1. Introduction to Ansible

Ansible is a new automated operation and maintenance tool. It is developed based on Python and combines the advantages of many operation and maintenance tools (puppet, cfengine, chef, func, fabric). It realizes the functions of batch system configuration, batch program deployment, batch running commands and so on. Ansible works based on modules and does not have the ability to deploy in batches. What really has batch deployment is the modules that Ansible runs, Ansible just provides a framework.

1. Ansible framework

Connection plugins: responsible for communicating with the monitored end;
host inventory: The host for the specified operation is the host defined in a configuration file for monitoring;
Various modules core module, command module, custom module;
With the help of plug-ins to complete functions such as recording log mails;
playbook: When the playbook executes multiple tasks, it is optional to let the node run multiple tasks at a time.

2. Ansible architecture diagram

Automated operation and maintenance tool Ansible combat (1) Introduction and deployment

Ansible core component description
Ansible: The core program of Ansible;
Host Lnventory: records each host information managed by Ansible, including ssh port, root account password, ip address, etc. It can be loaded through file, and can be loaded through CMDB;
Playbooks: YAML format file, multiple tasks are defined in one file, and can be called uniformly when used, "playbooks" are used to define those functions that the host needs to call those modules to complete;
Core Modules: Ansible performs any management tasks not by Ansible itself, but by the core modules; before Ansible manages the host, it first calls the modules in the core Modules, and then specifies the host in the Host Lnventory to manage the host;
Custom Modules: Custom modules to complete functions that Ansible core modules cannot complete. This module supports writing in any language;
Connection Plugins: Connection plugins, used by Ansible and Host communication.

3. Basic features of Ansible

no agents: no client needs to be installed on the managed host;
no server: There is no server side, just run the command directly when using it;
modules in any languages: work based on modules, and modules can be developed in any language;
yaml, not code: use yaml language to customize the playbook of the script;
ssh by default: work based on SSH;
strong multi-tier solution: Multi-level command can be realized.
4. Advantages of Ansible
Lightweight, no need to install an agent on the client, when updating, you only need to update it once on the operating machine;
Batch task execution can be written as a script, and it can be executed without being distributed to a remote location;
Written in python, maintenance is simpler, ruby syntax is too complicated;
Support sudo.

5. Ansible task execution process

Automated operation and maintenance tool Ansible combat (1) Introduction and deployment
Note: Most of the above content is based on the sharing of others, and is used for learning and reference;

3. Installation of Ansible

1. System environment

System Platform: CentOS 7.3
Ansible Server: 192.168.8.55
Ansible Client: 192.168.8.66

(1) Write hosts record

[root@Ansible ~]# echo "192.168.8.55 Ansible" >> /etc/hosts
[root@Ansible ~]# echo "192.168.8.66 Client" >> /etc/hosts

(2) Turn off firewalld and selinux

[root@Ansible ~]# systemctl stop firewalld && systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

(3) Close selinux

[root@Ansible ~]# setenforce 0
[root@Ansible ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

2, yum source installation

(1) Configure the epel yum source to install the corresponding basic modules, which can be installed directly using yum

[root@Ansible ~]# yum -y install python PyYAML python-paramiko python-jinja2 python-simplejson

(2) Install Ansible

[root@Ansible ~]# yum -y install ansible

3. Source package installation (recommended)

Ansible installation depends on many plug-ins, so first install the plug-ins
[root@Ansible ~]# yum -y install gcc zlib zlib-devel openssl openssl-devel libffi-devel
(1) python3.6 installation
of Ansible is developed in Python, using Ansible requires the operating system to have Python, and Python version 2.6 or above is recommended.

[root@Ansible ~]# wget https://www.python.org/ftp/python/3.6.4/Python-3.6.4.tgz
[root@Ansible ~]# tar xvzf Python-3.6.4.tgz -C /usr/src/
[root@Ansible ~]# cd /usr/src/Python-3.6.4/
[root@Ansible Python-3.6.4]# ./configure --prefix=/usr/local
[root@Ansible Python-3.6.4]# make
[root@Ansible Python-3.6.4]# make install

Copy the python header files to the standard directory to avoid missing the required header files when compiling ansible

[root@Ansible Python-3.6.4]# cd /usr/local/include/python3.6m/
[root@Ansible python3.6m]# cp -a ./* /usr/local/include/

Backup the old version of python, and symlink the new version of python

[root@Ansible python3.6m]# cd /usr/bin/
[root@Ansible bin]# mv python python.old
[root@Ansible bin]# ln -s /usr/local/bin/python3.6 /usr/local/bin/python
[root@Ansible bin]# rm -rf /usr/bin/python
[root@Ansible bin]# cp /usr/local/bin/python3.6 /usr/bin/python

Modify the yum script to point to the old version of python, which has prevented it from running

[root@Ansible bin]# vim /usr/bin/yum

Change #!/usr/bin/python to #!/usr/bin/python2.7
Automated operation and maintenance tool Ansible combat (1) Introduction and deployment

[root@Ansible bin]# vim /usr/libexec/urlgrabber-ext-down

Change #!/usr/bin/python to #!/usr/bin/python2.7
Automated operation and maintenance tool Ansible combat (1) Introduction and deployment

[root@Ansible bin]# python   --测试安装版本是否为Python 3.6.4
Python 3.6.4 (default, Apr 17 2018, 11:03:21) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-11)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> exit()   --退出python

(2) Setuptools module installation

[root@Ansible ~]# wget https://files.pythonhosted.org/packages/72/c2/c09362ab29338413ab687b47dab03bab4a792e2bbb727a1eb5e0a88e3b86/setuptools-39.0.1.zip
[root@Ansible ~]# unzip setuptools-39.0.1.zip -d /usr/src/
[root@Ansible ~]# cd /usr/src/setuptools-39.0.1/
[root@Ansible setuptools-39.0.1]# python setup.py install

After installing setuptools, you can use the easy_install tool to install the following python modules, but my computer is a virtual machine, and the configuration is too low, so it is basically impossible to install, so I have to download and install them one by one.

(3) pycrypto module installation

[root@Ansible ~]# wget https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gz
[root@Ansible ~]# tar xvzf pycrypto-2.6.1.tar.gz -C /usr/src/
[root@Ansible ~]# cd /usr/src/pycrypto-2.6.1/
[root@Ansible pycrypto-2.6.1]# python setup.py install

(4) PyYAML module installation

[root@Ansible ~]# wget http://pyyaml.org/download/libyaml/yaml-0.1.7.tar.gz
[root@Ansible ~]# tar xvzf yaml-0.1.7.tar.gz -C /usr/src/
[root@Ansible ~]# cd /usr/src/yaml-0.1.7/
[root@Ansible yaml-0.1.7]# ./configure --prefix=/usr/local
[root@Ansible yaml-0.1.7]# make --jobs=`grep processor /proc/cpuinfo | wc -l`
[root@Ansible yaml-0.1.7]# make install

[root@Ansible ~]# wget http://pyyaml.org/download/pyyaml/PyYAML-3.12.tar.gz
[root@Ansible ~]# tar xvzf PyYAML-3.12.tar.gz -C /usr/src/
[root@Ansible ~]# cd /usr/src/PyYAML-3.12/
[root@Ansible PyYAML-3.12]# python setup.py install

(5) Jinja2 module installation

[root@Ansible ~]# wget https://pypi.python.org/packages/source/M/MarkupSafe/MarkupSafe-0.9.3.tar.gz
[root@Ansible ~]# tar xvzf MarkupSafe-0.9.3.tar.gz -C /usr/src/
[root@Ansible ~]# cd /usr/src/MarkupSafe-0.9.3/
[root@Ansible MarkupSafe-0.9.3]# python setup.py install

[root@Ansible ~]# wget https://files.pythonhosted.org/packages/56/e6/332789f295cf22308386cf5bbd1f4e00ed11484299c5d7383378cf48ba47/Jinja2-2.10.tar.gz
[root@Ansible ~]# tar xvzf Jinja2-2.10.tar.gz -C /usr/src/
[root@Ansible ~]# cd /usr/src/Jinja2-2.10/
[root@Ansible Jinja2-2.10]# python setup.py install

(6) paramiko module installation

[root@Ansible ~]# wget https://files.pythonhosted.org/packages/f9/e5/99ebb176e47f150ac115ffeda5fedb6a3dbb3c00c74a59fd84ddf12f5857/ecdsa-0.13.tar.gz
[root@Ansible ~]# tar xvzf ecdsa-0.13.tar.gz -C /usr/src/
[root@Ansible ~]# cd /usr/src/ecdsa-0.13/
[root@Ansible ecdsa-0.13]# python setup.py install

[root@Ansible ~]# https://files.pythonhosted.org/packages/29/65/83181630befb17cd1370a6abb9a87957947a43c2332216e5975353f61d64/paramiko-2.4.1.tar.gz
[root@Ansible ~]# tar xvzf paramiko-2.4.1.tar.gz -C /usr/src/
[root@Ansible ~]# cd /usr/src/paramiko-2.4.1/
[root@Ansible paramiko-2.4.1]# python setup.py install

(7) Simplejson module installation

[root@Ansible ~]# wget https://files.pythonhosted.org/packages/0d/3f/3a16847fe5c010110a8f54dd8fe7b091b4e22922def374fe1cce9c1cb7e9/simplejson-3.13.2.tar.gz
[root@Ansible ~]# tar xvff simplejson-3.13.2.tar.gz -C /usr/src/
[root@Ansible src]# cd /usr/src/simplejson-3.13.2/
[root@Ansible simplejson-3.13.2]# python setup.py install

(8) Ansible installation

[root@Ansible ~]# wget https://files.pythonhosted.org/packages/4a/3b/9d98e132074bb6a3f18fd811db2819fbde6fc8a26fad9a40b49e53cb2455/ansible-2.5.0.tar.gz
[root@Ansible ~]# tar xf ansible-2.5.0.tar.gz -C /usr/src/
[root@Ansible ~]# cd /usr/src/ansible-2.5.0/
[root@Ansible ansible-2.5.0]# python setup.py install

3. Ansible configuration

1. Ansible configuration

Note: After installing Ansible on centos7.0, it is found that ansible.cfg cannot be found. The path of the configuration file is as follows, and the configuration file is copied to the past.
Automated operation and maintenance tool Ansible combat (1) Introduction and deployment

[root@Ansible ansible-2.5.0]# cd examples/
[root@Ansible examples]# pwd        --注意路径
/usr/src/ansible-2.5.0/examples
[root@Ansible examples]# ls
ansible.cfg  hosts
[root@Ansible examples]# mkdir /etc/ansible        --创建ansible目录
[root@Ansible examples]# cp ansible.cfg hosts /etc/ansible/      --拷贝文件
[root@Ansible examples]# ls -l /etc/ansible/
总用量 24
-rw-r--r-- 1 root root 19315 4月  17 14:25 ansible.cfg
-rw-r--r-- 1 root root  1016  4月  17 14:25 hosts

2. Configure ssh password-free login (only used on the control side)

[root@Ansible ~]# ssh-keygen -t rsa  --直接回车即可，不用设置密钥密码。
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
bc:4e:4e:5f:61:a3:37:08:b0:c4:00:98:90:5b:c6:9f [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|o=...            |
|+ +  o           |
| + . .+          |
|.   E. +         |
|      . S   +    |
|         o + o   |
|        + o +    |
|       = . o .   |
|        o .      |
+-----------------+

[root@Ansible ~]# cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
[root@Ansible ~]# chmod 600 /root/.ssh/authorized_keys

Pass the public key to the managed machine node

[root@Ansible ~]# scp /root/.ssh/authorized_keys 192.168.8.66:/root/.ssh/
[email protected]'s password: 
authorized_keys                      100%  401     0.4KB/s   00:00

3. Remote connection test

[root@Ansible ~]# vim /etc/ansible/hosts       --文件末尾添加以下内容
[web]
192.168.8.55

[root@Ansible ~]# ansible web -m command -a 'uptime'
192.168.8.55 | SUCCESS | rc=0 >>
14:56:03 up 12:53,  4 users,  load average: 0.00, 0.01, 0.05

So far, the installation and configuration of Ansible has been completed, and the module will be explained next.