Table of contents
1.2 Main functions of Ansible
2. Ansible installation and configuration
3. Interpretation of Ansible configuration
3.1 Ansible configuration path
3.2 Ansible main configuration file
3.3 Ansible configuration priority
1. Ansible quick start
1.1 What is Ansible
Ansible is an IT automation configuration management tool. Automation is mainly reflected in the integration of rich modules and powerful functional components in Ansible, which can complete a series of operations through a command line. In turn, we can reduce our repetitive work to improve work efficiency.
1.2 Main functions of Ansible
- Execute remote commands in batches, and execute commands on more than N hosts at the same time.
- Batch configuration software services can configure and manage services in an automated manner.
- To realize the software development function, the bottom layer of jumpserver uses ansible to realize the automatic management.
- To orchestrate advanced IT tasks, Ansible's playbook is a programming language that can be used to describe an IT architecture.
1.3 Features of Ansible
- Easy to learn: no proxy, unlike Salt, you need to learn not only the client and server, but also the intermediate communication protocol between the client and the server;
- Flexible operation: Ansible has more modules and provides rich functions; playbook provides complex functions similar to programming languages;
- Ease of use: It is reflected in Ansible that one command can accomplish many things;
- Safe and reliable: Because Ansible uses the SSH protocol for communication, it is both stable and safe;
- High portability: the written playbook can be copied to any machine for execution;
- Idempotency: Executing a task once has the same effect as executing n times, and there will be no surprises due to repeated execution.
1.4 Ansible infrastructure
What are the control node, controlled node, inventory, ad-hoc playbook, and Connection Protocol in the Ansible architecture?
In the Ansible architecture, the following are some key concepts:
-
Control Node: The control node refers to the host running Ansible, which is responsible for managing and executing Ansible configuration and tasks. Typically, this is an administrator or developer's workstation or server that controls and manages the controlled nodes.
-
Managed Node: The controlled node refers to the target host managed by the control node. Ansible connects to these nodes via SSH and executes tasks on them. The controlled node can be a server, virtual machine or any remote host.
-
Inventory: An inventory is a file containing information about controlled nodes, which tells Ansible which hosts should be managed. Inventories can be static (manually written list of hosts) or dynamic (dynamically generated by script or external source). Inventories can also contain host groups for organizing and categorizing hosts.
-
Ad-hoc Commands (ad-hoc commands): Ad-hoc commands are simple Ansible commands executed directly on the control node, used to perform one-time tasks on remote controlled nodes without writing complex Playbooks. Using ad hoc commands, you can quickly perform certain operations on a target host.
-
Playbook (playbook): Playbook is the main configuration file of Ansible, which is used to define a series of tasks and configurations, and the order in which these tasks are executed on the target host. It uses the YAML format for readability and ease of writing. With playbooks, complex configuration management and automation tasks can be performed on multiple hosts.
-
Connection Protocol: The connection protocol specifies how Ansible establishes a connection between the controlling node and the controlled node. In most cases, the default connection protocol is SSH (Secure Shell), which is used to connect to the controlled node and perform tasks through the SSH protocol. However, Ansible also supports other connection protocols, such as using WinRM on Windows hosts.
Summary: Ansible is a configuration management and automation tool in which the control node manages the controlled nodes. The manifest file specifies the controlled node, the Playbook defines tasks and configurations, Ad-hoc Commands allow one-time tasks to be performed on the target host, and the connection protocol determines how to establish a connection with the controlled node.
2. Ansible installation and configuration
2.1 Ansible installation
# 方式一:yum 安装(推荐)
[root@tidb ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
[root@tidb ~]# yum makecache
[root@tidb ~]# yum install ansible -y
# 方式二:pip 安装
[root@tidb ~]# yum install python3 python3-devel python3-pip -y
[root@tidb ~]# pip3 install --upgrade pip -i https://pypi.douban.com/simple/
[root@tidb ~]# pip3 install ansible -i https://pypi.douban.com/simple/
2.2 Confirm installation
# 检查 Ansible 版本
[root@tidb ~]# ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Jun 28 2022, 15:30:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
# 测试 Ansible 是否可用
[root@tidb ~]# ansible localhost -m ping
localhost | SUCCESS => {
"changed": false,
"ping": "pong"
}3. Interpretation of Ansible configuration
3.1 Ansible configuration path
- /etc/ansible/ansible.cfg: the main configuration file, which configures the working characteristics of ansible;
- /etc/ansible/hosts: Configure the host list file;
- /etc/ansible/roles/: directory for storing ansible roles.
3.2 Ansible main configuration file
The main configuration file of ansible exists in /etc/anible/ansible.cfg, and most of the configuration content does not need to be modified. The following is the interpretation of the key content of the file:
······
[defaults]
# some basic default values...
#inventory = /etc/ansible/hosts # 指定 Ansible 使用的主机清单文件的路径。
#library = /usr/share/my_modules/ # 指定 Ansible 模块库的路径。
#module_utils = /usr/share/my_module_utils/ # 指定 Ansible 模块工具库的路径
#remote_tmp = ~/.ansible/tmp # 指定远程主机上临时文件的路径。
#local_tmp = ~/.ansible/tmp # 指定本地主机上临时文件的路径
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml # 指定插件过滤器配置文件的路径。
#forks = 5 # 指定同时在多少个主机上并行执行任务。
#poll_interval = 15 # 设置在使用 async 任务时,轮询任务结果的时间间隔。默认为 15 秒。
#sudo_user = root # 在远程主机上以指定用户身份执行任务
#ask_sudo_pass = True # 如果设置为 True,Ansible 在执行任务时会要求输入 sudo 密码
#ask_pass = True # 如果设置为 True,Ansible 在执行任务时会要求输入远程用户的密码
#transport = smart # 指定连接被控制节点的方式。smart 表示智能选择
#remote_port = 22 # 指定连接远程主机时使用的 SSH 端口
#module_lang = C # 指定 Ansible 模块的语言
#module_set_locale = False # 如果设置为 False,在执行任务时不会设置模块的本地化
#host_key_checking = False # 这是用于控制是否进行主机密钥检查的配置项(建议去掉注释)
#log_path = /var/log/ansible.log # 这个配置项用于指定 Ansible 日志文件的路径(建议去掉注释开启日志)3.3 Ansible configuration priority
Ansible configuration files can be stored in any location, but configuration files have a reading order, and the search order is as follows:
- Look for the $ANSIBLE_CONFIG variable first
- Next, find ansible.cfg in the current directory
- Then look for .ansible.cfg in the user's home directory
- Finally look for /etc/ansible/ansible.cfg
Demonstrate and verify the conclusion through command line operation:
# 优先读取 $ANSIBLE_CONFIG 变量
[root@tidb ~]# ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
······
[root@tidb ~]# export ANSIBLE_CONFIG=/tmp/ansible.cfg
[root@tidb ~]# touch /tmp/ansible.cfg
[root@tidb ~]# ansible --version
ansible 2.9.27
config file = /tmp/ansible.cfg
······
# 读取当前目录下的 ansible.cfg(推荐)
[root@tidb ~]# unset ANSIBLE_CONFIG
[root@tidb ~]# ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
······
[root@tidb ~]# mkdir project1
[root@tidb ~]# cd project1/
[root@tidb ~/project1]# touch ansible.cfg
[root@tidb ~/project1]# ansible --version
ansible 2.9.27
config file = /root/project1/ansible.cfg
······
[root@tidb ~/project1]# cd ..
[root@tidb ~]# ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
······
# 读取当前用户家目录下的 .ansible.cfg
[root@tidb ~]# touch ~/.ansible.cfg
[root@tidb ~]# ansible --version
ansible 2.9.27
config file = /root/.ansible.cfg
·····
[root@tidb ~]# cd project1/
[root@tidb ~/project1]# ansible --version
ansible 2.9.27
config file = /root/project1/ansible.cfg
······
[root@tidb ~]# rm -rf .ansible.cfg
[root@tidb ~]# ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg