Shulou(Shulou.com)06/01 Report--

Brother Ma produced ansible Chinese document: http://www.ansible.com.cn/index.html

Ansible introduction:

What is ansible? The official title is "Ansible is Simple IT Automation"-a simple automated IT operation and maintenance management tool. The goals of this tool are as follows: let's automate the deployment of APP; automation management configuration items; automated continuous delivery; and automated (AWS) cloud service management. Based on Python development, it can realize the batch configuration of multiple servers, the deployment of programs and the operation of instructions. The workload in the operation and maintenance project is greatly reduced.

Ansible works based on modules and does not have the ability to deploy in batches. What really has batch deployment is the module that ansible runs, and ansible only provides a framework. It mainly includes:

(1) connection plug-in connection plugins: responsible for communicating with the monitored end

(2), host inventory: specify the host for operation, which is the host for monitoring defined in the configuration file.

(3) various modules core module, command module, custom module

(4) with the help of plug-ins, log mail and other functions are completed.

(5), playbook: when the script performs multiple tasks, it is not necessary to let the node run multiple tasks at one time.

Ansible features:

1. Simple, ansible's natural automation language allows operators, developers, and IT managers to complete automation projects in a very short time.

two。 No agent, SSH is used by default and no client is required. Avoid additional port opening, improve security, avoid unnecessary management, and reduce the use of CPU

3. Do a lot of work, ansible can automate software deployment, configuration management, process management, and cloud provisioning.

Ansible installation:

Since ansible is developed in python and relies on many python modules in the installation process, it is recommended that yum install ansible. You want a newer version of downloadable source code compilation and installation.

Yum install ansible-y

Yum installs the default configuration file path for ansible, and ansible.cfg is the main configuration file for ansible

Ansible] # ls / etc/ansible/

Ansible.cfg hosts roles

Hosts is the default hostfile path. You can configure the DNS domain name, ip.

Connect the remote client through ssh key, eliminating the password link

Ssh-keygen-t rsa-P''

Ssh-copy-id-I / root/.ssh/id_rsa.pub root@192.168.137.130

Note that there is a hole in this place, because the temporary module needs to be copied to the client when ansible is executed, and the default copy method is copied through sftp, if your client does not have sftp installed, then executing ansible will make an error.

If you don't have sftp installed, you can use scp. The following line was originally annotated. Remove the comment and OK it.

Ansible] # grep "scp_if_ssh" / etc/ansible/ansible.cfg

Scp_if_ssh = True

There is also a pit, even if installed sftp may not work, your ssh must enable it before OK.

Ansible] # grep "Subsystem" / etc/ssh/sshd_config

Subsystem sftp / usr/lib/openssh/sftp-server

The basic workflow of ansible:

1.ansible connects to the client through OPENSSH or python's pramamiko

two。 Push the ansible module to the client.

Ansible] # grep "remote_tmp" / etc/ansible/ansible.cfg

Remote_tmp = $HOME/.ansible/tmp

Ansible] # ansible one-a "ls ~ / .ansible"

Salt-master | success | rc=0 > >

Tmp

3. Execute ansible module on the client through ssh

4. Execution completed

5. Delete the ansible module that has just been pushed

Ansible basic command line module:

Ansible-doc-s module name # # View module usage help

Ansible-doc-l # # to see which modules are available

1. Temporary small things or one-time behavior can be used on the command line, large or frequently reused active play-book

two。 Command line three Musketeers: command (default), shell (supports pipes, variables,), raw (used when clients cannot install python)

3. It is officially recommended to use command,shell and raw only when needed.

Command: command module, default module, for remote command execution

-a 'COMMAND'

Ansible] # grep-n "module_name" ansible.cfg

97:#module_name = command

Ansible all-a 'date'

User:

-a 'name= state= {present | absent} system= uid='

# ansible one-m user-a 'name=mysql uid=306 system=yes group=mysql'

# ansible one-m user-a 'name=mysql shell=/sbin/nologin createhome=no'

Group:

-a 'name= gid= state= system='

# ansible one-m group-a 'name=mysql gid=306 system=yes'

Cron: modifying scheduled tasks

-a 'name= "" minute= hour= day= month= weekday= job= user= state=' "

State statu

Present: increase

Absent: delete and configure name to remove

# ansible one-m cron-a 'minute= "* / 10" job= "/ bin/echo hello" name= "test cron job"'

Copy: copying files to a remote host

-a 'dest= src= mode= owner= group='

Src=: defines the local source file path

Dest=: defines the remote destination file path

Instead of src=, content=: means to generate the contents of the target file directly with the information specified here.

# ansible all-m copy-a 'src=/etc/fstab dest=/tmp/fstab.ansible owner=/root mode=640'

# ansible all-m copy-a 'content= "Hello Ansible\ nHi MageEdu" dest=/tmp/test.ansible'

File: setting file attribut

-a 'path= mode= owner= group= state= {directory | link | present | absent} src='

Path=: specifies the file path, which can be replaced by name or dest

Create a symbolic link to a file

Src=: specifies the source file

Path=: indicates the path to the symbolic link file

# ansible all-m file-a 'path=/tmp/fstab.link src=/tmp/fstab.ansible state=link'

# ansible all-m file-a "path=/tmp/resolv.conf state=absent"

# ansible salt-master-m file-a 'dest=/tmp/ansible.log owner=lixc group=lixc mode=644

State=touch' # touch: remote host creation file

Force: you need to force the creation of soft links in two situations

One is when the source file does not exist but will be established later

The other is that the target soft link already exists. You need to cancel the previous soft link, and then create a new one. There are two options: yes | no

Group: define the subordinate group of the file / directory

Mode: define permissions for files / directories

Owner: define the owner of the file / directory

Path: required, define the path to the file / directory

Recurse: recursively sets the properties of a file, valid only for directories

Src: the path to the linked source file, applicable only in the case of state=link

Dest: the path to be linked to, only in the case of state=link

State:

Directory: create a recursive file, or if a directory does not exist, create a directory

File: even if the file does not exist, it will not be created

Link: creating soft links

Hard: creating hard links

Touch: if the file does not exist, create a new file, and if the file or directory already exists, update its last modification time

Absent: delete directories, files, or unlink files

Ping: test whether the specified host can connect

Yum: installation package

-a 'name= state= {present | latest | absent}'

Name: indicates the package to be installed, with the version number allowed

State=:present,latest means install, absent means uninstall

# ansible one-m yum-a 'name=mysql-server state=latest | installed'

There is also a function performed in the background.

-B 30 sets the background execution time to 30 seconds

-P2 does not report status every two seconds, which can be used when your task is going to be executed for a long time.

# ansible one-m yum-a 'name=apache2 state=installed'-B 30-P2 > > / dev/null

Service: specify the running statu

-a 'name= state= {started | stopped | restarted} enabled='

Name=: service name

State=: status. Value is started,stopped,restarted.

Whether enabled=: starts automatically. Value: true or false.

Shell: # # supports pipes, variables, but not command modules

Example: echo "centos" | passwd-- stdin centos

# ansible storm_cluster-m shell-a "/ tmp/rocketzhang_test.sh"

Script: # # copy the local script to the remote host and run it; specify the script using a relative path

-a'/ path/to/script'

Setup: # # collect the facts of the remote host

Before receiving and running management commands, each managed node will report its own host related information, such as operating system version, ip address, etc., to the remote ansible host.

The default path of Inventory is / etc/ansible/hosts, which is divided into static and dynamic types.

Static: you need to manually write in the host you want to manage.

Dynamic: there is a resource management system in advance, which contains all the host information. Use scripts to pull the information from the resource management system and present it in json format.

Configure static Inventory:

Ansible] # cat-n / etc/ansible/hosts

1 [alltest:children]

2 salt

3 leihuo

four

5 [salt]

6 salt-master ansible_ssh_user=lixc ansible_ssh_pass=123456

7 10.240.162.112 ansible_connection=paramiko

eight

9 [leihuo]

10 lixc ansible_ssh_host=192.168.131.203 ansible_ssh_port=21100

11 10.240.162.11 [1:9]: 22

In line 1, the group alltest contains two subgroups: salt and leihuo, respectively

Line 6 sets the default connection user and password for the host.

Line 7 can set the connection method of ssh. The default is openssh. I use paramiko here, not openssh recommended on the official website, because openssh is time-consuming and inefficient when querying key.

Line 10, you can give the host any individual name. The "lixc" here is an alias. If the default port of ssh is not 22, you can

Specify a specific port

Specifying the ssh port can also be specified as in line 11.

However, the above two methods of specifying ssh ports are only for a small number of our hosts to be special ports. If all our hosts are designated ports, there is an option in the configuration file to change the port we need to OK, which is valid globally after modification.

Ansible] # grep "remote_port" / etc/ansible/ansible.cfg

Remote_port = 22

Lines 7 and 11 are the same hosts, indicating that the same host can be in different groups. In reality, it is a reason that I can install either mysql or apache on a server.

Variables:

The variables of ansible are mainly used by playbook, which is divided into host variables and group variables.

Ansible] # cat-n / etc/ansible/hosts

1 [alltest:children]

2 salt

3 leihuo

four

5 [salt]

6 salt-master salt-port=4505 mysql-port=3306

7 10.240.162.112 salt-path=/usr/bin/salt-call

eight

9 [leihuo]

10 lixc ansible_ssh_host=192.168.131.203 ansible_ssh_port=21100

11 10.240.162.11 [1:9]: 22

12 [alltest:vars]

13 ls-path=/bin/ls

14 liss=lisisi

6. 7 lines set the host variable

Lines 12-14, set to the variable of the group alltest. The group variable is that all members of my group can use the

Of course, we can not define variables in / etc/ansible/hosts, or we can write variables in a separate file, but the form of variable definition is not who = whom. Instead, it follows the form of key: value that follows the yaml syntax.

Write the variable into the file:

Ansible] # for dir in {host_vars,group_vars}; do ls / etc/ansible/$ {dir}; done

10.240.162.112 salt-master

Alltest

File definition format:

Ansible] # cat / etc/ansible/host_vars/salt-master

-

Salt-port: 4505

Mysql-port: 3306

The ansible target host matches patterns:

Match all hosts

* or all

Match multiple groups

Salt:leihuo

Hosts in the salt group but not in the leihuo group

Salt:!leihuo

Take the intersection of two groups

Salt:&leihuo

Exclude a host

Ansible-playbook site.yaml-limit salt-msater

Of course, it can also be defined as regular in / etc/ansible/hosts. Such as

~ salt (master | minion)\ .li *\ .com

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.