想要知道ansible-pull是用来做什么的,就需要了解Ansible的工作模,Ansible的工作模式有两种:
- push模式
push推送,这是Ansible的默认模式,在主控机上编排好playbook文件,push到远程主机上来执行。 - pull模式
pull模式就是现在要介绍的ansible-pull命令来完成的功能,与push推送模式反向,pull模式是远程主机 拉去git仓库的playbook文件进行执行;这需要远程主机安装ansible和git。
pull模式的优点如下:
1. 斜体样式不需要主控机
2. 可以并行执行playbook任务,并且速度非常快
3. 连接有节点启动更加安全
pull 模式的工作流程:
图片来之网络
- 每台远程主机上都需要安装Ansible 和git(svn)
- 所有的配置及playbooks 都存放在git 仓库
- 远程主机的ansible-pull 计划任务会定期检查给定的git 的tag 或者分支
- ansible-pull 执行特定的playbooks 即local.yml 或者hostname.yml
- 每次更改playbooks 只需要提交到git 即可
实验测试:
在gitee上创建一个用于测试的库:pull-test
将这个库下载下来,并创建playbook剧本文件上传到pull-test库
#touchfile-playbook.yaml 内容如下
# cat touchfile-playbook.yaml
---
- hosts: localhostremote_user: rootgather_facts: notasks:- name: Create a filefile:path: /opt/script/ansible-pull-empty.txtstate: touchmode: 0664
git clone https://gitee.com/crazy-stone-man/pull-test.git
cd pull-test/
git remote add ansible-pull https://gitee.com/crazy-stone-man/pull-test.git
git add touchfile-playbook.yaml
git commit -m "touch a file"
git push ansible-pull
可以在gitee仓库上查看文件是否被推送上去
# ansible-pull -U https://gitee.com/crazy-stone-man/pull-test.git touchfileplaybook.yaml
-
-U 指定playbook的URL。
-
-i: 指定inventory文件 我这里忽略了,默认是 /etc/ansible/hosts
看看效果:
[root@localhost script]# ansible-pull -U https://gitee.com/crazy-stone-man/pull-test.git touchfileplaybook.yaml
Starting Ansible Pull at 2024-09-30 05:43:15
/usr/bin/ansible-pull -U https://gitee.com/crazy-stone-man/pull-test.git touchfileplaybook.yaml
[WARNING]: Could not match supplied host pattern, ignoring: localhost.localdomain
localhost [WARNING]:| SUCCESS Your git => {"version isafter": "2 too old t9daba82f0co fully sub39887ca15pport the eb0dce51bddepth arguad3c0066b"ment. Fall, "being back tfore": "29o full chedaba82f0cbckouts.
39887ca15eb0dce51bdad3c0066b", "changed": false, "remote_url_changed": false
}
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
[WARNING]: Could not match supplied host pattern, ignoring: localhost.localdomainPLAY [localhost] ********************************************************************************************************************************************TASK [Create a file] ****************************************************************************************************************************************
changed: [localhost]PLAY RECAP **************************************************************************************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 [root@localhost script]# ls
ansible-pull-empty.txt
执行成功了!
修改playbook文件重新上传,再次执行ansible-pull
---
- hosts: localhostremote_user: rootgather_facts: notasks:- name: Create a filefile:path: /opt/script/ansible-pull-empty.txtstate: absent #删除掉文件
[root@localhost script]# ansible-pull -U https://gitee.com/crazy-stone-man/pull-test.git touchfileplaybook.yaml
Starting Ansible Pull at 2024-09-30 05:49:41
/usr/bin/ansible-pull -U https://gitee.com/crazy-stone-man/pull-test.git touchfileplaybook.yaml
[WARNING]: Could not match supplied host pattern, ignoring: localhost.localdomain
localhost [WARNING]:| CHANGED Your git => {"version isafter": "d too old tbfda18ce36o fully su79910c8316pport the 5477f9dd84depth argu5e8f875aa"ment. Fall, "being back tfore": "29o full chedaba82f0cbckouts.
39887ca15eb0dce51bdad3c0066b", "changed": true, "remote_url_changed": false
}
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
[WARNING]: Could not match supplied host pattern, ignoring: localhost.localdomainPLAY [localhost] ********************************************************************************************************************************************TASK [Create a file] ****************************************************************************************************************************************
changed: [localhost]PLAY RECAP **************************************************************************************************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 [root@localhost script]# ls
[root@localhost script]#
可以看到已经被删除了!
学习更多ansible-pull功能使用
ansible-pull --help
我创建的git仓库是公开的,在真实环境是不能公开的,而且最好是限制IP
加入定时任务:
定时去拉取playbook文件执行
*/5 * * * * ansible-pull -C master -d /tmp/ansible-pull -i /etc/ansible/hosts -U https://gitee.com/crazy-stone-man/pull-test.git -o
- -C 指定分支 checkout功能
- -d Ansible Pull 将要使用的工作目录。它会将仓库克隆到这个目录,或者在该目录中查找已经克隆的仓库。
- -i 指定 inventory 文件路径
- -U 指定存储 playbook 的远程 Git 仓库的 URL。
- -o 只有playbook 远程Git仓库更新才执行
参考连接:https://blog.csdn.net/yuezhilangniao/article/details/115799713
