ansible1: introduction and installation

catalogue


Write in front

  reference documents for this series of articles:

Basic introduction

   ansible is an automatic operation and maintenance tool written in python. It integrates the advantages of old operation and maintenance tools (puppet, chef, func, etc.) to realize batch operation commands, batch deployment and other functions. Ansible only provides a framework. It does not have the ability of batch operation. Batch operation depends on many modules. It is easy to start. It is one of the indispensable tools for operation and maintenance engineers.

Tool comparison

  similar to ansible are puppet and saltsatck. saltstack and ansible belong to radish and cabbage. Puppet needs to install agent on the managed host, which is slightly bloated; However, ansible does not need to install the client. It only needs to rely on SSH to work normally, that is, if you can connect to the corresponding host through SSH, you can control it through ansible. Of course, you also need to add the controlled host to the configuration list of ansible (Inventory, this list file is / etc/ansible/hosts).

ansible deployment instructions

  1. Native environment.

      0 18:45:07 root@ansible,172.16.2.9:~ # cat /etc/redhat-release 
CentOS Linux release 7.9.2009 (Core)
  0 18:45:14 root@ansible,172.16.2.9:~ # uname -r
3.10.0-1160.15.2.el7.x86_64

  2. Install ansible using yum or up2date.

    [root@ansible ~]# yum -y install ansible
[root@ansible ~]# ansible --version
ansible 2.9.18

  3. Document description.

    Profile directory:/etc/ansible/
ansible Configuration list( ansible inventory): /etc/ansible/hosts					# You need to add the controlled host information to the list.
Executable Directory:/usr/bin/
lib Library dependent Directory:/usr/lib/python2.7/site-packages/ansible/		# Depending on the python version you actually depend on.

  4. ansible configuration file lookup order.

    1. Check environment variables ANSIBLE_CONFIG Path to.
2. Check the current user's home directory~/.ansible.cfg. 
3. inspect/etc/Configuration file under/etc/ansible.cfg.

  5. Common ansible command sets.

    /usr/bin/ansible			# It is often used for the execution of temporary commands. The common format of the command is: ansible < host pattern > [- f forks] [- M module_name] [- a args].
/usr/bin/ansible-doc		# View the modules of ansible.
/usr/bin/ansible-playbook	# ansible automated task set choreography tool.

ansible easy to use

host name IP address operating system
ck-ansible 172.16.2.9 CentOS Linux release 7.9.2009 (Core)
ck-node1 172.16.15.21 CentOS Linux release 7.9.2009 (Core)
ck-node2 172.16.15.22 CentOS Linux release 7.9.2009 (Core)
ck-node3 172.16.15.23 CentOS Linux release 7.9.2009 (Core)

  1. View all module descriptions of ansible.

      0 20:25:13 root@ck-ansible,172.16.2.9:~ # ansible-doc -l
  0 20:25:22 root@ck-ansible,172.16.2.9:~ # ansible-doc -l | grep nginx

  2. View a module description.

      0 20:26:14 root@ck-ansible,172.16.2.9:~ # ansible-doc -s ping

  3. Use the ping template to test the connectivity of the host.

    # First, add the host information to be controlled to the inventory (the alias corresponding information is configured here to facilitate subsequent direct calls).
## The first way is to configure only / etc/ansible/hosts. Obviously, it is not safe to write the password in the configuration file.
  0 13:15:45 root@ck-ansible,172.16.2.9:~ # vim /etc/ansible/hosts
ck-node1	ansible_host=172.16.15.21	ansible_port=22 	ansible_user=root	ansible_ssh_pass=123456
ck-node2	ansible_host=172.16.15.22	ansible_port=22 	ansible_user=root	ansible_ssh_pass=123456
ck-node3	ansible_host=172.16.15.23	ansible_port=22 	ansible_user=root	ansible_ssh_pass=123456
## The second method is to configure the alias and IP corresponding information in / etc/hosts, and then configure password free login. Only configure the alias in / etc/ansible/hosts (generally, ansible will be installed directly on the jumpserver host during work, so you can omit configuring / etc/hosts and password free login).
  0 13:49:50 root@ck-ansible,172.16.2.9:~ # vim /etc/hosts
172.16.15.21    ck-node1
172.16.15.22    ck-node2
172.16.15.23    ck-node3
  0 13:50:24 root@ck-ansible,172.16.2.9:~ # mkdir-p /server/ops_tools/ops_scripts/
  0 13:51:14 root@ck-ansible,172.16.2.9:~ # cd /server/ops_tools/ops_scripts/
  0 13:51:21 root@ck-ansible,172.16.2.9:/server/ops_tools/ops_scripts # cat batch_key.sh 		# Write a script for batch distribution of public keys.
#!/bin/bash

PWD=123456


for ip in $*
do
  sshpass -p $PWD ssh-copy-id -i /root/.ssh/id_rsa.pub -o StrictHostKeyChecking=no $ip &>/dev/null
  if [ $? != 0 ];then
    echo -e "\n----- $ip distribution of failure -----\n" 
    continue
  fi
done
  0 13:53:22 root@ck-ansible,172.16.2.9:/server/ops_tools/ops_scripts # sh batch_key.sh ck-node1 ck-node2 ck-node3
  0 13:53:33 root@ck-ansible,172.16.2.9:/server/ops_tools/ops_scripts # cd
  0 13:57:36 root@ck-ansible,172.16.2.9:~ # cat /etc/ansible/hosts
ck-node1
ck-node2
ck-node3
# Use the ping module to test connectivity.
  0 13:57:38 root@ck-ansible,172.16.2.9:~ # ansible ck-node1 -m ping
ck-node1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
  0 13:58:08 root@ck-ansible,172.16.2.9:~ # ansible ck-node2 -m ping
ck-node2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
  0 13:58:12 root@ck-ansible,172.16.2.9:~ # ansible ck-node3 -m ping
ck-node3 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
# You can also directly use the "all" keyword of ansible to run the ping module directly on all hosts in the configuration list.
  0 13:58:15 root@ck-ansible,172.16.2.9:~ # ansible all -m ping
ck-node1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
ck-node3 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
ck-node2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
# If you do not want to enter the "yes/no" information above, you can modify the ansible configuration file.
  0 13:24:19 root@ck-ansible,172.16.2.9:~ # vim /etc/ansible/ansible.cfg
host_key_checking = False		# Uncomment this line

Color description

   ansible is idempotent. Ansible is result oriented. We specify a target state. Ansible will automatically judge whether the current state is consistent with the target state. If it is consistent, no operation will be performed. If it is inconsistent, the current state will become the target state, which is idempotent and idempotent It can ensure that when we repeatedly perform the same operation, the results are the same.

  1. Green: indicates the query or no change has occurred.
  2. Red: indicates an exception occurred when executing the command.
  3. Yellow: indicates that the command has an impact on the host at the controlled end and the configuration has changed.
  4. Pink: indicates advice, suggestions and information.
  5. Blue: indicates command execution process information.


Writing is not easy. Please indicate the source for reprint. Thank you~~

Posted on Thu, 04 Nov 2021 06:15:53 -0400 by Gubbins

Hot Tags

©2023 Programmer Help