Ansible

1 Introduction to ansible

Ansible is a simple operation and maintenance automation tool, which only needs to use ssh protocol connection to carry out system management, automatic command execution, deployment and other tasks.

Ansible features

1. ansible does not need to install the client separately or start any services
2. ansible is a complete set of automatic task execution modules in python
3. ansible playbook adopts yaml configuration, which makes it clear that automatic tasks are executed at a glance

Ansible structure

• nsible
  Ansible is the command tool of ansible, which is the core execution tool. All operations executed once or temporarily are executed through this command.
• Ansible Playbook
  Task script (also known as task set), which arranges and defines the configuration file of Ansible task set, which is executed sequentially by Ansible in yaml format.
• Inventory
  Ansible manages the list of hosts. The default is the /etc/ansible/hosts file.
• Modules
  Ansible is the function module for executing commands. As of Ansible2.3, there are 1039 modules in total. Modules can also be customized.
• Plugins
  Plug in, the supplement of module function, often has connection type plug-in, cycle plug-in, variable plug-in, filter plug-in, plug-in function is less used.
• API
  An application programming interface provided for third-party program calls.

2 environment construction

Environmental preparation

3 Ansible installation

1) Configure epel source

[root@ansible ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@ansible ~]# yum clean all
[root@ansible ~]# yum makecache

2) Install ansible

[root@ansible ~]# yum -y install ansible

//View ansible version
[root@ansible ~]# ansible --version
ansible 2.8.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]

4 Ansible Inventory file

Inventory Chinese document

The inventory file is usually used to define the authentication information of the host to be managed, such as ssh login user name, password, and key related information. Multiple hosts of a group can be operated at the same time. The relationship between groups and host groups is configured through inventory file. The configuration file path is / etc/ansible/hosts

4.1 password based connection

[root@ansible ~]# vim /etc/ansible/hosts
# Method 1 host + port + password
[webserver]
192.168.1.31 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass="123456"
192.168.1.32 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass="123456"
192.168.1.33 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass="123456"
192.168.1.36 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass="123456"


# Method 2 host + port + password
[webserver]
192.168.1.3[1:3] ansible_ssh_user=root ansible_ssh_pass="123456"


# Method 2 host + port + password
[webserver]
192.168.1.3[1:3]
[webserver:vars]
ansible_ssh_pass="123456"

4.2 connection based on secret key

To connect based on secret key, public key and private key need to be created first and sent to the managed machine

1) Generate public private key

[root@ansible ~]# ssh-keygen
[root@ansible ~]# for i in {1,2,3,6}; do ssh-copy-id -i 192.168.1.3$i ; done

2) Configure connections

[root@ansible ~]# vim /etc/ansible/hosts
# Method 1 host + port + key
[webserver]
192.168.1.31:22
192.168.1.32
192.168.1.33
192.168.1.36

# Method 1 alias host + port + key
[webserver]
node1 ansible_ssh_host=192.168.1.31 ansible_ssh_port=22
node2 ansible_ssh_host=192.168.1.32 ansible_ssh_port=22
node3 ansible_ssh_host=192.168.1.33 ansible_ssh_port=22
node6 ansible_ssh_host=192.168.1.36 ansible_ssh_port=22

4.3 use of host group

# Host group variable name + host + password
[apache]
192.168.1.36
192.168.1.33
[apache.vars]
ansible_ssh_pass='123456'

# Host group variable name + host + key
[nginx]
192.168.1.3[1:2]

# Define multiple groups and treat one group as a member of another group
[webserver:children]  #The web server group consists of two subgroups: apache nginx
apache
nginx

4.4 temporarily designated inventory

1) Edit a host definition list first

[root@ansible ~]# vim /etc/dockers
[dockers]
192.168.1.31 ansible_ssh_pass='123456'
192.168.1.32
192.168.1.33

2) When executing the command, specify inventory

[root@ansible ~]# ansible dockers -m ping -i /etc/dockers -o 
192.168.1.33 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.32 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.31 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}

4.5 Inventory built in parameters

5 Ansible Ad-Hoc

Chinese document of ad hoc

ad-hoc -- temporary, in ansible, is a command that needs to be executed quickly and does not need to be saved. To put it bluntly, it is to execute a simple command - a command. For complex commands, playbook is used, similar to the state sls state file of saltstack.
1) Common command parameters·

[root@ansible ~]# ansible -h
Usage: ansible <host-pattern> [options]
-a MODULE_ARGS   #Module parameter
-C, --check  #Check syntax
-f FORKS #Concurrent
--list-hosts #List hosts
-m MODULE_NAME #Module name
-o Use thin output

2) example

[root@ansible ~]# ansible webserver -m shell -a 'uptime' -o
192.168.1.36 | CHANGED | rc=0 | (stdout)  13:46:14 up 1 day,  9:20,  4 users,  load average: 0.00, 0.00, 0.00
192.168.1.33 | CHANGED | rc=0 | (stdout)  21:26:33 up 1 day,  8:51,  3 users,  load average: 0.00, 0.01, 0.05
192.168.1.31 | CHANGED | rc=0 | (stdout)  21:26:33 up 1 day,  8:50,  3 users,  load average: 0.00, 0.01, 0.05
192.168.1.32 | CHANGED | rc=0 | (stdout)  21:26:33 up 1 day,  8:59,  3 users,  load average: 0.00, 0.01, 0.05

3) Command description

5.1 host pattern format

target host, host group matching method
Matching of hosts

#  One target host
[root@ansible ~]# ansible 192.168.1.31 -m ping

# Multiple target hosts
[root@ansible ~]# ansible 192.168.1.31,192.168.1.32 -m ping

# All target hosts
[root@ansible ~]# ansible all -m ping

Group matching

# The configuration information of the group is as follows: a nginx group and an apache group are defined here
[root@ansible ~]# ansible nginx --list
  hosts (2):
    192.168.1.31
    192.168.1.32
[root@ansible ~]# ansible apache --list
  hosts (3):
    192.168.1.36
    192.168.1.33
    192.168.1.32

# All hosts of a group match
[root@ansible ~]# ansible apache -m ping

# Match all hosts in apache group but not in nginx group
[root@ansible ~]# ansible 'apache:!nginx' -m ping -o
192.168.1.36 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.33 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}

# Match machines in both apache and nginx groups (Union)
[root@ansible ~]# ansible 'apache:&nginx' -m ping -o
192.168.1.32 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}

# Match all machines (Union) of two groups of apache group nginx group; equal to ansible apache,nginx -m ping
[root@ansible ~]# ansible 'apache:nginx' -m ping -o
192.168.1.32 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.31 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.33 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.36 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}