Ansible Inventory内置参数
参考文章:Ansible Inventory内置参数 - 简书
How to build your inventory — Ansible Documentation
/etc/ansible/hosts例子
some_host ansible_ssh_port=2222 ansible_ssh_user=manager
aws_host ansible_ssh_private_key_file=/home/example/.ssh/aws.pem
freebsd_host ansible_python_interpreter=/usr/local/bin/python
ruby_module_host ansible_ruby_interpreter=/usr/bin/ruby.1.9.3参数大全
# 定义hosts ssh地址:
ansible_ssh_host:
# 定义hosts ssh端口:
ansible_ssh_port:
# 定义hosts ssh认证用户:
ansible_ssh_user:
# 定义hosts ssh认证密码:
ansible_ssh_pass:
# 定义hosts sudo用户:
ansible_sudo:
# 定义hosts sudo密码:
ansible_sudo_pass:
# 定义host sudo路径:
# sudo 命令路径(适用于1.8及以上版本)
ansible_sudo_exe:
# 定义hosts连接方式:
# 与主机的连接类型(比如:local, ssh 或者 paramiko):
# Ansible 1.2 以前默认使用 paramiko.1.2 以后默认使用 'smart',
# 'smart' 方式会根据是否支持 ControlPersist, 来判断'ssh' 方式是否可行.
ansible_connection:
# 定义hosts私钥:
ansible_ssh_private_key_file:
# 定义hosts shell类型:
# 目标系统的shell类型.默认情况下,
# 命令的执行使用 'sh' 语法,可设置为 'csh' 或 'fish'.
ansible_shell_type:
# 定义hosts 任务执行python路径:
ansible_python_interpreter:
# 定义hosts其他语言解析路径:
ansible_*_interpreter:
# ssh 使用的私钥文件
# 适用于有多个密钥,而不使用 SSH 代理的情况
ansible_ssh_private_key_file
# 目标主机的 python 路径
ansible_python_interpreter
# 适用于的情况: 系统中有多个 Python, 或者命令路径不是"/usr/bin/python",
# 比如 \*BSD, 或者 /usr/bin/python 不是 2.X 版本的 Python.
# 不使用 "/usr/bin/env" 机制,因为这要求远程用户的路径设置正确,
# 且要求 "python" 可执行程序名不可为 python以外的名字(实际有可能名为python26).
# 与 ansible_python_interpreter 的工作方式相同,可设定如 ruby 或 perl 的路径....
inventory变量参数
| 参数 | 说明 |
|---|---|
| ansible_ssh_host | 将要连接的远程主机名.与你想要设定的主机的别名不同的话,可通过此变量设置. |
| ansible_ssh_port | ssh端口号.如果不是默认的端口号,通过此变量设置. |
| ansible_ssh_user | 默认的 ssh 用户名 |
| ansible_ssh_pass | ssh 密码(这种方式并不安全,我们强烈建议使用 --ask-pass 或 SSH 密钥) |
| ansible_ssh_private_key_file | ssh 使用的私钥文件.适用于有多个密钥,而你不想使用 SSH 代理的情况. |
| ansible_ssh_common_args | 此设置附加到sftp,scp和ssh的缺省命令行 |
| ansible_sftp_extra_args | 此设置附加到默认sftp命令行。 |
| ansible_scp_extra_args | 此设置附加到默认scp命令行。 |
| ansible_ssh_extra_args | 此设置附加到默认ssh命令行。 |
| ansible_ssh_pipelining | 确定是否使用SSH管道。 这可以覆盖ansible.cfg中得设置。 |
| ansible_shell_type | 目标系统的shell类型.默认情况下,命令的执行使用 'sh' 语法,可设置为 'csh' 或 'fish'. |
| ansible_python_interpreter | 目标主机的 python 路径.适用于的情况: 系统中有多个 Python, 或者命令路径不是"/usr/bin/python",比如 *BSD, 或者 /usr/bin/python |
| ansible_*_interpreter | 这里的"*"可以是ruby 或perl 或其他语言的解释器,作用和ansible_python_interpreter 类似 |
| ansible_shell_executable | 这将设置ansible控制器将在目标机器上使用的shell,覆盖ansible.cfg中的配置,默认为/bin/sh。 |
官网介绍:
ansible_connection
Connection type to the host. This can be the name of any of ansible’s connection plugins. SSH protocol types are
smart,sshorparamiko. The default is smart. Non-SSH based types are described in the next section.
General for all connections:
ansible_host
The name of the host to connect to, if different from the alias you wish to give to it.
ansible_port
The connection port number, if not the default (22 for ssh)
ansible_user
The user name to use when connecting to the host
ansible_password
The password to use to authenticate to the host (never store this variable in plain text; always use a vault. See Keep vaulted variables safely visible)
Specific to the SSH connection:
ansible_ssh_private_key_file
Private key file used by ssh. Useful if using multiple keys and you don’t want to use SSH agent.
ansible_ssh_common_args
This setting is always appended to the default command line for sftp, scp, and ssh. Useful to configure a
ProxyCommandfor a certain host (or group).
ansible_sftp_extra_args
This setting is always appended to the default sftp command line.
ansible_scp_extra_args
This setting is always appended to the default scp command line.
ansible_ssh_extra_args
This setting is always appended to the default ssh command line.
ansible_ssh_pipelining
Determines whether or not to use SSH pipelining. This can override the
pipeliningsetting inansible.cfg.
ansible_ssh_executable (added in version 2.2)
This setting overrides the default behavior to use the system ssh. This can override the
ssh_executablesetting inansible.cfg.Privilege escalation (see Ansible Privilege Escalation for further details):
ansible_become
Equivalent to
ansible_sudooransible_su, allows to force privilege escalation
ansible_become_method
Allows to set privilege escalation method
ansible_become_user
Equivalent to
ansible_sudo_useroransible_su_user, allows to set the user you become through privilege escalation
ansible_become_password
Equivalent to
ansible_sudo_passwordoransible_su_password, allows you to set the privilege escalation password (never store this variable in plain text; always use a vault. See Keep vaulted variables safely visible)
ansible_become_exe
Equivalent to
ansible_sudo_exeoransible_su_exe, allows you to set the executable for the escalation method selected
ansible_become_flags
Equivalent to
ansible_sudo_flagsoransible_su_flags, allows you to set the flags passed to the selected escalation method. This can be also set globally inansible.cfgin thesudo_flagsoption
Remote host environment parameters:
ansible_shell_type
The shell type of the target system. You should not use this setting unless you have set the ansible_shell_executable to a non-Bourne (sh) compatible shell. By default commands are formatted using
sh-style syntax. Setting this tocshorfishwill cause commands executed on target systems to follow those shell’s syntax instead.
ansible_python_interpreter
The target host python path. This is useful for systems with more than one Python or not located at /usr/bin/python such as *BSD, or where /usr/bin/python is not a 2.X series Python. We do not use the /usr/bin/env mechanism as that requires the remote user’s path to be set right and also assumes the python executable is named python, where the executable might be named something like python2.6.
ansible_*_interpreter
Works for anything such as ruby or perl and works just like ansible_python_interpreter. This replaces shebang of modules which will run on that host.
New in version 2.1.
ansible_shell_executable
This sets the shell the ansible controller will use on the target machine, overrides
executableinansible.cfgwhich defaults to /bin/sh. You should really only change it if is not possible to use /bin/sh (in other words, if /bin/sh is not installed on the target machine or cannot be run from sudo.).
Examples from an Ansible-INI host file:
some_host ansible_port=2222 ansible_user=manager aws_host ansible_ssh_private_key_file=/home/example/.ssh/aws.pem freebsd_host ansible_python_interpreter=/usr/local/bin/python ruby_module_host ansible_ruby_interpreter=/usr/bin/ruby.1.9.3
Non-SSH connection types
As stated in the previous section, Ansible executes playbooks over SSH but it is not limited to this connection type. With the host specific parameter
ansible_connection=<connector>, the connection type can be changed. The following non-SSH based connectors are available:
local
This connector can be used to deploy the playbook to the control machine itself.
docker
This connector deploys the playbook directly into Docker containers using the local Docker client. The following parameters are processed by this connector:
ansible_host
The name of the Docker container to connect to.
ansible_user
The user name to operate within the container. The user must exist inside the container.
ansible_become
If set to
truethebecome_userwill be used to operate within the container.
ansible_docker_extra_args
Could be a string with any additional arguments understood by Docker, which are not command specific. This parameter is mainly used to configure a remote Docker daemon to use.
Here is an example of how to instantly deploy to created containers:
- name: Create a jenkins container
community.general.docker_container:
docker_host: myserver.net:4243
name: my_jenkins
image: jenkins
- name: Add the container to inventory
ansible.builtin.add_host:
name: my_jenkins
ansible_connection: docker
ansible_docker_extra_args: "--tlsverify --tlscacert=/path/to/ca.pem --tlscert=/path/to/client-cert.pem --tlskey=/path/to/client-key.pem -H=tcp://myserver.net:4243"
ansible_user: jenkins
changed_when: false
- name: Create a directory for ssh keys
delegate_to: my_jenkins
ansible.builtin.file:
path: "/var/jenkins_home/.ssh/jupiter"
state: directory