Deployment and Setup of Alibaba Cloud Ansible Automation Operations Platform

The following is a complete practical guide for implementing automated operations based on Ansible on the Alibaba Cloud platform, integrating all core operational processes and commands, tailored to the specified server planning:

1. Environment Planning

Hostname

IP Address

Role

Operating System

manage01

192.168.98.200/24

Ansible Control Node

CentOS 7.9

node1

192.168.98.201/24

Business Node

CentOS 7.9

node2

192.168.98.202/24

Business Node

CentOS 7.9

node3

192.168.98.203/24

Business Node

CentOS 7.9

2. Preparation Before Deployment

1. Alibaba Cloud Security Group Configuration

  • All ECS instance security group rules:
    • Inbound: TCP 22 (SSH), ICMP
    • Outbound: All Traffic

2. Basic Configuration for All Nodes

# 1. Disable Firewall and SELinux (Execute on all nodes)

systemctl stop firewalld && systemctl disable firewalld

sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/selinux/config

setenforce 0

# 2. Configure Alibaba Cloud Internal Time Synchronization

yum install -y chrony

cat > /etc/chrony.conf << EOF

server ntp.aliyun.com iburst

server ntp1.aliyun.com iburst

EOF

systemctl restart chronyd && systemctl enable chronyd

3. Ansible Control Node Deployment (manage01)

1. Install Ansible

# Install EPEL Repository and Ansible

yum install -y epel-release

yum install -y ansible git

# Verify Installation

ansible –version # Should display ansible 2.9+ version

2. Configure SSH Passwordless Login

# 1. Generate Key Pair (Default Path)

ssh-keygen -t rsa -b 4096 -N “” -f ~/.ssh/id_rsa

# 2. Distribute Public Key to All Nodes

for node in node1 node2 node3 manage01; do

ssh-copy-id -i ~/.ssh/id_rsa.pub root@$node

done

# 3. Test Connectivity

ansible all -m ping -i inventory.ini

4. Ansible Core Configuration

1. Project Directory Structure

mkdir -p ~/ansible-project/{inventory,group_vars,roles,playbooks}

cd ~/ansible-project

2. Host Inventory File

# ~/ansible-project/inventory/production.ini

[management]

manage01 ansible_host=192.168.98.200

[nodes]

node1 ansible_host=192.168.98.201

node2 ansible_host=192.168.98.202

node3 ansible_host=192.168.98.203

[all:vars]

ansible_user=root

ansible_ssh_private_key_file=~/.ssh/id_rsa

ansible_python_interpreter=/usr/bin/python

3. Ansible Configuration File

# ~/ansible-project/ansible.cfg

[defaults]

inventory = ./inventory/production.ini

host_key_checking = False

log_path = ./ansible.log

roles_path = ./roles

forks = 20

[privilege_escalation]

become = True

become_method = sudo

become_user = root

become_ask_pass = False

5. Basic Environment Automated Configuration

1. Static IP Configuration (All Nodes)

# ~/ansible-project/playbooks/network_config.yml

– name: Configure Static IP

hosts: all

become: yes

vars:

interface: eth0

network_config:

manage01:

ip: 192.168.98.200

gateway: 192.168.98.1

node1:

ip: 192.168.98.201

gateway: 192.168.98.1

node2:

ip: 192.168.98.202

gateway: 192.168.98.1

node3:

ip: 192.168.98.203

gateway: 192.168.98.1

tasks:

– name: Configure network interface

template:

src: templates/ifcfg-eth0.j2

dest: /etc/sysconfig/network-scripts/ifcfg-{{ interface }}

notify: Restart network

handlers:

– name: Restart network

service:

name: network

state: restarted

Template file templates/ifcfg-eth0.j2:

DEVICE={{ interface }}

BOOTPROTO=static

ONBOOT=yes

IPADDR={{ network_config[inventory_hostname].ip }}

NETMASK=255.255.255.0

GATEWAY={{ network_config[inventory_hostname].gateway }}

DNS1=100.100.2.136 # Alibaba Cloud Internal DNS

DNS2=100.100.2.138

2. Hostname Configuration

# ~/ansible-project/playbooks/hostname_config.yml

– name: Set Hostname

hosts: all

become: yes

tasks:

– name: Set system hostname

hostname:

name: “{{ inventory_hostname }}”

– name: Update /etc/hosts

lineinfile:

path: /etc/hosts

regexp: “^{{ ansible_default_ipv4.address }}”

line: “{{ ansible_default_ipv4.address }} {{ inventory_hostname }}”

state: present

Execute commands:

ansible-playbook playbooks/network_config.yml

ansible-playbook playbooks/hostname_config.yml

6. Core Operations Scenario Practice

Scenario1: Batch Install Basic Tools

# ~/ansible-project/playbooks/install_essentials.yml

– name: Install Base Packages

hosts: nodes

become: yes

tasks:

– name: Install common tools

yum:

name: [vim, wget, telnet, net-tools, lsof]

state: latest

Scenario2: Deploy Nginx Cluster

# ~/ansible-project/roles/nginx/tasks/main.yml

– name: Install Nginx

yum:

name: nginx

state: latest

– name: Copy customized config

template:

src: nginx.conf.j2

dest: /etc/nginx/nginx.conf

backup: yes

notify: Restart Nginx

– name: Ensure service running

service:

name: nginx

state: started

enabled: yes

handlers:

– name: Restart Nginx

service:

name: nginx

state: restarted

Execute commands:

ansible-playbook playbooks/install_essentials.yml

ansible-playbook -i inventory.ini playbooks/deploy_nginx.yml

7. Production-Level Enhanced Configuration

1. Sensitive Information Encryption

# Create Encrypted File

ansible-vault create group_vars/all_secrets.yml

# Call in Playbook

– name: Load secrets

include_vars: group_vars/all_secrets.yml

no_log: true

2. Alibaba Cloud Dynamic Inventory Integration

# Install Alibaba Cloud Python SDK

pip install aliyun-python-sdk-ecs

# Dynamic Inventory Script Example

# ~/ansible-project/inventory/aliyun_ecs.py

#!/usr/bin/env python

from aliyunsdkcore.client import AcsClient

from aliyunsdkecs.request.v20140526 import DescribeInstancesRequest

client = AcsClient(‘<ACCESS_KEY>’, ‘<SECRET_KEY>’, ‘cn-hangzhou’)

def main():

request = DescribeInstancesRequest.DescribeInstancesRequest()

response = client.do_action_with_exception(request)

print(format_output(response))

if __name__ == “__main__”:

main()

8. Verification and Monitoring

1. Service Status Verification

ansible nodes -m shell -a “systemctl status nginx”

ansible nodes -m uri -a “url=http://localhost/health”

2. Alibaba Cloud Monitoring Integration

# ~/ansible-project/roles/monitoring/tasks/main.yml

– name: Install CloudMonitor Agent

yum:

name: aliyun-cloudmonitor

state: present

– name: Start CloudMonitor

service:

name: cloudmonitor

state: started

enabled: yes

9. Operations Quick Reference Table

Operation Scenario

Command Example

Check Node Connectivity

ansible all -m ping

Batch ExecuteShell Command

ansible nodes -m shell -a “df -h”

File Distribution

ansible web -m copy -a “src=app.conf dest=/etc/app/ owner=root”

Service Management

ansible db -m service -a “name=mysql state=restarted”

Security Updates

ansible all -m yum -a “name=* state=latest update_cache=yes”

Playbook Testing

ansible-playbook deploy.yml –check –diff

Run Encrypted Playbook

ansible-playbook secure.yml –ask-vault-pass

Through this guide, you have completed the following core constructions:

  1. Standardized Basic Environment: Unified configuration of network, hostname, and security policies
  2. Automated Operations System: Ansible control node + managed node architecture
  3. Production-Level Best Practices: Dynamic Inventory, encryption management, monitoring integration
  4. Scalable Scenario Support: Rapidly expand new service deployments through Roles mechanism

Future Recommendations:

  • Use Git for configuration version management
  • Regularly execute ansible-playbook –check to verify configuration drift
  • Implement Ansible task scheduling through Alibaba Cloud OOS
  • Use Ansible Tower/AWX for visual operations

References:

https://www.ansible.com/

·https://github.com/ansible/ansible

·https://www.redhat.com/en/technologies/management/ansible

·https://ansible-tran.readthedocs.io/en/latest/docs/intro.html

Learning Videos:

·Video: Preparation Before Deployment

·Video: SSH Certificate Mutual Trust Setup

·Video: Ansible Platform Deployment

·Video: Host List File Hosts File

·Video: Ansible Automated Platform Deployment Knowledge Map

https://www.bilibili.com/video/BV19J41167sM/?p=6&share_source=copy_web&vd_source=783115a80c3cf673f20dd9daa9d98955

This tutorial is reproduced from my technical blog (https://www.cnblogs.com/Johny-zhao/p/18863828

#Ansible

#AlibabaCloud

#SystemAutomationOperations

Related posts

  1. Ansible: The Best Automation Tool in Python
  2. Smart Pet Tracker Solution Based on Bluetooth BLE Technology
  3. Significant Update on CCC Digital Key Certification! Now Includes UWB and BLE
  4. Comparison of BLE and SparkLink SLE Protocols
  5. Ansible Concepts and Principles Analysis: A Powerful Tool for Automated Operations
  6. Java Automation Operations: Ansible Deployment and Management
  7. Mastering Ansible: Building an Automation Operations Platform from Scratch, Achieving 8x Efficiency
  8. Ansible Beginner’s Practical Guide: Achieve Server Configuration Automation in 3 Steps and Say Goodbye to Repetitive Manual Operations
  9. Basic Usage of Ansible Playbook
  10. Commonly Used Ansible Modules
  11. Discussing the Principle of Idempotence in Ansible
  12. Medtronic Unveils AiBLE™ Intelligent Neurosurgery Ecosystem Solution for High-Quality Development
  13. Understanding BLE from Scratch: Principles of Low Energy Bluetooth and Practical Applications with nRF52
  14. Ansible Beginner’s Guide: From Tedious Operations to One-Click Deployment, Say Goodbye to Late-Night Operations Nightmares
  15. Implementation of Bluetooth BLE One Master and Multiple Slaves with nRF52832
  16. How to Connect S7-1500 to Alibaba Cloud IoT Platform
  17. Flexible Authentication Methods for Secure IoT Device Connections
  18. Introduction to the CC2500 Wireless Module
  19. Smart Lock and APP Bluetooth BLE Communication Solution: Service Design, Security Mechanisms, and Development Practical Guide

Leave a Comment