Ansible Ad-Hoc
ansible <hosts> -m <module> -a "<module arguments>"
示例:
ansible all -m ping
ansible web -m shell -a "ps aux | grep nginx"
下面按功能分类,每个模块都给出 最常用的 ad-hoc 示例(可直接粘贴运行)。
检查连通性
ansible all -m ping
收集 facts
ansible all -m setup
ansible all -m setup -a "filter=ansible_mem*"
ansible all -a "ls -l /etc"
ansible all -m shell -a "ps aux | grep nginx"
ansible web -m shell -a "echo 1 > /proc/sys/net/ipv4/ip_forward"
⚠️ 最佳实践:能用模块就不用 shell / command。
# 创建目录
ansible all -m file -a "path=/data/logs state=directory mode=0755"
# 创建软链接
ansible all -m file -a "src=/usr/bin/python3 dest=/usr/bin/python state=link"
ansible all -m copy -a "src=./nginx.conf dest=/etc/nginx/nginx.conf"
从远端拉回文件
ansible all -m fetch -a "src=/var/log/messages dest=./logs/"
ansible all -m lineinfile -a 'path=/etc/sysctl.conf regexp="^net.ipv4.ip_forward" line="net.ipv4.ip_forward=1"'
ansible all -m blockinfile -a "path=/etc/profile block='export GOPROXY=https://proxy.golang.org'"
ansible all -m unarchive -a "src=app.tar.gz dest=/opt/app remote_src=yes"
ansible all -m package -a "name=htop state=present"
ansible debian -m apt -a "name=nginx update_cache=yes"
ansible rhel -m yum -a "name=httpd state=present"
ansible all -m pip -a "name=uvicorn"
ansible all -m service -a "name=nginx state=restarted enabled=yes"
ansible all -m systemd -a "name=docker daemon_reload=yes state=restarted"
ansible all -m user -a "name=martin shell=/bin/bash state=present"
ansible all -m group -a "name=devops state=present"
ansible all -m authorized_key -a "user=root key='{{ lookup(\"file\", \"id_rsa.pub\") }}'"
ansible all -m sysctl -a "name=net.ipv4.ip_forward value=1 state=present reload=yes"
ansible web -m hostname -a "name=web01"
ansible all -m firewalld -a "port=80/tcp permanent=yes state=enabled"
ansible all -m iptables -a "chain=INPUT protocol=tcp destination_port=22 jump=ACCEPT"
ansible all -m cron -a "name=backup minute=0 hour=2 job='/usr/bin/backup.sh'"
ansible all -m mount -a "path=/data src=/dev/vdb1 fstype=ext4 state=mounted"
ansible all -m reboot -a "reboot_timeout=600"
ansible all -m git -a "repo=https://github.com/martin/app.git dest=/opt/app version=main"
ansible all -m get_url -a "url=https://example.com/app.tar.gz dest=/tmp/app.tar.gz"
ansible all -m uri -a "url=https://httpbin.org/get method=GET return_content=yes"
ansible all -m docker_image -a "name=nginx source=pull"
ansible all -m docker_container -a "name=nginx image=nginx:latest state=started ports=80:80"
ansible all -m docker_network -a "name=mynet state=present"
前提:配置 kubeconfig
创建 / 更新资源
ansible k8s -m k8s -a "state=present definition=@deployment.yaml"
ansible k8s -m k8s_info -a "kind=Pod namespace=default"
PostgreSQL
ansible db -m postgresql_db -a "name=mydb state=present"
ansible db -m postgresql_user -a "name=martin password=123 db=mydb"
MySQL
ansible db -m mysql_db -a "name=appdb state=present"
ansible db -m mysql_user -a "name=app password=123 priv=appdb.*:ALL"
ansible all -m synchronize -a "src=./dist/ dest=/var/www/"
ansible all -a "hostname" -o
ansible all -m ping --limit web01
ansible all -m shell -a "echo {{ msg }}" --extra-vars "msg=hello"
不安全、难维护、幂等性差。
例如安装软件使用 package,不要:
shell: yum install -y xxx
ansible all -m copy -a "src=a dest=b" --check
例如:
[web]
web01
web02
[db]
db01
然后:
ansible web -m ping
ansible db -m service -a "name=mysql state=restarted"
ansible all -m ping --forks 50
ansible all -m lineinfile -a "path=/etc/sysctl.conf ..." --check --diff
ansible all --limit 'web01' -m copy -a ...
ansible all --limit 'web02' -m copy -a ...
💡 格式:
ansible <hosts> -m <module> -a "<args>"
常用附加参数:
-k 密码认证、-b sudo、-K sudo 密码、-u USER、-i inventory.ini
ansible all -m ping
ansible web -m ping
ansible all -m ping -u root
ansible all -m ping -k
ansible db -m ping -b
ansible all -m ping -f 10 # 控制并发
ansible all -m ping -e "ansible_port=2222"
ansible all -m ping -e "ansible_ssh_private_key_file=~/.ssh/id_rsa"
ansible all -m command -a "uptime"
ansible all -m shell -a "hostname"
# 创建目录
ansible all -m file -a "path=/srv/www state=directory mode=0755"
# 删除目录
ansible all -m file -a "path=/tmp/test state=absent"
# 创建空文件
ansible all -m file -a "path=/tmp/x state=touch"
# 修改 owner
ansible all -m file -a "path=/var/www owner=nginx"
# 修改 group
ansible all -m file -a "path=/var/www group=nginx"
# 修改目录权限
ansible all -m file -a "path=/data mode=0777"
# 创建软连接
ansible all -m file -a "src=/etc/nginx/nginx.conf dest=/tmp/n.conf state=link"
# 创建硬链接
ansible all -m file -a "src=/bin/ls dest=/tmp/ls state=hard"
# 设置递归权限
ansible all -m file -a "path=/data state=directory recurse=yes mode=0755"
# 复制文件
ansible all -m copy -a "src=/etc/hosts dest=/tmp/hosts"
# 覆盖并指定权限
ansible all -m copy -a "src=a.conf dest=/etc/a.conf mode=0644"
# 复制文本内容
ansible all -m copy -a "content='hello' dest=/tmp/a.txt"
# 拉取文件
ansible all -m fetch -a "src=/var/log/dmesg dest=./logs/ flat=yes"
# 拉取并保持目录结构
ansible all -m fetch -a "src=/etc/passwd dest=./result"
# 安装
ansible web -m apt -a "name=nginx state=present" -b
# 升级
ansible all -m apt -a "upgrade=dist" -b
# 安装多个包
ansible all -m apt -a "name='git wget curl' state=present" -b
# 删除
ansible all -m apt -a "name=nginx state=absent" -b
# 安装
ansible all -m yum -a "name=httpd state=installed" -b
# 删除
ansible all -m yum -a "name=httpd state=removed" -b
# 安装多个
ansible all -m yum -a "name='git,tree' state=present" -b
# 列出更新
ansible all -m yum -a "list=updates"
# 启动
ansible all -m service -a "name=nginx state=started" -b
# 停止
ansible all -m service -a "name=nginx state=stopped" -b
# 重启
ansible all -m service -a "name=nginx state=restarted" -b
# 重新加载
ansible all -m service -a "name=nginx state=reloaded" -b
# 开机启动
ansible all -m systemd -a "name=nginx enabled=yes" -b
# 禁用开机
ansible all -m systemd -a "name=nginx enabled=no" -b
# 检查状态
ansible all -m systemd -a "name=nginx state=started" -b
# 执行 top
ansible all -m command -a "uptime"
# 执行 ls
ansible all -m command -a "ls -l /var/log"
# 执行多条命令
ansible all -m shell -a "df -h && free -m"
# 执行管道命令
ansible all -m shell -a "ps aux | grep nginx"
# 执行本地脚本
ansible all -m script -a "./test.sh"
# 传参脚本
ansible all -m script -a "./deploy.sh param1 param2"
# 创建用户
ansible all -m user -a "name=tom state=present"
# 删除用户
ansible all -m user -a "name=tom state=absent"
# 添加 sudo 权限
ansible all -m user -a "name=tom groups=sudo append=yes"
# 设置密码
ansible all -m user -a "name=tom password={{ '123456' | password_hash('sha512') }}"
# 锁定用户
ansible all -m user -a "name=tom state=present password_lock=yes"
# 创建组
ansible all -m group -a "name=dev"
# 删除组
ansible all -m group -a "name=dev state=absent"
# 部署公钥
ansible all -m authorized_key -a "user=root key='{{ lookup('file','id_rsa.pub') }}'"
# 删除公钥
ansible all -m authorized_key -a "user=root key='ssh-rsa AAA...' state=absent"
# 查看 IP
ansible all -m command -a "ip addr"
# 设置内核参数
ansible all -m sysctl -a "name=net.ipv4.ip_forward value=1 reload=yes" -b
# firewalld 开端口
ansible all -m firewalld -a "port=80/tcp permanent=yes state=enabled" -b
# 关闭端口
ansible all -m firewalld -a "port=80/tcp state=disabled" -b
# 查看磁盘
ansible all -m shell -a "df -h"
# 挂载
ansible all -m mount -a "path=/data src=/dev/sdb1 fstype=ext4 state=mounted" -b
# 卸载
ansible all -m mount -a "path=/data state=unmounted" -b
# docker ps
ansible all -m shell -a "docker ps"
# 启动容器
ansible all -m docker_container -a "name=redis image=redis state=started"
# 停止容器
ansible all -m docker_container -a "name=redis state=stopped"
# 删除容器
ansible all -m docker_container -a "name=redis state=absent"
# 拉取镜像
ansible all -m docker_image -a "name=nginx source=pull"
# 克隆 Git
ansible all -m git -a "repo=https://github.com/a/b.git dest=/opt/b"
# 执行 wget
ansible all -m get_url -a "url=https://x.com/a.tar.gz dest=/tmp"
ansible all -m setup
# 只获取网络信息
ansible all -m setup -a "filter=ansible_eth*"
# 获取 CPU 信息
ansible all -m setup -a "filter=ansible_processor*"
# 获取 IP
ansible all -m setup -a "filter=ansible_default_ipv4"
ansible all -m debug -a "msg='hello world'"
# pull
ansible all -m synchronize -a "src=/opt/file dest=/tmp/ mode=pull"
# push
ansible all -m synchronize -a "src=/opt/file dest=/tmp/ mode=push"
# 添加配置行
ansible all -m lineinfile -a "path=/etc/sysctl.conf line='net.ipv4.ip_forward=1'" -b
# 修改配置行
ansible all -m lineinfile -a "path=/etc/ssh/sshd_config regexp='^#?PermitRootLogin' line='PermitRootLogin yes'" -b
# 正则替换
ansible all -m replace -a "path=/etc/nginx/nginx.conf regexp='worker_processes .*' replace='worker_processes 4;' " -b
# 渲染模板
ansible all -m template -a "src=nginx.conf.j2 dest=/etc/nginx/nginx.conf"
# hostname 管理
ansible all -m hostname -a "name=node-01"
# cron 任务
ansible all -m cron -a "name='backup' minute=0 hour=1 job='/usr/bin/backup'"
# 管理 SELinux
ansible all -m selinux -a "state=disabled" -b
# 管理 timezone
ansible all -m timezone -a "name=Asia/Shanghai"