Introduction
------------
- uses
/usr/bin/ansible
- doesn't
make use of a playbook
- quick
way to execute task against target machine(s)
- usage:
ansible -a
# uses
"command" module (default)
ansible -m
-a
example:
ansible webservers -m service -a
"name=httpd state=restarted"
- when to
use?
* for doing file transfers
* to power off several servers at once for
monthly maintenance
* to remove a line from httpd.conf on your
webservers
* and many more..
How does Ansible Ad-Hoc commands
operate?
-----------------------------------------
1. Gets
configuration to use
- checks $ANSIBLE_CONFIG for location of
ansible.cfg
- if no environment variable set, checks
current path for ansible.cfg
- if not present on current path, checks
~/.ansible.cfg
- if not present on ~, tries
/etc/ansible/ansible.cfg
- settings will be used on every
connection made in each session
2. Loads
pre-compiled files
- you will see: Loading callback plugin
minimal of type stdout, v2.0 from
/usr/lib/python2.7/.../__init__.pyc
- seems that it is loading a compiled file
to add speed in execution
3.
Prepares module to use
- searches /ansible/modules/ for the appropriate module
- initiates SSH connection to target to
create
~/.ansible/tmp/ansible-tmp-
- creates /tmp/tmp w/c is a wrapper file for the
module
- move the wrapper file under the
directory created
- there is also a tmp file created under
the user's home directory on the
control machine
4.
Initiates SFTP session to target
- this is used by Ansible to transfer
files to remote machine
- you can force it to use SCP by adding
`scp_if_ssh = True` in ansible.cfg
5.
Executes module and cleanup
- initiates SSH session to execute
~/.ansible/tmp/ansible-tmp-
numbers>/module-name.py
- removes
~/.ansible/tmp/ansible-tmp-/ recursively
6. Steps 3
- 5 are repeated for any succeeding modules to execute
- some modules makes use of multiple
modules to fulfill its goal
- example: `copy` module uses `stat` and
`copy` in succession
7. If all
modules are executed, Ansible returns the output and exit
Parallelism
-----------
-
parallelism
* number of simultaneous hosts to talk to
* default is 5
* can be changed by:
a. via adhoc command "-f" option
a. via adhoc command "-f
b. via "forks" option in
ansible.cfg
|
rebooting
10 servers at a time
|
$ ansible atlanta -a "/sbin/reboot" -f 10
|
Basic Commands
--------------
|
pinging
the nodes
|
$ ansible all -m ping
localhost | SUCCESS => {
"changed":
false,
"ping":
"pong"
}
$
|
Remote Connections and Privelege
Escalations
--------------------------------------------
|
make
ansible ask for SSH password
|
By
default, ansible assumes you are using passwordless SSH. If that is not
setup,
make ansible ask you for a password by, $ ansible webserver -a "date" --ask-pass |
|
using
different SSH user
|
By
default ansible will the user that run the playbook to be the user to
connect
on the target system. To change it,
use
"-u" via adhoc command,
$ ansible webserver -a "date" -u apache "remote_user" via ansible.cfg, $ echo "remote_user = apache" >> /etc/ansible/ansible.cfg $ ansible webserver -a "date" or "ansible_user" via a variable. $ ansible webserver -a "date" -e "ansible_user=apache" |
|
becoming
root
|
By
default, adhoc commands doesn't make you root on the target system. To
execute
task as root, use "-b" or "--become" $ ansible jumphost -a "cat /etc/shadow" -b |
|
becoming
other than root
|
When you
reached the target system using your SSH username, you can switch to
other
user by: $ ansible jumphost -a "ls -l /opt/jboss" -b --become-user=jboss You may also enter the sudo password if needed: $ ansible jumphost -a "ls -l /opt/jboss" -b --become-user=jboss --ask-become-pass |
No comments:
Post a Comment