可以从命令行执行角色吗?

假设我有一个叫做“ apache”的角色

现在我想从 Ansible 主机的命令行在 host 192.168.0.10上执行这个角色

ansible-playbook -i  "192.168.0.10" --role  "path to role"

有办法吗?

133475 次浏览
小开

我没有注意到这个特性,但是您可以使用标记仅仅运行您的剧本中的一个角色。

roles:
- {role: 'mysql', tags: 'mysql'}
- {role: 'apache', tags: 'apache'}


ansible-playbook webserver.yml --tags "apache"
小开

在 Ansible 没有这样的东西,但是如果你经常遇到这种情况,试试这个脚本。
Put it somewhere within your searchable PATH under name ansible-role:

#!/bin/bash


if [[ $# < 2 ]]; then
cat <<HELP
Wrapper script for ansible-playbook to apply single role.


Usage: $0 <host-pattern> <role-name> [ansible-playbook options]


Examples:
$0 dest_host my_role
$0 custom_host my_role -i 'custom_host,' -vv --check
HELP
exit
fi


HOST_PATTERN=$1
shift
ROLE=$1
shift


echo "Trying to apply role \"$ROLE\" to host/group \"$HOST_PATTERN\"..."


export ANSIBLE_ROLES_PATH="$(pwd)/roles"
export ANSIBLE_RETRY_FILES_ENABLED="False"
ansible-playbook "$@" /dev/stdin <<END
---
- hosts: $HOST_PATTERN
roles:
- $ROLE
END
小开

您还可以检查 ansible-toolbox存储库

ansible-role --host 192.168.0.10 --gather --user centos --become my-role
小开

我已经写了一个小的安塞尔插件,称为 auto_tags,动态生成的每个角色在您的剧本相同的名称标记。你可以找到它 给你

安装完成后(说明见上文要点) ,您可以使用以下命令执行一个特定的角色:

ansible-playbook -i "192.168.0.10" --tags "name_of_role"

小开

使用可视化2.7,你可以这样做:

$ cd /path/to/ansible/
$ ansible localhost -m include_role -a name=<role_name>
localhost | SUCCESS => {
"changed": false,
"include_variables": {
"name": "<role_name>"
}
}
localhost | SUCCESS => {
"msg": "<role_name>"
}

这将运行角色从/path/到/anable/role 或配置的角色路径。

点击这里阅读更多: Https://github.com/ansible/ansible/pull/43131

小开

因为在2.4版本中有两个选项: import_roleinclude_role

wohlgemuth@leela:~/workspace/rtmtb-ansible/kvm-cluster$ ansible localhost -m import_role -a name=rtmtb
[WARNING]: No inventory was parsed, only implicit localhost is available


localhost | CHANGED => {
"changed": true,
"checksum": "d31b41e68997e1c7f182bb56286edf993146dba1",
"dest": "/root/.ssh/id_rsa.github",
"gid": 0,
"group": "root",
"md5sum": "b7831c4c72f3f62207b2b96d3d7ed9b3",
"mode": "0600",
"owner": "root",
"size": 3389,
"src": "/home/wohlgemuth/.ansible/tmp/ansible-tmp-1561491049.46-139127672211209/source",
"state": "file",
"uid": 0
}
localhost | CHANGED => {
"changed": true,
"checksum": "1972ebcd25363f8e45adc91d38405dfc0386b5f0",
"dest": "/root/.ssh/config",
"gid": 0,
"group": "root",
"md5sum": "f82552a9494e40403da4a80e4c528781",
"mode": "0644",
"owner": "root",
"size": 147,
"src": "/home/wohlgemuth/.ansible/tmp/ansible-tmp-1561491049.99-214274671218454/source",
"state": "file",
"uid": 0
}

ansible.builtin.import_role – Import a role into a play

Include _ role-加载并执行一个角色

小开

你试过吗?超级酷。我使用“ update-os”而不是“ apache”角色来给出一个更有意义的示例。我有一个角色叫做 ./roles/update-os/在我的 ./中我添加了一个叫做 ./role-update-os.yml的文件,它看起来像:

#!/usr/bin/ansible-playbook
---
- hosts: all
gather_facts: yes
become: yes
roles:
- update-os

使该文件可执行(chmod +x role-update-os.yml)。现在,您可以运行和限制,无论您有在您的库存 ./update-os.yml -i inventory-dev --limit 192.168.0.10的限制,您可以通过组名称以及。

  • --limit web,db > web and db is the group defined in your inventory
  • --limit 192.168.0.10,192.168.0.201
$ cat inventory-dev
[web]
192.168.0.10


[db]
192.168.0.201

Note that you can configure ssh-keys and sudoers policy to be able to execute without having to type password - ideal for automation, there are security implications with this. therefore you have to analyze your environment to see whether it's suitable.

小开

是的,import_role是一个可操作的模块,因此它可以通过 ansible命令调用。以下代码在 my_server上执行角色 pki

ansible my_server -m import_role \
-a "name=pki tasks_from=gencert" \
-e cn=etcdctl \
-e extended_key_usage=clientAuth
小开

您可以从命令行创建剧本文件:

  1. 安装角色(如果尚未安装) 
    ansible-galaxy install git+https://github.com/user/apache-role.git
  2. 创建剧本和主机文件 
    cat >> playbook.yml <<EOL
---
- name: Run apache
hosts: all
roles:
- apache-role
EOL


cat >> hosts <<EOL
192.168.0.10
EOL
  3. 跑起来 
    ansible-playbook playbook.yml -i hosts
  4. 删除文件 
    rm playbook.yml hosts

提交答案