Table of contents
1.3 Verify that Ansible is installed successfully
2.1 Write Ansible configuration file
2.2 Create Ansible inventory file
Three, matters needing attention
3.1 inventory/hosts - host inventory rules
Ansible overview:
Ansible is an open source automation tool for configuring and managing computer systems, applications, and network devices. It uses an easy-to-understand playbook syntax in the form of YAML or JSON, and communicates with remote hosts through the SSH protocol. Following are the advantages of Ansible:
1. Ease of use
: The syntax of Ansible is concise and clear, easy to understand and write. Describe configuration tasks using text-based YAML or JSON formats without writing complex scripts or programs.
lightweight
: Ansible uses an agent-less or agent-less architecture that requires no additional software or permanent running processes on the managed hosts. This makes installing and managing Ansible very easy.
2. Based on SSH
: Ansible connects to remote hosts to perform tasks through SSH, without installing a specific client on the target host. This makes connection configuration more flexible and secure.
3. Modular and scalable
: Ansible provides a large number of built-in modules to complete various common operations. At the same time, it also supports custom modules, which can be extended and customized according to specific needs.
4. Playbook driver
: Ansible uses playbooks to organize and describe the execution flow of automation tasks. Through scripts, complex multi-task coordination and dependencies can be realized to improve work efficiency.
5. Cross-platform
: Ansible can manage various operating systems, network devices and cloud platforms, including Linux, Windows, Cisco, etc. This facilitates unified management in hybrid environments.
6. Scalable ecosystem
: Ansible has active community support and an extensive plugin ecosystem. It can be integrated with other tools (such as Docker, Kubernetes) to meet different automation needs.
7. Reliability and stability
: After years of development and extensive application, Ansible has been verified in terms of stability and reliability. It is widely adopted by many organizations, including large enterprises and cloud service providers.
1. Install Ansible
1.1 Configure EPEL source
To install Ansible on CentOS 7, you need to install the EPEL source first, which can be installed with the following command:
sudo yum install epel-release
1.2 Install Ansible
To install Ansible use the following command:
sudo yum install ansible
1.3 Verify that Ansible is installed successfully
Once the installation is complete, you can verify that Ansible installed successfully with the following command:
ansible --version
Ansible installation was successful if you see output similar to the following:
ansible 2.9.17 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible python version = 3.6.8 (default, Apr 16 2021, 01:36:27) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
2. Use Ansible
2.1 Write Ansible configuration file
Ansible's configuration file defaults to /etc/ansible/ansible.cfg, you can use the following command to create a new configuration file:
sudo you /etc/ansible/myansible.cfg
Some common configuration items can be set in the configuration file, for example:
[defaults]
inventory = /etc/ansible/hosts
remote_user = user
private_key_file = /path/to/private/key
2.2 Create Ansible inventory file
The Ansible inventory file is used to store the list of hosts, a new inventory file can be created with the following command:
sudo vi /etc/ansible/hosts
The IP address or hostname of the host can be specified in the inventory file, for example:
[webservers]
web1.example.com
web2.example.com
[dbservers]
db1.example.com
db2.example.com
2.4 Write Ansible playbook
Ansible playbook is a YAML format file used to describe the execution process of Ansible. A new playbook can be created with the following command:
sudo you /etc/ansible/playbook.yml
The tasks to be performed can be specified in the playbook file, for example:
- name: Install Apache hosts: webservers become: true tasks: - name: Install Apache yum: name: httpd state: latest
The effect of the above playbook is to install the latest version of Apache on the hosts in the webservers group.
2.5 Execute Ansible playbook
To execute an Ansible playbook you can use the following command:
ansible-playbook /etc/ansible/playbook.yml
After the execution is complete, you can view the results to confirm whether the task was executed successfully.
2.6 Common parameter commands
Ansible is a powerful automation tool that supports a variety of parameters to meet different needs. The following are some parameters commonly used by Ansible:
- -i/--inventory: Specifies the host inventory file (inventory), specifying the target host to be managed.
Example:
ansible-playbook -i inventory.ini playbook.yml
- -m/--module-name: Specify the module name to execute.
Example:
ansible -m command -a "uptime" all
- -a/--args: Arguments passed to the module.
Example:
ansible -m shell -a "echo 'Hello, world!'" all
- -u/--user: Connect to the remote host with the specified username.
Example:
ansible -u myuser -m ping all
- -b/--become: Execute remote commands with privileges (sudo/root).
Example:
ansible -b -m yum -a "name=httpd state=installed" all
- -K/--ask-become-pass: Prompt for a privileged password before executing a command.
Example:
ansible -b -m shell -a "reboot" all -K
- -e/--extra-vars: Pass extra variables to Playbook or command line.
Example:
ansible-playbook -e "my_var=value" playbook.yml
- --limit: Limit the hosts or groups that execute the task.
Example:
ansible-playbook --limit web_servers playbook.yml
- -t/--tags: Tags task or playbook tags that need to be run.
示例:ansible-playbook -t install playbook.yml
- --skip-tags: Skip tagged task or playbook tags.
示例:ansible-playbook --skip-tags setup playbook.yml
2.7 Simple command demonstration
- ansible
: Executes the Ansible command and specifies the host inventory file (inventory) and modules.
Example: Execute the command module to run a command on all hosts.
ansible -i inventory.ini all -m command -a "ls"
- ansible-playbook
: Run the Ansible script (playbook) to perform configuration management on the target host.
Example: Execute a playbook file to install and configure software packages.
ansible-playbook -i inventory.ini playbook.yml
- ansible-config: Options to view and modify Ansible configuration files.
Example: View the location of the current Ansible configuration file.
ansible-config --list | grep CONFIGURATION FILE
- ansible-doc
: Get documentation information for an Ansible module.
Example: Check out the help documentation for the debug module.
Copy code ansible-doc debug
- ansible-galaxy
: Commands for integration with Ansible Galaxy.
Example: Download a role from Ansible Galaxy.
ansible-galaxy install username.role_name
- ansible-vault: Operate on Ansible encrypted files to protect sensitive data.
Example: Create an encrypted variable file.
ansible-vault create secret.yml
Three, matters needing attention
3.1 inventory/hosts - host inventory rules
- inventory file location
The default inventory file is in /etc/ansible/hosts. You can define different inventory bits through ansible files in different locations
place.
- Precautions for writing inventory files
If the inventory file contains a host and group with the same name, ansible will pop up a warning when listing the target host, and the group will be ignored
- inventory definition
The inventory file defines a series of managed hosts that can be placed in groups. group can contain child
group, and a host can belong to multiple groups at the same time, variables can also be set in the inventory file to specify the host and group
- Static inventory files can specify managed hosts by hostname or ip address, each line represents a host
- Conventional wording
web1.example.com
db1.example.com
db2.example.com
192.168.1.1
- host group
Usually, host groups are used to specify managed hosts of ansible, which is more efficient. Each host group is enclosed in "[]"
[webservers]
web1.example.com
web2.example.com
192.168.1.1
[db-servers]
db1.example.com
db2.example.com
- Managed hosts can also exist in multiple groups
- Two host groups must exist
all: Indicates the hosts in each inventory
ungrouped: hosts that are not in any hostgroup
- nested group
Ansible's inventory uses ":children" to represent nested groups
[tom]
test1.example.com
192.168.126.120
[monkey] ceshi1.example.com
192.129.0.11
[zuhe:children] tom monkey
- Specified range of hosts
192.168.[1:4].[0:255] matches the 192.168.1.0/22 network
server[01:20].example.com matches server01.example.com to server20.example.com, will not match
server1.example.com
3.2 Escalation of rights
[privilege_escalation]
#If your remote_user uses the root user, you don't need to configure the privilege escalation part. If your remote_user is not
root, but you don't need to do privileged operations, then you don't need to configure this part. If you are an ordinary user but need to perform privileged operations,
you need to configure this part.
become = true
#true means that the right to be raised is required, and false means that the right to be raised is not required
become_method = sudo
#Indicates that the way to raise the right is sudo to raise the right
become_user = root
#Indicates that the right is raised to the root user
become_ask_pass = false
#false means that the password is not prompted for the sudo operation, and true means that the password is required
Not any user as remote_user, and the privilege escalation is configured can really escalate the privilege. Instead, the sudoers file must be configured in the managed host
so that the remote_user has the ability to escalate privileges.