1. Introduction to Ansible
Ansible is a new automated operation and maintenance tool. It is developed based on Python and combines the advantages of many operation and maintenance tools (puppet, cfengine, chef, func, fabric). It realizes the functions of batch system configuration, batch program deployment, batch running commands and so on. Ansible works based on modules and does not have the ability to deploy in batches. What really has batch deployment is the modules that Ansible runs, Ansible just provides a framework.
1. Ansible framework
- Connection plugins: responsible for communicating with the monitored end;
- host inventory: The host for the specified operation is the host defined in a configuration file for monitoring;
- Various modules core module, command module, custom module;
- With the help of plug-ins to complete functions such as recording log mails;
- playbook: When the playbook executes multiple tasks, it is optional to let the node run multiple tasks at a time.
2. Ansible architecture diagram
- Ansible core component description
- Ansible: The core program of Ansible;
- Host Lnventory: records each host information managed by Ansible, including ssh port, root account password, ip address, etc. It can be loaded through file, and can be loaded through CMDB;
- Playbooks: YAML format file, multiple tasks are defined in one file, and can be called uniformly when used, "playbooks" are used to define those functions that the host needs to call those modules to complete;
- Core Modules: Ansible performs any management tasks not by Ansible itself, but by the core modules; before Ansible manages the host, it first calls the modules in the core Modules, and then specifies the host in the Host Lnventory to manage the host;
- Custom Modules: Custom modules to complete functions that Ansible core modules cannot complete. This module supports writing in any language;
- Connection Plugins: Connection plugins, used by Ansible and Host communication.
3. Basic features of Ansible
- no agents: no client needs to be installed on the managed host;
- no server: There is no server side, just run the command directly when using it;
- modules in any languages: work based on modules, and modules can be developed in any language;
- yaml, not code: use yaml language to customize the playbook of the script;
- ssh by default: work based on SSH;
- strong multi-tier solution: Multi-level command can be realized.
-
4. Advantages of Ansible
- Lightweight, no need to install an agent on the client, when updating, you only need to update it once on the operating machine;
- Batch task execution can be written as a script, and it can be executed without being distributed to a remote location;
- Written in python, maintenance is simpler, ruby syntax is too complicated;
- Support sudo.
5. Ansible task execution process
Note: Most of the above content is based on the sharing of others, and is used for learning and reference;
3. Installation of Ansible
1. System environment
System Platform: CentOS 7.3
Ansible Server: 192.168.8.55
Ansible Client: 192.168.8.66
(1) Write hosts record
[root@Ansible ~]# echo "192.168.8.55 Ansible" >> /etc/hosts
[root@Ansible ~]# echo "192.168.8.66 Client" >> /etc/hosts
(2) Turn off firewalld and selinux
[root@Ansible ~]# systemctl stop firewalld && systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
(3) Close selinux
[root@Ansible ~]# setenforce 0
[root@Ansible ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
2, yum source installation
(1) Configure the epel yum source to install the corresponding basic modules, which can be installed directly using yum
[root@Ansible ~]# yum -y install python PyYAML python-paramiko python-jinja2 python-simplejson
(2) Install Ansible
[root@Ansible ~]# yum -y install ansible
3. Source package installation (recommended)
Ansible installation depends on many plug-ins, so first install the plug-ins
[root@Ansible ~]# yum -y install gcc zlib zlib-devel openssl openssl-devel libffi-devel
(1) python3.6 installation
of Ansible is developed in Python, using Ansible requires the operating system to have Python, and Python version 2.6 or above is recommended.
[root@Ansible ~]# wget https://www.python.org/ftp/python/3.6.4/Python-3.6.4.tgz
[root@Ansible ~]# tar xvzf Python-3.6.4.tgz -C /usr/src/
[root@Ansible ~]# cd /usr/src/Python-3.6.4/
[root@Ansible Python-3.6.4]# ./configure --prefix=/usr/local
[root@Ansible Python-3.6.4]# make
[root@Ansible Python-3.6.4]# make install
Copy the python header files to the standard directory to avoid missing the required header files when compiling ansible
[root@Ansible Python-3.6.4]# cd /usr/local/include/python3.6m/
[root@Ansible python3.6m]# cp -a ./* /usr/local/include/
Backup the old version of python, and symlink the new version of python
[root@Ansible python3.6m]# cd /usr/bin/
[root@Ansible bin]# mv python python.old
[root@Ansible bin]# ln -s /usr/local/bin/python3.6 /usr/local/bin/python
[root@Ansible bin]# rm -rf /usr/bin/python
[root@Ansible bin]# cp /usr/local/bin/python3.6 /usr/bin/python
Modify the yum script to point to the old version of python, which has prevented it from running
[root@Ansible bin]# vim /usr/bin/yum
Change #!/usr/bin/python to #!/usr/bin/python2.7
[root@Ansible bin]# vim /usr/libexec/urlgrabber-ext-down
Change #!/usr/bin/python to #!/usr/bin/python2.7
[root@Ansible bin]# python --测试安装版本是否为Python 3.6.4
Python 3.6.4 (default, Apr 17 2018, 11:03:21)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-11)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> exit() --退出python
(2) Setuptools module installation
[root@Ansible ~]# wget https://files.pythonhosted.org/packages/72/c2/c09362ab29338413ab687b47dab03bab4a792e2bbb727a1eb5e0a88e3b86/setuptools-39.0.1.zip
[root@Ansible ~]# unzip setuptools-39.0.1.zip -d /usr/src/
[root@Ansible ~]# cd /usr/src/setuptools-39.0.1/
[root@Ansible setuptools-39.0.1]# python setup.py install
After installing setuptools, you can use the easy_install tool to install the following python modules, but my computer is a virtual machine, and the configuration is too low, so it is basically impossible to install, so I have to download and install them one by one.
(3) pycrypto module installation
[root@Ansible ~]# wget https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gz
[root@Ansible ~]# tar xvzf pycrypto-2.6.1.tar.gz -C /usr/src/
[root@Ansible ~]# cd /usr/src/pycrypto-2.6.1/
[root@Ansible pycrypto-2.6.1]# python setup.py install
(4) PyYAML module installation
[root@Ansible ~]# wget http://pyyaml.org/download/libyaml/yaml-0.1.7.tar.gz
[root@Ansible ~]# tar xvzf yaml-0.1.7.tar.gz -C /usr/src/
[root@Ansible ~]# cd /usr/src/yaml-0.1.7/
[root@Ansible yaml-0.1.7]# ./configure --prefix=/usr/local
[root@Ansible yaml-0.1.7]# make --jobs=`grep processor /proc/cpuinfo | wc -l`
[root@Ansible yaml-0.1.7]# make install
[root@Ansible ~]# wget http://pyyaml.org/download/pyyaml/PyYAML-3.12.tar.gz
[root@Ansible ~]# tar xvzf PyYAML-3.12.tar.gz -C /usr/src/
[root@Ansible ~]# cd /usr/src/PyYAML-3.12/
[root@Ansible PyYAML-3.12]# python setup.py install
(5) Jinja2 module installation
[root@Ansible ~]# wget https://pypi.python.org/packages/source/M/MarkupSafe/MarkupSafe-0.9.3.tar.gz
[root@Ansible ~]# tar xvzf MarkupSafe-0.9.3.tar.gz -C /usr/src/
[root@Ansible ~]# cd /usr/src/MarkupSafe-0.9.3/
[root@Ansible MarkupSafe-0.9.3]# python setup.py install
[root@Ansible ~]# wget https://files.pythonhosted.org/packages/56/e6/332789f295cf22308386cf5bbd1f4e00ed11484299c5d7383378cf48ba47/Jinja2-2.10.tar.gz
[root@Ansible ~]# tar xvzf Jinja2-2.10.tar.gz -C /usr/src/
[root@Ansible ~]# cd /usr/src/Jinja2-2.10/
[root@Ansible Jinja2-2.10]# python setup.py install
(6) paramiko module installation
[root@Ansible ~]# wget https://files.pythonhosted.org/packages/f9/e5/99ebb176e47f150ac115ffeda5fedb6a3dbb3c00c74a59fd84ddf12f5857/ecdsa-0.13.tar.gz
[root@Ansible ~]# tar xvzf ecdsa-0.13.tar.gz -C /usr/src/
[root@Ansible ~]# cd /usr/src/ecdsa-0.13/
[root@Ansible ecdsa-0.13]# python setup.py install
[root@Ansible ~]# https://files.pythonhosted.org/packages/29/65/83181630befb17cd1370a6abb9a87957947a43c2332216e5975353f61d64/paramiko-2.4.1.tar.gz
[root@Ansible ~]# tar xvzf paramiko-2.4.1.tar.gz -C /usr/src/
[root@Ansible ~]# cd /usr/src/paramiko-2.4.1/
[root@Ansible paramiko-2.4.1]# python setup.py install
(7) Simplejson module installation
[root@Ansible ~]# wget https://files.pythonhosted.org/packages/0d/3f/3a16847fe5c010110a8f54dd8fe7b091b4e22922def374fe1cce9c1cb7e9/simplejson-3.13.2.tar.gz
[root@Ansible ~]# tar xvff simplejson-3.13.2.tar.gz -C /usr/src/
[root@Ansible src]# cd /usr/src/simplejson-3.13.2/
[root@Ansible simplejson-3.13.2]# python setup.py install
(8) Ansible installation
[root@Ansible ~]# wget https://files.pythonhosted.org/packages/4a/3b/9d98e132074bb6a3f18fd811db2819fbde6fc8a26fad9a40b49e53cb2455/ansible-2.5.0.tar.gz
[root@Ansible ~]# tar xf ansible-2.5.0.tar.gz -C /usr/src/
[root@Ansible ~]# cd /usr/src/ansible-2.5.0/
[root@Ansible ansible-2.5.0]# python setup.py install
3. Ansible configuration
1. Ansible configuration
Note: After installing Ansible on centos7.0, it is found that ansible.cfg cannot be found. The path of the configuration file is as follows, and the configuration file is copied to the past.
[root@Ansible ansible-2.5.0]# cd examples/
[root@Ansible examples]# pwd --注意路径
/usr/src/ansible-2.5.0/examples
[root@Ansible examples]# ls
ansible.cfg hosts
[root@Ansible examples]# mkdir /etc/ansible --创建ansible目录
[root@Ansible examples]# cp ansible.cfg hosts /etc/ansible/ --拷贝文件
[root@Ansible examples]# ls -l /etc/ansible/
总用量 24
-rw-r--r-- 1 root root 19315 4月 17 14:25 ansible.cfg
-rw-r--r-- 1 root root 1016 4月 17 14:25 hosts
2. Configure ssh password-free login (only used on the control side)
[root@Ansible ~]# ssh-keygen -t rsa --直接回车即可,不用设置密钥密码。
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
bc:4e:4e:5f:61:a3:37:08:b0:c4:00:98:90:5b:c6:9f [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|o=... |
|+ + o |
| + . .+ |
|. E. + |
| . S + |
| o + o |
| + o + |
| = . o . |
| o . |
+-----------------+
[root@Ansible ~]# cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
[root@Ansible ~]# chmod 600 /root/.ssh/authorized_keys
Pass the public key to the managed machine node
[root@Ansible ~]# scp /root/.ssh/authorized_keys 192.168.8.66:/root/.ssh/
[email protected]'s password:
authorized_keys 100% 401 0.4KB/s 00:00
3. Remote connection test
[root@Ansible ~]# vim /etc/ansible/hosts --文件末尾添加以下内容
[web]
192.168.8.55
[root@Ansible ~]# ansible web -m command -a 'uptime'
192.168.8.55 | SUCCESS | rc=0 >>
14:56:03 up 12:53, 4 users, load average: 0.00, 0.01, 0.05
So far, the installation and configuration of Ansible has been completed, and the module will be explained next.