1. What is ansible
1.1. Basic introduction
1.2. Basic architecture
1.3. Basic features
1.4. Advantages 1.5 .
Ansible working mechanism 2. Ansible
installation 2.1
. Machine preparation
2.2. Install ansible
2.2.1. Install epel source
2.2.2. Install ansible
2.2.3. View ansible version
2.2.4. Tree structure display folder
2.2.4.1. The content of ansible.cfg is as follows
2.2.4.2. The default content of host is
2.3. Configure host list
2.4. Set SSH login without password
2.5 .reference article
1. what is ansible
Reposted from: https://blog.51cto.com/liqingbiao/1875921
1.1. Basic introduction
Ansible is a new automated operation and maintenance tool. Based on Python development, it integrates the advantages of many operation and maintenance tools (puppet, cfengine, chef, func, fabric), and realizes functions such as batch system configuration, batch program deployment, and batch operation commands.
Ansible is developed based on paramiko, and based on modular work, it does not have the ability to deploy in batches. What really has batch deployment is the module run by ansible, and ansible just provides a framework. Ansible does not need to install client/agents on the remote host, because they communicate with the remote host based on ssh. Ansible has been officially acquired by Red Hat. It is the most recognized automated operation and maintenance tool, and it is easy to use and easy to learn. It is one of the skills that every operation and maintenance engineer must master. mainly include:
- (1), connection plugin connection plugins: responsible for communicating with the monitored terminal;
- (2), host inventory: The host for the specified operation is a host defined in a configuration file for monitoring;
- (3), various modules core module, command module, custom module;
- (4), with the help of plug-ins to complete functions such as recording log emails;
- (5), playbook: When the script executes multiple tasks, it is not necessary to allow the node to run multiple tasks at one time.
1.2. Basic Architecture
1.3. Basic features
(1), no agents: do not need to install any client on the controlled host;
(2), no server: no server, just run commands when using it;
(3), modules in any languages: work based on modules , you can use any language to develop modules;
(4), yaml, not code: use yaml language to customize the script playbook;
(5), ssh by default: work based on SSH;
(6), strong multi-tier solution: can realize multi-level command.
1. The deployment is simple, you only need to deploy the Ansible environment on the main control end, and the controlled end does not need to do any operations;
2. By default, the SSH protocol is used to manage the device;
3. There are a large number of conventional operation and maintenance operation modules, which can realize most of the daily operations. operate.
4. Simple configuration, powerful functions, and strong scalability;
5. Support API and custom modules, and can be easily extended through Python;
6. Customize powerful configuration and state management through Playbooks;
7. Lightweight, no need to be on the client side Install the agent, and when updating, you only need to update it once on the operating machine;
8. Provide a powerful and operable Web management interface and REST API interface——AWX platform.
1.4. Advantages
(1), lightweight, no need to install an agent on the client, and only need to run the update once on the operating machine when updating; (
2), batch task execution can be written as a script, and can be executed without distributing to the remote.
(3), written in python, easier to maintain, ruby syntax is too complicated
(4), support sudo
1.5. Ansible working mechanism
2. Ansible installation
2.1. Machine preparation
This time, docker is used for virtualization:
The docker-related commands are:
docker commit d74af80aa35a centos7.5.1804.v0.2
将镜像保存
docker save -o xxx.tar containerId
将镜像导入
docker load < xxx.tar
============================================================
docker run -itd --restart=always --name node2 --hostname node2 -v D:/dockerworkspace/node2/hosts:/etc/hosts -v D:/dockerworkspace/node2/hostname:/etc/hostname -v D:/dockerworkspace/node2/data:/data -v D:/dockerworkspace/node2/profile:/etc/profile -v D:/dockerworkspace/node2/software:/root/software -v D:/dockerworkspace/node2/installed:/root/installed -v D:/dockerworkspace/node2/workspace:/root/workspace -p 20022:22 --ip 172.17.0.2 1694ea743590 /usr/sbin/sshd -D
docker run -itd --restart=always --name node3 --hostname node3 -v D:/dockerworkspace/node3/hosts:/etc/hosts -v D:/dockerworkspace/node3/hostname:/etc/hostname -v D:/dockerworkspace/node3/data:/data -v D:/dockerworkspace/node3/profile:/etc/profile -v D:/dockerworkspace/node3/software:/root/software -v D:/dockerworkspace/node3/installed:/root/installed -v D:/dockerworkspace/node3/workspace:/root/workspace -p 30022:22 --ip 172.17.0.3 1694ea743590 /usr/sbin/sshd -D
docker run -itd --restart=always --name node4 --hostname node4 -v D:/dockerworkspace/node4/hosts:/etc/hosts -v D:/dockerworkspace/node4/hostname:/etc/hostname -v D:/dockerworkspace/node4/data:/data -v D:/dockerworkspace/node4/profile:/etc/profile -v D:/dockerworkspace/node4/software:/root/software -v D:/dockerworkspace/node4/installed:/root/installed -v D:/dockerworkspace/node4/workspace:/root/workspace -p 40022:22 --ip 172.17.0.4 1694ea743590 /usr/sbin/sshd -D
docker run -itd --restart=always --name node5 --hostname node5 -v D:/dockerworkspace/node5/hosts:/etc/hosts -v D:/dockerworkspace/node5/hostname:/etc/hostname -v D:/dockerworkspace/node5/data:/data -v D:/dockerworkspace/node5/profile:/etc/profile -v D:/dockerworkspace/node5/software:/root/software -v D:/dockerworkspace/node5/installed:/root/installed -v D:/dockerworkspace/node5/workspace:/root/workspace -p 50022:22 --ip 172.17.0.5 1694ea743590 /usr/sbin/sshd -D
docker run -itd --restart=always --name node6 --hostname node6 -v D:/dockerworkspace/node6/hosts:/etc/hosts -v D:/dockerworkspace/node6/hostname:/etc/hostname -v D:/dockerworkspace/node6/data:/data -v D:/dockerworkspace/node6/profile:/etc/profile -v D:/dockerworkspace/node6/software:/root/software -v D:/dockerworkspace/node6/installed:/root/installed -v D:/dockerworkspace/node6/workspace:/root/workspace -p 60022:22 --ip 172.17.0.6 1694ea743590 /usr/sbin/sshd -D
| CPU name | IP | install software | group name |
|---|---|---|---|
| node2 (management machine) | 172.17.0.2 | Ansible | |
| node3 (managed machine) | 172.17.0.3 | abc | |
| node4 (managed machine) | 172.17.0.4 | abc | |
| node5 (standby) | 172.17.0.5 | ||
| node6 (standby) | 172.17.0.6 |
2.2. Install ansible
Install ansible on the management machine
2.2.1. Install epel source
[root@node2 ~]# yum install -y epel-release
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
* base: mirrors.163.com
* extras: mirrors.163.com
* updates: mirrors.163.com
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/2): extras/7/x86_64/primary_db | 243 kB 00:00:00
(2/2): updates/7/x86_64/primary_db | 11 MB 00:00:01
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-11 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================================================================
Package Arch Version Repository Size
================================================================================================================================================
Installing:
epel-release noarch 7-11 extras 15 k
Transaction Summary
================================================================================================================================================
Install 1 Package
Total download size: 15 k
Installed size: 24 k
Downloading packages:
epel-release-7-11.noarch.rpm | 15 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : epel-release-7-11.noarch 1/1
Verifying : epel-release-7-11.noarch 1/1
Installed:
epel-release.noarch 0:7-11
Complete!
[root@node2 ~]#
2.2.2. Install ansible
[root@node2 ~]# yum install ansible -y
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 3.9 kB 00:00:00
* base: mirrors.163.com
* epel: ftp.jaist.ac.jp
* extras: mirrors.163.com
* updates: mirrors.163.com
epel | 4.7 kB 00:00:00
(1/3): epel/x86_64/group_gz | 96 kB 00:00:00
(2/3): epel/x86_64/updateinfo | 1.0 MB 00:00:01
xxxxxxxxxxxxxxxxxxxxxxxxx
--> Running transaction check
---> Package python-backports.x86_64 0:1.0-8.el7 will be installed
---> Package python-pycparser.noarch 0:2.14-1.el7 will be installed
--> Processing Dependency: python-ply for package: python-pycparser-2.14-1.el7.noarch
--> Running transaction check
Complete!
[root@node2 ~]#
2.2.3. View ansible version
[root@node2 ~]# ansible --version
ansible 2.9.25
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
[root@node2 ~]#
2.2.4. Tree structure display folder
# ansible --version //查看ansible版本
# yum install tree -y
# tree /etc/ansible/ //树状结构展示文件夹
/etc/ansible/
├── ansible.cfg #ansible的配置文件
├── hosts #ansible的主仓库,用于存储需要管理的远程主机的相关信息
└── roles #角色(这是一个目录)
2.2.4.1. The content of ansible.cfg is as follows
The default content of 2.2.4.2.host is
[root@node2 ansible]# cat hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10
# Ex 2: A collection of hosts belonging to the 'webservers' group
## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
# If you have multiple hosts following a pattern you can specify
# them like this:
## www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
# Here's another example of host ranges, this time there are no
# leading 0s:
## db-[99:101]-node.example.com
[root@node2 ansible]#
2.3. Configure host list
[root@node2 ansible]# cd /etc/ansible
[root@node2 ansible]# vim hosts
[abc] # 自定义一个组名
172.17.0.3 # 添加被管理主机的IP
[aaa]
172.17.0.4
[bbb]
172.17.0.5
172.17.0.6
2.4. Set up SSH passwordless login
[root@node2 ansible]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:sZtXen524PUZoQP5C76faiL/Rpx9IOUIFpVB7SIjymM root@node2
The key's randomart image is:
+---[RSA 2048]----+
| .+++ |
| o . o |
| o . * |
| . = * + . |
| . . S + O o .|
| E o B =.o.|
| . . o = o.+o+|
| . o * .=.o|
| o.=+== . |
+----[SHA256]-----+
[root@node2 ansible]#
yum -y install openssh-clients (this command is executed after -bash: ssh-copy-id: command not found)
ssh-copy-id root@172.17.0.3
ssh-copy-id root@172.17.0.4
ssh-copy-id root@172.17.0.5
ssh-copy-id root@172.17.0.6
免交互代理:
[root@node2 ansible]# ssh-agent bash
[root@node2 ansible]# ssh-add
[root@node2 ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.17.0.3's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@172.17.0.3'"
and check to make sure that only the key(s) you wanted were added.
[root@node2 ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[root@node2 ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.17.0.5's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@172.17.0.5'"
and check to make sure that only the key(s) you wanted were added.
[root@node2 ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[root@node2 ansible]#
2.5. Reference Articles
https://blog.51cto.com/u_13630803/2153392
https://www.cnblogs.com/cyleon/p/11164344.html
https://blog.51cto.com/u_13630803/2153820