接著上一節安裝配置開始講解
這一節,準備詳細講下ansible的結構,ansible的目錄架構,ansible的工作原理架構。
、Ansible優點
Agentless,去中心化
Stupied Simple ,上手簡單,學習曲線平滑
SSH by default ,安全,無需安裝客戶端
配置簡單、功能強大、擴展性強
支持API及自定義模塊,可通過Python輕鬆擴展
通過Playbooks來定製強大的配置、狀態管理
提供一個功能強大、操作性強的Web管理界面和REST API接口——AWX平臺
冪等性:一種操作重複多次結果相同
、Ansible的架構圖
Ansible核心組件說明:
Host Lnventory:記錄了每一個由Ansible管理的主機信息,信息包括ssh端口,root帳號密碼,ip地址等等。可以通過file來加載,可以通過CMDB加載
Playbooks:YAML格式文件,多個任務定義在一個文件中,使用時可以統一調用,“劇本”用來定義那些主機需要調用那些模塊來完成的功能.
Core Modules:Ansible執行任何管理任務都不是由Ansible自己完成,而是由核心模塊完成;Ansible管理主機之前,先調用core Modules中的模塊,然後指明管理Host Lnventory中的主機,就可以完成管理主機。
Custom Modules:自定義模塊,完成Ansible核心模塊無法完成的功能,此模塊支持任何語言編寫。
Connection Plugins:連接插件,Ansible和Host通信使用
Ansible的執行過程:
Ansible目錄結構介紹:
配置文件目錄:/etc/ansible/ 功能:Inventroy主機信息配置、Ansible工具功能配置等。所有Ansible的配置均放在該目錄下,運維日常的所有配置操作也均於此目錄進行。
執行文件目錄:/usr/bin/ 功能:Ansible系列命令默認存放目錄,Ansible所有的可執行文件均放在該目錄下。
Lib庫依賴目錄:/usr/lib/pythonX.X/site-packages/ansible/
Help文檔目錄:/usr/share/doc/ansible-X.X.X/
Man文檔目錄:/usr/share/man/man1/
Inventroy用於定義主機列表的配置,ansible的自身配置只有一個ansible.cfg,ansible安裝好以後,默認存在/etc/ansible/ 目錄下,ansible.cfg可以存在多個地方,ansible讀取配置文件的順序依次是當前命令執行目錄-->用戶家目錄下的.ansible.cfg-->/etc/ansible.cfg,先找到哪個就是要哪個的配置。
注意:ansible.cfg配置的所有內容均可以在命令行通過參數的形式傳遞或者定義在Playbooks中。
ansible.cfg的配置格式遵循ini格式。
[defaults]
# some basic default values...
#inventory = /etc/ansible/hosts # 定義Inventory,主要是定義主機列表的配置
#library = /usr/share/my_modules/ # 自定義lib庫存放目錄
#module_utils = /usr/share/my_module_utils/
#remote_tmp = ~/.ansible/tmp # 臨時文件遠程主機存放目錄
#local_tmp = ~/.ansible/tmp # 臨時文件本地主機存放目錄
#forks = 5 # 默認開啟的併發數
#poll_interval = 15 # 默認輪詢時間間隔
#sudo_user = root # 默認sudo用戶
#ask_sudo_pass = True # 是否需要sudo密碼
#ask_pass = True # 是否需要密碼
#transport = smart
#remote_port = 22
#module_lang = C
#module_set_locale = False
上面是一些基本的默認配置文件的路徑,一般默認即可。
# additional paths to search for roles in, colon separated
roles_path = /etc/ansible/roles:/usr/share/ansible/roles # 默認下載Roles存放目錄
# uncomment this to disable SSH key host checking
#host_key_checking = False # 首次連接是否需要檢查key認證,建議設為False
# change the default callback, you can only have one 'stdout' type enabled at a time.
#stdout_callback = skippy
# SSH timeout
#timeout = 10 # 默認超時時間
# default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root
# logging is off by default unless this path is defined
# if so defined, consider logrotate
#log_path = /var/log/ansible.log # 執行日誌存放目錄
# default module name for /usr/bin/ansible
#module_name = command # 默認執行的模塊
# set plugin path directories here, separate with colons
#action_plugins = /usr/share/ansible/plugins/action # action插件的存放目錄
#cache_plugins = /usr/share/ansible/plugins/cache # cache插件的存放目錄
#callback_plugins = /usr/share/ansible/plugins/callback # callback插件的存放目錄
#connection_plugins = /usr/share/ansible/plugins/connection # connection插件的存放目錄
#lookup_plugins = /usr/share/ansible/plugins/lookup # lookup插件的存放目錄
#inventory_plugins = /usr/share/ansible/plugins/inventory #inventroy插件的存放目錄
#vars_plugins = /usr/share/ansible/plugins/vars # vars插件的存放目錄
#filter_plugins = /usr/share/ansible/plugins/filter # filter插件的存放目錄
#test_plugins = /usr/share/ansible/plugins/test # test插件的存放目錄
#terminal_plugins = /usr/share/ansible/plugins/terminal # terminal插件的存放目錄
#strategy_plugins = /usr/share/ansible/plugins/strategy # strategy插件的存放目錄
# if set to a persistent type (not 'memory', for example 'redis') fact values
# from previous runs in Ansible will be stored. This may be useful when
# wanting to use, for example, IP information from one group of servers
# without having to talk to them in the same playbook run to get their
# current IP information.
#fact_caching = memory # getfact緩存的主機信息存放目錄
# retry files
# When a playbook fails by default a .retry file will be created in ~/
# You can disable this feature by setting retry_files_enabled to False
# and you can change the location of the files by setting retry_files_save_path
#retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry # 錯誤重啟文件訪問目錄
[privilege_escalation] # 不直接以root的高級管理員權限直接部署應用,會開發普通用戶權限並給予sudo權限,改部分配置主要針對sudo用戶提權的配置
#become=True # 是否開啟sudo
#become_method=sudo # sudo方式
#become_user=root # sudo後變為root用戶
#become_ask_pass=False # sudo後是否需要驗證密碼
[paramiko_connection]
# uncomment this line to cause the paramiko connection plugin to not record new host
# keys encountered. Increases performance on new host additions. Setting works independently of the
# host key checking setting above.
#record_host_keys=False # 不記錄新主機的key以提升效率
# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
# line to disable this behaviour.
#pty=False # 禁用sudo功能
[ssh_connection]
# Ansible默認使用SSH協議連接對端主機,該部署是主要是SSH連接的一些配置,但配置項較少,多數默認即可。
# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use
# paramiko on older platforms rather than removing it, -C controls compression use
#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
# The base directory for the ControlPath sockets.
# This is the "%(directory)s" in the control_path option
#
# Example:
# control_path_dir = /tmp/.ansible/cp
#control_path_dir = ~/.ansible/cp
# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,
# port and username (empty string in the config). The hash mitigates a common problem users
# found with long hostames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.
# In those cases, a "too long for Unix domain socket" ssh error would occur.
#
# Example:
# control_path = %(directory)s/%%h-%%r
#control_path =
# Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant
# performance improvement when enabled, however when using "sudo:" you must
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
#
#pipelining = False # 管道極速功能,需配合requiretty使用方可生效
[accelerate]
# Ansible連接加速相關配置,因為有部分使用者不滿意Ansible的執行速度,所以Ansible在連接和
# 執行速度方面也在不斷地進行優化,該配置項在提升Ansible連接速度時會涉及,多數保持默認即可。
#accelerate_port = 5099 # 加速連接端口
#accelerate_timeout = 30 # 命令執行超時時間,單位秒
#accelerate_connect_timeout = 5.0 # 連接超時時間,單位秒
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
#accelerate_daemon_timeout = 30 # 上一個活動的連接的時間,單位分鐘
# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default
# is "no".
#accelerate_multi_key = yes
[selinux] # selinux的配置默認即可
# file systems that require special treatment when dealing with security context
# the default behaviour that copies the existing context or uses the user default
# needs to be changed to use the file system dependent context.
#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p
# Set this to yes to allow libvirt_lxc connections to work without SELinux.
#libvirt_lxc_noseclabel = yes
[colors]
# Ansible對於輸出結果的顏色也進行了詳盡的定義且可配置,該選項對於日常功能應用影響不大,幾乎可以不用修改,保持默認即可
以上就是一些基本的配置文件的說明,絕大多數保持默認即可。
後面會講解下Ad-Hoc、和Ansible-playbook的命令執行方式。
閱讀更多 心欲無痕 的文章