Ansible 进阶_fatal: [192.168.183.140]: failed! => { "attempts":

Ansible 切换用户

-u 参数
默认是当前主控机执行Ansible 命令的当前用户

gateman@DESKTOP-UIU9RFJ:~$ ansible all -a "id" -u root 
120.24.169.231 | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root)
43.138.194.135 | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root)
gateman@DESKTOP-UIU9RFJ:~$ ansible all -a "id"
120.24.169.231 | CHANGED | rc=0 >>
uid=1001(gateman) gid=1001(gateman) groups=1001(gateman)
43.138.194.135 | CHANGED | rc=0 >>
uid=1001(gateman) gid=1001(gateman) groups=1001(gateman),984(docker)
gateman@DESKTOP-UIU9RFJ:~$ 
1
2
3
4
5
6
7
8
9
10
11

Ansible ad-hoc 执行命令

语法
Ansible [选择资产] -m command -a “xxxx”

上面的例子也使用了这个资产选择器command， 不过-m command 可以不写, 只写 -a 后面的命令参数

gateman@DESKTOP-UIU9RFJ:~$ ansible all -m command -a "date"
120.24.169.231 | CHANGED | rc=0 >>
Sun Apr 17 23:50:58 CST 2022
43.138.194.135 | CHANGED | rc=0 >>
Sun Apr 17 23:50:58 CST 2022
gateman@DESKTOP-UIU9RFJ:~$ 
gateman@DESKTOP-UIU9RFJ:/opt/apps/playbooks$ ansible physical_servers -a "id"
10.0.1.107 | CHANGED | rc=0 >>
uid=1000(gateman) gid=1000(gateman) groups=1000(gateman),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),114(libvirt),999(docker)

1
2
3
4
5
6
7
8
9
10

但是command 模块不能处理特殊符号和管道， 这时就要使用shell模块

gateman@DESKTOP-UIU9RFJ:~$ ansible all -m command -a 'echo $HOSTNAME'
120.24.169.231 | CHANGED | rc=0 >>
$HOSTNAME
43.138.194.135 | CHANGED | rc=0 >>
$HOSTNAME
gateman@DESKTOP-UIU9RFJ:~$ ansible all -m shell -a 'echo $HOSTNAME'
120.24.169.231 | CHANGED | rc=0 >>
iZwz96wz957owni1fxef5kZ
43.138.194.135 | CHANGED | rc=0 >>
VM-8-12-centos
1
2
3
4
5
6
7
8
9
10

但是例如使用管道和awk命令这些复杂的命令时， 即使shell也可能失败。
这时建议预先写好脚本。

Ansible 在被管理机器执行主控机的脚本

通常情况下， 要先把脚本发送到远程， 然后登陆远程执行脚本
而 ansible script 方便地整合了上面两步， 能让我们直接在主控机远程执行主控机上的脚本。

gateman@DESKTOP-UIU9RFJ:~/shellScripts/test$ ./test.sh 
Python 3.8.5
gateman@DESKTOP-UIU9RFJ:~/shellScripts/test$ pwd
/home/gateman/shellScripts/test
gateman@DESKTOP-UIU9RFJ:~/shellScripts/test$ cat test.sh 
#!/bin/bash
python3 --version
gateman@DESKTOP-UIU9RFJ:~/shellScripts/test$ ansible all -a "id" -m script -a './test.sh'
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: NoneType: None
120.24.169.231 | FAILED! => {
    "changed": true,
    "msg": "non-zero return code",
    "rc": 127,
    "stderr": "Shared connection to 120.24.169.231 closed.\r\n",
    "stderr_lines": [
        "Shared connection to 120.24.169.231 closed."
    ],
    "stdout": "/home/gateman/.ansible/tmp/ansible-tmp-1650212302.4127116-23343-114559545633074/test.sh: line 2: python3: command not found\r\n",
    "stdout_lines": [
        "/home/gateman/.ansible/tmp/ansible-tmp-1650212302.4127116-23343-114559545633074/test.sh: line 2: python3: command not found"
    ]
}
43.138.194.135 | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 43.138.194.135 closed.\r\n",
    "stderr_lines": [
        "Shared connection to 43.138.194.135 closed."
    ],
    "stdout": "Python 3.6.8\r\n",
    "stdout_lines": [
        "Python 3.6.8"
    ]
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

Ansible 复制文件到被管理机器 （自动化部署关键模块）

当然我们可以用shell 模块 执行cp命令

但是官方不建议这么做， 因为Ansible有更加合适的文件操作模块。

复制文件的模块就是copy

gateman@DESKTOP-UIU9RFJ:~/shellScripts/test$ ansible all -m copy -a "src=./test.sh dest=/tmp/ backup=yes mode=777"
120.24.169.231 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "backup_file": "/tmp/test.sh.15100.2022-04-18@00:35:12~",
    "changed": true,
    "checksum": "948d304ec710e555fd4fc169301f737fdca63486",
    "dest": "/tmp/test.sh",
    "gid": 1001,
    "group": "gateman",
    "md5sum": "cc3211f1323d7cc893d5ee12eb996b9b",
    "mode": "0777",
    "owner": "gateman",
    "size": 39,
    "src": "/home/gateman/.ansible/tmp/ansible-tmp-1650213296.8791027-19424-88675068199124/source",
    "state": "file",
    "uid": 1001
}
43.138.194.135 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "backup_file": "/tmp/test.sh.365315.2022-04-18@00:35:12~",
    "changed": true,
    "checksum": "948d304ec710e555fd4fc169301f737fdca63486",
    "dest": "/tmp/test.sh",
    "gid": 1001,
    "group": "gateman",
    "md5sum": "cc3211f1323d7cc893d5ee12eb996b9b",
    "mode": "0777",
    "owner": "gateman",
    "size": 39,
    "src": "/home/gateman/.ansible/tmp/ansible-tmp-1650213296.949495-19426-127114390539637/source",
    "state": "file",
    "uid": 1001
}
gateman@DESKTOP-UIU9RFJ:~/shellScripts/test$ ansible all -m shell -a "ls -l /tmp/test*"
120.24.169.231 | CHANGED | rc=0 >>
-rwxrwxrwx 1 gateman gateman 39 Apr 18 00:35 /tmp/test.sh
-rwxrwxrwx 1 gateman gateman 30 Apr 18 00:31 /tmp/test.sh.15100.2022-04-18@00:35:12~
43.138.194.135 | CHANGED | rc=0 >>
-rwxrwxrwx 1 gateman gateman 39 Apr 18 00:35 /tmp/test.sh
-rwxrwxrwx 1 gateman gateman 30 Apr 18 00:31 /tmp/test.sh.365315.2022-04-18@00:35:12~
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

其中mode 参数是指定权限， backup参数是是否备份（前提是复制文件前后文件不一致）

Ansible 从被管理机器复制文件到主控机（通常是for日志文件）

上面的copy 模块是单项的。
如果要反过来，ansible 的Fetch模块可以支持

但是Fetch模块有两个硬伤.
1.只支持 1个文件复制， 通配符的别想了
2.支持文件， 不支持文件夹

所以通常， 先用shell 模块在远程打包， 然后再用fetch 复制下来
看log什么的还是用splunk吧

gateman@DESKTOP-UIU9RFJ:~/tmp$ ansible all -m fetch -a "src=/var/log/boot.log dest=~/tmp/ansible/"
120.24.169.231 | SUCCESS => {
    "changed": false,
    "checksum": "76032e00b7cb4ce4ae14020d8a52e69ae82af76c",
    "dest": "/home/gateman/tmp/ansible/120.24.169.231/var/log/boot.log",
    "file": "/var/log/boot.log",
    "md5sum": "74691ab3c6ab10c5cf020a19ac4f099a"
}
43.138.194.135 | SUCCESS => {
    "changed": false,
    "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
    "dest": "/home/gateman/tmp/ansible/43.138.194.135/var/log/boot.log",
    "file": "/var/log/boot.log",
    "md5sum": "d41d8cd98f00b204e9800998ecf8427e"
}
gateman@DESKTOP-UIU9RFJ:~/tmp$ ls ~/tmp/ansible/
120.24.169.231  43.138.194.135
gateman@DESKTOP-UIU9RFJ:~/tmp$ tree ~/tmp/ansible/ 
/home/gateman/tmp/ansible/
├── 120.24.169.231
│   └── var
│       └── log
│           └── boot.log
└── 43.138.194.135
    └── var
        └── log
            └── boot.log

6 directories, 2 files
gateman@DESKTOP-UIU9RFJ:~/tmp$ 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

File 模块

file 模块通常用于设置远程文件的读写权限和文件属主

但是file 有个参数 state
可以用它创建文件夹和文件

- state
        If `absent', directories will be recursively deleted, and files or symlinks will be unlinked. In the case of a directory, if `diff' is declared, you will see the files and folders
        deleted listed under `path_contents'. Note that `absent' will not cause `file' to fail if the `path' does not exist as the state did not change.
        If `directory', all intermediate subdirectories will be created if they do not exist. Since Ansible 1.7 they will be created with the supplied permissions.
        If `file', with no other options, returns the current state of `path'.
        If `file', even with other options (such as `mode'), the file will be modified if it exists but will NOT be created if it does not exist. Set to `touch' or use the
        [ansible.builtin.copy] or [ansible.builtin.template] module if you want to create the file if it does not exist.
        If `hard', the hard link will be created or changed.
        If `link', the symbolic link will be created or changed.
        If `touch' (new in 1.4), an empty file will be created if the `path' does not exist, while an existing file or directory will receive updated file access and modification times
        (similar to the way `touch' works from the command line).
        (Choices: absent, directory, file, hard, link, touch)[Default: file]
        type: str

1
2
3
4
5
6
7
8
9
10
11
12
13
14

Ansible Console

这也是个很吊的东西

gateman@DESKTOP-UIU9RFJ:~/ansible-playbooks$ ansible-console
Welcome to the ansible console. Type help or ? to list commands.

gateman@all (2)[f:5]$ cd web_servers
gateman@web_servers (2)[f:5]$ shell hostname
120.24.169.231 | CHANGED | rc=0 >>
iZwz96wz957owni1fxef5kZ
43.138.194.135 | CHANGED | rc=0 >>
VM-8-12-centos

1
2
3
4
5
6
7
8
9
10

Ansible console 可以让你临时执行一些模块命令
（2） 表示共有2台机器
f:5 表示最多支持5条线程执行(可以被修改)。