# How Ansible Works | Ansible.com

[How Ansible Works | Ansible.com](https://www.ansible.com/overview/how-ansible-works)

Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs.\
Ansible是一个非常简单的IT自动化引擎，它可以自动化云供应、配置管理、应用程序部署、服务内部编排和许多其他IT需求。

Designed for multi-tier deployments since day one, Ansible models your IT infrastructure by describing how all of your systems inter-relate, rather than just managing one system at a time.\
从第一天起就为多层部署而设计，Ansible通过描述所有系统如何相互关联来为您的IT基础设施建模，而不是一次只管理一个系统。


It uses no agents and no additional custom security infrastructure, so it's easy to deploy - and most importantly, it uses a very simple language (YAML, in the form of Ansible Playbooks) that allow you to describe your automation jobs in a way that approaches plain English.\
它不使用代理，也不使用额外的自定义安全基础设施，因此易于部署——最重要的是，它使用一种非常简单的语言(YAML，以Ansible Playbooks的形式)，允许您以一种接近简单英语的方式描述您的自动化工作。

On this page, we'll give you a really quick overview so you can see things in context. For more detail, hop over to [Ansible Documentation](https://docs.ansible.com/).\
在这一页，我们将给你一个非常快速的概述，这样你就可以在上下文中看到事物。欲了解更多细节，请访问[Ansible Documentation](https://docs.ansible.com/)。

## EFFICIENT ARCHITECTURE
有效的体系结构

Ansible works by connecting to your nodes and pushing out small programs, called "Ansible modules" to them. These programs are written to be resource models of the desired state of the system. Ansible then executes these modules (over SSH by default), and removes them when finished.\
Ansible的工作方式是连接到你的节点，并向它们推出小程序，称为“Ansible模块”。这些程序被编写成系统期望状态的资源模型。然后Ansible执行这些模块(默认通过SSH)，并在完成时删除它们。

Your library of modules can reside on any machine, and there are no servers, daemons, or databases required. Typically you'll work with your favorite terminal program, a text editor, and probably a version control system to keep track of changes to your content.\
您的模块库可以驻留在任何机器上，并且不需要服务器、守护进程或数据库。通常，您会使用您最喜欢的终端程序、文本编辑器，可能还会使用版本控制系统来跟踪内容的更改。

## SSH KEYS ARE YOUR FRIENDS
SSH密钥是您的朋友

Passwords are supported, but SSH keys with ssh-agent are one of the best ways to use Ansible. Though if you want to use Kerberos, that's good too. Lots of options! Root logins are not required, you can login as any user, and then su or sudo to any user.\
支持密码，但是SSH-agent中的SSH密钥是使用Ansible的最佳方式之一。不过，如果您想使用Kerberos，这也很好。很多选择!不需要Root登录，您可以以任何用户的身份登录，然后以su或sudo登录到任何用户。

Ansible's "authorized_key" module is a great way to use ansible to control what machines can access what hosts. Other options, like kerberos or identity management systems, can also be used.\
Ansible的“authorized_key”模块是使用Ansible来控制哪些机器可以访问哪些主机的一个很好的方法。还可以使用其他选项，如kerberos或身份管理系统。
```shell
ssh-agent bash
ssh-add ~/.ssh/id_rsa
```

## MANAGE YOUR INVENTORY IN SIMPLE TEXT FILES
在简单的文本文件中管理您的库存

By default, Ansible represents what machines it manages using a very simple INI file that puts all of your managed machines in groups of your own choosing.\
默认情况下，Ansible使用一个非常简单的INI文件来表示它管理的机器，该文件将所有被管理的机器放入您自己选择的组中。

To add new machines, there is no additional SSL signing server involved, so there's never any hassle deciding why a particular machine didn’t get linked up due to obscure NTP or DNS issues.\
要添加新机器，不需要涉及额外的SSL签名服务器，因此永远不会有任何麻烦来决定为什么某个特定的机器没有由于晦涩的NTP或DNS问题而连接起来。

If there's another source of truth in your infrastructure, Ansible can also plugin to that, such as drawing inventory, group, and variable information from sources like EC2, Rackspace, OpenStack, and more.\
如果你的基础设施中有其他真实的来源，Ansible也可以加入其中，比如从EC2、Rackspace、OpenStack等来源提取库存、组和变量信息。

Here's what a plain text inventory file looks like:\
下面是一个纯文本的库存文件:

```shell
[webservers]
www1.example.com
www2.example.com

[dbservers]
db0.example.com
db1.example.com
```

Once inventory hosts are listed, variables can be assigned to them in simple text files (in a subdirectory called 'group_vars/' or 'host_vars/') or directly in the inventory file.\
一旦列出了库存主机，变量可以在简单的文本文件中(在名为'group_vars/'或'host_vars/'的子目录中)或直接在库存文件中分配给它们。

Or, as already mentioned, use a dynamic inventory to pull your inventory from data sources like EC2, Rackspace, or OpenStack.\
或者，如前所述，使用动态库存从数据源(如EC2、Rackspace或OpenStack)中提取库存。

## THE BASICS: USING ANSIBLE FOR AD HOC PARALLEL TASK EXECUTION
基本内容:使用ansible执行AD hoc并行任务

Once you have an instance available, you can talk to it right away, without any additional setup:\
一旦你有一个可用的实例，你可以立即与它交谈，而不需要任何额外的设置:
```shell
ansible all -m ping 
ansible foo.example.com -m yum -a "name=httpd state=installed"
ansible foo.example.com -a "/usr/sbin/reboot"
```

Note that we have access to state-based resource modules as well as running raw commands. These modules are extremely easy to write and Ansible ships with a fleet of them so most of your work is already done.\
注意，我们可以访问基于状态的资源模块，也可以运行原始命令。这些模块非常容易编写，并且Ansible有一个这样的船队，所以您的大部分工作已经完成了。

Ansible contains a giant toolbox of built-in modules, well over 750 of them.\
Ansible包含一个巨大的内置模块工具箱，超过750个。

## PLAYBOOKS: A SIMPLE+POWERFUL AUTOMATION LANGUAGE
Playbooks：一种简单而强大的自动化语言

Playbooks can finely orchestrate multiple slices of your infrastructure topology, with very detailed control over how many machines to tackle at a time.  This is where Ansible starts to get most interesting.\
Playbooks可以很好地编排基础结构拓扑的多个部分，对一次处理多少台机器进行非常详细的控制。这就是Ansible最有趣的地方。

Ansible's approach to orchestration is one of finely-tuned simplicity, as we believe your automation code should make perfect sense to you years down the road and there should be very little to remember about special syntax or features.\
Ansible的编配方法非常简单，因为我们相信你的自动化代码在未来几年对你来说应该是非常有意义的，关于特殊语法或特性应该没有什么需要记住的。

Here's what a playbook looks like. As a reminder, this is only here as a teaser - hop over to docs.ansible.com for the complete documentation and all that's possible.\
剧本是这样的。作为一个提醒，这只是作为一个挑逗-跳转到docs.ansible.com获得完整的文档和所有可能的。

# AN EXAMPLE `app_config.yml` MIGHT LOOK LIKE:

The Ansible documentation explores this in much greater depth. There’s a LOT more that you can do, including:\
Ansible文档对此进行了更深入的研究。你可以做的还有很多，包括:

* Take machines in and out of load balancers and monitoring windows\
让机器进出负载平衡器和监视窗口
* Have one server know the IP address of all the others using facts gathered about those particular servers - and use those to dynamically build out configuration files\
是否有一台服务器使用收集到的关于这些特定服务器的事实知道所有其他服务器的IP地址——并使用这些事实动态地构建配置文件
* Set some variables and prompt for others, and set defaults for when they are not set\
为其他变量设置一些变量和提示符，并为未设置它们的情况设置缺省值
* Use the result of one command to decide whether to run another\
使用一个命令的结果来决定是否运行另一个命令

There are lots of advanced possibilities but it's easy to get started.\
有很多高级的可能性，但很容易开始。

Most importantly, the language remains readable and transparent, and you never have to do things like declare explicit ordering relationships or write code in a programming language.\
最重要的是，该语言保持了可读性和透明性，您永远不必做诸如声明显式排序关系或用编程语言编写代码之类的事情。