ansible-basics
Introduction to ansible
Ansible is an automated operation and maintenance tool . It is developed based on Python and integrates the advantages of many operation and maintenance tools (puppet, cfengine, chef, func, fabric). It realizes functions such as batch system configuration, batch program deployment, and batch operation commands.
As an open source configuration management tool, we can use ansible to automate tasks and deploy applications to implement IT infrastructure, such as initial server configuration, security baseline configuration, update and patch systems, and installation of software packages. The ansible architecture is relatively simple, only need to connect to the remote host through SSH, that is, the client to perform tasks
ansible features
- The deployment is simple, just deploy the Ansible environment on the master side, and the controlled side does not need to do anything;
- By default, the SSH protocol is used to manage the device;
- There are a large number of routine operation and maintenance operation modules, which can realize most of the daily operations;
- Simple configuration, powerful functions and strong scalability;
- Support API and custom modules, which can be easily extended through Python;
- Customize powerful configuration and status management through Playbooks;
- Lightweight, no need to install agent on the client, when updating, only need to update once on the operating machine;
- Provide a powerful and operable web management interface and REST API interface - AWX platform.
Ansible common concept terms
Control node
The control node refers to the host on which ansible is installed, also called ansible server and management machine. Ansible control nodes are mainly used to issue running tasks and execute control commands. The control node needs to install various dependent libraries required by Python and ansible
Managed nodes
Controlled nodes, that is, client servers that use ansible to perform tasks
Inventory
List, which refers to the list of controlled nodes, that is, the list of all hosts to be managed
host file
The list list is usually saved in a file named host. In the host file, the specific management host and authentication information can be represented by IP address or host name, and can be grouped according to the user of the host.
Modules
Modules, that is, blocks of code that ansible performs specific tasks
Task
Operations performed on the ansible client host
Playbook
A list of repeatable tasks written in the YAML markup language
roles
Roles are used to organize playbooks hierarchically and structurally. Roles can automatically load variable files, tasks, and handlers according to the hierarchical structure.
Ansible execution process
The execution process is as follows:
- Load your own configuration file, default
/etc/ansible/ansible.cfg; - Find the corresponding host configuration file and find the host or group to be executed;
- Load its own corresponding module file, such as command;
- Generate the corresponding temporary py file (python script) from the module or command through ansible, and transfer the file to the remote server;
- The file corresponding to the home directory of the executing user
.ansible/tmp/XXX/XXX.PY; - Give the file +x execution permission;
- Execute and return the result;
- Delete the temporary py file and
sleep 0exit;
Generally speaking, when Ansible is running, it first reads
ansible.cfgthe configuration in , obtainsInventorythe list of management hosts in accordance with the rules, executes configuration tasks in these hosts in parallel, and finally waits for the result returned by the execution
Installation and deployment
Installation Environment
master control node
System: centos7 Memory: 4G
Network type: NAT mode Hard disk size: 80G
Mini-install language: English
IP:192.168.180.131
controlled node
System: centos7 Memory: 4G
Network type: NAT mode Hard disk size: 80G
Mini-install language: English
IP:192.168.180.137
Installation (executed by the master node)
# rpm包安装:EPEL源
yum install -y epel-release
yum install -y ansible
# 查看版本信息
[root@localhost ~]# ansible-doc --version
ansible-doc 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/ plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible-doc
python version = 2.7.5 (default, Jun 28 2022, 15:30:04) [GCC 4.8.5 20150623 (Red Hat 4.8. 5-44)]
# ansible安装目录结构
安装目录如下(yum安装):
配置文件目录:/etc/ansible/
执行文件目录:/usr/bin/
Lib库依赖目录:/usr/lib/pythonX.X/site-packages/ansible/
Help文档目录:/usr/share/doc/ansible-X.X.X/
Man文档目录:/usr/share/man/man1/
Modify the configuration file (master node)
Modify the hosts file
# 进入/etc/ansible
[root@localhost ~]# cd /etc/ansible/
[root@localhost ansible]# ll
total 24
-rw-r--r-- 1 root root 19985 Jan 16 2022 ansible.cfg
-rw-r--r-- 1 root root 1016 Jan 16 2022 hosts
drwxr-xr-x 2 root root 6 Jan 16 2022 roles
[root@localhost ansible]# vim hosts
# 删除两个注释
[root@localhost ~]# cd /etc/ansible/
[root@localhost ansible]# vim ansible.cfg
Remove the first connection ssh ask confirmation
Enable logging
# 生成密钥,并将主控节点的密钥发送给受控节点(一直按enter键即可)
[root@localhost ansible]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:7PaCpAHoDkrvwcDJfc4WnhRNS5z1cPWlx4y3JSvvWYw [email protected]
The key's randomart image is:
+---[RSA 2048]----+
| .ooo ... .|
| +o. + .=.|
| . . o . +.*|
|+ + .. =o|
|.= o + S . .. |
|.oo B +. o o |
|= .o X .o E o|
|.. .+ .... . o |
| .. .. o |
+----[SHA256]-----+
# 远程连接受控节点
shh root@受控节点IP
[root@localhost ansible]# ssh [email protected]
The authenticity of host '192.168.180.139 (192.168.180.139)' can't be established.
ECDSA key fingerprint is SHA256:MdtTymY/z3bVlBL5CtBn9J5FcTMxhusCqU/nMj8uTME.
ECDSA key fingerprint is MD5:43:01:fc:03:e8:97:87:cb:86:35:6d:5b:24:35:fe:2b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.180.139' (ECDSA) to the list of known hosts.
[email protected]'s password:
Last login: Fri Mar 31 15:49:09 2023 from 192.168.180.1
# 此时已经登录到受控节点了,输入exit退出登录
[root@localhost ~]# exit
logout
Connection to 192.168.180.139 closed.
# 设置免密登录
ssh-copy-id root@需要作免密登录的IP地址
[root@localhost ansible]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
# 验证免密登陆是否设置成功
[root@localhost ansible]# ssh [email protected]
Last login: Fri Mar 31 16:20:11 2023 from 192.168.180.131
# 可以看到此时已经不需要再输入密码
Host Connectivity Test
# 通过命令
ansible all -m ping
Here the main control node connection fails because there is no password-free login
# 将主控节点作免密登录后
[root@localhost ansible]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are alr eady installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to inst all the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
Test connectivity again
It can be seen that the two are now connected.