前言

官方介绍:针对一组主机定义并运行单个任务“剧本”工具;个人理解ansible 是Ansible-hoc功能的程序入口,即简单临时命令;

 

命令格式

ansible [group|host] [options]

# group:组名,可以使用all来表示所有组与主机
# host:主机名或者主机地址,多主机用逗号隔开
# options:ansible程序选项

 

选项

ansible 并发数调整 ansible groups_sed

 

常用实例

指定模块来进行操作远程主机

[root@k8s-master01 ~]# ansible 192.168.10.170 -m ping
192.168.10.170 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

通过-m选项调用ping模块,对被管理端执行ping操作;常用模块有yum、shell、copy、command等等,查看支持的模块有哪些可以使用命令ansible-doc -l。查看模块的具体使用方式可以使用命令ansible-doc $COMMAND,这里我用变量$COMMAND来表示你将要查看的具体模块。

 

向指定的模块传递参数

[root@k8s-master01 ~]# ansible 192.168.10.170 -m shell -a "ip addr"
192.168.10.170 | CHANGED | rc=0 >>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:b5:b5:32 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.170/24 brd 192.168.10.255 scope global noprefixroute dynamic ens3
       valid_lft 23730sec preferred_lft 23730sec
    inet6 fe80::2f78:3130:6efe:4b3a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

通过-a传递的参数必须是-m指定模块能传递的参数;如果是shell或者command模块调用的执行命令,尽量用绝对路径操作

 

设置远程连接最大超时时间

比如你确定公司环境正常不会发生网络问题,ssh反向解析已经关闭;正常连接在几秒之内,这个时候如果服务或者主机连接时间特别长,或者你觉得根本就用不到那么长时间,是不是可以将连接超时的时间缩小或者放大?

[root@k8s-master01 ~]# ansible 192.168.10.170 -T 20 -m command -a "ip addr"
192.168.10.170 | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.10.170 port 22: Connection refused", 
    "unreachable": true
}

个人感觉这条指令作用不大

 

权限提升操作

比如现在公司都用的统一普通账户进行运维的工作,你要做批量部署或者批量管理,这个时候ansible临时命令应该用哪些方式及参数?

ansible 并发数调整 ansible groups_bash_02

ansible 并发数调整 ansible groups_python_03

[root@k8s-master01 ~]# ansible 192.168.10.170 -m shell -a "ls -lah /root/" -u test1
192.168.10.170 | FAILED | rc=2 >>
ls: cannot open directory /root/: Permission deniednon-zero return code

[root@k8s-master01 ~]# ansible 192.168.10.170 -m shell -a "ls -lah /root/" -u test1 -b --become-method sudo -K
BECOME password: 
192.168.10.170 | CHANGED | rc=0 >>
total 28K
dr-xr-x---.  5 root root  185 Mar  8 20:16 .
dr-xr-xr-x. 17 root root  224 Jan 18 14:36 ..
-rw-------.  1 root root 1.4K Jan 18 14:37 anaconda-ks.cfg
drwx------   3 root root   17 Mar  3 14:51 .ansible
drwxr-xr-x   2 root root   85 Mar  8 19:22 .ansible_async
-rw-------.  1 root root  514 Mar  8 20:14 .bash_history
-rw-r--r--.  1 root root   18 Dec 29  2013 .bash_logout
-rw-r--r--.  1 root root  176 Dec 29  2013 .bash_profile
-rw-r--r--.  1 root root  176 Dec 29  2013 .bashrc
-rw-r--r--.  1 root root  100 Dec 29  2013 .cshrc
drwx------   2 root root   29 Mar  8 19:15 .ssh
-rw-r--r--.  1 root root  129 Dec 29  2013 .tcshrc

[root@k8s-master01 ~]# ansible 192.168.10.170 -m shell -a "ls -lah /root/" -u test1 -b --become-method su --become-user root -K
BECOME password: 
192.168.10.170 | CHANGED | rc=0 >>
total 28K
dr-xr-x---.  5 root root  185 Mar  8 20:16 .
dr-xr-xr-x. 17 root root  224 Jan 18 14:36 ..
-rw-------.  1 root root 1.4K Jan 18 14:37 anaconda-ks.cfg
drwx------   3 root root   17 Mar  3 14:51 .ansible
drwxr-xr-x   2 root root   85 Mar  8 19:22 .ansible_async
-rw-------.  1 root root  514 Mar  8 20:14 .bash_history
-rw-r--r--.  1 root root   18 Dec 29  2013 .bash_logout
-rw-r--r--.  1 root root  176 Dec 29  2013 .bash_profile
-rw-r--r--.  1 root root  176 Dec 29  2013 .bashrc
-rw-r--r--.  1 root root  100 Dec 29  2013 .cshrc
drwx------   2 root root   29 Mar  8 19:15 .ssh
-rw-r--r--.  1 root root  129 Dec 29  2013 .tcshrc

详情示例

第一次执行ansible的时候并没有成功,因为我是用test1用户去进行/root目录内容的查看,当然无法查看;

第二次执行ansible的时候成功了,采用的是sudo的方式进行权限的提升

第三次执行ansible的时候也成功了,采用的是su的方式进行权限的提升

参数讲解:

  • -u:指定被管理端用来远程的用户,我这里是test1
  • -b:开启权限提升模式,如果不用-b的话,后面的这些参数其实都没什么意义。
  • --become-method:指定采用何种方式进行权限的提升,方式有很多,常用的是su及sudo
  • --become-user:指定提升权限的用户,我想一般也只有提升权限的模式是su的时候才会用到吧,当然眼界仅限于我个人
  • -K:提升权限时需要输入的密码,如果你是sudo,并在被管理端的配置文件中设置了nopasswd,这里就不需要这个选项啦

 

设置程序最大远程执行时间

[root@k8s-master01 ~]# ansible 192.168.10.170 -m shell -a "sleep 15" -B 5 -P 2 -T 2
192.168.10.170 | FAILED | rc=-1 >>
async task did not complete within the requested time - 5s

[root@k8s-master01 ~]# ansible 192.168.10.170 -m shell -a "sleep 4" -B 5 -P 2 -T 2
192.168.10.170 | CHANGED => {
    "ansible_job_id": "660579276690.8952", 
    "changed": true, 
    "cmd": "sleep 4", 
    "delta": "0:00:04.009900", 
    "end": "2020-03-08 20:33:39.079987", 
    "finished": 1, 
    "rc": 0, 
    "start": "2020-03-08 20:33:35.070087", 
    "stderr": "", 
    "stderr_lines": [], 
    "stdout": "", 
    "stdout_lines": []
}

上面可以看到,我第一次将最大超时时间设置成5S、sleep 15;ansible告诉我最大请求反馈时间是5S。第二次我将sleep 改成4秒就正常了。上述参数选项说明如下:

  • -B:设置程序最大远程执行时间,并且放入后台执行。
  • -P:设置执行过程的轮询时间,这个参数是配合-B参数使用的;这里每2秒检查一下任务的执行进度
  • -T:设置ssh连接超时时间,意味着2秒如果没有连接上,任务失败。

 

异步并行任务

多台机器需要同时远程操作时,可以用-f来进行ansible任务的fork;

[root@k8s-master01 ~]# ansible 192.168.10.* -m shell -a "sleep 4" -f 3
192.168.10.170 | CHANGED | rc=0 >>


192.168.10.186 | CHANGED | rc=0 >>


[root@k8s-master01 ~]# ansible 192.168.10.* -m shell -a "sleep 4" -f 1
192.168.10.186 | CHANGED | rc=0 >>


192.168.10.170 | CHANGED | rc=0 >>

这里显示不明白,因为这里显示不出时间的先后,这里打字说明一下情况吧;第一次-f指定fork最大数3时,表示最多有3个节点可以并行执行,第二次-f指定fork数最大数是1是,表示只能一个节点一个节点的执行,但是这里要注意一下,如果你多个并行任务执行,ansible读取地址执行任务时在最大连接范围内可能不分先后,这个并行执行的先后顺序要注意一下

 

压缩输出参数

ansible 并发数调整 ansible groups_bash_02

ansible 并发数调整 ansible groups_python_03

[root@k8s-master01 ~]# ansible 192.168.10.170 -m shell -a "ip addr" -o
192.168.10.170 | CHANGED | rc=0 | (stdout) 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n    inet 127.0.0.1/8 scope host lo\n       valid_lft forever preferred_lft forever\n    inet6 ::1/128 scope host \n       valid_lft forever preferred_lft forever\n2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000\n    link/ether 52:54:00:b5:b5:32 brd ff:ff:ff:ff:ff:ff\n    inet 192.168.10.170/24 brd 192.168.10.255 scope global noprefixroute dynamic ens3\n       valid_lft 40946sec preferred_lft 40946sec\n    inet6 fe80::2f78:3130:6efe:4b3a/64 scope link noprefixroute \n       valid_lft forever preferred_lft forever
[root@k8s-master01 ~]# ansible 192.168.10.170 -m shell -a "ip addr"
192.168.10.170 | CHANGED | rc=0 >>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:b5:b5:32 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.170/24 brd 192.168.10.255 scope global noprefixroute dynamic ens3
       valid_lft 40941sec preferred_lft 40941sec
    inet6 fe80::2f78:3130:6efe:4b3a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

实例详情

这里可以看出,使用-o选项之后,ansible默认把系统默认的\n符号转换成了普通字符串\n;减少了输出的空内容

 

详细输出参数

有时候你想知道连接的详情,就通过-v或者N个-v选项来进行查看;例如:ansible的版本、配置文件、模块搜索路径、使用的python默认模块、python版本、调用的Inventory文件及连接的详情等等。

ansible 并发数调整 ansible groups_bash_02

ansible 并发数调整 ansible groups_python_03

[root@k8s-master01 ~]# ansible 192.168.10.170 -m shell -a "ip addr" -vvv
ansible 2.9.3
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
script declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with ini plugin
META: ran handlers
<192.168.10.170> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.10.170> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/a9efa3225b 192.168.10.170 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<192.168.10.170> (0, '/root\n', '')
<192.168.10.170> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.10.170> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/a9efa3225b 192.168.10.170 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1583671586.84-124750328385027 `" && echo ansible-tmp-1583671586.84-124750328385027="` echo /root/.ansible/tmp/ansible-tmp-1583671586.84-124750328385027 `" ) && sleep 0'"'"''
<192.168.10.170> (0, 'ansible-tmp-1583671586.84-124750328385027=/root/.ansible/tmp/ansible-tmp-1583671586.84-124750328385027\n', '')
<192.168.10.170> Attempting python interpreter discovery
<192.168.10.170> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.10.170> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/a9efa3225b 192.168.10.170 '/bin/sh -c '"'"'echo PLATFORM; uname; echo FOUND; command -v '"'"'"'"'"'"'"'"'/usr/bin/python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.5'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/libexec/platform-python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/bin/python3'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python'"'"'"'"'"'"'"'"'; echo ENDFOUND && sleep 0'"'"''
<192.168.10.170> (0, 'PLATFORM\nLinux\nFOUND\n/usr/bin/python\n/usr/bin/python2.7\n/usr/libexec/platform-python\n/usr/bin/python\nENDFOUND\n', '')
<192.168.10.170> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.10.170> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/a9efa3225b 192.168.10.170 '/bin/sh -c '"'"'/usr/bin/python && sleep 0'"'"''
<192.168.10.170> (0, '{"osrelease_content": "NAME=\\"CentOS Linux\\"\\nVERSION=\\"7 (Core)\\"\\nID=\\"centos\\"\\nID_LIKE=\\"rhel fedora\\"\\nVERSION_ID=\\"7\\"\\nPRETTY_NAME=\\"CentOS Linux 7 (Core)\\"\\nANSI_COLOR=\\"0;31\\"\\nCPE_NAME=\\"cpe:/o:centos:centos:7\\"\\nHOME_URL=\\"https://www.centos.org/\\"\\nBUG_REPORT_URL=\\"https://bugs.centos.org/\\"\\n\\nCENTOS_MANTISBT_PROJECT=\\"CentOS-7\\"\\nCENTOS_MANTISBT_PROJECT_VERSION=\\"7\\"\\nREDHAT_SUPPORT_PRODUCT=\\"centos\\"\\nREDHAT_SUPPORT_PRODUCT_VERSION=\\"7\\"\\n\\n", "platform_dist_result": ["centos", "7.6.1810", "Core"]}\n', '')
Using module file /usr/lib/python2.7/site-packages/ansible/modules/commands/command.py
<192.168.10.170> PUT /root/.ansible/tmp/ansible-local-84126c23rI/tmpPTfumZ TO /root/.ansible/tmp/ansible-tmp-1583671586.84-124750328385027/AnsiballZ_command.py
<192.168.10.170> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/a9efa3225b '[192.168.10.170]'
<192.168.10.170> (0, 'sftp> put /root/.ansible/tmp/ansible-local-84126c23rI/tmpPTfumZ /root/.ansible/tmp/ansible-tmp-1583671586.84-124750328385027/AnsiballZ_command.py\n', '')
<192.168.10.170> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.10.170> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/a9efa3225b 192.168.10.170 '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1583671586.84-124750328385027/ /root/.ansible/tmp/ansible-tmp-1583671586.84-124750328385027/AnsiballZ_command.py && sleep 0'"'"''
<192.168.10.170> (0, '', '')
<192.168.10.170> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.10.170> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/a9efa3225b -tt 192.168.10.170 '/bin/sh -c '"'"'/usr/bin/python /root/.ansible/tmp/ansible-tmp-1583671586.84-124750328385027/AnsiballZ_command.py && sleep 0'"'"''
<192.168.10.170> (0, '\r\n{"changed": true, "end": "2020-03-08 20:46:27.852608", "stdout": "1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\\n    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\\n    inet 127.0.0.1/8 scope host lo\\n       valid_lft forever preferred_lft forever\\n    inet6 ::1/128 scope host \\n       valid_lft forever preferred_lft forever\\n2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000\\n    link/ether 52:54:00:b5:b5:32 brd ff:ff:ff:ff:ff:ff\\n    inet 192.168.10.170/24 brd 192.168.10.255 scope global noprefixroute dynamic ens3\\n       valid_lft 40845sec preferred_lft 40845sec\\n    inet6 fe80::2f78:3130:6efe:4b3a/64 scope link noprefixroute \\n       valid_lft forever preferred_lft forever", "cmd": "ip addr", "rc": 0, "start": "2020-03-08 20:46:27.843091", "stderr": "", "delta": "0:00:00.009517", "invocation": {"module_args": {"creates": null, "executable": null, "_uses_shell": true, "strip_empty_ends": true, "_raw_params": "ip addr", "removes": null, "argv": null, "warn": true, "chdir": null, "stdin_add_newline": true, "stdin": null}}}\r\n', 'Shared connection to 192.168.10.170 closed.\r\n')
<192.168.10.170> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.10.170> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/a9efa3225b 192.168.10.170 '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1583671586.84-124750328385027/ > /dev/null 2>&1 && sleep 0'"'"''
<192.168.10.170> (0, '', '')
192.168.10.170 | CHANGED | rc=0 >>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:b5:b5:32 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.170/24 brd 192.168.10.255 scope global noprefixroute dynamic ens3
       valid_lft 40845sec preferred_lft 40845sec
    inet6 fe80::2f78:3130:6efe:4b3a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

META: ran handlers
META: ran handlers

实例详情

 

日志输出目录参数

[root@k8s-master01 ~]# ansible 192.168.10.170 -m shell -a "ip addr" -t /opt/file
192.168.10.170 | CHANGED | rc=0 >>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:b5:b5:32 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.170/24 brd 192.168.10.255 scope global noprefixroute dynamic ens3
       valid_lft 39575sec preferred_lft 39575sec
    inet6 fe80::2f78:3130:6efe:4b3a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

-t参数会在指定的目录生成输出文件,文件内容是按照压缩格式输出的,如果目录不存在会创建目录,并且在目录下面按照IP地址生成文件

 

排除主机或者组

[root@k8s-master01 ~]# ansible all -m ping -l test2
192.168.10.186 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
[root@k8s-master01 ~]# ansible all -m ping -l 192.168.10.170
192.168.10.170 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

-l或者--limit就是在一个指定组中或者一个地址范围中要限定的内容;比如:192.168.10.0/24网段的主机,test1组中有192.168.1.1及192.168.10.1,我现在只想让192.168.10.1去执行内容,其他的不想让他执行。这个地方跨网段测试没试过,日后留意