Ansible is a model-driven configuration manager that supports multi-node publishing and remote task execution. By default, SSH is used for remote connections. There is no need to install additional software on managed nodes and it can be extended using a variety of programming languages.

The picture above shows the basic architecture of ansible. From the picture above, you can understand that it consists of the following parts:

• Core: ansible
• Core Modules: These are the modules that come with ansible
• Extension modules (Custom Modules): If the core module is not enough to complete a certain function, you can add extension modules
• Plugins: Complete the supplement of module functions
• Playbooks: Ansible's task configuration file, which defines multiple tasks in the playbook and is automatically executed by ansible
• Connectior Plugins: ansible connects to each host based on connection plug-ins. Although ansible uses ssh to connect to each host, it also supports other connection methods, so a connection plug-in is required
• Host Inventory: Define the hosts managed by ansible

The above are two ansible working principle diagrams found on the Internet. Both diagrams are basically expansions based on the architecture diagram. You can understand from the picture above:

1. The management terminal supports three ways to connect to the managed terminal: local, ssh, and zeromq. The default is to use the ssh-based connection---this part corresponds to the connection module in the basic architecture diagram;

2. Host Inventory (host group) can be classified according to application type, etc. The management node implements corresponding operations through various modules - a single module, batch execution of a single command, we can call it ad-hoc ;

3. The management node can use playbooks to implement a collection of multiple tasks to implement a type of functions, such as the installation and deployment of web services, batch backup of database servers, etc. We can simply understand playbooks as configuration files that the system operates by combining multiple ad-hoc operations.

After installing ansible, we found that ansible provides us with seven instructions in total: ansible, ansible-doc, ansible-galaxy, ansible-lint, ansible-playbook, ansible-pull, ansible-vault. Here we only look at the usage part, and the detailed part can be obtained through the "command -h" method.

1.[root@localhost ~]# ansible -h
2.Usage: ansible  [options]

Ansible is the core part of the command, which is mainly used to execute ad-hoc commands, that is, a single command. By default, the host and options parts need to be followed. When the module is not specified by default, the command module is used. Such as:

1.[root@361way.com ~]# ansible 192.168.0.102 -a 'date'
2192.168.0.102 | success | rc=0 >>
3Tue May 12 22:57:24 CST 2015

However, the default module can be modified in ansible.cfg. The parameters under the ansible command are explained as follows:

1. Parameters:
2. -a 'Arguments', --args='Arguments' command line parameters
3. -m NAME, --module-name=NAME The name of the execution module. The command module is used by default, so if you only execute a single command, you do not need the -m parameter
4. -i PATH, --inventory=PATH specifies the path to the inventory host file, the default is /etc/ansible/hosts.
5. -u Username, --user=Username execution user, use this remote username instead of the current user
6. -U --sud-user=SUDO_User Which user to sudo to, the default is root
7. -k --ask-pass login password, prompt for SSH password instead of assuming key-based authentication
8. -K --ask-sudo-pass prompts for password use sudo
9. -s --sudo sudo run
10. -S --su Use su command
11. -l --list displays all supported modules
12. -s --snippet specifies the module to display script snippets
13. -f --forks=NUM Number of parallel tasks. NUM is specified as an integer, the default is 5. #ansible testhosts -a "/sbin/reboot" -f 10 Restart all machines in the testhosts group, 10 machines at a time
14. --private-key=PRIVATE_KEY_FILE private key path, use this file to verify the connection
15. -v --verbose details
16. all executes
for all hosts defined by hosts
17. -M MODULE_PATH, --module-path=MODULE_PATH The path of the module to be executed, the default is /usr/share/ansible/
18. --list-hosts only prints which hosts will execute this playbook file, not actually executes the playbook file
19. -o --one-line compressed output, summarized output. Try to output everything on one line.
20. -t Directory, --tree=Directory Save the contents in this output directory, saving the results in a file on each host.
21. -B background running timeout
22. -P Investigate background program time
23. -T Seconds, --timeout=Seconds time in seconds
24. -P NUM, --poll=NUM Poll background work every few seconds. Required - b
25. -c Connection, --connection=Connection connection type to use. Possible options are paramiko(SSH), SSH and local. Local is mainly used for crontab or startup.
26. --tags=TAGS Only execute the task with the specified tags Example: ansible-playbook test.yml --tags=copy Only execute the task with the tag copy
27. --list-hosts only prints which hosts will execute this playbook file, not actually executes the playbook file
28. --list-tasks List all tasks that will be executed
29. -C, --check just tests what will be changed and will not actually execute it; instead, it tries to predict some possible changes
30. --syntax-check Perform syntax check of the script, but do not execute it
31. -l SUBSET, --limit=SUBSET further limit the selected host/group mode --limit=192.168.0.15 Only execute this ip
32. --skip-tags=SKIP_TAGS Only run plays and tasks with tags that do not match these values ??--skip-tags=copy_start
33. -e EXTRA_VARS, --extra-vars=EXTRA_VARS Extra variables set as key=value or YAML/JSON
34. #cat update.yml
35. ---
36. - hosts: {{ hosts }}
37. remote_user: {{ user }}
38. ............
39. #ansible-playbook update.yml --extra-vars "hosts=vipers user=admin" Pass {{hosts}}, {{user}} variables, hosts can be ip or group name
40. -l,--limit Execute tasks on the specified host/group--limit=192.168.0.10, 192.168.0.11 or -l 192.168.0.10, 192.168.0.11 Execute tasks only on these 2 IPs

# ansible-doc -h
Usage: ansible-doc [options] [module...]

該指令用于查看模塊信息，常用參數(shù)有兩個(gè)-l 和 -s ，具體如下：

1. //列出所有已安裝的模塊
2. # ansible-doc -l
3. //查看具體某模塊的用法，這里如查看command模塊
4. # ansible-doc -s command

# ansible-galaxy -h
Usage: ansible-galaxy [init|info|install|list|remove] [--help] [options] ...

ansible-galaxy 指令用于方便的從https://galaxy.ansible.com/ 站點(diǎn)下載第三方擴(kuò)展模塊，我們可以形象的理解其類似于centos下的yum、python下的pip或easy_install 。如下示例：

[root@localhost ~]# ansible-galaxy install aeriscloud.docker
- downloading role 'docker', owned by aeriscloud
- downloading role from https://github.com/AerisCloud/ansible-docker/archive/v1.0.0.tar.gz
- extracting aeriscloud.docker to /etc/ansible/roles/aeriscloud.docker
- aeriscloud.docker was installed successfully

這個(gè)安裝了一個(gè)aeriscloud.docker組件，前面aeriscloud是galaxy上創(chuàng)建該模塊的用戶名，后面對(duì)應(yīng)的是其模塊。在實(shí)際應(yīng)用中也可以指定txt或yml 文件進(jìn)行多個(gè)組件的下載安裝。這部分可以參看官方文檔。

ansible-lint是對(duì)playbook的語(yǔ)法進(jìn)行檢查的一個(gè)工具。用法是ansible-lint playbook.yml 。

該指令是使用最多的指令，其通過(guò)讀取playbook 文件后，執(zhí)行相應(yīng)的動(dòng)作，這個(gè)后面會(huì)做為一個(gè)重點(diǎn)來(lái)講。

該指令使用需要談到ansible的另一種模式－－－pull 模式，這和我們平常經(jīng)常用的push模式剛好相反，其適用于以下場(chǎng)景：你有數(shù)量巨大的機(jī)器需要配置，即使使用非常高的線程還是要花費(fèi)很多時(shí)間；你要在一個(gè)沒(méi)有網(wǎng)絡(luò)連接的機(jī)器上運(yùn)行Anisble，比如在啟動(dòng)之后安裝。這部分也會(huì)單獨(dú)做一節(jié)來(lái)講。

ansible-vault主要應(yīng)用于配置文件中含有敏感信息，又不希望他能被人看到，vault可以幫你加密/解密這個(gè)配置文件，屬高級(jí)用法。主要對(duì)于playbooks里比如涉及到配置密碼或其他變量時(shí)，可以通過(guò)該指令加密，這樣我們通過(guò)cat看到的會(huì)是一個(gè)密碼串類的文件，編輯的時(shí)候需要輸入事先設(shè)定的密碼才能打開。這種playbook文件在執(zhí)行時(shí)，需要加上 --ask-vault-pass參數(shù)，同樣需要輸入密碼后才能正常執(zhí)行。具體該部分可以參查官方博客。

注：上面七個(gè)指令，用的最多的只有兩個(gè)ansible 和ansible-playbook ，這兩個(gè)一定要掌握，其他五個(gè)屬于拓展或高級(jí)部分。

The above is the detailed content of Understand ansible architecture and working principles. For more information, please follow other related articles on the PHP Chinese website!