Shulou(Shulou.com)06/02 Report--

Environment

System environment: CentOS Linux release 7.5.1804 (Core)

Ansible version: ansible 2.9.0

Configuration environment configuration of ansible

Ansible configurations store configuration data in ini format, and almost all configurations in Ansible can be re-assigned through Ansible's Playbook or environment variables. When you run the Ansible command, the command looks for the configuration files in the following order.

(1) ANSIBLE_CONFIG: first, the Ansible command checks the environment variable and the configuration file that the environment variable points to.

(2). / ansible.cfg: second, the ansible.cfg configuration file in the current directory will be checked.

(3) ~ / .ansible.cfg: again, the .ansible.cfg configuration file in the current user's home directory will be checked.

(4) / etc/ansible/ansible.cfg: finally, you will check the configuration files that are automatically generated when you install Ansible with the package management tool.

Use environment variables to configure

Most Ansible parameters can be configured by setting an environment variable that begins with ANSIBLE_. The parameter names must be in uppercase letters, as follows:

Export ANSIBLE_SUDO_USER=root

Once the environment variable is set, the ANSIBLE_SUDO_USER can be referenced directly in subsequent operations.

Set ansible.cfg configuration parameters

Ansible has many configuration parameters, and here are several default configuration parameters:

Inventory = / root/ansible/hostslibrary = / usr/share/my_modules/forks = 5sudo_user = rootremote_port = 22host_key_checking = Falsetimeout = 20log_path = / var/log/ansible.log

Describe the above parameters:

Inventory: this parameter indicates the location of the inventory file, and the resource list (inventory) is a list of hosts that Ansible needs to connect to manage.

All operations of library:Ansible are implemented using modules, and this library parameter points to the directory where the Ansible module is stored.

Forks: sets the maximum number of processes in Ansible that can work at the same time by default. By default, 5 processes can be processed in parallel. How many needs to be set can be determined according to the performance of the control side and the number of nodes to be managed.

Sudo_user: sets the user who executes the command by default, or you can reset this parameter in playbo o k.

Remote_port: specifies the management port to connect to the managed node. The default is 22. This parameter does not need to be modified unless a special SSH port is set.

Host_key_checking: sets whether to check the key of the SSH host. Can be set to True or False. That is, the host of ssh verifies again.

Timeout: sets the timeout interval for SSH connections in seconds.

Log_path:Ansible does not log by default. If you want to record the output of the Ansible system to a log file, you need to set log_path. It should be noted that the module will call the (r) syslog of the managed node to record, and the user who executes Ansible needs to have permission to write to the log.

SSH mutual trust configuration

The ssh public key of the ansible server is distributed to each managed node.

Specify the ssh public key generation format and storage path: ssh-keygen-t rsa-f / tmp/temp/id_rsa-N''

Ssh public key distribution target machine: ssh-copy-id root@192.168.246.204

You can also use ansible itself to bulk add keys to the controlled node. You can use the authorized_key module of ansible.

The following is to implement non-interactive s s h-co py- id with expect tools to avoid always asking remote users for their login passwords.

# install expectyum install-y expect# to edit the expect script cat autoaccounsshcopyid.expandable: set timeout 10 set user_hostname [lindex $argv 0] set password [lindex $argv 1] spawn ssh-copy-id $user_hostname expect {"(yes/no)?" {send "yes\ n" expect "* password:" {send "$password\ n"} } "* password:" {send "$password\ n"}} expect eof# edit the sehll script #! / bin/bash# that calls expect to load the system function library. / etc/init.d/functionsip=$ (echo-n "$(seq-s", "5961), 187" | xargs-d ","-I echo 192.168.246. {}) password= "wtf" for i in $ipdo ping-c 1$ I > / dev/null if [$(echo $?)-eq 0] Then / tmp/temp/auto_sshcopyid.exp root@$i $password & > > / tmp/temp/a.log action "$i is ok" / bin/true else action "$i There is no!" / bin/false fidone# executes shell script to configure mutual trust chmod + x / tmp/temp/ {sshkey.sh,auto_sshcopyid.exp}. / sshkey.sh simple test

Add several lists of managed nodes to the default inventory file / etc/ansible/hosts.

[test] # # ansible_python_interpreter specifies the python interpreter version 192.168.246.187 ansible_python_interpreter=/usr/local/python3/bin/python3192.168.246.188192.168.246.189

Test the managed node using the ping module. If it is successful, it means that ansible can control the node.

# # Test a node host ansible 192.168.246.187-m ping192.168.246.187 | SUCCESS = > {"changed": false, "ping": "pong"} # # Test a host group ansible test-m ping192.168.246.188 | UNREACHABLE! = > {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.246.188 port 22: No route to host" "unreachable": true} 192.168.246.189 | UNREACHABLE! = > {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.246.189 port 22: No route to host", "unreachable": true} 192.168.246.187 | SUCCESS = > {"changed": false, "ping": "pong"}

If you want to specify a non-root user to run the ansible command, add "--sudo" or "- s" to elevate the permissions of the user specified for the sudo_user configuration item.

Ansible 192.168.246.187-m ping-b-become-user=root-- become-method=sudo

Inventory

Inventory is used to define a list of hosts to be managed by ansible, and individual hosts and host groups can be defined. / etc/ansible/hosts above is the default inventory. The definition rules commonly used by inventory are shown below.

Cat-n / etc/ansible/hosts 1 192.168.100.59 ansible_ssh_pass=123456 ansible_ssh_port=22 22 2 192.168.100.60 ansible_ssh_pass=123456 ansible_ssh_port=22 3 [nginx] 4 192.168.100.5 [7:9] 5 [nginx:vars] 6 ansible_ssh_pass='123456' 7 [webservers:children] 8 nginx

The first line and the second line define the host separately, the first line has the port connecting the managed node, and the second line has the parameters passed to ssh separately, which are the password parameters of the login remote user when the ssh connection and the connection port of the ssh.

The third and fourth lines define the nginx host group, which contains 192.168.100.57 to 59 hosts. It also supports letter extensions, such as "web [a-d]".

Lines 5 and 6 define the variables to be passed to the nginx host group. If defined as "[all:vars]" or "[*: vars]", it represents the variable passed to all hosts.

Lines 7 and 8 define a new host group webservers, and the group members of the group are nginx groups.

Multiple inventory configuration files can be specified, as long as the inventory directive is set to the corresponding file or directory in the ansible configuration file such as / etc/ansible/ansible.cfg. If it is a directory, then all files in this directory are inventory files.

Some built-in variables can be used in the inventory file, and most ansible connection and permission variables can be used here, as explained by the ansible command. Common ones are:

(1) ansible_ssh_host: ansible uses the host to which ssh is connected.

(2) ansible_ssh_port: the port of ssh. The default is 22.

(3) ansible_ssh_user: the user name of the ssh login. The default is root.

(4) ansible_ssh_pass: the authentication password when ssh logs in to a remote user.

(5) ansible_ssh_private_key_file: the authenticated private key when ssh logs in to a remote user.

(6) ansible_connection: which mode is used to connect to the remote host. The default value is smart (intelligent), which means that the ssh connection is used when the local ssh supports persistent connections (controlpersist), otherwise the paramiko ssh connection of python is used.

(7) ansible_shell_type: specifies the shell parser when the remote host executes the command, which defaults to sh (not bash, they are different and not full-path).

(8) ansible_python_interpreter: the python interpreter path on the remote host. The default is / usr/bin/python.

(9) ansible_*_interpreter: what interpreter to use. For example, sh, bash, awk, sed, expect, ruby, and so on.

Several of these parameters can be specified in the configuration file ans ible.cf g, but the instructions specified are different. Here are the corresponding configuration items:

(1) remote_port: corresponds to ansible_ssh_port.

(2) remote_user: corresponds to ansible_ssh_user.

(3) private_key_f ile: corresponds to ansible_ssh_private_key_f ile.

(4) excutable: corresponds to ansible_shell_type. But one difference is that excutable must specify the full path, while the latter only needs to specify basename.

If "ansible_ssh_host" is defined, the hostname preceding it is called an alias. For example, nginx is an alias in the following inventory file, and the actual connected object is 192.168.246.187. / etc/ansible/hosts is as follows:

[test] nginx ansible_ssh_host=192.168.246.187# 192.168.246.187192.168.246.188192.168.246.189[test: vars] ansible_ssh_private_key_file=/root/.ssh/rsa_back/id_rsaansible_python_interpreter=/usr/local/python3/bin/python3

Perform ansible:

Ansible test-m pingnginx | SUCCESS = > {"changed": false, "ping": "pong"} 192.168.246.188 | UNREACHABLE! = > {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.246.188 port 22: No route to host", "unreachable": true} 192.168.246.189 | UNREACHABLE! = > {"changed": false "msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.246.189 port 22: No route to host", "unreachable": true}

Manually specify the inventory host manifest file path:

Ansible test-I / tmp/inventory_file-m ping

Description

This blog is a reference to Ma long Shuai boss article collation and generation, belongs to the blogger reading notes, if there is infringement, please contact me, delete!

Finally, thank open source, embrace open source ~

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.