Ansible introduction and installation
1, Introduce Ansible
1. What is Ansible
- Ansible is an infrastructure as code tool that keeps pace with Puppet, SaltStack and check. Its simple and easy-to-use features make people love it and occupy a place in the DevOps industry
- Ansible provides the easiest way to publish, manage and orchestrate computer systems, which you can do in minutes
- Ansible is a model driven configuration manager that supports multi node publishing and remote task execution. SSH is used for remote connection by default. There is no need to install additional software on the managed node and can be extended using various programming languages
2.Ansible features
- Modularization: call specific modules to complete specific tasks
- There are three key modules: Paramiko, PyYAML and jinja2 (template language)
- Support custom modules
- Implementation based on Python language
- Simple deployment, based on Python and SSH, agentless
- Security, OpenSSH based
- Support playbook choreography tasks
- Idempotency: the effect of executing a task once is the same as that of executing it n times, and there is no accident caused by repeated execution
- No proxy, no PKI dependency (no ssl required)
- Modules can be written in any programming language
- YAML format, arranging tasks, supporting rich data structures
- More powerful multi tier solutions
Ansible works based on modules and has no batch deployment capability. The real batch deployment capability is the modules run by ansible. Ansible only provides a framework. It mainly includes:
- connection plugins: responsible for communicating with the monitored implementation
- host inventory: Specifies the host of the operation, which is the monitoring host defined in the configuration file
- Various modules: core module, command module and user-defined module
- With the help of plug-in, it can complete the functions of logging mail and so on
- playbook: when the script executes multiple tasks, it is not necessary to let the node run multiple tasks at one time
3.Ansible's working mechanism
Ansble pushes the Ansible module to the managed end for execution through SSH protocol at the management node, and automatically deletes it after execution. You can use SVN to manage custom modules and choreography
4.Ansible architecture
Ansible system consists of control host and managed host. The control host does not support Windows platform
As can be seen from the figure, Ansible is composed of the following modules:
- Ansible: the core module of ansible
- Host Inventory: host list, that is, the list of managed hosts
- Playbooks: Ansible's script can be imagined as executing multiple tasks together
- Core modules: the core module of ansible
- Custom moodles: custom module
- Connection Plugins: a connection plug-in used to establish SSH based connection relationship with the managed host
- Plugins: other plug-ins, including logging, etc
5.Ansible advantages and disadvantages
advantage
- It is lightweight and does not need to install the agent on the client. When updating, it only needs to update once on the operating machine. Batch tasks can be written into scripts and can be executed without distributing to the remote
- Written in python, it is easy to maintain
- Support sudo
shortcoming
For the operation of thousands of hosts, I don't know the performance and efficiency
2, Installation of Ansible
1. Installation mode of ansible
Ansible can be installed by source code installation, pip installation and yum installation
Control node requirements
- The control node shall be a Linux or UNIX system. Windows is not supported as a control node, but the windows system can be a managed host
- The control node needs to install Python 3 (version 3.5 or above) or Python 2 (version 2.7 or above)
1.1 source code installation
The source code installation depends on the modules paramiko, PyYAML, Jinja2, httplib2, simplejson and pycrypto. The above modules can be installed through pip or easy_install to install
1.2 pip installation
pip is a tool specially used to manage Python modules. Ansible will update the pip warehouse every time it is officially released. Therefore, installing or updating ansible through pip will be more secure to get the latest stable version
1.3 installation
1.3.1 installation of epel source
Because we use CentOS here, we need to install the epel source first
[root@node1 ~]# yum -y install epel-release.noarch Last metadata expiration check: 1 day, 5:21:03 ago on Sun 11 Jul 2021 11:28:30 PM EDT. Dependencies resolved. ...... Installed: epel-next-release-8-11.el8.noarch epel-release-8-11.el8.noarch Complete! [root@node1 ~]#
1.3.2 install ansible using the yum command
[root@node1 ~]# yum -y install ansible Extra Packages for Enterprise Linux Modular 8 - x86 53 kB/s | 663 kB 00:12 Extra Packages for Enterprise Linux 8 - Next - x86_ 62 kB/s | 1.1 MB 00:18 Extra Packages for Enterprise Linux 8 - x86_64 27 kB/s | 10 MB 06:16 Last metadata expiration check: 0:00:01 ago on Tue 13 Jul 2021 04:56:13 AM EDT. Dependencies resolved. ...... Installed: ansible-2.9.23-1.el8.noarch libsodium-1.0.18-2.el8.x86_64 python3-babel-2.5.1-6.el8.noarch python3-bcrypt-3.1.6-2.el8.1.x86_64 python3-cffi-1.11.5-5.el8.x86_64 python3-cryptography-3.2.1-5.el8.x86_64 python3-jinja2-2.10.1-3.el8.noarch python3-jmespath-0.9.0-11.el8.noarch python3-markupsafe-0.23-19.el8.x86_64 python3-paramiko-2.4.3-1.el8.noarch python3-pip-9.0.3-20.el8.noarch python3-ply-3.9-9.el8.noarch python3-pyasn1-0.3.7-6.el8.noarch python3-pycparser-2.14-14.el8.noarch python3-pynacl-1.3.0-5.el8.x86_64 python3-pytz-2017.2-9.el8.noarch python3-pyyaml-3.12-12.el8.x86_64 python3-setuptools-39.2.0-6.el8.noarch python36-3.6.8-37.module_el8.5.0+771+e5d9a225.x86_64 sshpass-1.06-9.el8.x86_64 Complete! [root@node1 ~]# ansible --version // Here's a look at the version of ansible installed ansible 2.9.23 config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible python version = 3.6.8 (default, Dec 3 2020, 18:11:24) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)] [root@node1 ~]#
3, Build Ansible list
1. List of definitions
1.1 function of the list
A batch host list managed by Ansible is defined. By executing Ansible module, the hosts in the list are directly managed in batch during the call process
1.2 default location of list
Default location: / etc/ansible/hosts
* * usage rules: * * the default list is generally not used. In order to facilitate the management of each manager, the manager will set its own list directory in its own folder directory
List reading order: list under the current directory > list under the user > global user list
1.3 build Ansible list
In the / etc/ansible / directory, create a custom static manifest file called inventory
[root@node1 ~]# cd /etc/ansible/ [root@node1 ansible]# touch inventory [root@node1 ansible]# ls ansible.cfg hosts inventory roles [root@node1 ansible]#
Edit the / etc/ansible/nventory file to add the node2 node to the managed host queue
[root@node1 ansible]# vim inventory [root@node1 ansible]# cat inventory 192.168.100.110 ansible_user=root ansible_password=1 [root@node1 ansible]#
Modify the ansible configuration file to change the default manifest location
[root@node1 ansible]# vim ansible.cfg ...... [defaults] # some basic default values... #inventory = /etc/ansible/hosts inventory = /etc/ansible/inventory //Create a new row and write a new manifest path #library = /usr/share/my_modules/ #module_utils = /usr/share/my_module_utils/ #remote_tmp = ~/.ansible/tmp ...... //Save exit
List all managed hosts in the modified manifest file to see whether the modification is successful
[root@node1 ansible]# ansible all --list-hosts
hosts (1):
192.168.100.110
[root@node1 ansible]#
Execute the ping command to test
If the controlling end communicates with the controlled end for the first time, you need to add login information through ssh connection first
[root@node1 ~]# ansible all -m ping
192.168.100.110 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[root@node1 ~]#
If there are too many machines
Just open the host in the ansible configuration file_ key_ checking = False
[root@node1 ~]# vim /etc/ansible/ansible.cfg
host_key_checking = False //In line 72, just delete the # at the beginning of the line
[root@node1 ~]# ansible all -m ping
192.168.100.110 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[root@node1 ~]#
1.4 view catalog list
- **List all managed hosts in the list: * * ansible all -- listt hosts
- **List hosts that do not belong to a group: * * ansible ungrouped -- List hosts
- **List hosts belonging to webservers group: * * ansible webservers -- List hosts
- **List all specified hosts: * * ansible all - I Inventory -- List hosts
- **List hosts that do not belong to a group: * * ansible ungrouped - I Inventory -- lost hosts
- **List hosts in the list www group: * * ansible www - I Inventory -- List hosts