Write in front
reference documents for this series of articles:
Basic introduction
ansible is an automatic operation and maintenance tool written in python. It integrates the advantages of old operation and maintenance tools (puppet, chef, func, etc.) to realize batch operation commands, batch deployment and other functions. Ansible only provides a framework. It does not have the ability of batch operation. Batch operation depends on many modules. It is easy to start. It is one of the indispensable tools for operation and maintenance engineers.
Tool comparison
similar to ansible are puppet and saltsatck. saltstack and ansible belong to radish and cabbage. Puppet needs to install agent on the managed host, which is slightly bloated; However, ansible does not need to install the client. It only needs to rely on SSH to work normally, that is, if you can connect to the corresponding host through SSH, you can control it through ansible. Of course, you also need to add the controlled host to the configuration list of ansible (Inventory, this list file is / etc/ansible/hosts).
ansible deployment instructions
-
Native environment.
0 18:45:07 root@ansible,172.16.2.9:~ # cat /etc/redhat-release CentOS Linux release 7.9.2009 (Core) 0 18:45:14 root@ansible,172.16.2.9:~ # uname -r 3.10.0-1160.15.2.el7.x86_64
-
Install ansible using yum or up2date.
[root@ansible ~]# yum -y install ansible [root@ansible ~]# ansible --version ansible 2.9.18
-
Document description.
Profile directory:/etc/ansible/ ansible Configuration list( ansible inventory): /etc/ansible/hosts # You need to add the controlled host information to the list. Executable Directory:/usr/bin/ lib Library dependent Directory:/usr/lib/python2.7/site-packages/ansible/ # Depending on the python version you actually depend on.
-
ansible configuration file lookup order.
1. Check environment variables ANSIBLE_CONFIG Path to. 2. Check the current user's home directory~/.ansible.cfg. 3. inspect/etc/Configuration file under/etc/ansible.cfg.
-
Common ansible command sets.
/usr/bin/ansible # It is often used for the execution of temporary commands. The common format of the command is: ansible < host pattern > [- f forks] [- M module_name] [- a args]. /usr/bin/ansible-doc # View the modules of ansible. /usr/bin/ansible-playbook # ansible automated task set choreography tool.
ansible easy to use
host name | IP address | operating system |
---|---|---|
ck-ansible | 172.16.2.9 | CentOS Linux release 7.9.2009 (Core) |
ck-node1 | 172.16.15.21 | CentOS Linux release 7.9.2009 (Core) |
ck-node2 | 172.16.15.22 | CentOS Linux release 7.9.2009 (Core) |
ck-node3 | 172.16.15.23 | CentOS Linux release 7.9.2009 (Core) |
-
View all module descriptions of ansible.
0 20:25:13 root@ck-ansible,172.16.2.9:~ # ansible-doc -l 0 20:25:22 root@ck-ansible,172.16.2.9:~ # ansible-doc -l | grep nginx
-
View a module description.
0 20:26:14 root@ck-ansible,172.16.2.9:~ # ansible-doc -s ping
-
Use the ping template to test the connectivity of the host.
# First, add the host information to be controlled to the inventory (the alias corresponding information is configured here to facilitate subsequent direct calls). ## The first way is to configure only / etc/ansible/hosts. Obviously, it is not safe to write the password in the configuration file. 0 13:15:45 root@ck-ansible,172.16.2.9:~ # vim /etc/ansible/hosts ck-node1 ansible_host=172.16.15.21 ansible_port=22 ansible_user=root ansible_ssh_pass=123456 ck-node2 ansible_host=172.16.15.22 ansible_port=22 ansible_user=root ansible_ssh_pass=123456 ck-node3 ansible_host=172.16.15.23 ansible_port=22 ansible_user=root ansible_ssh_pass=123456 ## The second method is to configure the alias and IP corresponding information in / etc/hosts, and then configure password free login. Only configure the alias in / etc/ansible/hosts (generally, ansible will be installed directly on the jumpserver host during work, so you can omit configuring / etc/hosts and password free login). 0 13:49:50 root@ck-ansible,172.16.2.9:~ # vim /etc/hosts 172.16.15.21 ck-node1 172.16.15.22 ck-node2 172.16.15.23 ck-node3 0 13:50:24 root@ck-ansible,172.16.2.9:~ # mkdir-p /server/ops_tools/ops_scripts/ 0 13:51:14 root@ck-ansible,172.16.2.9:~ # cd /server/ops_tools/ops_scripts/ 0 13:51:21 root@ck-ansible,172.16.2.9:/server/ops_tools/ops_scripts # cat batch_key.sh # Write a script for batch distribution of public keys. #!/bin/bash PWD=123456 for ip in $* do sshpass -p $PWD ssh-copy-id -i /root/.ssh/id_rsa.pub -o StrictHostKeyChecking=no $ip &>/dev/null if [ $? != 0 ];then echo -e "\n----- $ip distribution of failure -----\n" continue fi done 0 13:53:22 root@ck-ansible,172.16.2.9:/server/ops_tools/ops_scripts # sh batch_key.sh ck-node1 ck-node2 ck-node3 0 13:53:33 root@ck-ansible,172.16.2.9:/server/ops_tools/ops_scripts # cd 0 13:57:36 root@ck-ansible,172.16.2.9:~ # cat /etc/ansible/hosts ck-node1 ck-node2 ck-node3 # Use the ping module to test connectivity. 0 13:57:38 root@ck-ansible,172.16.2.9:~ # ansible ck-node1 -m ping ck-node1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 0 13:58:08 root@ck-ansible,172.16.2.9:~ # ansible ck-node2 -m ping ck-node2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 0 13:58:12 root@ck-ansible,172.16.2.9:~ # ansible ck-node3 -m ping ck-node3 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } # You can also directly use the "all" keyword of ansible to run the ping module directly on all hosts in the configuration list. 0 13:58:15 root@ck-ansible,172.16.2.9:~ # ansible all -m ping ck-node1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } ck-node3 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } ck-node2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } # If you do not want to enter the "yes/no" information above, you can modify the ansible configuration file. 0 13:24:19 root@ck-ansible,172.16.2.9:~ # vim /etc/ansible/ansible.cfg host_key_checking = False # Uncomment this line
Color description
ansible is idempotent. Ansible is result oriented. We specify a target state. Ansible will automatically judge whether the current state is consistent with the target state. If it is consistent, no operation will be performed. If it is inconsistent, the current state will become the target state, which is idempotent and idempotent It can ensure that when we repeatedly perform the same operation, the results are the same.
- Green: indicates the query or no change has occurred.
- Red: indicates an exception occurred when executing the command.
- Yellow: indicates that the command has an impact on the host at the controlled end and the configuration has changed.
- Pink: indicates advice, suggestions and information.
- Blue: indicates command execution process information.
Writing is not easy. Please indicate the source for reprint. Thank you~~