
-B (default=15)
--private-key=PRIVATE_KEY_FILE 私钥路径,使用这个文件来验证连接
use this file to
authenticate the connection
-S, --su run operations with su 用 su 命令
-R SU_USER, --su-user=SU_USER 指定SU的用户,默认是root用户
run operations
with su as this user (default=root)
-s, --sudo run operations with sudo
(nopasswd)
-U SUDO_USER, --sudo-user=SUDO_USER sudo到哪个用户,默认为 root
desired sudo user
(default=root)
-T TIMEOUT, --timeout=TIMEOUT 指定SSH默认超时时间, 默认是10S
override the SSH
timeout in seconds (default=10)
-t TREE, --tree=TREE log output to this
directory 将日志内容保存在该输出目录,结果保存在一个文件中在每台主机上。
-u REMOTE_USER, --user=REMOTE_USER 远程用户, 默认是root用户
connect as this
user (default=root)
--vault-password-file=VAULT_PASSWORD_FILE
vault password
file
-v, --verbose verbose mode (-vvv for
more, -vvvv to enable 详细信息
connection
debugging)
--version show program's
version number and exit 输出ansible的版本
特殊说明:
1. ansible是指令核心部分,其主要用于执行ad-hoc(点对点)命令,即单条命令。默认后面需要跟主机和选项部分,默认不指定模块时,使用的是command模块。
2. 默认使用的模块是可以在ansible.cfg 中进行修改的。 /etc/ansible/ansible.cfg
举例:
[root@localhost ~]# ansible 192.168.91.137 -a 'pwd'
192.168.91.137 | success | rc=0 >>
/root
1.ansible-doc
参数详解:
[root@localhost ~]#
ansible-doc -h
Usage: ansible-doc [options] [module...]
Show Ansible module documentation 显示Ansible模块文档
Options:
--version show program's
version number and exit 显示ansible-doc的版本号
-h, --help show this
help message and exit 显示命令参数API文档
-M MODULE_PATH,
--module-path=MODULE_PATH 查询模块,--module-path=MODULE_PATH 指定模块的路径
Ansible modules/
directory
-l, --list List available modules 显示已存在的所有模块列表
-s, --snippet Show playbook snippet for
specified module(s) 显示playbook制定模块的用法
-v Show version number and
exit 显示ansible-doc的版本号
举例:
$ ansible-doc -l
$ ansible-doc -s command
2.ansible-galaxy
参数详解:
[root@localhost ~]#
ansible-galaxy -h
Usage: ansible-galaxy [init|info|install|list|remove] [--help] [options] ...
Options:
-h, --help show this
help message and exit
See 'ansible-galaxy <command> --help' for more information on a specific command.
特殊说明:
ansible-galaxy 指令用于方便的从https://galaxy.ansible.com/ 站点下载第三方扩展模块,我们可以形象的理解其类似于centos下的yum、python下的pip或easy_install
举例:
[root@localhost ~]# ansible-galaxy install aeriscloud.docker
- downloading role 'docker', owned by aeriscloud
- downloading role from https://github.com/AerisCloud/ansible-docker/archive/v1.0.0.tar.gz
- extracting aeriscloud.docker to /etc/ansible/roles/aeriscloud.docker
- aeriscloud.docker was installed successfully
3.ansible-playbook
参数详解:
[root@localhost ~]#
ansible-playbook -h
Usage: ansible-playbook playbook.yml
Options:
-k, --ask-pass ask for
SSH password
--ask-su-pass ask for
su password
-K, --ask-sudo-pass ask for
sudo password
--ask-vault-pass ask for
vault password
-C, --check don't make any
changes; instead, try to predict some
of the changes
that may occur
-c CONNECTION, --connection=CONNECTION
connection type
to use (default=smart)
-D, --diff when changing (small) files and
templates, show the
differences in
those files; works great with --check
-e EXTRA_VARS, --extra-vars=EXTRA_VARS
set additional
variables as key=value or YAML/JSON
--force-handlers run handlers even if a
task fails
-f FORKS, --forks=FORKS
specify number of
parallel processes to use
(default=5)
-h, --help show this
help message and exit
-i INVENTORY,
--inventory-file=INVENTORY
specify inventory
host file
(default=/etc/ansible/hosts)
-l SUBSET, --limit=SUBSET
further limit
selected hosts to an additional pattern
--list-hosts outputs a list of matching hosts;
does not execute
anything else
--list-tasks list all tasks that would be executed
-M MODULE_PATH,
--module-path=MODULE_PATH
specify path(s) to module library
(default=/usr/share/ansible/)
--private-key=PRIVATE_KEY_FILE
use this file to
authenticate the connection
--skip-tags=SKIP_TAGS
only run plays
and tasks whose tags do not match these
values
--start-at-task=START_AT
start the
playbook at the task matching this name
--step one-step-at-a-time: confirm
each task before running
-S, --su run operations with su
-R SU_USER, --su-user=SU_USER
run operations
with su as this user (default=root)
-s, --sudo run operations with sudo (nopasswd)
-U SUDO_USER, --sudo-user=SUDO_USER
desired sudo user
(default=root)
--syntax-check perform a syntax check on the playbook,
but do not
execute it
-t TAGS, --tags=TAGS only run plays and tasks tagged with these
values
-T TIMEOUT, --timeout=TIMEOUT
override
the SSH timeout in seconds (default=10)
-u REMOTE_USER, --user=REMOTE_USER
connect as this
user (default=root)
--vault-password-file=VAULT_PASSWORD_FILE
vault password
file
-v, --verbose verbose mode (-vvv for
more, -vvvv to enable
connection
debugging)
--version show program's
version number and exit
4.ansible-pull
参数详解:
[root@localhost ~]#
ansible-pull -h
Usage: ansible-pull [options] [playbook.yml]
Options:
-K, --ask-sudo-pass ask for
sudo password
-C CHECKOUT, --checkout=CHECKOUT
branch/tag/commit
to checkout. Defaults to behavior
of repository
module.
-d DEST, --directory=DEST
directory to
checkout repository to
-e EXTRA_VARS, --extra-vars=EXTRA_VARS
set
additional variables as key=value or
YAML/JSON
-f, --force run the playbook even if
the repository could not be
updated
-h, --help show this
help message and exit
-i INVENTORY,
--inventory-file=INVENTORY 指定库存主机文件的路径,默认为/etc/ansible/hosts
location of the
inventory host file
-m MODULE_NAME,
--module-name=MODULE_NAME 从仓库检查的模块名,默认是git
Module name used
to check out repository. Default is
git.
-o, --only-if-changed
only run the
playbook if the repository has been
updated
--purge purge checkout after playbook
run
-s SLEEP, --sleep=SLEEP
sleep for random
interval (between 0 and n number of
seconds) before
starting. this is a
useful way to
disperse git
requests
-U URL, --url=URL URL of the playbook repository
--vault-password-file=VAULT_PASSWORD_FILE
vault password file
-v, --verbose Pass -vvvv to ansible-playbook
5.ansible-vault
参数详解:
[root@localhost ~]#
ansible-vault
Usage: ansible-vault [create|decrypt|edit|encrypt|rekey] [--help] [options]
file_name
Options:
-h, --help show this
help message and exit
See 'ansible-vault <command> --help' for more information on a specific command.
特殊说明:
ansible-vault主要应用于配置文件中含有敏感信息,又不希望他能被人看到,vault可以帮你加密/解密这个配置文件,属高级用法。主要对于playbooks里比如涉及到配置密码或其他变量时,可以通过该指令加密,这样我们通过cat看到的会是一个密码串类的文件,编辑的时候需要输入事先设定的密码才能打开。这种playbook文件在执行时,需要加上 –ask-vault-pass参数,同样需要输入密码后才能正常执行。具体该部分可以参查官方博客。