Ansible

http://www.ansibleworks.com/

Inventory

Ansible 的远程服务器信息配置文件.默认位于`/etc/ansible/hosts`

# INI format

# Host
mail.example.com

# 非标准SSH端口
mail.example.com:5309

# 名字 地址 端口 用户
jumper ansible_ssh_host=192.168.1.50 ansible_ssh_port=5555 ansible_ssh_user=root

# Group
[webservers]
foo.example.com
bar.example.com

# Group of Group
[webservers:children]
webservers

Ansible Inventory 内置参数

ansible_ssh_host
  The name of the host to connect to, if different from the alias you wish to give to it.
ansible_ssh_port
  The ssh port number, if not 22
ansible_ssh_user
  The default ssh user name to use.
ansible_ssh_pass
  The ssh password to use (this is insecure, we strongly recommend using --ask-pass or SSH keys)
ansible_sudo_pass
  The sudo password to use (this is insecure, we strongly recommend using --ask-sudo-pass)
ansible_connection
  Connection type of the host. Candidates are local, ssh or paramiko.  The default is paramiko before Ansible 1.2, and 'smart' afterwards which detects whether usage of 'ssh' would be feasible based on whether ControlPersist is supported.
ansible_ssh_private_key_file
  Private key file used by ssh.  Useful if using multiple keys and you don't want to use SSH agent.
ansible_shell_type
  The shell type of the target system. By default commands are formatted using 'sh'-style syntax by default. Setting this to 'csh' or 'fish' will cause commands executed on target systems to follow those shell's syntax instead.
ansible_python_interpreter
  The target host python path. This is useful for systems with more
  than one Python or not located at "/usr/bin/python" such as \*BSD, or where /usr/bin/python
  is not a 2.X series Python.  We do not use the "/usr/bin/env" mechanism as that requires the remote user's
  path to be set right and also assumes the "python" executable is named python, where the executable might
  be named something like "python26".
ansible\_\*\_interpreter
  Works for anything such as ruby or perl and works just like ansible_python_interpreter.
  This replaces shebang of modules which will run on that host.

Patterns

ansible <pattern_goes_here> -m <module_name> -a <arguments>

# Such as:
ansible webservers -m service -a "name=httpd state=restarted"

Ansible Python API

add_user.yml

---
- hosts: '{{ host }}'
  remote_user: '{{ user }}'
  tasks:
    - name: add user
      # Linux passwd use SHA512
      # from passlib.hash import sha512_crypt
      # sha512_crypt.encrypt('passwdstr')
      # Options: name password uid group shell generate_ssh_key ssh_key_type ssh_key_comment state remove
      user: name={{ username }} password={{ password }}

    - name: add user to /etc/sudoers
      # Options: dest line regexp owner group mode backup
      lineinfile: dest=/etc/sudoers line="{{ username }} ALL=(ALL) ALL"

add_user.py

# -*- coding: utf-8 -*-

from ansible.playbook import PlayBook
from ansible import callbacks
from ansible import utils


pb = "add_user.yml"
args = {"host": "spider",
        "user": "root",
        "username": "chenchangming",
        "password": "$6$rounds=100000$S6awA3g/94I3N7OV$I3XBFjP52IRfwkfq6kUooN0HN8vRlcYHYUlNgUgvEd38aqFtpMEYMwC1uQ.zen2UAsX3TNLfwgsKtq3CjqxL90"}

playbook_cp = callbacks.PlaybookCallbacks(verbose=utils.VERBOSITY)
stats = callbacks.AggregateStats()
runner_cb = callbacks.PlaybookRunnerCallbacks(stats, verbose=utils.VERBOSITY)

playbook = PlayBook(playbook=pb,
         extra_vars=args,
         callbacks=playbook_cp,
         stats=stats,
         runner_callbacks=runner_cb
        )

results = playbook.run()
print results