1. Introduction:
Ansible is a new automated operation and maintenance tool. It is developed based on Python and integrates the advantages of many operation and maintenance tools (puppet, cfengine, chef, func, fabric), and realizes functions such as batch system configuration, batch program deployment, and batch running commands.
Ansible works based on modules and does not have the ability to deploy in batches. What really has batch deployment is the modules that ansible runs, ansible just provides a framework. mainly includes:
(1), connection plugins connection plugins: responsible for communicating with the monitored end;
(2), host inventory: The host that specifies the operation is the host that defines the monitoring in a configuration file;
(3), various modules core module, command module, custom module;
(4), with the help of plug-ins to complete functions such as recording log mails;
(5), playbook: When the script performs multiple tasks, it is not necessary to allow the node to run multiple tasks at one time.
Ansible manages machines through the SSH protocol by default. After installing Ansible, there is no need to start or run a background process, or add a database. As long as it is installed on a computer (can be a laptop), it can be managed through this computer A set of remote machines. No software needs to be installed or run on the remote managed machines, so upgrading Ansible versions shouldn't be too problematic.
Ansible is an IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments or zero downtime rolling updates.
Ansible’s main goals are simplicity and ease-of-use. It also has a strong focus on security and reliability, featuring a minimum of moving parts, usage of OpenSSH for transport (with an accelerated socket mode and pull modes as alternatives), and a language that is designed around auditability by humans–even those not familiar with the program.
All right! The above is completely cobbled together, but it suffices to describe the features of Ansible. The feature of ansible is that it does not need to install a client, only one host needs to install ansible and related components. Ansible will communicate with the managed host through OpenSSH by default, and complete a series of commands. Of course, if the host cannot use OpenSSH, ansible also provides other communication methods, such as python's pramamiko module (ansible is developed using py). If you think about it carefully, it seems that the principle is not complicated. You can use ssh in bash to achieve it, but the function of ansible is far more than that. It just provides a framework. The real power is its extensible modules and derivatives of ansible. (The main modules are introduced above)
The workflow of ansible is roughly as follows:
If you want to master a tool, the fastest way is to use it, starting from setting up the environment↓
2. Installation
The official website provides a variety of installation methods: http://docs.ansible.com/ansible/latest/intro_installation.html , including using yum, apt, Python's pip, and source code installation. The author uses the Ubuntu system for testing, so I choose apt directly for convenience:
$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo apt-add-repository ppa:ansible/ansible $ sudo apt-get update $ sudo apt-get install ansible
Note: Ansible relies on the Python runtime environment, so before installing ansible, you need to install Python version 2.7 or higher.
After installation, open the /etc/ansible/hosts file, which configures the managed host. Ansible will look for the managed host in the /etc/ansible/hosts file by default. Of course, you can also use -i or define environment variables. way to customize.
There are a lot of commented out configurations in hosts. These comments briefly introduce the configuration method of the file. Let's ignore it and add a line at the bottom of the file:
127.0.0.1 ansible_connection=ssh ansible_ssh_user=app
Note: 127.0.0.1 is the ip of the managed host. Since I only have one host, I have to configure it to experiment by myself! ansible_ssh_user is the user used to connect to the managed host.
have a test:
ansible all -m ping --ask-pass -c paramiko
Note: The ping module is used to test connectivity, (-m is used to specify which module to use, --ask-pass asks for password, -c paramiko replaces sshpass). Since my machine doesn't have sshpass installed, I use Python's paramiko instead. all specifies the managed host group, all means that all hosts configured in hosts must execute this command.
After entering the password, the result is as follows:
SSH password:
127.0.0.1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
Indicates that the execution was successful.
3. Simple configuration:
- Customize the hosts file, now I don't want to use the /etc/ansible/hosts file to configure the managed hosts, I want to customize a file in the $home/ directory as hosts:
$ cd ~ $ touch ansible_hosts $ echo '[appServer]' >>ansible_hosts $ echo '127.0.0.1 ansible_connection=ssh ansible_ssh_user=app' >>ansible_hosts $ cat ansible_hosts [appServer] 127.0.0.1 ansible_connection=ssh ansible_ssh_user=app
For the convenience of testing, we first comment out the host information configured in /etc/ansible/hosts, and use -i to specify the file as the hosts file:$ ansible all -m shell -a "hostname" --ask-pass -i ~/ansible_hosts
The command is executed successfully, but it is too troublesome to use -i every time. We can solve it by configuring the ANSIBLE_HOSTS environment variable:$ echo 'export ANSIBLE_HOSTS=~/ansible_hosts' >> ~/.bashrc #Add environment variables $ source ~/.bashrc #Make environment variables take effect immediately
Do not use -i now:ansible all -m shell -a "hostname" --ask-pass
execution succeed. - Using --ask-pass to enter the password every time is too troublesome. Of course, we can use ansible_ssh_pass to configure the password into the hosts file, as follows, but this method of storing plaintext passwords is not recommended.
127.0.0.1 ansible_connection=ssh ansible_ssh_user=app ansible_ssh_pass=123456
Our usual practice is to use the public key to log in to the managed host. Ansible provides a key management module:$ #generate public key $ ssh-keygen -t rsa $ #Use the ssh key management module to write the public key to the host $ ansible all -m authorized_key -a "user=admin key='{{ lookup('file', '/servers/.ssh/id_rsa.pub') }}' path=/servers/.ssh/authorized_keys manage_dir=no" --ask-pass -c paramikoOr we can use the file module to transfer the key file to the managed host and write it using the shell:$ #Pass the public key to the managed host $ ansible all -m copy -a "src=/servers/.ssh/id_rsa.pub dest=/tmp/id_rsa.pub" --ask-pass -c paramiko $ #Write the public key to the managed host $ ansible all -m shell -a "cat /tmp/id_rsa.pub >> /root/.ssh/authorized_keys" --ask-pass -c paramiko -u root #Need to start root user ssh login
Note: -u specifies the login user. Note that if you want to use the root user to log in, you need to enable the root user's ssh login permission. If not, the method is as follows:$ #Allow root user to log in using ssh $ sudo vi /etc/ssh/sshd_config $ #Modify the configuration content: PermitRootLogin yes $ service sshd restart #Restart ssh to take effect
Verify it:$ ansible all -m shell -a "hostname"
You can execute successfully without entering a password!
This chapter is written here first!