Article Directory
Introduction
1. What is ansible? The official title is "Ansible is Simple IT Automation"-a simple automated IT tool.
2. It can also be simply understood that ansible is an automated operation and maintenance tool based on Python paramiko. It combines the advantages of many operation and maintenance tools (puppet, chef, func, fabric), and realizes batch system configuration, batch program deployment, and batch Run commands and other functions.
1.Ansible overview
1.1 ansible-automated operation and maintenance tool
- Ansible can manage Redhat-based Linux, Debian-based Linux, and Windows hosts at the same time. The management node only connects to the remote host when executing the script, and there is no special synchronization mechanism, so abnormalities such as power failure will generally not affect ansible;
- Ansible is a newly emerging automated operation and maintenance tool. It is developed based on Python and integrates the advantages of many operation and maintenance tools (puppet, cfengine, chef, func, fabric) to realize batch system configuration, batch program deployment, batch operation commands and other functions;
- Ansible works based on modules and does not have the capability of batch deployment. The real batch deployment is the module run by ansible, and ansible just provides a framework. Ansible does not need to install client/agents on the remote host because they are based on ssh to communicate with the remote host;
- Ansible has been officially acquired by Red Hat. It is the most recognized automated operation and maintenance tool. It is easy to use and easy to learn. It is one of the skills that every operation and maintenance engineer must master.
1.2 Ansible frame content
mainly include:
- Connection plugins: responsible for communicating with the monitored terminal;
- host inventory: The host for the specified operation is a host that is monitored in a configuration file;
- Various modules core module, command module, custom module;
- With the help of plug-ins to complete functions such as logging emails;
- Playbook: When the script executes multiple tasks, it is not necessary to let the node run multiple tasks at once.
1.3 Ansible features
1、部署简单,只需在主控端部署Ansible环境,被控端无需做任何操作;
2、默认使用SSH协议对设备进行管理;
3、有大量常规运维操作模块,可实现日常绝大部分操作;
4、配置简单、功能强大、扩展性强;
5、支持API及自定义模块,可通过Python轻松扩展;
6、通过Playbooks来定制强大的配置、状态管理;
7、轻量级,无需在客户端安装agent,更新时,只需在操作机上进行一次更新即可;
8、提供一个功能强大、操作性强的Web管理界面和REST API接口——AWX平台。
特别注意:ansible架构中,连接其他主机时默认使用的一定是ssh协议
2. Ansible working mechanism and task execution
2.1 Ansible working principle
- ansible architecture diagram
- As can be seen from the figure, the composition of Ansible consists of 5 parts:
1、Ansible :Ansible核心程序
2、Modules :包括 Ansible 自带的核心模块及自定义模块
CoreModules:核心模块,主要操作是通过调用核心模块来完成管理任务。
Custom Modules:自定义模块,完成核心模块无法完成的功能,支持多种语言。
3、Plugins :完成模块功能的补充,包括连接插件、邮件插件等
Connection Plugins:连接插件,Ansible和Host通信使用
4、Playbooks :剧本;定义 Ansible 多任务配置文件,由Ansible 自动执行。YAML格式文件,多个任务定义在一个文件中,定义主机需要调用哪些模块来完成的功能。
5、Host Inventory :定义 Ansible 管理主机的清单,记录由Ansible管理的主机信息,包括端口、密码、ip等。
2.2 Ansible task execution
- Ansible task execution mode:
Ansible system can be divided into two categories by the control host to the managed nodes, namely adhoc and playbook:
1、ad-hoc模式(点对点模式)
使用单个模块,支持批量执行单条命令。ad-hoc 命令是一种可以快速输入的命令,而且不需要保存起来的命令。就相当于
bash中的一句话shell。
2、playbook模式(剧本模式)
是Ansible主要管理方式,也是Ansible功能强大的关键所在。playbook通过多个task集合完成一类功能,如Web服务的
安装部署、数据库服务器的批量备份等。可以简单地把playbook理解为通过组合多条ad-hoc操作的配置文件。
2.3 Execution process
- The simple understanding is that when Ansible is running, it first reads the configuration in ansible.cfg, obtains the list of management hosts in Inventory according to the rules, executes the configuration tasks in these hosts in parallel, and finally waits for the results to be returned.
2.4 Ansible command execution process
1、加载自己的配置文件,默认/etc/ansible/ansible.cfg;
2、查找对应的主机配置文件,找到要执行的主机或者组;
3、加载自己对应的模块文件,如 command默认模块;
4、通过ansible将模块或命令生成对应的临时py文件(python脚本), 并将该文件传输至远程服务器;
5、对应执行用户的家目录的.ansible/tmp/XXX/XXX.PY文件;
6、给文件 +x 执行权限;
7、执行并返回结果;
8、删除临时py文件,sleep 0退出;
3. Ansible environment installation and deployment
3.1 Install ansible and configure related environment
- Confirm the IP of the management end and the managed end
管理端master:192.168.140.20
被管理端node1:192.168.140.21
被管理端node2:192.168.140.22
注意:ansible环境配置,只需要在管理端进行配置即可
- Turn off firewall and core protection
[root@master ~]# iptables -F
[root@master ~]# setenforce 0
- Install epel source and ansible tool
[root@master ~]# yum install -y epel-release
[root@master ~]# yum install ansible -y
[root@master ~]# ansible --version '//查看ansible版本'
- Install the tree structure and display ansible related configuration files
[root@master ~]# yum install tree -y
[root@master ~]# tree /etc/ansible/
/etc/ansible/
├── ansible.cfg '//ansible的配置文件'
├── hosts '//ansible的主仓库,用于存储需要管理的远程主机的相关信息'
└── roles '//角色'
1 directory, 2 files
- Configure the host list
[root@master ~]# vim /etc/ansible/hosts
...'//定义一个主机组[组名]把地址或主机名加进去'
[webserver]
192.168.140.21
[mysql]
192.168.140.22
- Configure public and private keys, set up interactive proxy
配置密钥对验证,这样的话,就可以实现无密码登录
[root@master ~]# ssh-keygen -t rsa '//生成私钥,提示信息按回车即可'
[root@master ~]# ssh-copy-id root@192.168.140.21 '//向主机分发私钥,需要输入被管理端的root登录密码'
[root@master ~]# ssh-copy-id root@192.168.140.22
免交互代理
[root@master ~]# ssh-agent bash
[root@master ~]# ssh-add
注意,如果出现了一下报错:
-bash: ssh-copy-id: command not found
那么就证明我们需要安装一个包:
yum -y install openssh-clientsansible
把包安装上即可
3.2 Ansible program structure
- The installation directory is as follows (yum installation):
配置文件目录:/etc/ansible/
执行文件目录:/usr/bin/
Lib库依赖目录:/usr/lib/pythonX.X/site-packages/ansible/
Help文档目录:/usr/share/doc/ansible-X.X.X/
Man文档目录:/usr/share/man/man1/
3.3 ansible configuration file
- The configuration file of ansible is /etc/ansible/ansible.cfg. Ansible has many parameters, common parameters:
inventory = /etc/ansible/hosts #这个参数表示资源清单inventory文件的位置
library = /usr/share/ansible #指向存放Ansible模块的目录,支持多个目录方式,只要用冒号(:)隔开就可以
forks = 5 #并发连接数,默认为5
sudo_user = root #设置默认执行命令的用户
remote_port = 22 #指定连接被管节点的管理端口,默认为22端口,建议修改,能够更加安全
host_key_checking = False #设置是否检查SSH主机的密钥,值为True/False。关闭后第一次连接不会提示配置实例
timeout = 60 #设置SSH连接的超时时间,单位为秒
log_path = /var/log/ansible.log #指定一个存储ansible日志的文件(默认不记录日志)