如果目标主机上没有代理,Ansible 能够执行诸如添加用户(-m 用户)之类的任务。
为了理解这一点,我读了这个article,上面写着:
“Ansible 通过连接到您的节点并推出 小程序(称为“Ansible 模块”)来工作。这些程序被编写为系统所需状态的资源模型。”
为了理解这一点,我的解释是,user 模块是位于控制服务器中的 python 模块,并且在运行带有-m user 选项的ansible 命令后,该模块在线上序列化到目标主机。
ansible 是否通过 ssh 序列化这些程序(user 源代码)?在远程主机上执行...
此序列化是否涉及 ssh 代理转发技术?
【问题讨论】:
标签: serialization ssh ansible
当 ansible 在你的 playbook 中执行一个模块时,它会将需要运行的代码与遇到的参数一起序列化到一个名为 <local user home>/.ansible/tmp/ansible-local-<current-run-hash>/tmp<some-other-hash> 的本地 python 文件中。
该文件使用为该主机声明的连接(ssh、docker、本地...)上传到<remote_user home dir>/.ansible/tmp/ansible-tmp-<current-run-hashed-id>/AnsiballZ_<module_name>.py 中的远程主机。
python 文件通过该连接在远程主机上执行,结果被取回本地机器并清理文件。
您可以使用ansible-playbook 的-vvv 选项(或ansible,如果您正在发送临时命令)确切地看到所有这些是如何执行的。这是在我的本地机器上针对 docker 主机运行 stat 模块的示例。
任务:
- name: Check if SystemD service is installed
stat:
path: /etc/systemd/system/nexus.service
register: nexus_systemd_service_file
使用-vvv 运行。文件复制到远程从第 7 行开始。
TASK [nexus3-oss : Check if SystemD service is installed] **********************
task path: /projects/ansible/nexus3-oss/tasks/main.yml:13
<nexus3-oss-debian-stretch> ESTABLISH DOCKER CONNECTION FOR USER: root
<nexus3-oss-debian-stretch> EXEC ['/usr/bin/docker', b'exec', b'-i', 'nexus3-oss-debian-stretch', '/bin/sh', '-c', "/bin/sh -c 'echo ~ && sleep 0'"]
<nexus3-oss-debian-stretch> EXEC ['/usr/bin/docker', b'exec', b'-i', 'nexus3-oss-debian-stretch', '/bin/sh', '-c', '/bin/sh -c \'( umask 77 && mkdir -p "` echo /home/deployuser/.ansible/tmp/ansible-tmp-1555848182.1761565-31974482443721 `" && echo ansible-tmp-1555848182.1761565-31974482443721="` echo /deployuser/.ansible/tmp/ansible-tmp-1555848182.1761565-31974482443721 `" ) && sleep 0\'']
Using module file /home/localuser/.local/lib/python3.6/site-packages/ansible/modules/files/stat.py
<nexus3-oss-debian-stretch> PUT /home/localuser/.ansible/tmp/ansible-local-30458wt820190/tmpq2vjarrv TO /home/deployuser/.ansible/tmp/ansible-tmp-1555848182.1761565-31974482443721/AnsiballZ_stat.py
<nexus3-oss-debian-stretch> EXEC ['/usr/bin/docker', b'exec', b'-i', 'nexus3-oss-debian-stretch', '/bin/sh', '-c', "/bin/sh -c 'chmod u+x /home/deployuser/.ansible/tmp/ansible-tmp-1555848182.1761565-31974482443721/ /home/deployuser/.ansible/tmp/ansible-tmp-1555848182.1761565-31974482443721/AnsiballZ_stat.py && sleep 0'"]
<nexus3-oss-debian-stretch> EXEC ['/usr/bin/docker', b'exec', b'-i', 'nexus3-oss-debian-stretch', '/bin/sh', '-c', '/bin/sh -c \'http_proxy=\'"\'"\'\'"\'"\' https_proxy=\'"\'"\'\'"\'"\' no_proxy=\'"\'"\'\'"\'"\' /usr/bin/python /home/deployuser/.ansible/tmp/ansible-tmp-1555848182.1761565-31974482443721/AnsiballZ_stat.py && sleep 0\'']
<nexus3-oss-debian-stretch> EXEC ['/usr/bin/docker', b'exec', b'-i', 'nexus3-oss-debian-stretch', '/bin/sh', '-c', "/bin/sh -c 'rm -f -r /home/deployuser/.ansible/tmp/ansible-tmp-1555848182.1761565-31974482443721/ > /dev/null 2>&1 && sleep 0'"]
ok: [nexus3-oss-debian-stretch] => {
"changed": false,
"invocation": {
"module_args": {
"checksum_algorithm": "sha1",
"follow": false,
"get_attributes": true,
"get_checksum": true,
"get_md5": null,
"get_mime": true,
"path": "/etc/systemd/system/nexus.service"
}
},
"stat": {
"atime": 1555848116.0796735,
"attr_flags": "",
"attributes": [],
"block_size": 4096,
"blocks": 8,
"charset": "us-ascii",
"checksum": "f1de2c2bc91adc019e58f83a29c970d1d79d5cc9",
"ctime": 1553622777.8884165,
"dev": 77,
"device_type": 0,
"executable": false,
"exists": true,
"gid": 0,
"gr_name": "root",
"inode": 22997,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mimetype": "text/plain",
"mode": "0644",
"mtime": 1553622777.3485653,
"nlink": 1,
"path": "/etc/systemd/system/nexus.service",
"pw_name": "root",
"readable": true,
"rgrp": true,
"roth": true,
"rusr": true,
"size": 248,
"uid": 0,
"version": "687353",
"wgrp": false,
"woth": false,
"writeable": true,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
}
}
【讨论】: