Catalog

One 、ansible Significance to enterprise operation and maintenance

Two 、 install Ansible

3、 ... and 、 structure ansible List of

1、 List setting —— Global list

(1) Single layer list

(2) Nested list

2、 Scope operation of host specification

3、 List setting —— List others  

4、 The logical relationship in the list

Four 、Ansible Detailed explanation of configuration file parameters

5、 ... and 、 Build user level Ansible Operating environment

1、Ansible The host ssh Unclassified

2、 Cancel the of the controlled host sudo password

3、 Cancel ansible Password authentication when executing commands

4、 recovery ansible The default configuration , And re-establish a ansible system

6、 ... and 、 Summary of this chapter

Experimental environment ： A host with internet access (ansible), Two clients . Configure the network , Configure the software source .

One 、ansible Significance to enterprise operation and maintenance

In the actual production environment , There are hundreds of hosts . It is not easy for a person to set up the host one by one , It's time-consuming and error prone . So it needs to pass Ansible Realize batch operation, maintenance and management of a large number of servers .

Two 、 install Ansible

Alibaba open source mirror site -OPSX Mirror station - Alicloud developer community Alibaba open source mirror site , Free supply Linux Image download service , Have Ubuntu、CentOS、Deepin、MongoDB、Apache、Maven、Composer And other open source software image sources , In addition, it also provides domain name resolution DNS、 Network time service NTP Etc , Committed to providing comprehensive services for Internet users , Efficient and stable basic services .https://developer.aliyun.com/mirror/?spm=a2c6h.13651104.0.d1002.196a530145Jmen because ansible There is no... In the mirror software source , So you have to go through epel Source installation .epel The source software package can be downloaded through Alibaba image source ：

To configure epel Mirror source ：

install ansible

3、 ... and 、 structure ansible List of

Set up a ansible detailed list , When managing hosts, only the hosts in the list are set .

One is ansible Primary profile for , One is ansible Global inventory directory for

1、 List setting —— Global list

(1) Single layer list

edit ansible Manifest configuration file </etc/ansible/hosts>. With “ Group ” In the form of , It is divided into westos Group 、linux Group and list1 Group .

View the single tier list

ansible  all --list-hosts            #ansible View all listings 
ansible  all --list                  #ansible View all listings 
# This hosts Can not add 

  Select whichever group you want to view

(2) Nested list

Represents a nested list test Contains a single-layer list westos and linux

View nested list

2、 Scope operation of host specification

When adding batch hosts , If there are too many hosts , Adding will be more troublesome . So you can use Character set Representation to simplify . By specifying the host name or IP The scope of can be simplified Ansible Host list .

test ：

3、 List setting —— List others  

stay </mnt/> Next create a manifest ,absible It will not be read by default , So you need to add parameters <-i> To specify the location of the read manifest .

ansible -i /mnt/ansible_list all --list        #-i Parameter specifies the manifest location 

  View host names that are not in the group

ansible -i /mnt/ansible_list ungrouped --list        # View host names that are not in any group 

4、 The logical relationship in the list

ansible The global list contains the following , Take these as examples .

< * >  ： Match all characters

< : > ： Logic or , One of the two conditions is satisfied

< :& >： Logic and , Hosts that exist in both lists

Be careful ： Because logic and < :& > It's a special character , So put quotation marks in the middle

ansible 'westos:&linux' --list            # Logic and 

< :！ >： Logic is not , Hosts in the first list and not in the second list .

Be careful ： Special symbols need to be enclosed in quotation marks , Otherwise, the system will not recognize .

ansible 'westos:!linux' --list        # In the list westos Not in linux Host in 

< ~ >： Start with a keyword

< ~(str1|str2)>： Said to str1 Beginning or beginning with str2 At the beginning

Be careful ： Special symbols need to be enclosed in quotation marks , Otherwise, the system will not recognize .

ansible '~(node|c)' --list    # Said to node perhaps c Initial host 

Four 、Ansible Detailed explanation of configuration file parameters

ansible The configuration file is </etc/ansible/ansible.cfg>

ansible  Group name in list  -m  modular  -u remote_user

Command syntax indicates ： stay    The host in the list   With   remote_user The identity of the user   perform ** modular

If not specified , The current user identity is used by default

Basic information setting ：

ansible The essence of execution is , Convert the command to <.py> file , Store in local_tmp= Set directory , Then upload to the remote host remote_tmp= Set directory , After the normal execution of the remote master , Delete the temporary files of both parties .

Identity settings ： Used to set sudo When user permissions

1、 When executing an order , Host password verification occurs for the first time

You can change the configuration file after , No more validation

2、 When connecting to a remote host , need <-k> Input password , If you do not enter the password, an error will be reported .

ansible westos -m shell -a 'hostname' -k

3、 Add the default list

4、 Specify user login

If it is not specified by default, the current user is used . It is easy to cause confusion in the actual production environment .

Test again after changing parameters ：

Default to westos Log in as the user of <remote_user     = westos>

5、 Identity change

Execute the command remotely with westos Log in as the user of , But many operations of ordinary users cannot be realized , This requires sudo Get the super user identity to execute .

test ：

After making the above changes , It also needs to be provided to ordinary users in the controlled host westos Of sudo to grant authorization .<visudo>

After authorization ,ansible Display with westos Successfully executed the command as .

5、 ... and 、 Build user level Ansible Operating environment

because

One 、 Each time you execute a command, you need to enter the remote password , so much trouble . So you can Build a dedicated user ansible Operating environment of .

Two 、 same Ansible Different operators on the host have different control habits , So in the original ansible Based on the default configuration , You can recreate a set of ansible Configuration system .

1、Ansible The host ssh Unclassified

ssh-keygen            # Generate the key 
ssh-copy-id -i .ssh/id_rsa.pub [email protected]    # Perform secret free authentication to the target host 

2、 Cancel the of the controlled host sudo password <visudo>

3、 Cancel ansible Password authentication when executing commands

4、 recovery ansible The default configuration , And re-establish a ansible system

Create a new... In the root directory <.ansible> The catalog of , And the original ansible Configuration file for </etc/ansible/ansible.cfg> Copy to this directory . The configuration files in this directory will be modified later . 

Modify the configuration file in this directory as follows ：

file <inventory> The user list corresponding to the configuration under this directory ;<module_name> The option defaults to command, The modified default is shell

The contents of the files in the new directory are as follows ：

ansible When executing, you will first read the configuration file in your current directory , Only when there is no in the current path can it be read </etc/ansible/> Configuration under Directory .

6、 ... and 、 Summary of this chapter

1、ansible When executing, you will first read the configuration file in your current directory , Only when there is no in the current path can it be read </etc/ansible/> Configuration under Directory .