Ansible (1) Introduction, installation, basic configuration

Introduction to Ansible

Ansible is a lightweight automated management tool, it does not need to install an agent on the client, through OpenSSHor WinRMconnect to the managed host and run tasks.

Ansible installation

You only need to configure the epelsource on the control node host , and then perform the yum install ansibleinstallation. No operation is required on the managed host.
It is recommended that the pythonversion of the control node and the managed host be the same

Ansible configuration file

After the Ansibleinstallation is complete, a /etc/ansible/ansible.cfgconfiguration file will be generated by default . We can also use other configuration files

View the currently used configuration file

[root@localhost ~]# ansible --version |grep cfg
  config file = /etc/ansible/ansible.cfg

Set up other configuration files

AnsibleOnly the configuration in the first configuration file it retrieves will be used.
In addition to the default configuration file, we can also use configuration files in other locations. The order of priority from high to low is as follows:

# 通过环境变量指定的配置文件优先级最高
ANSIBLE_CONFIG 
# 其次是当前目录下的ansible.cfg文件
./ansible.cfg
# 再次是用户家目录下的.ansible.cfg文件
~/.ansible_cfg
# 默认的配置文件优先级最低
/etc/ansible/ansible.cfg

It is recommended to Ansiblecreate ansible.cfgfiles in the directory where the command is to be run , and place other related files in the same directory.

Configuration file content

AnsibleThe configuration file is sectordivided as. Each square bracket means onesector

Common options

# 基本配置
[defaults] 
# 该配置文件默认使用的inventory文件
inventory = /etc/ansible/hosts
# 该配置文件使用root用户进行ssh连接
remote_user = root
# 使用root用户进行ssh连接时不提示输入密码
ask_pass = false

# 权限提升相关配置
[privilege_escalation] 
# 如果remote_user使用root用户，就不需要配置提权部分。
# 如果remote_user不是root，但不需要做特权操作，也不需要配置
# 权限实际是否提升取决于被管理主机是否配置了sudoers文件

# 需要提权
become = true
# 提权的方式
become_method = sudo
# 提权到root用户
become_user = root
# 进行sudo操作的时候不需要输入密码
become_ask_pass = false

Ansible inventory file

inventoryThe file is to record which hosts can be Ansiblecontrolled. The
inventoryfile can be divided into static files and dynamic files.

Static inventory file

A static inventoryfile is a text file that records the managed hosts ipor host
can place multiple hosts in a host group for easy batch management. You can also put multiple host groups into one large group. Multiple hosts
can be []specified using symbols

# 主机示例
# 使用IP地址  
192.169.1.100
# 使用主机名
servera

# 主机组示例 
# group1中包含server1和server2
[group1]
server1
server2
# group2中包含server3和server4
[group2]
server[3:4]
# group3中包含group1和group2里面的所有主机
# 使用:children来代表下面定义的是主机组
[group3:children]
group1
group2

Special group

In addition to inventorythe groups defined in the file, Ansiblethere are two special groups

• allRepresents inventoryall managed hosts in the host
• ungrouped Represents a managed host that does not belong to any host group

Dynamic inventory file

A dynamic inventoryfile is actually a script that can be used to obtain information about the managed host from other locations.
The script can be written in any language, and the returned value needs to be in the JSONformat

Use dynamic inventory files

ansible -i inventory.py all --list-hosts
Note that dynamic inventoryfiles need to have execution permissions

Use JSON format to view inventory files

ansible-inventory -i inventory --list

Comparison and description of static inventory file and JSON format

# 静态inventory文件
[root@localhost ~]#  cat inventory
server1

[group1]
server2 user=root
server3

[group2]
server[4:6]

[group3:children]
group1
group2

[group2:vars]
user=devops
password=123

# 对应的JSON格式文件
[root@localhost ~]#  ansible-inventory -i inventory --list
## 整个JSON是一个Python中的字典，该字典中的key值包括以下两种
## 1. `_mata` 记录了所有主机和主机的变量
## 2. `主机组名` 记录了组中的主机列表或子组列表
{
   ## _mata的值是一个字典，其中包括一个hostvars的key，对应的value是一个记录主机名和相关变量的字典
    "_meta": {
        "hostvars": {
            # hostvars的值，是以主机名为key的字典，如果主机名没有变量，对应的value值是个空字典，如果主机名有对应的变量，对应的value值是一个key=变量名，value=变量值的字典
           # 注意主机组变量在这里会记录到组中的所有主机中
            "server1": {},
            "server2": {
                "user": "root"
            },
            "server3": {},
            "server4": {
                "password": 123,
                "user": "devops"
            },
            "server5": {
                "password": 123,
                "user": "devops"
            },
            "server6": {
                "password": 123,
                "user": "devops"
            }
        }
    },

  ## 主机组名作为key的value值也是字典，该字典的key-value可能有以下几种
  ## key=children  value=子主机组的列表
  ## key=hosts value=组中主机的列表
  ## key=vars  value=对应变量的字典
    "all": {
        "children": [
            "group3",
            "ungrouped"
        ]
    },
    "group1": {
        "hosts": [
            "server2",
            "server3"
        ]
    },
    "group2": {
        "hosts": [
            "server4",
            "server5",
            "server6"
        ]
    },
    "group3": {
        "children": [
            "group1",
            "group2"
        ]
    },
    "ungrouped": {
        "hosts": [
            "server1"
        ]
    }
}

View the host defined in inventory

ansible -i inventory group1 --list-hosts