Inventory
Ansible 使用 /etc/ansible/hosts 管理受控服务器列表:
---
ungrouped:hosts:node-1:ansible_host: 192.168.1.1ansible_user: johnnode-2:ansible_host: 192.168.1.2ansible_user: janenode-3:ansible_host: 192.168.1.3ansible_user: frank
关于 inventory 文件的字段说明,参见:Building an inventory | Ansible Core Documentation
ansible-inventory --list # 列出 inventory
执行远程命令
Ansible 可以以如下方式临时执行一条远程命令:
ansible <group> -m ping # 测试连接
ansible <group> -m shell -a "df -h" # 执行命令
ansible <group> -m copy -a "src=src dest=tgt" # 上传文件
Playbook
对于复杂命令,可以通过 playbook 定义并执行:
---
- name: Create user
- hosts: ungroupedbecome: truetasks:- name: Update all packagesansible.builtin.apt:upgrade: dist- name: Greetingansible.builtin.shell: "echo 'Hello, world!'"
关于 playbook 的字段说明,参见:Using Ansible playbooks | Ansible Core Documentation
运行 playbook:
ansible-playbook -bK playbook.yml # 执行 playbook (sudo)
ansible-playbook -C playbook.yml -e "arg=val" # 干运行
ansible-playbook --syntax-check playbook.yml # 语法检查
-a:args,指定操作参数-b:become,启用权限提升-K:请求权限提升密码-i:指定 inventory 文件
配置
Ansible 默认配置文件为 ~/.ansible.cfg:
[defaults]
# 指定默认的远程用户
remote_user = ubuntu# 指定远程 Python 解释器
interpreter_python = auto_silent# 指定私钥文件的路径
#private_key_file = /home/ubuntu/.ssh/id_ed25519ask_pass = False
ask_become_pass = True# 是否在主机不可达时停止执行
host_key_checking = False# 控制并发线程数
forks = 5# 输出的详细程度(0-4)
verbosity = 0# 指定库存文件路径
inventory = /etc/ansible/hosts# 指定远程 Shell
ansible_shell_executable = /usr/bin/bash# 使用 sudo 提升权限
[privilege_escalation]
become = False
become_user = root
become_method = sudo
become_ask_pass = False
ansible-config view # 查看配置
ansible-config init --disabled -t all # 生成默认配置
Troubleshooting
临时文件权限错误
问题描述:执行下面的任务时,提示:“Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user”。
- name: Install miniconda3shell: |bash /home/share/miniconda.sh -bup /home/{{ username }}/.local/opt/miniconda3/home/{{ username }}/.local/opt/miniconda3/bin/conda init bashbecome_user: "{{ username }}"
TASK [Install miniconda3] ********************************************************************************************************************************
[ERROR]: Task failed: Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chmod: invalid mode: ‘A+user:john:rx:allow’
Try 'chmod --help' for more information.
}). For information on working around this, see https://docs.ansible.com/ansible-core/2.19/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming-an-unprivileged-user
Origin: /ansible/create_user.yml:72:770 # state: present
71
72 - name: Install miniconda3^ column 7fatal: [h101]: FAILED! => {"changed": false, "msg": "Task failed: Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chmod: invalid mode: ‘A+user:john:rx:allow’\nTry 'chmod --help' for more information.\n}). For information on working around this, see https://docs.ansible.com/ansible-core/2.19/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming-an-unprivileged-user"}
问题原因:ansible 尝试使用 ACL 语法运行 chmod:chmod A+user:john:rx:allow,然而当前系统不支持 ACL。
解决方法:安装 ACL
sudo apt install acl