Ansible chapter I installation and deployment of ansible

1, Installation of Ansible

epel source
dnf install ansible -y
ansible --viersion

Basic information of ansible:
/etc/ansible/ansible.conf ## Global configuration file, rarely modified by default
/etc/ansible/hosts ## Global host manifest file

dnf install sshpass-1.06-9.el8.x86_64.rpm -y dnf install ansible-2.9.11-1.el8.noarch.rpm -y

2, Secret free connection between main control computer and controlled computer

[root@ansible mnt]# ssh-keygen ##Generate key [root@ansible mnt]# dnf install expect -y [root@ansible mnt]# vim sshkey.sh ##Pass the key to hosts 210 and 211 through script [root@ansible mnt]# cat sshkey.sh #!/bin/bash AUTOSSH() { /usr/bin/expect <<EOF spawn ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected].$i expect { "yes/no" { send "yes\r";exp_continue } "password" { send "westos\r" } } expect eof EOF } for i in 210 211 do AUTOSSH done [root@ansible mnt]# sh sshkey.sh [root@ansible mnt]# ssh -l root 172.25.254.211 ##Test, you can log in directly without secret Activate the web console with: systemctl enable --now cockpit.socket This system is not registered to Red Hat Insights. See https://cloud.redhat.com/ To register this system, run: insights-client --register Last login: Fri Nov 26 11:09:48 2021 from 172.25.254.70 [root@westoslinux ~]#

3, Build Anisble list

Listing is a list of ansible control hosts
/etc/ansible/hosts ## global manifest file

1. Write the managed host name or ip directly, one per line

node1.westos.com
node2.westos.com
172.25.254.240

2. Set the Group [group name] of the managed host

List view:

Group name in ansible manifest [- i manifest file]
ansible ungrouped --list-hosts
ansible all --list-hosts

Single layer list

[list1]
node1.westos.com
node2.westos.com
[list2]
node2.westos.com
[list3]
172.25.254.240

Nested list

[westos:children]
list1
list3

3, Scope operation of host specification

The Ansible host list can be simplified by specifying the host name or IP range
Syntax:
[start:end]
[westostest]
172.25.254.[100:108]

4, Specify another manifest file

vim inventory
172.25.254.240
[westostest]
172.25.254.100
172.25.254.200

The ansible command specifies the regular expression of the manifest

* ## All
##172.25.254.*
##westos*

: ## Logical or
##westos1:linux
##172.25.254.100:172.25.254.200

:& ## Logic and
##westos1:&linux
## The host is in both the westos1 list and the linux list

:! ## Logical non
##westos1:!linux
## In westos1, not in linux

~ ## Start with keyword
~(str1|str2) ## Start with condition 1 or condition 2

[root@ansible ansible]# vim hosts [westos] 172.25.254.[200:210] [westos1] 172.25.254.211 nodea.westos.org [westosall:children] westos westos1

4, Detailed explanation of Ansible configuration file parameters

Group name in ansible list - m module - u remote_user

1. Classification and priority of configuration files

/etc/ansible/ansible.cfg         ## Basic configuration file, no other configuration file found. This file takes effect
~/.ansible.cfg         ## The user does not have ansible.cfg in the current directory. This file takes effect
./ansible.cfg         ## Highest priority

2. Common configuration parameters

#[default]                 ## Basic information setting
inventory=                 ## Specify manifest path
remote_user=                 ## The user name logged in on the managed host. The current user is not specified
ask_pass=                 ## Whether to prompt for SSH password. If public key login is set to false
library=                 ## Storage directory of library files
local_tmp=                 ## Local temporary command execution directory
remote_tmp=                 ## Remote host temporary py command file storage directory
forks=                 ## Default concurrency
host_key_checking=                 ## Do you want to enter yes to establish the host when connecting to the managed host for the first time_ key
sudo_user=                 ## Default sudo user
ask_sudo_pass=                 ## Whether to ask sudo password every time the controlled host executes the ansible command
module_name=                 ## The default module uses command by default and can be modified to shell
log_path=                 ## log file path

[privilege_escalation]          ## Identity information setting
become=                         ## Whether to automatically switch users after connection
become_method=         ## Set the user switching mode, usually sudo
become_user=                 ## The user to switch to in the managed host, usually root
become_ask_pass                ## Do you need to be a become_method prompts for the password, which is false by default

5, Build user level Ansible operating environment

[root@ansible mnt]# sh sshkey.sh ##Delete the key previously transmitted to the client #!/bin/bash AUTOSSH() { /usr/bin/expect <<EOF spawn ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected].$i expect { "yes/no" { send "yes\r";exp_continue } "password" { send "westos\r" } } expect eof EOF } for i in 210 211 do ssh -l root 172.25.254.$i rm -fr /root/.ssh done

Add user, add list

[root@ansible ansible]# useradd devops [root@ansible ansible]# su - devops [devops@ansible ~]$ mkdir .ansible [devops@ansible ~]$ cd .ansible/ [devops@ansible .ansible]$ vim inventory ##detailed list [westos] 172.25.254.210 [devops@ansible .ansible]$ ls inventory

Modify the previous master profile and delete the previous settings. Write user profile

[root@ansible ansible]#vim /etc/ansible/hosts ##Modify the previous master profile and delete the previous settings [root@ansible ansible]# su - devops Last login: Fri Nov 26 15:01:40 CST 2021 on pts/1 [devops@ansible ~]$ cd .ansible/ [devops@ansible .ansible]$ ls inventory [devops@ansible .ansible]$ vim ansible.cfg ##Write configuration file [defaults] inventory = ~/.ansible/inventory host_key_checking = False remote_user = root module_name = shell [privilege_escalation] #become=True #become_method=sudo #become_user=root #become_ask_pass=False

Create a user for the controlled machine in the main control machine

[devops@ansible .ansible]$ ansible 172.25.254.210 -m shell -a 'useradd devops' -k -u root SSH password: 172.25.254.210 | CHANGED | rc=0 >> [devops@ansible .ansible]$ ansible 172.25.254.210 -m shell -a 'echo westos | passwd --stdin devops' -k -u root SSH password: 172.25.254.210 | CHANGED | rc=0 >> Changing password for user devops. passwd: all authentication tokens updated successfully. [devops@ansible .ansible]$ ansible 172.25.254.210 -m shell -a 'echo "devops ALL=(root) NOPASSWD: ALL" >> /etc/sudoers' -k -u root SSH password: 172.25.254.210 | CHANGED | rc=0 >> [devops@ansible .ansible]$

[devops@ansible .ansible]$ vim ansible.cfg [defaults] inventory = ~/.ansible/inventory host_key_checking = False remote_user = devops module_name = shell [privilege_escalation] ##After the comment, the login uses devops #become=True #become_method=sudo #become_user=root #become_ask_pass=False [devops@ansible .ansible]$ ansible westos -m shell -a 'whoami' -k SSH password: 172.25.254.211 | CHANGED | rc=0 >> devops 172.25.254.210 | CHANGED | rc=0 >> devops [devops@ansible .ansible]$ vim ansible.cfg [defaults] inventory = ~/.ansible/inventory host_key_checking = False remote_user = devops module_name = shell [privilege_escalation] become=True become_method=sudo become_user=root become_ask_pass=False [devops@ansible .ansible]$ ansible westos -m shell -a 'whoami' -k ##Remove the comments and log in to Devops sudo to root SSH password: 172.25.254.210 | CHANGED | rc=0 >> root 172.25.254.211 | CHANGED | rc=0 >> root

[devops@ansible .ansible]$ ansible 172.25.254.210 -m shell -a 'mkdir -p /home/devops/.ssh' -k ##Create a directory for the client SSH password: [WARNING]: Consider using the file module with state=directory rather than running 'mkdir'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. 172.25.254.210 | CHANGED | rc=0 >> [devops@ansible .ansible]$ ansible 172.25.254.210 -m shell -a 'chown devops.devops /home/devops/.ssh' -k ##Modify owner and all groups SSH password: [WARNING]: Consider using the file module with owner rather than running 'chown'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. 172.25.254.210 | CHANGED | rc=0 >> [devops@ansible .ansible]$ ansible 172.25.254.210 -m shell -a 'chmod 700 /home/devops/.ssh' -k SSH password: [WARNING]: Consider using the file module with mode rather than running 'chmod'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. 172.25.254.210 | CHANGED | rc=0 >> [devops@ansible .ansible]$

[devops@ansible .ansible]$ ssh-keygen ##Generate key [devops@ansible .ansible]$ ansible 172.25.254.210 -m copy -a 'src=/home/devops/.ssh/id_rsa.pub dest=/home/devops/.ssh/authorized_keys mode=0600 owner=devops group=devops' -k SSH password: 172.25.254.210 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "checksum": "880b6c072bc8663a1c81ebdfe683ff9cceddf539", "dest": "/home/devops/.ssh/authorized_keys", "gid": 1001, "group": "devops", "md5sum": "49741185aa9e2f68c3d9fec822196c38", "mode": "0600", "owner": "devops", "secontext": "unconfined_u:object_r:ssh_home_t:s0", "size": 579, "src": "/home/devops/.ansible/tmp/ansible-tmp-1637913963.6558049-34674-55602837977237/source", "state": "file", "uid": 1001 } [devops@ansible .ansible]$ ansible 172.25.254.210 -m ping ##Test, the module can be executed without a password 172.25.254.210 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" }