Ansible学习之ansible-pull命令

发布于:2024-10-10 ⋅ 阅读:(67) ⋅ 点赞:(0)

想要知道ansible-pull是用来做什么的,就需要了解Ansible的工作模,Ansible的工作模式有两种:

  1. push模式
    push推送,这是Ansible的默认模式,在主控机上编排好playbook文件,push到远程主机上来执行。
  2. pull模式
    pull模式就是现在要介绍的ansible-pull命令来完成的功能,与push推送模式反向,pull模式是远程主机 拉去git仓库的playbook文件进行执行;这需要远程主机安装ansible和git。

pull模式的优点如下:
1. 斜体样式不需要主控机
2. 可以并行执行playbook任务,并且速度非常快
3. 连接有节点启动更加安全

pull 模式的工作流程:
图片来之网络
在这里插入图片描述

  1. 每台远程主机上都需要安装Ansible 和git(svn)
  2. 所有的配置及playbooks 都存放在git 仓库
  3. 远程主机的ansible-pull 计划任务会定期检查给定的git 的tag 或者分支
  4. ansible-pull 执行特定的playbooks 即local.yml 或者hostname.yml
  5. 每次更改playbooks 只需要提交到git 即可

实验测试:
在gitee上创建一个用于测试的库:pull-test

将这个库下载下来,并创建playbook剧本文件上传到pull-test库
#touchfile-playbook.yaml 内容如下

# cat touchfile-playbook.yaml
---
- hosts: localhost
  remote_user: root
  gather_facts: no
  tasks:
    - name: Create a file
      file:
        path: /opt/script/ansible-pull-empty.txt
        state:  touch
        mode: 0664
git clone https://gitee.com/crazy-stone-man/pull-test.git
cd pull-test/
git remote add ansible-pull https://gitee.com/crazy-stone-man/pull-test.git
git add touchfile-playbook.yaml
git commit -m "touch a file"
git push ansible-pull

可以在gitee仓库上查看文件是否被推送上去
在这里插入图片描述

# ansible-pull -U https://gitee.com/crazy-stone-man/pull-test.git touchfileplaybook.yaml
  • -U 指定playbook的URL。

  • -i: 指定inventory文件 我这里忽略了,默认是 /etc/ansible/hosts

    看看效果:

[root@localhost script]# ansible-pull -U https://gitee.com/crazy-stone-man/pull-test.git touchfileplaybook.yaml 
Starting Ansible Pull at 2024-09-30 05:43:15
/usr/bin/ansible-pull -U https://gitee.com/crazy-stone-man/pull-test.git touchfileplaybook.yaml
[WARNING]: Could not match supplied host pattern, ignoring: localhost.localdomain
localhost [WARNING]:| SUCCESS  Your git => {
    "version isafter": "2 too old t9daba82f0co fully sub39887ca15pport the eb0dce51bddepth arguad3c0066b"ment. Fall, 
    "being back tfore": "29o full chedaba82f0cbckouts.
39887ca15eb0dce51bdad3c0066b", 
    "changed": false, 
    "remote_url_changed": false
}
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
[WARNING]: Could not match supplied host pattern, ignoring: localhost.localdomain

PLAY [localhost] ********************************************************************************************************************************************

TASK [Create a file] ****************************************************************************************************************************************
changed: [localhost]

PLAY RECAP **************************************************************************************************************************************************
localhost                  : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[root@localhost script]# ls
ansible-pull-empty.txt

执行成功了!

修改playbook文件重新上传,再次执行ansible-pull

---
- hosts: localhost
  remote_user: root
  gather_facts: no
  tasks:
    - name: Create a file
      file:
        path: /opt/script/ansible-pull-empty.txt
        state:  absent	#删除掉文件
[root@localhost script]# ansible-pull -U https://gitee.com/crazy-stone-man/pull-test.git touchfileplaybook.yaml 
Starting Ansible Pull at 2024-09-30 05:49:41
/usr/bin/ansible-pull -U https://gitee.com/crazy-stone-man/pull-test.git touchfileplaybook.yaml
[WARNING]: Could not match supplied host pattern, ignoring: localhost.localdomain
localhost [WARNING]:| CHANGED  Your git => {
    "version isafter": "d too old tbfda18ce36o fully su79910c8316pport the 5477f9dd84depth argu5e8f875aa"ment. Fall, 
    "being back tfore": "29o full chedaba82f0cbckouts.
39887ca15eb0dce51bdad3c0066b", 
    "changed": true, 
    "remote_url_changed": false
}
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
[WARNING]: Could not match supplied host pattern, ignoring: localhost.localdomain

PLAY [localhost] ********************************************************************************************************************************************

TASK [Create a file] ****************************************************************************************************************************************
changed: [localhost]

PLAY RECAP **************************************************************************************************************************************************
localhost                  : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[root@localhost script]# ls
[root@localhost script]# 

可以看到已经被删除了!

学习更多ansible-pull功能使用

ansible-pull	--help

我创建的git仓库是公开的,在真实环境是不能公开的,而且最好是限制IP

加入定时任务:
定时去拉取playbook文件执行

*/5 * * * * ansible-pull -C master -d /tmp/ansible-pull -i /etc/ansible/hosts -U https://gitee.com/crazy-stone-man/pull-test.git  -o
  • -C 指定分支 checkout功能
  • -d Ansible Pull 将要使用的工作目录。它会将仓库克隆到这个目录,或者在该目录中查找已经克隆的仓库。
  • -i 指定 inventory 文件路径
  • -U 指定存储 playbook 的远程 Git 仓库的 URL。
  • -o 只有playbook 远程Git仓库更新才执行

参考连接:https://blog.csdn.net/yuezhilangniao/article/details/115799713