Ansible Introduction
Ansible and SaltStack , Puppet are all configuration management system (the Configuration Management System)
Ansible and SaltStack are Python compiler operation and maintenance of automated tools, are using the management module. Ansible except that no client (using the SSH channel transmission) and SaltStack client (although SaltStack also be used SSH channel, but and Ansible compared to a joke), it have advantages in this regard, a more stable client no client is more flexible portability
compared Puppet is Ansible no clients (using SSH channel transmission), easy to use and logs centralized control
Ansible can help us do some batch jobs, or do some require frequent repetitive work.
For example: is installed on 100 servers NFS service, and start the service after installation.
For example: a one-time copy a file onto 100 servers.
For example: every time a new server is added to the work environment, you have to deploy a service to a new server, which means you need to constantly repeat the same job.
The scenario we can use to Ansible .
Ansible Features
- Ansible no need to separately install the client, the SSH equivalent Ansible client.
- Ansible may be recorded in the configuration file which SSH account cryptosystem key pairs may be used connected.
- Ansible not need to start any service, just install the corresponding tool can be.
- Ansible rely on a large number of Python modules to achieve batch management.
Ansible architecture
Ansible is used to manage the module, and the module is Python to write, which requires the control terminal and the controlled terminal needs to have Python , which for LInux is not a problem
- Host list (HostInventory): Ansible recorded by the host information management, including port, password, ip and so on. And logically grouping.
- Ab-Hoc (command line): The command line call management module controlled end
- Playbooks (screenplay): YAML format file, multiple tasks defined in one file, define the host module to accomplish what needs to function calls
- CoreModules (core modules): The main action is to complete administrative tasks by calling the core module
- CustomModules (custom modules): complete the core module can not be completed, support for multiple languages
- plugins (plugin): completion supplementary module functions
- ConnectionPlugins (connector plug): for connection to the host, for connecting the management terminal
Ansible Configuration
YUM installation Ansible
Ansible package
epellibrary, partially dependent onbasethe library
[root@Ansible ~]# yum install ansible -y
## 查看Ansible版本信息(版本号低的,看看epel源有吗)
[root@Ansible ~]# ansible --version
ansible 2.7.10
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]Specified above Ansible profile position, but Ansible for convenience, but also for portability, the configuration file is not fixed, according to the following sequence reads:
- Variable
$ANSIBLE_CONFIGInformation - Current directory
ansible.cfgfiles - The current user's home directory
ansible.cfgfile /etc/ansible/ansible.cfgfile
Common Configuration
[defaults] #通用默认配置
inventory /etc/ansible/hosts #被控制端IP或者DNS列表
library = /usr/share/my_modules/ ##默认搜寻模块的位置
remote_tmp = ~/.ansible/tmp #远程执行临时文件
local_tmp = ~/.ansible/tmp
plugin_filters_cfg = /etc/ansible/plugin_filters.yml
forks = 5 ##并行线程数
poll_interval = 15 ##回频率或轮询间隔时间
sudo_user = root ##sudo远程执行用户名
ask_sudo_pass = True ##使用sudo,是否需要输入密码
ask_pass = True ##是否需要输入密码
transport = smart ##通信机制
remote_port = 22 ##远程SSH端口
module_lang = C ##模块和系统之间通信的语言
module_set_locale = False
gathering = implicit ##控制默认facts收集(远程系统变量)
gather_subset = all
gather_timeout = 10
roles_path = /etc/ansible/roles ##使用playbook搜索Ansible roles
host_key_checking = False ##是否检查远程公钥指纹
sudo_exe = sudo ##sudo远程执行命令
sudo_flags = -H -S -n ##传递sudo之外的参数
timeout = 10 ##SSH超时时间
remote_user = root ##远程登录用户名
log_path = /var/log/ansible.log ##日志文件存放路径
module_name = command ##Ansible命令默认执行的模块
executable = /bin/sh ##执行的shell环境,用户shell模块
hash_behaviour = replace ##特定的优先级覆盖变量
jinja2_extensions = jinja2.ext.do,jinja2.ext.i18 ##允许开启jinja2扩展模块
private_key_file = /path/to/file ##私钥文件存储位置
display_skipped_hosts = True ##显示跳过任何任务的状态
system_warnings = True ##禁用系统运行Ansible潜在问题警告
deprecation_warnings = True ##PlayBook输出禁用“不建议使用”警告
command_warnings = False ##command模块Ansible默认发出警告
nocolor = 1 ##输出带上颜色区别,0表示开启,1表示关闭
pipelining = False ##开启pipe SSH通道优化
[accelerate] ##accelerate缓存加速
accelerate_port = 5099 ##加速连接端口5099
accelerate_timeout = 30 ##命令执行超过时间,单位为s
accelerate_connect_timeout = 5.0 ##上一个活动连接的时间,单位为min
accelerate_daemon_timeout = 30 ##允许多个私钥被加载到daemon
accelerate_multi_key = yes ##任何客户端想要连接daemon都要开启这个选项Host list
## 添加客户主机信息,client清单下两台主机(IP,用户,密码,端口)
[root@Ansible ~]# vim /etc/ansible/hosts
[client]
192.168.1.2 ansible_ssh_user='root' ansible_ssh_pass='redhat' ansible_ssh_port='22'
192.168.1.3 ansible_ssh_user='root' ansible_ssh_pass='redhat' ansible_ssh_port='22'Verify Ansible
can profile host_key_checking = FalseNotes removed, to prevent the first SSHcommunication requires a public key of the fingerprint cause Ansiblecommunication failures
## 用ping模块测试主机是否连通
[root@Ansible ~]# ansible client -m ping
192.168.1.2 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.1.3 | SUCCESS => {
"changed": false,
"ping": "pong"
}
## -m:调用什么模块。-a:执行什么动作
[root@Ansible ~]# ansible client -m command -a "df -h"
192.168.1.2 | CHANGED | rc=0 >>
文件系统 容量 已用 可用 已用% 挂载点
/dev/mapper/centos-root 17G 3.1G 14G 18% /
devtmpfs 476M 0 476M 0% /dev
tmpfs 488M 0 488M 0% /dev/shm
tmpfs 488M 7.8M 480M 2% /run
tmpfs 488M 0 488M 0% /sys/fs/cgroup
/dev/sda1 1014M 173M 842M 18% /boot
tmpfs 98M 0 98M 0% /run/user/0
192.168.1.3 | CHANGED | rc=0 >>
文件系统 容量 已用 可用 已用% 挂载点
/dev/mapper/centos-root 17G 3.1G 14G 18% /
devtmpfs 476M 0 476M 0% /dev
tmpfs 488M 0 488M 0% /dev/shm
tmpfs 488M 7.7M 480M 2% /run
tmpfs 488M 0 488M 0% /sys/fs/cgroup
/dev/sda1 1014M 173M 842M 18% /boot
tmpfs 98M 0 98M 0% /run/user/0Using a key connection
## 创建密钥对
[root@Ansible ~]# ssh-keygen -t rsa
## 发送到相应的主机上
[root@Ansible ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
[root@Ansible ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
## 删除配置文件IP后面的账号密码
[root@Ansible ~]# vim /etc/ansible/hosts
[client]
192.168.1.2
192.168.1.3
## 连接测试
[root@Ansible ~]# ansible client -m command -a "hostname"
192.168.1.3 | CHANGED | rc=0 >>
Client2
192.168.1.2 | CHANGED | rc=0 >>
Client1Group can include other groups
## 重新定义主机清单(组调用其他组在组名后面加上:children)
[root@Ansible ~]# vim /etc/ansible/hosts
[web]
192.168.1.2
[nfs]
192.168.1.3
[local]
localhost ansible_connection=local
[hosts:children]
web
nfs
local
## 执行命令测试连通性
[root@Ansible ~]# ansible web --list-host
hosts (1):
192.168.1.2
[root@Ansible ~]# ansible nfs --list-host
hosts (1):
192.168.1.3
[root@Ansible ~]# ansible local --list-host
hosts (1):
localhost
[root@Ansible ~]# ansible hosts --list-host
hosts (3):
192.168.1.2
192.168.1.3
localhost
## Ansible自带一个all组,为全部主机
[root@Ansible ~]# ansible all --list-host
hosts (3):
192.168.1.2
192.168.1.3
localhostInstead of using the alias IP
## 编辑文件
[root@Ansible ~]# vim /etc/ansible/hosts
[web]
web1 ansible_ssh_host=192.168.1.2
[nfs]
nfs1 ansible_ssh_host=192.168.1.3
[local]
localhost ansible_connection=local
[hosts:children]
web
nfs
local
## 列出所有主机
[root@Ansible ~]# ansible hosts --list-host
hosts (3):
web1
localhost
nfs1With -ithe specified file
[root@Ansible ~]# vim hosts
[client]
192.168.1.2
192.168.1.3
[root@Ansible ~]# ansible client -m command -a "w" -i ./hosts
192.168.1.2 | CHANGED | rc=0 >>
20:08:04 up 14:03, 2 users, load average: 0.00, 0.04, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.1.1 20:08 0.00s 0.14s 0.00s w
root pts/1 192.168.1.254 14:04 6:28 0.38s 0.38s -bash
192.168.1.3 | CHANGED | rc=0 >>
20:08:04 up 14:02, 2 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.1.1 20:08 0.00s 0.14s 0.00s w
root pts/1 192.168.1.254 14:42 1:06m 0.43s 0.43s -bash