Ansible principle and installation and deployment

Today, we started learning Ansible, an operation and maintenance automation tool.

1. Ansible principle

1.1 What is Ansible

Ansible is an open source platform / framework that integrates IT system configuration management, application deployment, and specific tasks. Based on the Python language, the core modules include: jinja2, PyYAML and paramiko. Ansible allows repeated execution without errors, no agent on the client, and no deamon process on the server. Ansible features:

• Ansible supports API interface calls, such as CMDB calls or public cloud interface calls

• Ansible is a framework that works based on modules and plugins

• Work based on SSH, that is, the managed end must support SSH management

• Write powerful configuration and state management through playbooks to achieve automation

 

1.2 Ansible important components

• Module: Ansible is composed of multiple functional modules

• playbook: Ansible playbook, use yml syntax to call different function modules to complete specific functions

• roles: Ansbiel roles. You can use the ansible-galaxy command to download the role roles of the third party.

• ansible-vault: file encryption tool

• ansilbe-console: interact with users based on console

• ansible-doc: help documentation, -l all modules, -s brief help

   

1.3 Ansible execution process and principle description

1. Load the configuration file, the default is /etc/ansible/ansible.cfg

2. Load the corresponding module

3. Produce temporary py files and transfer them to the target machine's ~ / .ansible / tmp directory

4. Add + x permission to the py file, execute and return the result

5. Delete py file and sleep 0 to exit

 

1.4 Ansible execution status description

• Green: successful execution, no need to make changes

• Yellow: successful execution, change the target host

• Red: execution failed

 

2. Ansible installation and configuration

2.1 Install Ansible

Install Ansible, taking CentOS 7.6 as an example:

  [root@ansible ~]# cat /etc/redhat-release 
    CentOS Linux release 7.6.1810 (Core) 
    [root@ansible ~]# uname -a
    Linux ansible 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
#配置epel源
    [root@ansible ~]# cat /etc/yum.repos.d/epel-7.repo 
    [epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
    baseurl=http://mirrors.aliyun.com/epel/7/$basearch
    failovermethod=priority
    enabled=1
    gpgcheck=0
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
    [epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
    baseurl=http://mirrors.aliyun.com/epel/7/$basearch/debug
    failovermethod=priority
    enabled=0
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
    gpgcheck=0
    [epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
    baseurl=http://mirrors.aliyun.com/epel/7/SRPMS
    failovermethod=priority
    enabled=0
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
    gpgcheck=0
#安装Ansible
    [root@ansible ~]# yum install ansible -y
#查看已安装Ansible版本
    [root@ansible ~]# ansible --version
    ansible 2.8.2
      config file = /etc/ansible/ansible.cfg
      configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
      ansible python module location = /usr/lib/python2.7/site-packages/ansible
      executable location = /usr/bin/ansible
      python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
    [root@ansible yum.repos.d]# 
    ansible-2.8.2-1.el7.noarch

　　View Ansible related documents

yum info ansible
rpm -qa ansible
rpm -ql ansibel | less

 

2.2 Ansible configuration file

The main configuration files and functions of Ansible are as follows:

/ etc / ansible / 
    ├── ansible.cfg # Ansible main configuration file 
    ├── hosts #Used to define the list of managed machines 
    └── roles #This directory is used to define roles


/etc/ansible/ansible.cfgDescription of main parameters of 　　Ansible configuration file

#Close the outdated parameter alarm deprecation_warnings = False #Close the 
    command alarm 
command_warnings = False 
    #Do not check for the first connection, cooperate with the following playbook to achieve password-free ssh login 
host_key_checking = False #Set the 
    number of parallels 
forks = 40 
#Open the 
    log log_path = / var / log / ansible.log 
    #ssh timeout time 
timeout = 30

　　

2.3 hosts list

The default hosts file /etc/ansible/hosts, the operated host must be in the hosts list.

CD / etc / ansible 
Vim the hosts 
    # packet 
[Mons] 
    # Set host alias 
Ceph-Node-ansible_ssh_host. 1 = 172.16.93.1 
[Client] 
172.16.93.1:2222 
    # also supported domain and host names, final interpretation to the IP 
    # regular support Expression 
[kvm_node_all] 
172.16.93. [6: 9] 
#Set 
    grouping host variable [kvm_node_all: vars] 
ansible_ssh_user = root 
ansible_ssh_pass = Efly1234 
ansible_ssh_port = 22 
#Automatic 
    meaning variable my_name = zhangsan #Host 
    inheritance relationship, will inherit the parent ’s inheritance All variables 
[kvm_node_all: children] 
client

　　

2.4 Ansible supervisor and managed machine do keys authentication (optional)

# Generate secret key 
    ssh-keygen 
# After generation, you will get the following 2 files 
    [root @ ansible ~] # tree /root/.ssh/ 
    /root/.ssh/ 
    ├── id_rsa 
    └── id_rsa.pub 
# The public key Write to the managed machine 
    ssh-copy-id 192.168.199.52 
# or 
    ssh-copy-id -i /root/.ssh/id_rsa.pub -p 22 [email protected]