接着上一节安装配置开始讲解

这一节，准备详细讲下ansible的结构，ansible的目录架构，ansible的工作原理架构。

<一>、Ansible优点

• Agentless，去中心化

• Stupied Simple ，上手简单，学习曲线平滑

• SSH by default ，安全，无需安装客户端

• 配置简单、功能强大、扩展性强

• 支持API及自定义模块，可通过Python轻松扩展

• 通过Playbooks来定制强大的配置、状态管理

• 提供一个功能强大、操作性强的Web管理界面和REST API接口——AWX平台

• 幂等性：一种操作重复多次结果相同

<二>、Ansible的架构图

架构图

Ansible核心组件说明：

Host Lnventory：记录了每一个由Ansible管理的主机信息，信息包括ssh端口，root帐号密码，ip地址等等。可以通过file来加载，可以通过CMDB加载

Playbooks：YAML格式文件，多个任务定义在一个文件中，使用时可以统一调用，“剧本”用来定义那些主机需要调用那些模块来完成的功能.

Core Modules：Ansible执行任何管理任务都不是由Ansible自己完成，而是由核心模块完成；Ansible管理主机之前，先调用core Modules中的模块，然后指明管理Host Lnventory中的主机，就可以完成管理主机。

Custom Modules：自定义模块，完成Ansible核心模块无法完成的功能，此模块支持任何语言编写。

Connection Plugins：连接插件，Ansible和Host通信使用

Ansible的执行过程：

ansible的执行过程

Ansible目录结构介绍：

配置文件目录：/etc/ansible/ 功能：Inventroy主机信息配置、Ansible工具功能配置等。所有Ansible的配置均放在该目录下，运维日常的所有配置操作也均于此目录进行。

执行文件目录：/usr/bin/ 功能：Ansible系列命令默认存放目录，Ansible所有的可执行文件均放在该目录下。

Lib库依赖目录：/usr/lib/pythonX.X/site-packages/ansible/

Help文档目录：/usr/share/doc/ansible-X.X.X/

Man文档目录：/usr/share/man/man1/

Inventroy用于定义主机列表的配置，ansible的自身配置只有一个ansible.cfg，ansible安装好以后，默认存在/etc/ansible/ 目录下，ansible.cfg可以存在多个地方，ansible读取配置文件的顺序依次是当前命令执行目录-->用户家目录下的.ansible.cfg-->/etc/ansible.cfg，先找到哪个就是要哪个的配置。

注意：ansible.cfg配置的所有内容均可以在命令行通过参数的形式传递或者定义在Playbooks中。

ansible.cfg的配置格式遵循ini格式。

[defaults]

# some basic default values...

#inventory = /etc/ansible/hosts # 定义Inventory，主要是定义主机列表的配置

#library = /usr/share/my_modules/ # 自定义lib库存放目录

#module_utils = /usr/share/my_module_utils/

#remote_tmp = ~/.ansible/tmp # 临时文件远程主机存放目录

#local_tmp = ~/.ansible/tmp # 临时文件本地主机存放目录

#forks = 5 # 默认开启的并发数

#poll_interval = 15 # 默认轮询时间间隔

#sudo_user = root # 默认sudo用户

#ask_sudo_pass = True # 是否需要sudo密码

#ask_pass = True # 是否需要密码

#transport = smart

#remote_port = 22

#module_lang = C

#module_set_locale = False

上面是一些基本的默认配置文件的路径，一般默认即可。

# additional paths to search for roles in, colon separated

roles_path = /etc/ansible/roles:/usr/share/ansible/roles # 默认下载Roles存放目录

# uncomment this to disable SSH key host checking

#host_key_checking = False # 首次连接是否需要检查key认证，建议设为False

# change the default callback, you can only have one 'stdout' type enabled at a time.

#stdout_callback = skippy

# SSH timeout

#timeout = 10 # 默认超时时间

# default user to use for playbooks if user is not specified

# (/usr/bin/ansible will use current user as default)

#remote_user = root

# logging is off by default unless this path is defined

# if so defined, consider logrotate

#log_path = /var/log/ansible.log # 执行日志存放目录

# default module name for /usr/bin/ansible

#module_name = command # 默认执行的模块

# set plugin path directories here, separate with colons

#action_plugins = /usr/share/ansible/plugins/action # action插件的存放目录

#cache_plugins = /usr/share/ansible/plugins/cache # cache插件的存放目录

#callback_plugins = /usr/share/ansible/plugins/callback # callback插件的存放目录

#connection_plugins = /usr/share/ansible/plugins/connection # connection插件的存放目录

#lookup_plugins = /usr/share/ansible/plugins/lookup # lookup插件的存放目录

#inventory_plugins = /usr/share/ansible/plugins/inventory #inventroy插件的存放目录

#vars_plugins = /usr/share/ansible/plugins/vars # vars插件的存放目录

#filter_plugins = /usr/share/ansible/plugins/filter # filter插件的存放目录

#test_plugins = /usr/share/ansible/plugins/test # test插件的存放目录

#terminal_plugins = /usr/share/ansible/plugins/terminal # terminal插件的存放目录

#strategy_plugins = /usr/share/ansible/plugins/strategy # strategy插件的存放目录

# if set to a persistent type (not 'memory', for example 'redis') fact values

# from previous runs in Ansible will be stored. This may be useful when

# wanting to use, for example, IP information from one group of servers

# without having to talk to them in the same playbook run to get their

# current IP information.

#fact_caching = memory # getfact缓存的主机信息存放目录

# retry files

# When a playbook fails by default a .retry file will be created in ~/

# You can disable this feature by setting retry_files_enabled to False

# and you can change the location of the files by setting retry_files_save_path

#retry_files_enabled = False

#retry_files_save_path = ~/.ansible-retry # 错误重启文件访问目录

[privilege_escalation] # 不直接以root的高级管理员权限直接部署应用，会开发普通用户权限并给予sudo权限，改部分配置主要针对sudo用户提权的配置

#become=True # 是否开启sudo

#become_method=sudo # sudo方式

#become_user=root # sudo后变为root用户

#become_ask_pass=False # sudo后是否需要验证密码

[paramiko_connection]

# uncomment this line to cause the paramiko connection plugin to not record new host

# keys encountered. Increases performance on new host additions. Setting works independently of the

# host key checking setting above.

#record_host_keys=False # 不记录新主机的key以提升效率

# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this

# line to disable this behaviour.

#pty=False # 禁用sudo功能

[ssh_connection]

# Ansible默认使用SSH协议连接对端主机，该部署是主要是SSH连接的一些配置，但配置项较少，多数默认即可。

# ssh arguments to use

# Leaving off ControlPersist will result in poor performance, so use

# paramiko on older platforms rather than removing it, -C controls compression use

#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s

# The base directory for the ControlPath sockets.

# This is the "%(directory)s" in the control_path option

#

# Example:

# control_path_dir = /tmp/.ansible/cp

#control_path_dir = ~/.ansible/cp

# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,

# port and username (empty string in the config). The hash mitigates a common problem users

# found with long hostames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.

# In those cases, a "too long for Unix domain socket" ssh error would occur.

#

# Example:

# control_path = %(directory)s/%%h-%%r

#control_path =

# Enabling pipelining reduces the number of SSH operations required to

# execute a module on the remote server. This can result in a significant

# performance improvement when enabled, however when using "sudo:" you must

# first disable 'requiretty' in /etc/sudoers

#

# By default, this option is disabled to preserve compatibility with

# sudoers configurations that have requiretty (the default on many distros).

#

#pipelining = False # 管道极速功能，需配合requiretty使用方可生效

[accelerate]

# Ansible连接加速相关配置，因为有部分使用者不满意Ansible的执行速度，所以Ansible在连接和

# 执行速度方面也在不断地进行优化，该配置项在提升Ansible连接速度时会涉及，多数保持默认即可。

#accelerate_port = 5099 # 加速连接端口

#accelerate_timeout = 30 # 命令执行超时时间，单位秒

#accelerate_connect_timeout = 5.0 # 连接超时时间，单位秒

# The daemon timeout is measured in minutes. This time is measured

# from the last activity to the accelerate daemon.

#accelerate_daemon_timeout = 30 # 上一个活动的连接的时间，单位分钟

# If set to yes, accelerate_multi_key will allow multiple

# private keys to be uploaded to it, though each user must

# have access to the system via SSH to add a new key. The default

# is "no".

#accelerate_multi_key = yes

[selinux] # selinux的配置默认即可

# file systems that require special treatment when dealing with security context

# the default behaviour that copies the existing context or uses the user default

# needs to be changed to use the file system dependent context.

#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p

# Set this to yes to allow libvirt_lxc connections to work without SELinux.

#libvirt_lxc_noseclabel = yes

[colors]

# Ansible对于输出结果的颜色也进行了详尽的定义且可配置，该选项对于日常功能应用影响不大，几乎可以不用修改，保持默认即可

以上就是一些基本的配置文件的说明，绝大多数保持默认即可。

后面会讲解下Ad-Hoc、和Ansible-playbook的命令执行方式。