Ansible is an open source automated operation and maintenance tool that writes playbooks based on the YAML language and can be used to automate server configuration, deployment, and management.
Ansible uses the SSH protocol for communication and can perform batch operations on a large number of servers without the need to install any client software on the target server. It supports multiple operating systems, including Linux, Windows, Mac OS X, and more. Ansible can be used to automate various tasks such as installing software, configuring services, backing up data, deploying applications, etc. It also supports modularity and functionality can be extended through plug-ins. Ansible is a powerful and flexible automated operation and maintenance tool that can greatly improve operation and maintenance efficiency and consistency.
1. Ansible basic architecture
The picture above shows the basic architecture of ansible. From the picture above, you can understand that it consists of the following parts:
-
Core: ansible
-
Core Modules: These are the modules that come with ansible
-
Extension modules (Custom Modules): If the core module is not enough to complete a certain function, you can add extension modules
-
Plugins: Complete the supplement of module functions
-
Playbooks: ansible's task configuration file, which defines multiple tasks in the playbook and is automatically executed by ansible
-
Connection Plugins: Ansible connects to each host based on connection plug-ins. Although ansible uses ssh to connect to each host, it also supports other connection methods, so a connection plug-in is required.
-
Host Inventory: Defines the hosts managed by ansible
2. How Ansible works
The above are two diagrams of ansible working principles found on the Internet. Both diagrams are basically expansions based on the architecture diagram. From the picture above we can understand:
1. The management terminal supports three ways to connect to the managed terminal: local, ssh, and zeromq. By default, the connection based on ssh is used—this part corresponds to the connection module in the basic architecture diagram;
2. Host Inventory (host group) can be classified according to application type, etc., and the management node implements corresponding operations through various modules - a single module, batch execution of a single command, we can call it ad-hoc;
3. The management node can use playbooks to implement a collection of multiple tasks to implement a type of functions, such as the installation and deployment of web services, batch backup of database servers, etc. We can simply understand playbooks as configuration files that the system operates by combining multiple ad-hoc operations.
3. Seven commands of ansible
After installing ansible, we found that ansible provides us with a total of seven instructions: ansible, ansible-doc, ansible-galaxy, ansible-lint, ansible-playbook, ansible-pull, ansible-vault. Here we only look at the usage part, and the detailed part can be obtained through the "command -h" method.
1、ansible
[root@localhost ~]# ansible -hUsage: ansible [options]
ansible is the core part of the command, which is mainly used to execute ad-hoc commands, that is, a single command. By default, the host and options parts need to be followed. When the module is not specified by default, the command module is used. Such as:
[[email protected] ~]# ansible 192.168.0.102 -a 'date'192.168.0.102 | success | rc=0 >>Tue May 12 22:57:24 CST 2015
However, the modules used by default can be modified in ansible.cfg. The parameters under the ansible command are explained as follows:
2、ansible-doc
ansible-doc -hUsage: ansible-doc [options] [module...]
This command is used to view module information. Commonly used parameters include -l and -s, as follows:
//List all installed modules
# ansible-doc -l//View the usage of a specific module, here is the command module
# ansible-doc -s command3、ansible-galaxy
ansible-galaxy -hUsage: ansible-galaxy [init|info|install|list|remove] [--help] [options] ...
The ansible-galaxy command is used to conveniently download third-party extension modules from the https://galaxy.ansible.com/ site. We can visually understand that it is similar to yum under centos, pip or easy_install under python. Example below:
[root@localhost ~]# ansible-galaxy install aeriscloud.docker- downloading role 'docker', owned by aeriscloud- downloading role from https://github.com/AerisCloud/ansible-docker/archive/v1.0.0.tar.gz- extracting aeriscloud.docker to /etc/ansible/roles/aeriscloud.docker- aeriscloud.docker was installed successfully
This installs an aeriscloud.docker component. The front aeriscloud is the user name that created the module on galaxy, and the back corresponds to its module. In actual applications, you can also specify txt or yml files to download and install multiple components. This part can be found in the official documentation.
4、ansible-lint
ansible-lint is a tool for checking the syntax of playbooks. Usage is ansible-lint playbook.yml.
5、ansible-playbook
This command is the most commonly used command. It reads the playbook file and then performs the corresponding action. This will be discussed later.
6、ansible-pull
The use of this instruction requires another mode of ansible - pull mode, which is exactly the opposite of the push mode we usually use. It is suitable for the following scenarios: you have a huge number of machines that need to be configured, even if you use a very high Threading still takes a lot of time; you'll want to run Anisble on a machine without network connectivity, such as after installing it at boot. This part will also be discussed in a separate section.
7、ansible-vault
ansible-vault is mainly used when the configuration file contains sensitive information and you do not want it to be seen. Vault can help you encrypt/decrypt the configuration file, which is an advanced usage.
Mainly when it comes to configuring passwords or other variables in playbooks, you can use this command to encrypt. In this way, what we see through cat will be a password string file. When editing, you need to enter a preset password to open it. When executing this kind of playbook file, --ask-vault-passparameters need to be added, and a password must be entered before it can be executed normally.
Source: 361way.com