ansible.cfg配置_如何在Ubuntu 18.04上安装和配置Ansible

ansible.cfg配置

介绍 (Introduction)

Configuration management systems are designed to streamline the process of controlling large numbers of servers, for administrators and operations teams. They allow you to control many different systems in an automated way from one central location.

配置管理系统旨在为管理员和操作团队简化控制大量服务器的过程。 它们使您可以从一个中央位置以自动化方式控制许多不同的系统。

While there are many popular configuration management tools available for Linux systems, such as Chef and Puppet, these are often more complex than many people want or need. Ansible is a great alternative to these options because it offers a simple architecture that doesn’t require special software to be installed on nodes, using SSH to execute the automation tasks and YAML files to define provisioning details.

尽管有许多流行的配置管理工具可用于Linux系统，例如Chef和Puppet ，但它们通常比许多人想要或需要的更为复杂。 Ansible是这些选项的理想选择，因为它提供了一种简单的体系结构，不需要在节点上安装特殊软件，可以使用SSH执行自动化任务，并使用YAML文件来定义置备细节。

In this guide, we will discuss how to install Ansible on an Ubuntu 18.04 server and go over some basics of how to use this software.

在本指南中，我们将讨论如何在Ubuntu 18.04服务器上安装Ansible，并介绍如何使用此软件的一些基础知识。

Ansible如何工作？ (How Does Ansible Work?)

Ansible works by configuring client machines, referred to as managed nodes, from a computer that has the Ansible components installed and configured, which is then called the Ansible control node.

Ansible通过从安装并配置了Ansible组件的计算机(称为Ansible控制节点)中配置客户端计算机(称为受管节点 )来工作。

It communicates over normal SSH channels to retrieve information from remote systems, issue commands, and copy files. Because of this, an Ansible system does not require any additional software to be installed on the client computers.

它通过普通的SSH通道进行通信，以从远程系统中检索信息，发出命令并复制文件。 因此，Ansible系统不需要在客户端计算机上安装任何其他软件。

This is one way that Ansible simplifies the administration of servers. Any server that has an SSH port exposed can be brought under Ansible’s configuration umbrella, regardless of what stage it is at in its life cycle. This means that any computer that you can administer through SSH, you can also administer through Ansible.

这是Ansible简化服务器管理的一种方式。 任何具有SSH端口暴露的服务器都可以置于Ansible的配置保护下，无论其处于生命周期的哪个阶段。 这意味着您可以通过SSH管理的任何计算机，也可以通过Ansible管理。

Ansible takes on a modular approach, enabling you to extend the functionalities of the main system to deal with specific scenarios. Modules can be written in any language and communicate in standard JSON.

Ansible采用模块化方法，使您能够扩展主系统的功能以应对特定情况。 模块可以用任何语言编写，并以标准JSON进行通信。

Configuration files are mainly written in the YAML data serialization format due to its expressive nature and its similarity to popular markup languages. Ansible can interact with hosts either through command line tools or its configuration scripts, which are known as Playbooks.

由于配置文件的表达性和与流行的标记语言的相似性，所以配置文件主要以YAML数据序列化格式编写。 Ansible可以通过命令行工具或其配置脚本(称为Playbook)与主机进行交互。

先决条件 (Prerequisites)

To follow this tutorial, you will need:

要遵循本教程，您将需要：

• One Ansible Control Node: The Ansible control node is the machine we will use to connect to and control the Ansible hosts over SSH. Your Ansible control node can either be your local machine or a server dedicated to running Ansible, though this guide assumes your control node is an Ubuntu 18.04 system. Make sure the control node has:

  一个Ansible控制节点 ：Ansible控制节点是我们将用于通过SSH连接并控制Ansible主机的机器。 您的Ansible控制节点可以是本地计算机，也可以是专用于运行Ansible的服务器，尽管本指南假定您的控制节点是Ubuntu 18.04系统。 确保控制节点具有：

  • A non-root user with sudo privileges. To set this up, you can follow Steps 2 and 3 of our Initial Server Setup Guide for Ubuntu 18.04. However, please note that if you’re using a remote server as your Ansible Control node, you should follow every step of this guide. Doing so will configure a firewall on the server with ufw and enable external access to your non-root user profile, both of which will help keep the remote server secure.

    具有sudo特权的非root用户。 要进行设置，您可以按照《 Ubuntu 18.04初始服务器设置指南》中的 步骤2和3进行操作。 但是，请注意，如果您使用远程服务器作为Ansible Control节点，则应遵循本指南的每个步骤 。 这样做将使用ufw在服务器上配置防火墙，并允许外部访问您的非root用户配置文件，这两者都将有助于确保远程服务器的安全。

  • An SSH keypair associated with this user. To set this up, you can follow Step 1 of our guide on How to Set Up SSH Keys on Ubuntu 18.04.

    与此用户关联的SSH密钥对。 要进行此设置，您可以按照我们的指南中有关如何在Ubuntu 18.04上设置SSH密钥的 步骤1进行操作。

• One or more Ansible Hosts: An Ansible host is any machine that your Ansible control node is configured to automate. This guide assumes your Ansible hosts are remote Ubuntu 18.04 servers. Make sure each Ansible host has:

  一个或多个Ansible主机 ：Ansible主机是您的Ansible控制节点配置为自动运行的任何计算机。 本指南假定您的Ansible主机是远程Ubuntu 18.04服务器。 确保每个Ansible主机都具有：

  • The Ansible control node’s SSH public key added to the authorized_keys of a system user. This user can be either root or a regular user with sudo privileges. To set this up, you can follow Step 2 of How to Set Up SSH Keys on Ubuntu 18.04.

    Ansible控制节点的SSH公钥添加到系统用户的authorized_keys中。 该用户可以是root用户，也可以是具有sudo特权的普通用户。 要进行设置，您可以按照如何在Ubuntu 18.04上设置SSH密钥的 步骤2进行操作。

第1步-安装Ansible (Step 1 — Installing Ansible)

To begin using Ansible as a means of managing your server infrastructure, you need to install the Ansible software on the machine that will serve as the Ansible control node.

要开始使用Ansible作为管理服务器基础结构的一种方法，您需要在将用作Ansible控制节点的计算机上安装Ansible软件。

From your control node, run the following command to include the official project’s PPA (personal package archive) in your system’s list of sources:

在控制节点上，运行以下命令以将官方项目的PPA(个人软件包存档)包括在系统的源列表中：

• sudo apt-add-repository ppa:ansible/ansible
  sudo apt-add-repository ppa：可/可

Press ENTER when prompted to accept the PPA addition.

当提示您接受PPA添加时，按ENTER 。

Next, refresh your system’s package index so that it is aware of the packages available in the newly included PPA:

接下来，刷新系统的软件包索引，以使它知道新包含的PPA中可用的软件包：

• sudo apt update
  sudo apt更新

Following this update, you can install the Ansible software with:

完成此更新后，您可以使用以下方法安装Ansible软件：

• sudo apt install ansible
  sudo apt安装ansible

Your Ansible control node now has all of the software required to administer your hosts. Next, we will go over how to add your hosts to the control node’s inventory file so that it can control them.

现在，您的Ansible控制节点具有管理主机所需的所有软件。 接下来，我们将讨论如何将主机添加到控制节点的清单文件中，以便它可以控制它们。

第2步-设置库存文件 (Step 2 — Setting Up the Inventory File)

The inventory file contains information about the hosts you’ll manage with Ansible. You can include anywhere from one to several hundred servers in your inventory file, and hosts can be organized into groups and subgroups. The inventory file is also often used to set variables that will be valid only for specific hosts or groups, in order to be used within playbooks and templates. Some variables can also affect the way a playbook is run, like the ansible_python_interpreter variable that we’ll see in a moment.

清单文件包含有关您将使用Ansible管理的主机的信息。 您可以在清单文件中包含从一到几百台服务器的任何位置，并且可以将主机组织为组和子组。 清单文件通常还用于设置仅对特定主机或组有效的变量，以便在剧本和模板中使用。 一些变量也可能影响剧本的运行方式，例如我们稍后将看到的ansible_python_interpreter变量。

To edit the contents of your default Ansible inventory, open the /etc/ansible/hosts file using your text editor of choice, on your Ansible Control Node:

要编辑默认Ansible清单的内容，请在Ansible控制节点上使用所选的文本编辑器打开/etc/ansible/hosts文件：

• sudo nano /etc/ansible/hosts
  须藤nano / etc / ansible / hosts

Note: some Ansible installations won’t create a default inventory file. If the file doesn’t exist in your system, you can create a new file at /etc/ansible/hosts or provide a custom inventory path using the -i parameter when running commands and playbooks.

注意 ：某些Ansible安装不会创建默认清单文件。 如果系统中不存在该文件，则可以在运行命令和剧本时在/etc/ansible/hosts创建一个新文件，或使用-i参数提供自定义清单路径。

The default inventory file provided by the Ansible installation contains a number of examples that you can use as references for setting up your inventory. The following example defines a group named [servers] with three different servers in it, each identified by a custom alias: server1, server2, and server3. Be sure to replace the highlighted IPs with the IP addresses of your Ansible hosts.

Ansible安装提供的默认清单文件包含许多示例，您可以将其用作设置清单的参考。 以下示例定义了一个名为[servers]的组，其中有三个不同的服务器，每个服务器都由一个自定义别名标识： server1 ， server2和server3 。 确保用Ansible主机的IP地址替换突出显示的IP。

/etc/ansible/hosts

/ etc / ansible / hosts

[servers]
server1 ansible_host=203.0.113.111
server2 ansible_host=203.0.113.112
server3 ansible_host=203.0.113.113

[all:vars]
ansible_python_interpreter=/usr/bin/python3

The all:vars subgroup sets the ansible_python_interpreter host parameter that will be valid for all hosts included in this inventory. This parameter makes sure the remote server uses the /usr/bin/python3 Python 3 executable instead of /usr/bin/python (Python 2.7), which is not present on recent Ubuntu versions.

all:vars子组设置ansible_python_interpreter主机参数，该参数对于此清单中包括的所有主机均有效。 此参数可确保远程服务器使用/usr/bin/python3 Python 3可执行文件，而不是/usr/bin/python (Python 2.7)，该文件在最新的Ubuntu版本中不存在。

When you’re finished, save and close the file by pressing CTRL+X then Y and ENTER to confirm your changes.

完成后，请按CTRL+X然后按Y和ENTER确认并保存并关闭文件。

Whenever you want to check your inventory, you can run:

每当您要检查库存时，都可以运行：

• ansible-inventory --list -y
  ansible库存--list -y

You’ll see output similar to this, but containing your own server infrastructure as defined in your inventory file:

您将看到类似于此的输出，但包含清单文件中定义的自己的服务器基础结构：

   
   

    
    Output
   
   
all:
  children:
    servers:
      hosts:
        server1:
          ansible_host: 203.0.113.111
          ansible_python_interpreter: /usr/bin/python3
        server2:
          ansible_host: 203.0.113.112
          ansible_python_interpreter: /usr/bin/python3
        server3:
          ansible_host: 203.0.113.113
          ansible_python_interpreter: /usr/bin/python3
    ungrouped: {}

Now that you’ve configured your inventory file, you have everything you need to test the connection to your Ansible hosts.

现在，您已经配置了清单文件，您拥有了测试与Ansible主机的连接所需的一切。

第3步-测试连接 (Step 3 — Testing Connection)

After setting up the inventory file to include your servers, it’s time to check if Ansible is able to connect to these servers and run commands via SSH.

设置清单文件以包括服务器后，现在该检查Ansible是否能够连接到这些服务器并通过SSH运行命令。

For this guide, we will be using the Ubuntu root account because that’s typically the only account available by default on newly created servers. If your Ansible hosts already have a regular sudo user created, you are encouraged to use that account instead.

在本指南中，我们将使用Ubuntu 根帐户，因为默认情况下，这是默认情况下在新创建的服务器上唯一可用的帐户。 如果您的Ansible主机已经创建了常规sudo用户，则建议您改用该帐户。

You can use the -u argument to specify the remote system user. When not provided, Ansible will try to connect as your current system user on the control node.

您可以使用-u参数指定远程系统用户。 如果未提供，Ansible将尝试以您当前的系统用户身份在控制节点上进行连接。

From your local machine or Ansible control node, run:

在本地计算机或Ansible控制节点上，运行：

• ansible all -m ping -u root

  ansible all -m ping -u 根

This command will use Ansible’s built-in ping module to run a connectivity test on all nodes from your default inventory, connecting as root. The ping module will test:

此命令将使用Ansible的内置ping模块在默认清单中的所有节点上以root身份运行连接测试。 ping模块将测试：

• if hosts are accessible;
  如果主机可访问；
• if you have valid SSH credentials;
  如果您具有有效的SSH凭据；
• if hosts are able to run Ansible modules using Python.
  主机是否能够使用Python运行Ansible模块。

You should get output similar to this:

您应该获得类似于以下的输出：

   
   

    
    Output
   
   
server1 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
server2 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
server3 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

If this is the first time you’re connecting to these servers via SSH, you’ll be asked to confirm the authenticity of the hosts you’re connecting to via Ansible. When prompted, type yes and then hit ENTER to confirm.

如果这是您第一次通过SSH连接到这些服务器，则会要求您确认通过Ansible连接的主机的真实性。 出现提示时，键入yes ，然后按ENTER进行确认。

Once you get a "pong" reply back from a host, it means you’re ready to run Ansible commands and playbooks on that server.

从主机收到"pong"回复后，这意味着您已准备好在该服务器上运行Ansible命令和剧本。

Note: If you are unable to get a successful response back from your servers, check our Ansible Cheat Sheet Guide for more information on how to run Ansible commands with different connection options.

注意 ：如果无法从服务器获得成功的响应，请查看我们的Ansible备忘单指南 ，以获取有关如何使用不同的连接选项运行Ansible命令的更多信息。

步骤4 —运行临时命令(可选) (Step 4 — Running Ad-Hoc Commands (Optional))

After confirming that your Ansible control node is able to communicate with your hosts, you can start running ad-hoc commands and playbooks on your servers.

在确认Ansible控制节点能够与主机通信之后，您可以开始在服务器上运行临时命令和剧本。

Any command that you would normally execute on a remote server over SSH can be run with Ansible on the servers specified in your inventory file. As an example, you can check disk usage on all servers with:

您通常可以通过SSH在远程服务器上执行的任何命令都可以在清单文件中指定的服务器上使用Ansible运行。 例如，您可以使用以下方法检查所有服务器上的磁盘使用情况：

• ansible all -a "df -h" -u root

  ansible all -a“ df -h ” -u 根

   
   

    
    Output
   
   
server1 | CHANGED | rc=0 >>
Filesystem      Size  Used Avail Use% Mounted on
udev            3.9G     0  3.9G   0% /dev
tmpfs           798M  624K  798M   1% /run
/dev/vda1       155G  2.3G  153G   2% /
tmpfs           3.9G     0  3.9G   0% /dev/shm
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           3.9G     0  3.9G   0% /sys/fs/cgroup
/dev/vda15      105M  3.6M  101M   4% /boot/efi
tmpfs           798M     0  798M   0% /run/user/0

server2 | CHANGED | rc=0 >>
Filesystem      Size  Used Avail Use% Mounted on
udev            2.0G     0  2.0G   0% /dev
tmpfs           395M  608K  394M   1% /run
/dev/vda1        78G  2.2G   76G   3% /
tmpfs           2.0G     0  2.0G   0% /dev/shm
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           2.0G     0  2.0G   0% /sys/fs/cgroup
/dev/vda15      105M  3.6M  101M   4% /boot/efi
tmpfs           395M     0  395M   0% /run/user/0

...

The highlighted command df -h can be replaced by any command you’d like.

突出显示的命令df -h可以替换为您想要的任何命令。

You can also execute Ansible modules via ad-hoc commands, similarly to what we’ve done before with the ping module for testing connection. For example, here’s how we can use the apt module to install the latest version of vim on all the servers in your inventory:

您也可以通过ad-hoc命令执行Ansible模块 ，类似于我们之前使用ping模块测试连接的操作。 例如，这是我们如何使用apt模块在清单中的所有服务器上安装最新版本的vim ：

• ansible all -m apt -a "name=vim state=latest" -u root

  ansible all -m apt -a“名称= vim状态=最新” -u 根

You can also target individual hosts, as well as groups and subgroups, when running Ansible commands. For instance, this is how you would check the uptime of every host in the servers group:

运行Ansible命令时，您还可以定位单个主机以及组和子组。 例如，这是检查servers组中每个主机的uptime的方式：

• ansible servers -a "uptime" -u root

  ansible 服务器 -a“ 正常运行时间 ” -u 根

We can specify multiple hosts by separating them with colons:

我们可以通过用冒号分隔多个主机来指定它们：

• ansible server1:server2 -m ping -u root

  ansible server1 ： server2 -m ping -u root

For more information on how to use Ansible, including how to execute playbooks to automate server setup, you can check our Ansible Reference Guide.

有关如何使用Ansible的更多信息，包括如何执行剧本以自动进行服务器设置，请查看《 Ansible参考指南》 。

结论 (Conclusion)

In this guide, you’ve installed Ansible and set up an inventory file to execute ad-hoc commands from an Ansible Control Node.

在本指南中，您已安装Ansible并设置了清单文件以执行来自Ansible控制节点的临时命令。

Once you’ve confirmed you’re able to connect and control your infrastructure from a central Ansible controller machine, you can execute any command or playbook you desire on those hosts. For fresh servers, the Initial Server Setup community playbook is a good starting point. You can also learn how to write your own playbooks with our guide Configuration Management 101: Writing Ansible Playbooks.

确认可以从中央Ansible控制器计算机连接并控制基础结构后，您就可以在这些主机上执行所需的任何命令或剧本。 对于新服务器，“ 初始服务器设置”社区手册是一个很好的起点。 您还可以通过我们的指南《 配置管理101：编写Ansible剧本》来学习如何编写自己的剧本。

For more information on how to use Ansible, check out our Ansible Cheat Sheet Guide.

有关如何使用Ansible的更多信息，请查看我们的Ansible备忘单指南 。

翻译自: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-ansible-on-ubuntu-18-04

ansible.cfg配置