Ansible-Installation Configuration

Host Planning

Host Name Operating System Version Intranet IP External Network IP (Analog) Install software
ansi-manager CentOS7.5 172.16.1.180 10.0.0.180 ansible
ansi-haproxy01 CentOS7.5 172.16.1.181 10.0.0.181  
ansi-haproxy02 CentOS7.5 172.16.1.182 10.0.0.182  
ansi-web01 CentOS7.5 172.16.1.183 10.0.0.183  
ansi-web02 CentOS7.5 172.16.1.184 10.0.0.184  
ansi-web03 CentOS7.5 172.16.1.185 10.0.0.185  

It is not necessary to modify the ansible configuration in practice, or it is only necessary to modify the ansible configuration.

 

Add user account

Explain:

1. Login accounts used by operations and maintenance personnel;

2. All businesses are placed under / app / in the "home directory of yun users" to avoid the disorder of business data;

3. This user is also used by ansible because almost all production environments prohibit root from logging on remotely (so this yun user also has sudo privileges).

1 # Use a dedicated user instead of using root directly
2 # Add users, specify home directories, and specify user passwords
3 # sudo claim
4 # Allow other users to access the directory to view information
5 useradd -u 1050 -d /app yun && echo '123456' | /usr/bin/passwd --stdin yun
6 echo "yun  ALL=(ALL)       NOPASSWD: ALL" >>  /etc/sudoers
7 chmod 755 /app/

Ansible deployment process

Add epel source if not

Add Ali Cloud epel Source

https://opsx.alibaba.com/mirror

Ansible Installation and Version Information View

 1 [root@ansi-manager ~]# yum install -y ansible  
 2 [root@ansi-manager ~]# whereis ansible  # ansible location information
 3 ansible: /usr/bin/ansible /etc/ansible /usr/share/ansible /usr/share/man/man1/ansible.1.gz
 4 [root@ansi-manager ~]# ansible --version  # Version Information View
 5 ansible 2.8.1  # ansible version
 6   config file = /etc/ansible/ansible.cfg  # Profiles used
 7   configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']  # Module Find Path
 8   ansible python module location = /usr/lib/python2.7/site-packages/ansible  # ansible Python Module location, using Python 2.7
 9   executable location = /bin/ansible  # Location of ansible executable
10   python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]  # Python Version Information
11 [yun@ansi-manager ~]$ ll /usr/bin/ansible  /bin/ansible  # ansible command location
12 lrwxrwxrwx 1 root root 20 Jun 24 14:14 /bin/ansible -> /usr/bin/ansible-2.7
13 lrwxrwxrwx 1 root root 20 Jun 24 14:14 /usr/bin/ansible -> /usr/bin/ansible-2.7

Ansible Profile Explanation

Ansible profile lookup order

ansible will look for configuration files from multiple locations in the following order:

1. Look for the environment variable ANSIBLE_CONFIG if it has a value;

2. The ansible.cfg file of the current directory; "Each project can have a configuration file for better project management and porting."

3. The.ansible.cfg file of the current user's home directory;

4. /etc/ansible/ansible.cfg file.

You can use the ansible-version command to view the configuration files used.

This is described in the /etc/ansible/ansible.cfg configuration file

Ansible Section Profile Explanation

No modification is required in actual production.

 1 [yun@ansi-manager ansible]$ pwd
 2 /etc/ansible
 3 [yun@ansi-manager ansible]$ vim ansible.cfg
 4 #inventory      = /etc/ansible/hosts      # Controlled End Host Resource List
 5 #library        = /usr/share/my_modules/  # Required Dependent Library Path
 6 #remote_tmp     = ~/.ansible/tmp          # Remote machine, temporary file storage location
 7 #local_tmp      = ~/.ansible/tmp          # Local temporary file storage location
 8 #forks          = 5                       # Default concurrency number
 9 #poll_interval  = 15                      # Default polling interval (in seconds)
10 #sudo_user      = root                    # Users after default sudo
11 #ask_sudo_pass = True                     # With sudo, do I need to enter a password
12 #ask_pass      = True                     # Is a password required
13 #transport      = smart                   # transmission mode
14 #remote_port    = 22                      # Port number of default remote host
15 #module_lang    = C                       # Language for communication between modules and systems
16 #module_set_locale = False
17 ..................
18 # uncomment this to disable SSH key host checking uncomment to disable SSH key host checking to disable host checking [default is commented out, host fingerprint checking]
19 host_key_checking = False                # Uncomment to skip checking host fingerprints [only root user has permission to cancel fingerprint checking]
20 ..................
21 # logging is off by default unless this path is defined
22 # if so defined, consider logrotate
23 #log_path = /var/log/ansible.log          # Open ansible log
24 ..................
25 [privilege_escalation]                    # Ordinary User Title Configuration "Place of Use: Ordinary User Remote Title Use"
26 #become=True
27 #become_method=sudo
28 #become_user=root
29 #become_ask_pass=False

The [privilege_escalation] configuration described above can be used in ansible-h to see how it is used.The following:

 1 [yun@ansi-manager ~]$ ansible -h 
 2 ..................
 3   Privilege Escalation Options:  # Privilege Elevation Options
 4     control how and which user you become as on target hosts
 5 
 6     -b, --become        run operations with become (does not imply password
 7                         prompting)
 8     --become-method=BECOME_METHOD
 9                         privilege escalation method to use (default=sudo), use
10                         `ansible-doc -t become -l` to list valid choices.
11     --become-user=BECOME_USER
12                         run operations as this user (default=root)
13     -K, --ask-become-pass
14                         ask for privilege escalation password
15 ..................

 

-—END-— If you feel good, pay attention to the next chop (-^O^-)!

Tags: Linux ansible sudo Python EPEL

Posted on Sun, 08 Mar 2020 09:26:07 -0700 by meandrew