Shulou(Shulou.com)06/03 Report--

1. Introduction of ansiable

The architecture of ansible is roughly as follows

Ansible is a new operation and maintenance tool based on Python, which combines the advantages of many established operation and maintenance tools to achieve batch operating system configuration, batch program deployment, batch operation commands and other functions.

Operation and maintenance tools common working mode 1, agent mode: based on ssl implementation. The agent works on the monitored side. Like puppet. 2. Agentless mode: the implementation based on ssh service works on the monitored side. The monitoring end is the client of ssh.

Ansible is idempotent when working in agentless mode. Ansible only needs to tell the expected status of the monitor side on the control side to achieve batch deployment.

Nouns explain that idempotency does not repeat the same instructions. For example, the expected status of the software will not be installed repeatedly, only the expected status of the monitored side needs to be told.

Ansible is based on module work, and ansible itself does not have the ability to deploy in batches. What really has batch deployment is that ansible, the module that ansible runs, only provides a framework. The architecture includes

The connection plug-in connection plugins is responsible for communicating with the monitored side.

Host Inventory: the host for the specified operation. It is the host for monitoring defined in the configuration file.

Various modules core module command module custom module

Complete functions such as logging messages with the help of plug-ins

PlayBooks: when the script performs multiple tasks. It is not necessary to allow a node to run multiple tasks at a time

II. Basic use of ansiale

Install ansible

# install epel source [root@ansiable ~] # rpm-ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm[root@ansiable ~] # sed-I's installation mirrorlist mirrorListingmirrorlistinstallg' / etc/yum.repos.d/epel.repo# install ansible[ root @ ansiable ~] # yum install ansible- y [root@ansiable ~] # rpm-ql ansible | head/etc/ansible/etc/ansible/ansible.cfg # ansible main configuration file / etc/ansible/hosts # ansible Inventory file / etc/ansible/roles / usr/bin/ansible / usr/bin/ansible-doc/usr/bin/ansible-galaxy/usr/bin/ansible-playbook/usr/ Bin/ansible-pull/usr/bin/ansible-vault

Define Host Inventory

[root@ansiable] # cat / etc/ansible/hosts [hosts] 192.168.3.45 ansible_ssh_user=root ansible_ssh_pass=123123192.168.3.46 ansible_ssh_user=root ansible_ssh_pass=123123#ansible_ssh_user=root is the ssh login user # ansible_ssh_pass=guoting is the ssh login password 3. Test each module # Note the usage of each module can be viewed using ansible-doc MOD, for example, the most common use of the ansible-doc copy # ansible command # ansible- m MOE-a 'MOD_ARV' supported modules can be viewed using ansible-doc-l

Ansible example

1. Check the time information. Command, shell module

# run command module [root@ansiable ~] # ansible web-m command-a 'date'192.168.3.45 | success | rc=0 > > Thu Jul 2 14:22:27 CST 2015192.168.3.46 | success | rc=0 > > Thu Jul 2 14:51:29 CST run shell module [root@ansiable ~] # ansible web-m shell-a'iptables-L-module 192.168.3.46 | success | rc=0 > Chain INPUT (policy ACCEPT) target prot opt source Destination ACCEPT all-0.0.0.0Universe 0 0.0.0.0Universe 0 state RELATED ESTABLISHED ACCEPT icmp-0.0.0.0 ACCEPT all 0 0.0.0.0 ACCEPT all-- 0.0.0.0Compare 0 0.0.0.0Unigram 0 ACCEPT tcp-0.0.0.0Uniqure 0 0.0.0.0Universe state NEW tcp dpt:22 REJECT all- -0.0.0.0 reject-with icmp-host-prohibited Chain FORWARD 0 0.0.0.0 policy ACCEPT 0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source Destination 192.168.3.45 | success | rc=0 > > Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all-0.0.0.0amp0 0.0.0.0and0 state RELATED ESTABLISHED ACCEPT icmp-0.0.0.0 ACCEPT all 0 0.0.0.0 ACCEPT all-- 0.0.0.0Compare 0 0.0.0.0Unigram 0 ACCEPT tcp-0.0.0.0Uniqure 0 0.0.0.0Universe state NEW tcp dpt:22 REJECT all- -0.0.0.0 reject-with icmp-host-prohibited Chain FORWARD 0 0.0.0.0 policy ACCEPT 0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination

2. Add users on the control side. User module

# create user password [root@ansiable ~] # echo "hadoop" | openssl passwd-1-salt `user-hex 4`-stdin$1 $8710a47e$JMGYiMFd47q7rHO/g99x80# add user [root@ansiable ~] # ansible web-m user-a 'name=hadoop comment= "ansible add user" uid=1000 password= "$1 $8710a47e$JMGYiMFd47q7rHO/g99x80"' 192.168.3.45 | success > > {"changed": true, "comment": "ansible add user", "createhome": true, "group": 1000 "home": "/ home/hadoop", "name": "hadoop", "password": "NOT_LOGGING_PASSWORD", "shell": "/ bin/bash", "state": "present", "system": false, "uid": 1000} 192.168.3.46 | success > > {"changed": true, "comment": "ansible add user", "createhome": true Group: 1000, "home": "/ home/hadoop", "name": "hadoop", "password": "NOT_LOGGING_PASSWORD", "shell": "/ bin/bash", "state": "present", "system": false "uid": 1000} # View the result [root@ansiable ~] # ansible web-m shell-a 'grep hadoop / etc/passwd'192.168.3.46 | success | rc=0 > > hadoop:x:1000:1000:ansible add user:/home/hadoop:/bin/bash192.168.3.45 | success | rc=0 > > hadoop:x:1000:1000:ansible add user:/home/hadoop:/bin/bash

III. Introduction of YAML language

Introduction to YAML

YAML is a highly readable format for expressing data sequences. YAML refers to a variety of other languages including XML, C, Python, Perl, and the e-mail format RFC2822. Clark Evans first published the language in 2001, and Ingy dtNet and Oren Ben-Kiki are also co-designers of the language. YAML Ain't Markup Language means YAML is not XML. However, when developing this language, YAML actually means that "Yet Another Markup Language" is still a markup language. Its features YAML good readability YAML and scripting language interaction good YAML implementation language data type YAML has a consistent information model YAML easy to implement YAML can be based on stream to deal with YAML expression ability strong scalability more content and specifications see http://www.yaml.org. # # YAML syntax YAML has a syntax similar to other high-level languages and can simply express data structures such as lists, hash tables, scalars, and so on. Its structure Structure shows the items in the sequence Sequence using "-" to represent the key-value pairs in Map separated by ":" through spaces. YAML files usually have a .yaml or .yml extension. Here is an example. Name: John Smithage: 41gender: Malespouse: name: Jane Smithage: 37 gender: Femalechildren:-name: Jimmy Smithage: 17 gender: Male-name: Jenny Smithage 13 gender: Female YAML two important structural components list and directory## list list all elements Use "-" to start with, for example, # A list of tasty fruits- Apple- Orange- Strawberry- Mango # # dictionary dictionary to identify with valuef through key, such as-- # An employee recordname: Example Developerjob: Developerskill: Elite can also be placed in {} to represent key:value, such as-- # An employee record {name: Example Developer Job: Developer, skill: Elite} multiple mapping relationships form a dictionary a list can contain multiple dictionaries.

Variables in 2.YAML

# # variable naming variable names can only consist of letters, numbers and underscores and can only start with a letter. # # factsfacts is the information sent back by the remote destination host that is communicating. This information is stored in the ansible variable. To get all the facts supported by the specified remote host, use the following command # ansible hostname-m setup this command can get all kinds of information about the monitored host and save this information to a variable. # # Custom variables can be defined in yaml using the vars keyword vars: var_name: value # # variable reference {{var_name}} # # Special variable iterations can use iterative mechanisms when there are tasks that need to be performed repeatedly. Its format is to define the content that needs to be iterated as an item variable reference and use the with_items statement to indicate the list of elements for the iteration. # # example for example, add 2 users to the controlled terminal: general method 1-name: add user testuser1 user: name=testuser1 state=present groups=wheel- name: add user testuser2 user: name=testuser2 state=present groups=wheel method 2 use variable method-name: add several users vars: user1: testuser1 user2: testuser2 user: name= {{user1}} state=present groups=wheel user: Name= {{user2}} state=present groups=wheel mode 3 uses iterative method-name: add several users user: name= {{item}} state=present groups=wheel with_items:-testuser1-testuser2 in fact, elements that can be used in with_items can also be hashes, such as-name: add several users user: name= {{item.name}} state=present groups= {{item.groups}} with_items:-{name: 'testuser1' Groups: 'wheel'}-{name:' testuser2', groups: 'root'}

Format of the 3.Inentory file

The inventory file follows the characters in parentheses in the INI file style as the group name. The same host can be merged into several different groups at the same time. In addition, if the target host uses a non-default SSH port, it can also be marked with a colon plus port number after the host name. [webservers] www1.magedu.com: 2222www2.magedu.com [dbservers] db1.magedu.comdb2.magedu.comdb3.magedu.com if the host name follows a similar naming pattern, you can also use a list to identify each host, such as [webservers] www [01:50] .example.com [databases] db- [ARAF] .example.com # host variables can be determined in inventory Add host variables to the host to facilitate its use in playbook. For example, [webservers] www1.magedu.com http_port=80 maxRequestsPerChild=808www2.magedu.com http_port=303 maxRequestsPerChild=909 # group variables are variables that are available in playbook assigned to all hosts in the specified group. For example, a group in [webservers] www1.magedu.comwww2.magedu.com [webservers:vars] ntp_server=ntp.magedu.comnfs_server=nfs.magedu.com # group nested inventory can also contain other groups and can also specify variables to hosts in the group. However, these variables can only be used in ansible-playbook and are not supported by ansible. For example, [apache] httpd1.magedu.comhttpd2.magedu.com [nginx] ngx1.magedu.comngx2.magedu.com [webservers:children] apachenginx [webservers:vars] ntp_server=ntp.magedu.com # inventory parameter ansible can also specify the parameters commonly used for its interaction when connecting to a remote host specified in inventory based on ssh, as follows: ansible_ssh_host # The hostname ansible_ssh_port # port number to connect defaults to 22ansible_ssh_user # user name used by default for ssh connection ansible_ssh_pass # password for ssh connection ansible_sudo_pass # use sudo to connect the user's password ansible_ssh_private_key_file # key file if you don't want to use ssh-agent management, you can use this option ansible_shell_type # shell type default sh# The loop mechanism of # ansible has more advanced features. For more information, please see the official document http://docs.ansible.com/playbooks_loops.html.

4.playbooks

A playbook is a list of one or more "play". The main function of play is to disguise hosts that have been merged into a group as roles defined in advance through task in ansible. Fundamentally speaking, the so-called task is nothing more than a module that calls ansible. Organizing multiple play into one playbook allows them to work together to perform a big show according to a pre-arranged mechanism. # # the purpose of each play in playbook basic component 1, Hosts and Users playbook is to enable one or some hosts to perform tasks as a specified user. Hosts is used to specify the host to perform the specified task, which can be one or more host groups separated by colons. Remote_user is used to specify the user who performs the task on the remote host. However, remote_user can also be used in each task. You can also specify that it executes a task on a remote host through sudo, which can be used globally for play or for a task. In addition, you can even use sudo_user to specify users who switch when sudo is in sudo. -hosts: webnodes remote_user: mageedu tasks:-name: test connection ping: remote_user: mageedu sudo: yes 2, the main part of the task list and actionplay is task list. The tasks in task list are executed sequentially on all hosts specified in hosts, that is, the first task is completed on all hosts before starting the second. If an error occurs while running a bottom-down playbook, all executed tasks will be rolled back, so you can execute it again after correcting the playbook. The purpose of task is to execute the module with specified parameters while variables can be used in module parameters. Module execution is idempotent, which means that multiple executions are safe because the results are consistent. Each task should have its own name for playbook execution results output suggesting that its contents describe the task execution steps as clearly as possible. If no name is provided, the result of the action will be used for output. Those who define task can use the format "action: module options" or "module: options" to recommend the latter for backward compatibility. If the action line contains too much content, use a few white space characters at the beginning of the line to wrap the line. Tasks:- name: make sure apache is running service: name=httpd state=running among many modules only command and shell modules only need to be given a list without the need to use the "key=value" format such as tasks:- name: disable selinux command: / sbin/setenforce 0 if the exit code of a command or script is not zero, you can replace tasks:- name: run this command and ignore the result shell: / usr/bin/somecommand | | / bin/true or make Use ignore_errors to ignore the error message tasks:- name: run this command and ignore the result shell: / usr/bin/somecommand ignore_errors: True 3, Handlers is used to take certain actions when the resources of concern change. The action of "notify" can be used to trigger at the end of each play so that you can avoid performing the specified action each time when multiple changes occur, instead of performing the specified action only once all the changes have been completed. The operations listed in notify are called handler, that is, the operations defined in handler are called in notify. -name: template configuration file template: src=template.j2 dest=/etc/foo.conf notify:-restart memcached-restart apache handler is the task list. These task are not fundamentally different from the aforementioned task. Handlers:-name: restart memcached service: name=memcached state=restarted- name: restart apache service: name=apache state=restarted

5.tags

Tags is used to give users the option to run or pass through parts of the code in playbook. Ansible is idempotent, so it automatically skips parts that haven't changed. Even so, some code takes a long time to test that it really hasn't changed. At this point, if you're sure it hasn't changed, you can skip these code snippets via tags. Example to implement the deployment of web service based on playbooks 1, provide a good Inventory file # / etc/ansible/hosts based on secret key authentication [webhosts] 172.16.10.22172.10.332, Edit palybooks script # vim / root/web.yaml- name: web service remote_user: root hosts: webhosts vars: httpd tasks:-name: name= {{packages}} state=present tags: install-name: configuration httpd copy: src=/root/httpd.conf dest=/etc/httpd/conf/httpd.conf tags: conf notify:-restart httpd-name: service httpd start service: name=httpd enabled=no state=started Tags: start-name: add centos and hadoop user user: name= {{item}} state=absent tags: adduser with_items:-centos-hadoop handlers:-name: restart httpd service: name=httpd state=restarted 3, Prepare the configuration file, put the configuration of web in the specified directory src=/root/httpd.conf 4, and start deploying ansible-playbooks / root/web.yml

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.