ansible1: introduction and installation

catalogue


Write in front

  reference documents for this series of articles:

Basic introduction

   ansible is an automatic operation and maintenance tool written in python. It integrates the advantages of old operation and maintenance tools (puppet, chef, func, etc.) to realize batch operation commands, batch deployment and other functions. Ansible only provides a framework. It does not have the ability of batch operation. Batch operation depends on many modules. It is easy to start. It is one of the indispensable tools for operation and maintenance engineers.

Tool comparison

  similar to ansible are puppet and saltsatck. saltstack and ansible belong to radish and cabbage. Puppet needs to install agent on the managed host, which is slightly bloated; However, ansible does not need to install the client. It only needs to rely on SSH to work normally, that is, if you can connect to the corresponding host through SSH, you can control it through ansible. Of course, you also need to add the controlled host to the configuration list of ansible (Inventory, this list file is / etc/ansible/hosts).

ansible deployment instructions

  1. Native environment.

      0 18:45:07 root@ansible,172.16.2.9:~ # cat /etc/redhat-release 
    CentOS Linux release 7.9.2009 (Core)
      0 18:45:14 root@ansible,172.16.2.9:~ # uname -r
    3.10.0-1160.15.2.el7.x86_64
    
  2. Install ansible using yum or up2date.

    [root@ansible ~]# yum -y install ansible
    [root@ansible ~]# ansible --version
    ansible 2.9.18
    
  3. Document description.

    Profile directory:/etc/ansible/
    ansible Configuration list( ansible inventory): /etc/ansible/hosts					# You need to add the controlled host information to the list.
    Executable Directory:/usr/bin/
    lib Library dependent Directory:/usr/lib/python2.7/site-packages/ansible/		# Depending on the python version you actually depend on.
    
  4. ansible configuration file lookup order.

    1. Check environment variables ANSIBLE_CONFIG Path to.
    2. Check the current user's home directory~/.ansible.cfg. 
    3. inspect/etc/Configuration file under/etc/ansible.cfg. 
    
  5. Common ansible command sets.

    /usr/bin/ansible			# It is often used for the execution of temporary commands. The common format of the command is: ansible < host pattern > [- f forks] [- M module_name] [- a args].
    /usr/bin/ansible-doc		# View the modules of ansible.
    /usr/bin/ansible-playbook	# ansible automated task set choreography tool.
    

ansible easy to use

host name IP address operating system
ck-ansible 172.16.2.9 CentOS Linux release 7.9.2009 (Core)
ck-node1 172.16.15.21 CentOS Linux release 7.9.2009 (Core)
ck-node2 172.16.15.22 CentOS Linux release 7.9.2009 (Core)
ck-node3 172.16.15.23 CentOS Linux release 7.9.2009 (Core)

  1. View all module descriptions of ansible.

      0 20:25:13 root@ck-ansible,172.16.2.9:~ # ansible-doc -l
      0 20:25:22 root@ck-ansible,172.16.2.9:~ # ansible-doc -l | grep nginx
    
  2. View a module description.

      0 20:26:14 root@ck-ansible,172.16.2.9:~ # ansible-doc -s ping
    
  3. Use the ping template to test the connectivity of the host.

    # First, add the host information to be controlled to the inventory (the alias corresponding information is configured here to facilitate subsequent direct calls).
    ## The first way is to configure only / etc/ansible/hosts. Obviously, it is not safe to write the password in the configuration file.
      0 13:15:45 root@ck-ansible,172.16.2.9:~ # vim /etc/ansible/hosts
    ck-node1	ansible_host=172.16.15.21	ansible_port=22 	ansible_user=root	ansible_ssh_pass=123456
    ck-node2	ansible_host=172.16.15.22	ansible_port=22 	ansible_user=root	ansible_ssh_pass=123456
    ck-node3	ansible_host=172.16.15.23	ansible_port=22 	ansible_user=root	ansible_ssh_pass=123456
    ## The second method is to configure the alias and IP corresponding information in / etc/hosts, and then configure password free login. Only configure the alias in / etc/ansible/hosts (generally, ansible will be installed directly on the jumpserver host during work, so you can omit configuring / etc/hosts and password free login).
      0 13:49:50 root@ck-ansible,172.16.2.9:~ # vim /etc/hosts
    172.16.15.21    ck-node1
    172.16.15.22    ck-node2
    172.16.15.23    ck-node3
      0 13:50:24 root@ck-ansible,172.16.2.9:~ # mkdir-p /server/ops_tools/ops_scripts/
      0 13:51:14 root@ck-ansible,172.16.2.9:~ # cd /server/ops_tools/ops_scripts/
      0 13:51:21 root@ck-ansible,172.16.2.9:/server/ops_tools/ops_scripts # cat batch_key.sh 		# Write a script for batch distribution of public keys.
    #!/bin/bash
    
    PWD=123456
    
    
    for ip in $*
    do
      sshpass -p $PWD ssh-copy-id -i /root/.ssh/id_rsa.pub -o StrictHostKeyChecking=no $ip &>/dev/null
      if [ $? != 0 ];then
        echo -e "\n----- $ip distribution of failure -----\n" 
        continue
      fi
    done
      0 13:53:22 root@ck-ansible,172.16.2.9:/server/ops_tools/ops_scripts # sh batch_key.sh ck-node1 ck-node2 ck-node3
      0 13:53:33 root@ck-ansible,172.16.2.9:/server/ops_tools/ops_scripts # cd
      0 13:57:36 root@ck-ansible,172.16.2.9:~ # cat /etc/ansible/hosts
    ck-node1
    ck-node2
    ck-node3
    # Use the ping module to test connectivity.
      0 13:57:38 root@ck-ansible,172.16.2.9:~ # ansible ck-node1 -m ping
    ck-node1 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
      0 13:58:08 root@ck-ansible,172.16.2.9:~ # ansible ck-node2 -m ping
    ck-node2 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
      0 13:58:12 root@ck-ansible,172.16.2.9:~ # ansible ck-node3 -m ping
    ck-node3 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    # You can also directly use the "all" keyword of ansible to run the ping module directly on all hosts in the configuration list.
      0 13:58:15 root@ck-ansible,172.16.2.9:~ # ansible all -m ping
    ck-node1 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    ck-node3 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    ck-node2 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "ping": "pong"
    }
    # If you do not want to enter the "yes/no" information above, you can modify the ansible configuration file.
      0 13:24:19 root@ck-ansible,172.16.2.9:~ # vim /etc/ansible/ansible.cfg
    host_key_checking = False		# Uncomment this line
    

Color description

   ansible is idempotent. Ansible is result oriented. We specify a target state. Ansible will automatically judge whether the current state is consistent with the target state. If it is consistent, no operation will be performed. If it is inconsistent, the current state will become the target state, which is idempotent and idempotent It can ensure that when we repeatedly perform the same operation, the results are the same.

  1. Green: indicates the query or no change has occurred.
  2. Red: indicates an exception occurred when executing the command.
  3. Yellow: indicates that the command has an impact on the host at the controlled end and the configuration has changed.
  4. Pink: indicates advice, suggestions and information.
  5. Blue: indicates command execution process information.


Writing is not easy. Please indicate the source for reprint. Thank you~~

Posted on Thu, 04 Nov 2021 06:15:53 -0400 by Gubbins