The following configurations take the following table environment as an example
| role | host name | IP address | Group name | CPU |
| Control master node | ansiblecontrol | 192.168.242.10 | --- | 2C |
| Managed node | web1 | 192.168.242.11 | webservers | 2C |
| Managed node | web2 | 192.168.242.12 | webservers | 2C |
Ansible installation
Installation premise
Requirements for management host
At present, as long as it is installed on the machine
Python 2.6 (windows
The system cannot be used as the control host
)
, can run
Ansible.
The host system can be
Red Hat, Debian, CentOS, OS X, BSD
Various versions of and so on.
Requirements for managed hosts
Need to install on managed node
Python 2.4
And above. But if the version is lower than
Python 2.5
, additional installation is required
One module
: python-simplejson
Management host:
1
Manage your managed nodes
Define asset management list--
The managed node is defined in the asset list
2
Define tasks
Via ad-hoc
,
playbook
,
role
Define tasks in
3
. issue tasks
In Ansible
Tasks defined on the management node are distributed to the managed node!
The management node is to establish communication with the managed node
Managed node:
1. Implementation
Ansible Controller
Tasks issued
2. Provide application access
Install Ansible
Ansible environment preparation
| Role name | IP |
| master.zjm.com | 192.168.242.10 |
| node1.zjm.com | 192.168.242.11 |
| node2.zjm.com | 192.168.242.12 |
Source code installation: source code installation requires python2 6 or above, which depends on modules paramiko, PyYAML, Jinja2, httplib2, simplejson and pycrypto. The above modules can be through pip or easy_install to install
PIP installation: pip is a tool specially used to manage Python modules. Ansible will update it to the PIP warehouse every time it is officially released. Therefore, by installing or updating ansible through pip, it will be safer to get the latest stable version.
Install using yum or up2date
Installing EPEL repository for CentOS 7
[root@master ~]# yum install -y epel-release
Install ansible using yum or up2date
[root@master ~]# yum install -y ansible
View the version of ansible
[root@master ~]# ansible --version ansible 2.9.23 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /bin/ansible python version = 2.7.5 (default, Aug 7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
Determine whether ansible works normally in ad-hoc mode
[root@master ~]# ansible localhost -m ping
localhost | SUCCESS => {
"changed": false,
"ping": "pong"
}
Configure running environment
Configure Ansible environment
Ansible configuration files store configuration data in ini format. In ansible, almost all configuration items can be accessed through
Ansible
of
playbook
Or environment variables. Running
Ansible
Command, the command will find the configuration file in the preset order, as shown below
1 ) ANSIBLE_CONFIG: first
First,
Ansible
The command checks the environment variable and the configuration file that the environment variable will point to.
2 ) ./ansible.cfg:
Secondly, the current directory will be checked
ansible.cfg
Configuration file.
3 )~/.ansible.cfg
: again, the current user will be checked
home
Under the directory
ansible.cfg
Configuration file.
4 ) /etc/ansible/ansible.cfg:
Finally, the package management tool installation in use will be checked
Ansible
Automatically generated profile when.
1.
Configure using environment variables
Most
Ansible
Parameters can be set with
ANSIBLE,
The parameter names must be in uppercase letters. The following configuration items are available: export ANSIBLE_SUDO_USER=root
After setting the environment variable,
ANSIBLE_SUDO_USER
Can be in
playbook
Directly referenced in.
2.
set up
ansible.cfg
configuration parameter
• inventory: this parameter represents the resource list
inventory
File location
• library: this
library
The parameter refers to the storage
Ansible
Directory of modules
• forks: set by default
Ansible
How many processes can work at the same time? The default setting is the maximum
5
Two processes are processed in parallel.
• sudo_user: sets the default user to execute commands
• remote_port: Specifies the management port of the managed node. The default is
22
• host_key_checking: This is to set whether to check
SSH
The key of the host.
• timeout: This is the setting
SSH
The timeout interval of the connection, in seconds
• log_ Path: the ansible system does not record logs by default. If you want to
Ansible
The output of the system is recorded in the log file and needs to be set_
To specify a file to store logs.
Use public key authentication
If there is a managed node, reinstall the system and
known hosts
If there is different key information from the previous one, an error message of key mismatch will be prompted until it is corrected. When using Ansible
If a managed node is not in
known_hosts
Is initialized in, and Ansible will be used
Or timed execution
Ansible
Prompt on
key
Confirmation of information.
If you don't want this to happen and you understand the meaning of disabling this behavior, just modify home
Directory
~/. ansible.cfg or / etc / ansible / ansible CFG configuration items:
[defaults] host_key_checking = False
Or directly set the environment variables in the operating system of the control host as follows:
$export ANSIBLE_HOST_KEY_CHECKING=False
Configure SSH password less access for Linux hosts
for fear of
Ansible
When issuing the command, enter the target host password, which is achieved by signing the certificate
SSH
No password is a good solution. SSH keygen and
ssh-copy-id
To achieve fast certificate generation and public key distribution, in which
ssh-keygen
Produce a pair of keys and use SSH copy ID to distribute the generated public key.
Or directly set the environment variable in the operating system of the control host, as shown below
:
$export ANSIBLE_HOST_KEY_CHECKING=False
[root@master ~]# vi /etc/hosts [root@master ~]# tail -3 /etc/hosts 192.168.242.10 master 192.168.242.11 node1 192.168.242.12 node2
1. Create key on control host
[root@master ~]# ssh-keygen -f ~/.ssh/id_rsa -P '' -q [root@master ~]# ls -l ~/.ssh total 8 -rw-------. 1 root root 1679 Aug 11 23:02 id_rsa -rw-r--r--. 1 root root 393 Aug 11 23:02 id_rsa.pub
2. Issue the key to the managed node
[root@master ~]# ssh-copy-id node1 [root@master ~]# ssh-copy-id node2
3. Verify that SSH keyless configuration is successful
[root@master ~]# for name in node{1,2}; do ssh $name hostname; done
node1
node2
Ansible Inventory
In large-scale configuration management, we need to manage different machines of different businesses. The information of these machines is stored in the Inventory component of ansible. In our work, the host for configuration deployment must be stored in the Inventory first, so that ansible can be used to operate it, The default ansible Inventory is a static INI format file / etc/ansible/hosts. Of course, ansible can also be used_ The hosts environment variable is specified or temporarily set with the - i parameter when running ansible and ansible playbook
Define hosts and host groups
Specific definition examples
[root@master ~]# vi /etc/ansible/hosts [root@master ~]# tail -11 /etc/ansible/hosts 192.168.242.11 ansible_ssh_pass='123' 192.168.242.12 ansible_ssh_pass='123' [docker] 192.168.242.1[1:2] [docker:vars] ansible_ssh_pass='123' [ansible:children] docker
The first and second lines define a host as 192.168 242.11/12, the SSH login password is defined using the Inventory built-in variable
The third line defines a docker group. The fourth line defines that there are two hosts 192.168 under the docker group 242.11/192.168. 242.12 ':' can be used to represent consecutive multiple, for example, 1:5, from one to five
Line 5 and 6: for the docker group, the Inventory built-in variable is used to define the SSH login password
Line 78: define an ansible group, which contains the docker group
The following are for different hosts and host groups
Ansible
of
ping
Module detection
[root@master ~]# ansible 192.168.242.11:192.168.242.12 -m ping -o
192.168.242.12 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.242.11 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
[root@master ~]# ansible docker -m ping -o
192.168.242.12 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.242.11 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
[root@master ~]# ansible ansible -m ping -o
192.168.242.12 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.242.11 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
Dynamic Inventory
In the actual application deployment, there will be a large number of host lists. It will be very cumbersome to manually maintain these lists. In fact, Ansible also supports dynamic Inventory. Dynamic Inventory is Ansible. The host lists and variable information in all Inventory files can be pulled from the outside
About referencing dynamic
Inventory
The function configuration only needs to
ansible.cfg
In the file
inventory
Change the definition value of to an execution script. The content of this script is not limited by any programming language, but there are certain specifications when using parameters in this script, and there are requirements for the execution results of the script. This script needs to support two parameters
--list
perhaps
-l:
After running this parameter, the information of all hosts and host groups will be displayed(
JSON
Format).
--host
perhaps
-H:
You need to specify one after this parameter
host
, the running result will return all the information of this host (including authentication information, host variables, etc.)
, too
jSON
Format.
Example:
This script defines two functions,
lists
In specified
--list
Execute at,
hosts
In specified
--host
Execute when
[root@master ~]# vi hosts.py
[root@master ~]# cat hosts.py
#!/usr/bin/env python3
import argparse
import sys
import json
def lists():
r = {}
h = [ '192.168.242.1' + str(i) for i in range(0,2) ]
hosts = {'host': h}
r['docker'] = hosts
return json.dumps(r,indent=3)
def hosts(name):
r = {'ansible_ssh_pass': '123'}
cpis=dict(r.items())
return json.dumps(cpis)
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument('-l', '--list' , help='hosts list' , action='store_true')
parser.add_argument('-H', '--host', help='hosts vars')
args = vars(parser.parse_args())
if args['list']:
print(lists())
elif args['host']:
print(hosts(args['host']))
else:
parser.print_help()
Test script
[root@master ~]# chmod +x hosts.py
[root@master ~]# ./hosts.py -l
{
"docker": {
"host": [
"192.168.242.10",
"192.168.242.11",
"192.168.242.12"
]
}
}
[root@master ~]# ./hosts.py -H 192.168.242.12
{"ansible_ssh_pass": "123"}
Ansible composition introduction
[root@master ~]# tree /etc/ansible/ /etc/ansible/ ├── ansible.cfg #ansible configuration file ├── hosts #Resource manifest file └── roles 1 directory, 2 files
Host connectivity test
#Modify the configuration of hosts and groups
[root@master ~]# cat >> /etc/ansible/hosts << EOF
> [webservers]
> node[1:2]
> EOF
#Test a host
[root@master ~]# ansible node1 -m ping
node1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
#Test a set of hosts
[root@master ~]# ansible webservers -m ping
node1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
node2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
Batch execute command
#Use ansible to output "hello ansible" on the remote machine“ #Using shell modules [root@master ~]# ansible webservers -m shell -a '/bin/echo hello ansible!' -o node2 | CHANGED | rc=0 | (stdout) hello ansible! node1 | CHANGED | rc=0 | (stdout) hello ansible! #Using the command module [root@master ~]# ansible webservers -a '/bin/echo hello ansible!' -o node1 | CHANGED | rc=0 | (stdout) hello ansible! node2 | CHANGED | rc=0 | (stdout) hello ansible! #Using raw module [root@master ~]# ansible webservers -m raw -a '/bin/echo hello ansible!' node1 | CHANGED | rc=0 >> hello ansible! Shared connection to node1 closed. node2 | CHANGED | rc=0 >> hello ansible! Shared connection to node2 closed.
Get help
stay
Ansible
There are
8
Two main
Ansible
Management tools. Each management tool is supported by a series of modules and parameters. Readily available help information for understanding Ansible
The system is very important. about
Ansible
For each tool, you can simply add - h after the command
or
-help
Get help directly.
Ansible doc: used to view module information
//Parameter - 1 lists the available modules
[root@master ~]# ansible-doc -l fortios_router_community_list Configure community lists in Fortinet's FortiOS and FortiGate azure_rm_devtestlab_info Get Azure DevTest Lab facts ecs_taskdefinition register a task definition in ecs avi_alertscriptconfig Module for setup of AlertScriptConfig Avi RESTful Object tower_receive Receive assets from Ansible Tower netapp_e_iscsi_target NetApp E-Series manage iSCSI target configuration azure_rm_acs Manage an Azure Container Service(ACS) instance fortios_log_syslogd2_filter Filters for remote system server in Fortinet's FortiOS and FortiGate
//-s) list the actions supported by a module
[root@master ~]# ansible-doc -s shell
- name: Execute shell commands on targets
shell:
chdir: # Change into this directory before running the command.
cmd: # The command to run followed by optional arguments.
creates: # A filename, when it already exists, this step will *not*
be run.
executable: # Change the shell used to execute the command. This
expects an absolute path
to the executable.
free_form: # The shell module takes a free form command to run, as a
string. There is no actual
parameter named 'free
form'. See the examples on
how to use this module.
removes: # A filename, when it does not exist, this step will *not*
be run.
stdin: # Set the stdin of the command directly to the specified
value.
stdin_add_newline: # Whether to append a newline to stdin data.
warn: # Whether to enable task warnings.
//-v
View detailed examples
[root@master ~]# ansible-doc -v shell
Using /etc/ansible/ansible.cfg as config file
> SHELL (/usr/lib/python2.7/site-packages/ansible/modules/commands/shell.py)
The `shell' module takes the command name followed by a list
of space-delimited arguments. Either a free form command or
`cmd' parameter is required, see the examples. It is almost
exactly like the [command] module but runs the command through
a shell (`/bin/sh') on the remote node. For Windows targets,
use the [win_shell] module instead.
* This module is maintained by The Ansible Core Team
* note: This module has a corresponding action plugin.
ansible: used to execute ad-hoc commands
ansible
Is the core part of the instruction, which is mainly used for execution
ad-hoc
Command, that is, a single command. The default needs to be followed by the host and options. When the module is not specified by default, the command is used
modular.
[root@master ~]# ansible localhost -a date localhost | CHANGED | rc=0 >> Thu Aug 12 00:22:39 CST 2021
In addition, in
Ansible
When debugging automation scripts, you often need to obtain the details of the execution process, which can be added after the command
-v
Or -vvv get detailed output results.
[root@master ~]# ansible node1 -m ping -vv
ansible 2.9.23
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Nov 16 2020, 22:23:17) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
Using /etc/ansible/ansible.cfg as config file
Skipping callback 'actionable', as we already have a stdout callback.
Skipping callback 'counter_enabled', as we already have a stdout callback.
Skipping callback 'debug', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'full_skip', as we already have a stdout callback.
Skipping callback 'json', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'null', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
Skipping callback 'selective', as we already have a stdout callback.
Skipping callback 'skippy', as we already have a stdout callback.
Skipping callback 'stderr', as we already have a stdout callback.
Skipping callback 'unixy', as we already have a stdout callback.
Skipping callback 'yaml', as we already have a stdout callback.
META: ran handlers
node1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
META: ran handlers
META: ran handlers