Ansible
Article Directory
1 Ansible Introduction
Ansible is a simple operation and maintenance of automated tools, just use the ssh protocol can be connected to its systems management, automated order execution, deployment, and other tasks.
Ansible features
1, ansible do not need to install a separate client does not need to start any services
2, ansible is a python in a complete automation tasks modules
3, ansible playbook using yaml configuration for automation tasks performed at a glance
Ansible composition structure
- nsible
is Ansible command tools, tool execution core; one-time or temporary operation is performed by executing the command. - Ansible Playbook
task script (also known set of tasks), task scheduling is defined Ansible set profile, executed by the order Ansible, YAML format. - Inventory
list Ansible management host, the default is / etc / ansible / hosts file. - Modules
Ansible execute command function modules, so far Ansible2.3 version, a total of 1039 modules. It may also be custom module. - Plugins
add-on module, the module function, often plug type connector, plug-loop, variable plug filter insert, the insert with fewer features. - API
provides application programming interfaces to third-party program called.
2 environment to build
Preparing the Environment
IP | system | CPU name | description |
---|---|---|---|
192.168.1.30 | CentOS7 | ansible | ansible management node |
192.168.1.31 | CentOS7 | linux.node01.com | Managed nodes 1 |
192.168.1.32 | CentOS7 | linux.node02.com | Managed Node 2 |
192.168.1.33 | CentOS7 | linux.node03.com | Managed node 3 |
3 Ansible installation
1) Configuration source epel
[root@ansible ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@ansible ~]# yum clean all
[root@ansible ~]# yum makecache
2) Installation ansible
[root@ansible ~]# yum -y install ansible
//查看ansible版本
[root@ansible ~]# ansible --version
ansible 2.8.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
4 Ansible Inventory File
Inventory Chinese Documents
Inventory files are typically used to define the authentication information to be managed host, such as ssh login user name, password, and key related information. Simultaneous operation of a group of multiple hosts, the relationship between the group and the group is configured by a host inventory file. Configuration file path: / etc / ansible / hosts
4.1 password-based connection
[root@ansible ~]# vim /etc/ansible/hosts
# 方法一 主机+端口+密码
[webserver]
192.168.1.31 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass="123456"
192.168.1.32 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass="123456"
192.168.1.33 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass="123456"
192.168.1.36 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass="123456"
# 方法二 主机+端口+密码
[webserver]
192.168.1.3[1:3] ansible_ssh_user=root ansible_ssh_pass="123456"
# 方法二 主机+端口+密码
[webserver]
192.168.1.3[1:3]
[webserver:vars]
ansible_ssh_pass="123456"
4.2 connection based on the secret key
Secret key to the managed appliance connection need to create public and private keys, based on concurrent
1) generates a public and private key
[root@ansible ~]# ssh-keygen
[root@ansible ~]# for i in {1,2,3,6}; do ssh-copy-id -i 192.168.1.3$i ; done
2) configure the connection
[root@ansible ~]# vim /etc/ansible/hosts
# 方法一 主机+端口+密钥
[webserver]
192.168.1.31:22
192.168.1.32
192.168.1.33
192.168.1.36
# 方法一 别名主机+端口+密钥
[webserver]
node1 ansible_ssh_host=192.168.1.31 ansible_ssh_port=22
node2 ansible_ssh_host=192.168.1.32 ansible_ssh_port=22
node3 ansible_ssh_host=192.168.1.33 ansible_ssh_port=22
node6 ansible_ssh_host=192.168.1.36 ansible_ssh_port=22
Use 4.3 host group
# 主机组变量名+主机+密码
[apache]
192.168.1.36
192.168.1.33
[apache.vars]
ansible_ssh_pass='123456'
# 主机组变量名+主机+密钥
[nginx]
192.168.1.3[1:2]
# 定义多个组,把一个组当另外一个组的组员
[webserver:children] #webserver组包括两个子组:apache nginx
apache
nginx
4.4 provisional designation inventory
1) First edit a master list of definitions
[root@ansible ~]# vim /etc/dockers
[dockers]
192.168.1.31 ansible_ssh_pass='123456'
192.168.1.32
192.168.1.33
2) the execution order is specified inventory
[root@ansible ~]# ansible dockers -m ping -i /etc/dockers -o
192.168.1.33 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.32 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.31 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
4.5 Inventory built-in parameter
5 Ansible Ad-Hoc
Ad-Hoc Chinese documents
ad-hoc - temporary, in ansible refers need to quickly perform, and the need to save command. It means to perform simple command - a command. For complex command was playbook, similar to saltstack the state sls state file.
1) Common command parameters ·
[root@ansible ~]# ansible -h
Usage: ansible <host-pattern> [options]
-a MODULE_ARGS #模块参数
-C, --check #检查语法
-f FORKS #并发
--list-hosts #列出主机列表
-m MODULE_NAME #模块名字
-o 使用精简的输出
2) Examples
[root@ansible ~]# ansible webserver -m shell -a 'uptime' -o
192.168.1.36 | CHANGED | rc=0 | (stdout) 13:46:14 up 1 day, 9:20, 4 users, load average: 0.00, 0.00, 0.00
192.168.1.33 | CHANGED | rc=0 | (stdout) 21:26:33 up 1 day, 8:51, 3 users, load average: 0.00, 0.01, 0.05
192.168.1.31 | CHANGED | rc=0 | (stdout) 21:26:33 up 1 day, 8:50, 3 users, load average: 0.00, 0.01, 0.05
192.168.1.32 | CHANGED | rc=0 | (stdout) 21:26:33 up 1 day, 8:59, 3 users, load average: 0.00, 0.01, 0.05
3) Command Description
5.1 host-pattern format
Target target host, the host group matches the way
Match Host
# 一台目标主机
[root@ansible ~]# ansible 192.168.1.31 -m ping
# 多台目标主机
[root@ansible ~]# ansible 192.168.1.31,192.168.1.32 -m ping
# 所有目标主机
[root@ansible ~]# ansible all -m ping
Group matches
# 组的配置信息如下:这里定义了一个nginx组和一个apache组
[root@ansible ~]# ansible nginx --list
hosts (2):
192.168.1.31
192.168.1.32
[root@ansible ~]# ansible apache --list
hosts (3):
192.168.1.36
192.168.1.33
192.168.1.32
# 一个组的所有主机匹配
[root@ansible ~]# ansible apache -m ping
# 匹配apache组中有,但是nginx组中没有的所有主机
[root@ansible ~]# ansible 'apache:!nginx' -m ping -o
192.168.1.36 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.33 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
# 匹配apache组和nginx组中都有的机器(并集)
[root@ansible ~]# ansible 'apache:&nginx' -m ping -o
192.168.1.32 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
# 匹配apache组nginx组两个组所有的机器(并集);等于ansible apache,nginx -m ping
[root@ansible ~]# ansible 'apache:nginx' -m ping -o
192.168.1.32 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.31 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.33 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.36 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}