使用 Ansible 管理服务器集群

news/2025/9/18 2:37:51/文章来源:https://www.cnblogs.com/Undefined443/p/19097958

Inventory

Ansible 使用 /etc/ansible/hosts 管理受控服务器列表：

---
ungrouped:hosts:node-1:ansible_host: 192.168.1.1ansible_user: johnnode-2:ansible_host: 192.168.1.2ansible_user: janenode-3:ansible_host: 192.168.1.3ansible_user: frank

关于 inventory 文件的字段说明，参见：Building an inventory | Ansible Core Documentation

ansible-inventory --list  # 列出 inventory

执行远程命令

Ansible 可以以如下方式临时执行一条远程命令：

ansible <group> -m ping                        # 测试连接
ansible <group> -m shell -a "df -h"            # 执行命令
ansible <group> -m copy -a "src=src dest=tgt"  # 上传文件

Playbook

对于复杂命令，可以通过 playbook 定义并执行：

---
- name: Create user
- hosts: ungroupedbecome: truetasks:- name: Update all packagesansible.builtin.apt:upgrade: dist- name: Greetingansible.builtin.shell: "echo 'Hello, world!'"

关于 playbook 的字段说明，参见：Using Ansible playbooks | Ansible Core Documentation

运行 playbook：

ansible-playbook -bK playbook.yml              # 执行 playbook (sudo)
ansible-playbook -C playbook.yml -e "arg=val"  # 干运行
ansible-playbook --syntax-check playbook.yml   # 语法检查

-a：args，指定操作参数
-b：become，启用权限提升
-K：请求权限提升密码
-i：指定 inventory 文件

配置

Ansible 默认配置文件为 ~/.ansible.cfg：

[defaults]
# 指定默认的远程用户
remote_user = ubuntu# 指定远程 Python 解释器
interpreter_python = auto_silent# 指定私钥文件的路径
#private_key_file = /home/ubuntu/.ssh/id_ed25519ask_pass = False
ask_become_pass = True# 是否在主机不可达时停止执行
host_key_checking = False# 控制并发线程数
forks = 5# 输出的详细程度（0-4）
verbosity = 0# 指定库存文件路径
inventory = /etc/ansible/hosts# 指定远程 Shell
ansible_shell_executable = /usr/bin/bash# 使用 sudo 提升权限
[privilege_escalation]
become = False
become_user = root
become_method = sudo
become_ask_pass = False

ansible-config view                    # 查看配置
ansible-config init --disabled -t all  # 生成默认配置

Troubleshooting

临时文件权限错误

问题描述：执行下面的任务时，提示：“Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user”。

- name: Install miniconda3shell: |bash /home/share/miniconda.sh -bup /home/{{ username }}/.local/opt/miniconda3/home/{{ username }}/.local/opt/miniconda3/bin/conda init bashbecome_user: "{{ username }}"

TASK [Install miniconda3] ********************************************************************************************************************************
[ERROR]: Task failed: Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chmod: invalid mode: ‘A+user:john:rx:allow’
Try 'chmod --help' for more information.
}). For information on working around this, see https://docs.ansible.com/ansible-core/2.19/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming-an-unprivileged-user
Origin: /ansible/create_user.yml:72:770     #     state: present
71
72     - name: Install miniconda3^ column 7fatal: [h101]: FAILED! => {"changed": false, "msg": "Task failed: Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chmod: invalid mode: ‘A+user:john:rx:allow’\nTry 'chmod --help' for more information.\n}). For information on working around this, see https://docs.ansible.com/ansible-core/2.19/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming-an-unprivileged-user"}

问题原因：ansible 尝试使用 ACL 语法运行 chmod：chmod A+user:john:rx:allow，然而当前系统不支持 ACL。

解决方法：安装 ACL

sudo apt install acl

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.mzph.cn/news/906973.shtml

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈email:809451989@qq.com，一经查实，立即删除！

爆

1现在处于非常破防的阶段，不知道为什么会打成这个样子。 ABC 过得很快。看到 D1 的第一眼就会了，发现转移只需要随便优化一下就能通过 D2，不太想写。E 看上去挺可做，F 看上去是板子题。于是开始写 F，不知道这种代…