ansible 补充

发表于 | 分类于

术语

Ansible Playbooks:任务脚本,编排定义 Ansible 任务及的配置文件,由 Ansible 按序依次执行,通常是JSON 格式的 YML 文件;

InventoryAnsible 管理主机清单;

ModulesAnsible 执行命令功能模块,多数为内置的核心模块,也可自定义;

Plugins:模块功能的补充,如连接类型插件、循环插件、变量插件、过滤插件等,该功能不太常用;

API:供第三方程序调用的应用程序编程接口;

ansible-playbook 补

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
- hosts: kube-master
  become: true
  tasks:
  - name: get running k8s version
    shell: "{{ bin_dir }}/kube-apiserver --version"
    register: RUNNING_VER # 获取上面的返回信息
    run_once: true

  - name: print running version
    debug: var="RUNNING_VER.stdout"  # 打印获取上面的返回信息 
    run_once: true

  - name: get update version
    shell: "{{ upgrade_dir }}/bin/kube-apiserver --version"
    register: UPDATE_VER
    run_once: true
    connection: local  # 在配置管理的节点上执行,不会在远程主机执行


- hosts: localhost
  become: true
  tasks:
  - name: judge a file or dir is exits
    shell: 'ls /etc/etcd/backup/snapshot.db'
    ignore_errors: true   # 发生错误,继续执行
    register: result

  - name: Check /etc/etcd/backup/snapshot.db  
    fail: msg="please backup first" 
    when:  result.rc != 0  # 当上面的结果 !=0 的时候报错

- hosts:
  - kube-node
  become: true  # 使用 root 用户
  roles:
  - { role: ../roles/kube-node-upgrade, when: "inventory_hostname not in groups['kube-master']" }

- name: 设置变量 CLUSTER_KUBERNETES_SVC_IP
  set_fact: CLUSTER_KUBERNETES_SVC_IP={{ KUBERNETES_SVC_IP.stdout }}  # 设置变量
  tags: change_cert

调试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
bash-5.1# ansible -i hosts.txt  all -m setup |grep ansible_distribution
        "ansible_distribution": "CentOS",
        "ansible_distribution_file_parsed": true,
        "ansible_distribution_file_path": "/etc/redhat-release",
        "ansible_distribution_file_variety": "RedHat",
        "ansible_distribution_major_version": "9",
        "ansible_distribution_release": "NA",
        "ansible_distribution_version": "9",


bash-5.1# ansible -i 192.168.2.131,   all -m setup |grep ansible_distribution
        "ansible_distribution": "CentOS",
        "ansible_distribution_file_parsed": true,
        "ansible_distribution_file_path": "/etc/redhat-release",
        "ansible_distribution_file_variety": "RedHat",
        "ansible_distribution_major_version": "9",
        "ansible_distribution_release": "NA",
        "ansible_distribution_version": "9",

ansible 使用 非 root用户, imwl 用户. 可以修改 hosts 文件,或 ansible.cfg 文件

ansible_become_user = 'root' 默认值,可以不需要

当前修改 hosts 文件 [all:vars] 的部份

  1. 有 sudo 权限

    1
    2
    3
    4
    5
    6
    7
    8
    ansible_become='true'
    ansible_become_user='root'
    ansible_ssh_user='imwl'
    # imwl 没有互信则需要 imwl 的 ssh 密码
    ansible_ssh_pass='imwl_ssh_password'
    ansible_become_method='sudo'
    # imwl 没有免密 sudo 则需要 sudo 密码
    ansible_sudo_pass='imwl_sudo_password!'

  2. 没有 sudo 权限

1
2
3
4
5
6
7
8
9
ansible_become='true'
ansible_become_user='root'
ansible_ssh_user='imwl'
# imwl 没有互信则需要 imwl 的 ssh 密码
ansible_ssh_pass='imwl_ssh_password'

ansible_become_method='su'
# su - root root 密码
ansible_become_pass='root_password'