Ansible介绍及配置文件解释

/ Ansible / 没有评论 / 670浏览

ansible简介

ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。   ansible是基于 paramiko 开发的,并且基于模块化工作,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。ansible不需要在远程主机上安装client/agents,因为它们是基于ssh来和远 程主机通讯的。ansible目前已经已经被红帽官方收购,是自动化运维工具中大家认可度最高的,并且上手容易,学习简单。是每位运维工程师必须掌握的技能之一

ansible特点

部署简单,只需在主控端部署Ansible环境,被控端无需做任何操作; 默认使用SSH协议对设备进行管理; 有大量常规运维操作模块,可实现日常绝大部分操作; 配置简单、功能强大、扩展性强; 支持API及自定义模块,可通过Python轻松扩展; 通过Playbooks来定制强大的配置、状态管理; 轻量级,无需在客户端安装agent,更新时,只需在操作机上进行一次更新即可; 提供一个功能强大、操作性强的Web管理界面和REST API接口——AWX平台。

ansible 任务执行

Ansible 系统由控制主机对被管节点的操作方式可分为两类,即adhoc和playbook

ansible执行流程

上图 alt

简单理解就是Ansible在运行时, 首先读取ansible.cfg中的配置, 根据规则获取Inventory中的管理主机列表, 并行的在这些主机中执行配置的任务, 最后等待执行返回的结果

1.加载自己的配置文件,默认/etc/ansible/ansible.cfg; 2.查找对应的主机配置文件,找到要执行的主机或者组; 3.加载自己对应的模块文件,如 command; 4.通过ansible将模块或命令生成对应的临时py文件(python脚本), 5.并将该文件传输至远程服务器; 6.对应执行用户的家目录的.ansible/tmp/XXX/XXX.PY文件; 7.给文件 +x 执行权限; 8.执行并返回结果; 9.删除临时py文件,sleep 0退出

常用参数表命令参数

参数说明

ansible命令输出信息说明

ansible配置文件查找顺序

 ansible与我们其他的服务在这一点上有很大不同,这里的配置文件查找是从多个地方找的,顺序如下:

  1. 检查环境变量ANSIBLE_CONFIG指向的路径文件(export ANSIBLE_CONFIG=/etc/ansible.cfg);
  2. ~/.ansible.cfg,检查当前目录下的ansible.cfg配置文件;
  3. /etc/ansible.cfg检查etc目录的配置文件

要知道的一些ansible核心文件

两个核心文件:ansible.cfg和hosts文件,默认我们都存在/etc/ansible目录下。

ansible.cfg:主要设置一些ansible初始化的信息,比如日志存放路径、模块、插件等配置信息 hosts:机器清单,进行分组管理

定义一个主机组[组名]把地址或主机名加进去

    [web1]
   192.168.0.2
   192.168.0.1
[root@pa1 ~]#cat /etc/ansible/ansible.cfg 
[defaults]
inventory      = /etc/ansible/hosts
library        = /usr/share/my_modules/
module_utils   = /usr/share/my_module_utils/
remote_tmp     = ~/.ansible/tmp
local_tmp      = ~/.ansible/tmp
plugin_filters_cfg = /etc/ansible/plugin_filters.yml
forks          = 5
poll_interval  = 15
sudo_user      = root
#ask_sudo_pass = True
#ask_pass      = True
transport      = smart
remote_port    = 22
module_lang    = C
module_set_locale = False

配置文件详细解释

[defaults]   --->通用默认配置

some basic default values...

inventory      = /etc/ansible/hosts     这个是默认库文件位置,脚本,或者存放可通信主机的目录
library        = /usr/share/my_modules/   Ansible默认搜寻模块的位置
remote_tmp     = $HOME/.ansible/tmp   Ansible 通过远程传输模块到远程主机,然后远程执行,执行后在清理现场.在有些场景下,你也许想使用默认路径希望像更换补丁一样使用
pattern        = *    如果没有提供“hosts”节点,这是playbook要通信的默认主机组.默认值是对所有主机通信
forks          = 5    在与主机通信时的默认并行进程数 ,默认是5d
poll_interval  = 15    当具体的poll interval 没有定义时,多少时间回查一下这些任务的状态, 默认值是5秒
sudo_user      = root   sudo使用的默认用户 ,默认是root
ask_sudo_pass = True   用来控制Ansible playbook 在执行sudo之前是否询问sudo密码.默认为no
ask_pass      = True    控制Ansible playbook 是否会自动默认弹出密码
transport      = smart   通信机制.默认 值为’smart’。如果本地系统支持 ControlPersist技术的话,将会使用(基于OpenSSH)‘ssh’,如果不支持讲使用‘paramiko’.其他传输选项包括‘local’, ‘chroot’,’jail’等等
remote_port    = 22    远程SSH端口。 默认是22
module_lang    = C   模块和系统之间通信的计算机语言,默认是C语言

gathering = implicit   控制默认facts收集(远程系统变量). 默认值为’implicit’, 每一次play,facts都会被收集

sudo_exe = sudo     如果在其他远程主机上使用另一种方式执sudu操作.可以使用该参数进行更换

 what flags to pass to sudo   传递sudo之外的参数
sudo_flags = -H

 SSH timeout    SSH超时时间
timeout = 10

 default user to use for playbooks if user is not specified
 (/usr/bin/ansible will use current user as default)
remote_user = root   使用/usr/bin/ansible-playbook链接的默认用户名,如果不指定,会使用当前登录的用户名

 logging is off by default unless this path is defined
 if so defined, consider logrotate
log_path = /var/log/ansible.log     日志文件存放路径

 default module name for /usr/bin/ansible
module_name = command     ansible命令执行默认的模块

 use this shell for commands executed under sudo
 you may need to change this to bin/bash in rare instances
 if sudo is constrained
executable = /bin/sh     在sudo环境下产生一个shell交互接口. 用户只在/bin/bash的或者sudo限制的一些场景中需要修改

 if inventory variables overlap, does the higher precedence one win
 or are hash values merged together?  The default is 'replace' but
 this can also be set to 'merge'.
hash_behaviour = replace    特定的优先级覆盖变量

 list any Jinja2 extensions to enable here:
jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n      允许开启Jinja2拓展模块

 if set, always use this private key file for authentication, same as 
 if passing --private-key to ansible or ansible-playbook
private_key_file = /path/to/file         私钥文件存储位置

 format of string {{ ansible_managed }} available within Jinja2 
 templates indicates to users editing templates files will be replaced.
 replacing {file}, {host} and {uid} and strftime codes with proper values.
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}   这个设置可以告知用户,Ansible修改了一个文件,并且手动写入的内容可能已经被覆盖.

 by default, ansible-playbook will display "Skipping [host]" if it determines a task
 should not be run on a host.  Set this to "False" if you don't want to see these "Skipping" 
 messages. NOTE: the task header will still be shown regardless of whether or not the 
 task is skipped.
display_skipped_hosts = True     显示任何跳过任务的状态 ,默认是显示

 by default (as of 1.3), Ansible will raise errors when attempting to dereference 
 Jinja2 variables that are not set in templates or action lines. Uncomment this line
 to revert the behavior to pre-1.3.
error_on_undefined_vars = False      如果所引用的变量名称错误的话, 将会导致ansible在执行步骤上失败

 by default (as of 1.6), Ansible may display warnings based on the configuration of the
 system running ansible itself. This may include warnings about 3rd party packages or
 other conditions that should be resolved if possible.
 to disable these warnings, set the following value to False:
system_warnings = True    允许禁用系统运行ansible相关的潜在问题警告

 by default (as of 1.4), Ansible may display deprecation warnings for language
 features that should no longer be used and will be removed in future versions.
 to disable these warnings, set the following value to False:
deprecation_warnings = True     允许在ansible-playbook输出结果中禁用“不建议使用”警告

 (as of 1.8), Ansible can optionally warn when usage of the shell and
 command module appear to be simplified by using a default Ansible module
 instead.  These warnings can be silenced by adjusting the following
 setting or adding warn=yes or warn=no to the end of the command line 
 parameter string.  This will for example suggest using the git module
 instead of shelling out to the git command.
command_warnings = False    当shell和命令行模块被默认模块简化的时,Ansible 将默认发出警告


 set plugin path directories here, separate with colons
action_plugins     = /usr/share/ansible_plugins/action_plugins  
callback_plugins   = /usr/share/ansible_plugins/callback_plugins
connection_plugins = /usr/share/ansible_plugins/connection_plugins
lookup_plugins     = /usr/share/ansible_plugins/lookup_plugins
vars_plugins       = /usr/share/ansible_plugins/vars_plugins
filter_plugins     = /usr/share/ansible_plugins/filter_plugins

 by default callbacks are not loaded for /bin/ansible, enable this if you
 want, for example, a notification or logging callback to also apply to 
 /bin/ansible runs
bin_ansible_callbacks = False    用来控制callback插件是否在运行 /usr/bin/ansible 的时候被加载. 这个模块将用于命令行的日志系统,发出通知等特性


 don't like cows?  that's unfortunate.
 set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 
nocows = 1    默认ansible可以调用一些cowsay的特性   开启/禁用:0/1

 don't like colors either?
 set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
nocolor = 1  输出带上颜色区别, 开启/关闭:0/1