Today, we started learning Ansible, an operation and maintenance automation tool.
1. Ansible principle
1.1 What is Ansible
Ansible is an open source platform / framework that integrates IT system configuration management, application deployment, and specific tasks. Based on the Python language, the core modules include: jinja2, PyYAML and paramiko. Ansible allows repeated execution without errors, no agent on the client, and no deamon process on the server. Ansible features:
-
Ansible supports API interface calls, such as CMDB calls or public cloud interface calls
-
Ansible is a framework that works based on modules and plugins
-
Work based on SSH, that is, the managed end must support SSH management
-
Write powerful configuration and state management through playbooks to achieve automation
1.2 Ansible important components
-
Module: Ansible is composed of multiple functional modules
-
playbook: Ansible playbook, use yml syntax to call different function modules to complete specific functions
-
roles: Ansbiel roles. You can use the ansible-galaxy command to download the role roles of the third party.
-
ansible-vault: file encryption tool
-
ansilbe-console: interact with users based on console
-
ansible-doc: help documentation, -l all modules, -s brief help
1.3 Ansible execution process and principle description
-
Load the configuration file, the default is /etc/ansible/ansible.cfg
-
Load the corresponding module
-
Produce temporary py files and transfer them to the target machine's ~ / .ansible / tmp directory
-
Add + x permission to the py file, execute and return the result
-
Delete py file and sleep 0 to exit
1.4 Ansible execution status description
-
Green: successful execution, no need to make changes
-
Yellow: successful execution, change the target host
-
Red: execution failed
2. Ansible installation and configuration
2.1 Install Ansible
Install Ansible, taking CentOS 7.6 as an example:
[root@ansible ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@ansible ~]# uname -a Linux ansible 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux #配置epel源 [root@ansible ~]# cat /etc/yum.repos.d/epel-7.repo [epel] name=Extra Packages for Enterprise Linux 7 - $basearch baseurl=http://mirrors.aliyun.com/epel/7/$basearch failovermethod=priority enabled=1 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 [epel-debuginfo] name=Extra Packages for Enterprise Linux 7 - $basearch - Debug baseurl=http://mirrors.aliyun.com/epel/7/$basearch/debug failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 gpgcheck=0 [epel-source] name=Extra Packages for Enterprise Linux 7 - $basearch - Source baseurl=http://mirrors.aliyun.com/epel/7/SRPMS failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 gpgcheck=0 #安装Ansible [root@ansible ~]# yum install ansible -y #查看已安装Ansible版本 [root@ansible ~]# ansible --version ansible 2.8.2 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] [root@ansible yum.repos.d]# ansible-2.8.2-1.el7.noarch
View Ansible related documents
yum info ansible rpm -qa ansible rpm -ql ansibel | less
2.2 Ansible configuration file
The main configuration files and functions of Ansible are as follows:
/ etc / ansible / ├── ansible.cfg # Ansible main configuration file ├── hosts #Used to define the list of managed machines └── roles #This directory is used to define roles
Description of main parameters of Ansible configuration file
/etc/ansible/ansible.cfg
#Close the outdated parameter alarm deprecation_warnings = False #Close the command alarm command_warnings = False #Do not check for the first connection, cooperate with the following playbook to achieve password-free ssh login host_key_checking = False #Set the number of parallels forks = 40 #Open the log log_path = / var / log / ansible.log #ssh timeout time timeout = 30
2.3 hosts list
The default hosts file /etc/ansible/hosts
, the operated host must be in the hosts list.
CD / etc / ansible Vim the hosts # packet [Mons] # Set host alias Ceph-Node-ansible_ssh_host. 1 = 172.16.93.1 [Client] 172.16.93.1:2222 # also supported domain and host names, final interpretation to the IP # regular support Expression [kvm_node_all] 172.16.93. [6: 9] #Set grouping host variable [kvm_node_all: vars] ansible_ssh_user = root ansible_ssh_pass = Efly1234 ansible_ssh_port = 22 #Automatic meaning variable my_name = zhangsan #Host inheritance relationship, will inherit the parent ’s inheritance All variables [kvm_node_all: children] client
2.4 Ansible supervisor and managed machine do keys authentication (optional)
# Generate secret key ssh-keygen # After generation, you will get the following 2 files [root @ ansible ~] # tree /root/.ssh/ /root/.ssh/ ├── id_rsa └── id_rsa.pub # The public key Write to the managed machine ssh-copy-id 192.168.199.52 # or ssh-copy-id -i /root/.ssh/id_rsa.pub -p 22 [email protected]