Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Detailed explanation of the necessary tools for ansible automatic operation and maintenance

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/03 Report--

Chapter 2 A brief introduction to ansible: what is 2.1ansible?

Ansible is a new automatic operation and maintenance tool based on Python. It combines the advantages of many established operation and maintenance tools to realize the functions of batch operating system configuration, batch program deployment, batch running commands and so on. Only need to install the ansible program on the management workstation to configure the IP information of the controlled host, and the controlled host has no client. Ansible applications exist in epel (third-party community) sources and depend on many python components

Python language is a must language for operation and maintenance staff!

Ansible is an automated operation and maintenance tool developed based on Python.

The function of ansible realizes the remote connection service based on SSH

Ansible can realize the functions of batch system configuration, batch software deployment, batch file copy, batch run command and so on.

2.2 ansible features:

Modular design, which calls specific modules to accomplish specific tasks, is itself a core component, short and pithy:

Based on Python language, implemented by

The implementation of three key modules: Paramiko (a concurrently connectable ssh host function library of python), PyYAML and Jinja2 (templating)

1) there is no need to install the client separately. Based on the sshd service that comes with the system, sshd is equivalent to the client of ansible

2) No server is required

3) need to rely on a large number of modules to achieve batch management

4) configuration file / etc/ansible/ansible.cfg

Configuration file

Main configuration file / etc/ansible/ansible.cfg for ansible application

Host Inventory defines the control host: / etc/ansible/hosts

Follow the INI style; the characters in square brackets are group names; a host can belong to multiple groups at the same time

[webserver]

172.16.1.7

172.16.1.8

[server]

172.16.1.7

3. A collection of hosts belonging tothe'webservers' group; A batch of hosts belong to a group, such as a group defined as' webservers'

[webservers]

172.16.1.31

175.16.1.31

# [webservers] the group name below is that the managed CVM can manage the CVM of a group in batch, only if the sshkey key is authenticated.

Note: root users are used by default, but the password is entered multiple times for connection operations based on ssh. For convenience, authentication based on ssh keys can be used.

Chapter 3 install ansible3.1 mo1 Manager install ansible

# epel.repo source needs to be installed before installing ansible

Wget-O / etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo

# install the ansible tool

Yum-y install ansible

3.2 all managed clients need to be installed:

# managed machines must be installed

Yum-y install libselinux-python

# check after installation

[root@nfs01 ~] # rpm-qa | grep libselinux-python

Libselinux-python-2.0.94-7.el6.x86_64

Chapter 4 ansible Command help

Ansible-doc command: get the list of modules and the format in which they are used

Ansible-doc-l: get a list to view all modules

Ansible-doc-s module_name: gets the usage information of the specified module

Ansible-doc-s service to view specified module usage

Common parameters of ansible command

-C-- check don't make any changes; instead, tryto predict some

Connection Options: # check without making any changes; instead, try to predict some

-v display output information-vvvv can be up to 4v

# detailed explanation of ansible command help parameters

[root@m01 /] # ansible-- help

Usage: ansible [options]

Options:

-a MODULE_ARGS,-- args=MODULE_ARGS

Module arguments

-- ask-vault-pass ask forvault password

-BSECONDS-- background=SECONDS

Run asynchronously,failing after X seconds

(default=N/A)

-C-- check don't make any changes; instead, tryto predict some

Of the changes that mayoccur

-Dame Murmurdiff when changing (small) files and templates, show the

Differences in thosefiles; works great with-check

-eEXTRA_VARS-- extra-vars=EXTRA_VARS

Set additional variablesas key=value or YAML/JSON

-fFORKS-- forks=FORKS

Specify number ofparallel processes to use

(default=5)

-hmam Mustang help show this help messageand exit

-iINVENTORY-- inventory-file=INVENTORY

Specify inventory hostpath

(default=/etc/ansible/hosts) or comma separated host

List.

-lSUBSET-- limit=SUBSET

Further limit selectedhosts to an additional pattern

-- list-hosts outputs alist of matching hosts; does not execute

Anything else

-m MODULE_NAME,--module-name=MODULE_NAME

Module name to execute (default=command)

-M MODULE_PATH,--module-path=MODULE_PATH

Specify path (s) tomodule library (default=None)

-- new-vault-password-file=NEW_VAULT_PASSWORD_FILE

New vault password filefor rekey

-Omega Mustang, condense output.

-- output=OUTPUT_FILE output filename for encrypt or decrypt; use-for

Stdout

-PPOLL_INTERVAL-- poll=POLL_INTERVAL

Set the poll intervalif using-B (default=15)

-- syntax-check perform asyntax check on the playbook, but do not

Execute it

-tTREE-- tree=TREE log output to thisdirectory

-- vault-password-file=VAULT_PASSWORD_FILE

Vault password file

-vmam Murtel verbose verbose mode (- vvv formore,-vvvv to enable)

Connection debugging)

-- version showprogram's version number and exit

Connection Options:

Control as whom and how to connect to hosts

-kmam, Mustang, Musk, pass ask for connectionpassword

-private-key=PRIVATE_KEY_FILE,-key-file=PRIVATE_KEY_FILE

Use this file toauthenticate the connection

-uREMOTE_USER-- user=REMOTE_USER

Connect as this user (default=None)

-cCONNECTION-- connection=CONNECTION

Connection type to use (default=smart)

-TTIMEOUT-- timeout=TIMEOUT

Override the connectiontimeout in seconds

(default=10)

-- ssh-common-args=SSH_COMMON_ARGS

Specify common arguments topass to sftp/scp/ssh (e.g.

ProxyCommand)

-- sftp-extra-args=SFTP_EXTRA_ARGS

Specify extra argumentsto pass to sftp only (e.g.-f)

-l)

-- scp-extra-args=SCP_EXTRA_ARGS

Specify extra argumentsto pass to scp only (e.g.-l)

-- ssh-extra-args=SSH_EXTRA_ARGS

Specify extra argumentsto pass to ssh only (e.g.-R)

Privilege Escalation Options:

Controlhow and which user you become as on target hosts

-smam Murdo run operations with sudo (nopasswd) (deprecated, use)

Become)

-USUDO_USER-- sudo-user=SUDO_USER

Desired sudo user (default=root) (deprecated, use)

Become)

-Smam Mursu run operations with su (deprecated, use become)

-RSU_USER-- su-user=SU_USER

Run operations with suas this user (default=root)

(deprecated, usebecome)

-bjime Mustang murbecome run operations withbecome (does not imply password)

Prompting)

-- become-method=BECOME_METHOD

Privilege escalationmethod to use (default=sudo)

Valid choices: [sudo | su | pbrun | pfexec | doas |

Dzdo | ksu | runas]

-- become-user=BECOME_USER

Run operations as thisuser (default=root)

-- ask-sudo-pass ask for sudopassword (deprecated, use become)

-- ask-su-pass ask for supassword (deprecated, use become)

-Kremlin, Mutual, MusaskbecomePass,

Ask for privilegeescalation password

4.1 ansible syntax format

.ansible command format

Ansible [- m module_name] [- an args]

Command host mode specifies module default (command) d

Indicates that the control host, expressed in mode or directly given IP, must be defined in advance in the file; all sets all; host group

[- m module_name]

Using that kind of module management operation, all operations need to be specified through the module

The module is not specified to be command by default

[- an args]

Indicates the module-specific parameters; args is generally in key=value format

Note: the parameters of command module are not in kv format, but can be directly given the command to be executed; for example:-a "hostname"

Note: read / etc/ansible/hosts by default, and you can also specify the custom file path.

-iPATH,-- inventory=PATH: indicates the path of the host inventory file used

4.2 ☆ common modules (module_name): 4.3 functional summary of important modules

Functional summary of important modules of ansible

Command (important module) executes command module, ansible command executes default module

Shell (important module) executes shell script module

Script (important module) sends the script to the client and then executes it; executes script commands on the remote server

Copy (important module) sends local files to the remote end

Cron (important module) module for writing scheduled tasks

4.3.1 command (Command Module)

The default module can be omitted. Perform operation commands on the remote host. -a "hostname"

Note: the parameters of the comand module are not in key=value format, and the commands to be executed are given directly.

4.3.2 cron (scheduled task module)

-a "name= state= minute= hour= day= month= weekday= job="

4.3.3 Common parameters of cron explain in detail 4.3.4 timing actual combat operation

# add a scheduled task description to host 172.16.1.41 through ansible to update the system time every other hour and five minutes for By Kaile uptime

# first of all, you can manage the machine for testing

Ansible 172.16.1.41-C-m cron-a "name='ByKaile uptime' minute=5 job='/usr/sbin/ntpdate

Time.nist.gov > / dev/null 2 > & 1' "

# create scheduled tasks for 172.16.1.4 hosts

[root@m01 /] # ansible 172.16.1.41-m cron-a "name='By Kaile uptime' minute=5 job='/usr/sbin/ntpdate time.nist.gov > / dev/null 2 > & 1'"

172.16.1.41 | SUCCESS = > {

"changed": true

"envs": []

"jobs": [

"By Kaile uptime"

]

}

# check scheduled tasks

[root@m01 /] # ansible 172.16.1.41-a "crontab-l"

172.16.1.41 | SUCCESS | rc=0 > >

# Ansible: By Kaile uptime

05 * / usr/sbin/ntpdate time.nist.gov > / dev/null 2 > & 1

4.3.5 Delete the specified scheduled task

4.3.6 scheduled task comments

Root@m01 /] # ansible 172.16.1.31-m cron-a "name='timecrontab' disabled='yes'job='/usr/sbin/ntpdate time.nist.gov > / dev/null 2 > & 1'"

172.16.1.31 | SUCCESS = > {

"changed": true

"envs": []

"jobs": [

"time crontab"

]

}

[root@m01 /] # ansible 172.16.1.31-a "crontab-l"

172.16.1.31 | SUCCESS | rc=0 > >

# crond-id-001:time sync By Kaile

* / 5 * / usr/sbin/ntpdate time.nist.gov > / dev/null 2 > & 1

#-002:time backup

00 * / bin/sh / server/scripts/nfs_back.sh > / dev/null 2 > & 1

# Ansible: time crontab

# * / usr/sbin/ntpdate time.nist.gov > / dev/null 2 > & 1

Scheduled tasks turn on comment information

[root@m01 /] # ansible 172.16.1.31-m cron-a "name='timecrontab' disabled='no'job='/usr/sbin/ntpdate time.nist.gov > / dev/null 2 > & 1'"

172.16.1.31 | SUCCESS = > {

"changed": true

"envs": []

"jobs": [

"time crontab"

]

}

[root@m01 /] # ansible 172.16.1.31-a "crontab-l"

172.16.1.31 | SUCCESS | rc=0 > >

# crond-id-001:time sync By Kaile

* / 5 * / usr/sbin/ntpdate time.nist.gov > / dev/null 2 > & 1

#-002:time backup

00 * / bin/sh / server/scripts/nfs_back.sh > / dev/null 2 > & 1

# Ansible: time crontab

* / usr/sbin/ntpdate time.nist.gov > / dev/null 2 > & 1

4.4 the environment prepares the IP list

Server description

Public network IP

Private network IP

Hostnam

Nginx web

10.0.0.8/24

172.16.1.7/24

Web02

NFS storage server

10.0.0.31/24

172.16.1.31/24

Nfs01

Rsync backup server

10.0.0.41/24

172.16.1.41/24

Backup

Manage server

10.0.0.61/24

172.16.1.61/24

M01

Chapter 5 ansible basic configuration 5.1 ansibile Command Syntax format 5.2 Common Parameter Module 5.3 ansible configuration file:

[root@m01 ~] # tree / etc/ansible/

/ etc/ansible/

├── ansible.cfg # ansible profile

├── hosts # list of hosts managed by ansible (grouped)

└── roles

1 directory, 2 files

Edit ansible's host configuration file hosts and add host group zhaokai

[root@m01] # cp / etc/ansible/hosts {, .bak} # pre-backup is a good habit

[root@m01] # tail-6 / etc/ansible/hosts

[guanli]

172.16.1.31

172.16.1.41

172.16.1.61

172.16.1.7

5.5 for testing

If the ssh key connection is set, the hosts file will be configured here. But we haven't set it up yet, so we still need to continue processing ansible's host mapping file / etc/ansible/hosts.

[root@m01] # tail-6 / etc/ansible/hosts

[zhaokai]

172.16.1.31 ansible_ssh_user=root ansible_ssh_pass= login password

172.16.1.41 ansible_ssh_user=root ansible_ssh_pass= login password

172.16.1.61 ansible_ssh_user=root ansible_ssh_pass= login password

172.16.1.7 ansible_ssh_user=root ansible_ssh_pass= login password

172.16.1.8 ansible_ssh_user=root ansible_ssh_pass= login password

Command description:

User name of the ansible_ssh_user:ssh connection

Password for ansible_ssh_pass:ssh connection

Note:

If the key authentication is not done and hosts is not configured as above, the remote connection of ansible will fail.

5.6 remote batch execution of commands using ansible

Syntax:

Ansible zhaokai-m command-a 'uptime'

Ansible host group-m ansible built-in function module name-a command

Ansible command test

Example 1: get w information of 172.16.1.8 host

[root@m01] # ansible 172.16.1.8-m command-a "w"

172.16.1.8 | SUCCESS | rc=0 > >

13:44:07 up 5:32, 3 users, load average:0.00, 0.01, 0.05

USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT

Root tty1-Sat09 14:16 0.07s 0.07s-bash

Root pts/0 172.16.1.1 Mon23 1315 29m 0.08s 0.00s-bash

Root pts/1 M01 13:44 0.00s 0.14s 0.00s / bin/sh-c / usr

[root@m01 ~] #

5.7 get the corresponding "w" information of the whole zhaokai host group

[root@m01] # ansible zhaokai-m command-a "w"

172.16.1.8 | SUCCESS | rc=0 > >

13:45:12 up 5:33, 3 users, load average:0.00, 0.01, 0.05

USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT

Root tty1-Sat09 15:21 0.07s 0.07s-bash

Root pts/0 172.16.1.1 Mon23 1315 30m 0.08s 0.00s-bash

Root pts/1 M01 13:45 0.00s 0.12s 0.00s / bin/sh-c / usr

172.16.1.61 | SUCCESS | rc=0 > >

21:05:58 up 6:34, 3 users, load average:0.00, 0.01, 0.05

USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT

Root tty1-14:41 4VR 22m 0.07s 0.07s-bash

Root pts/0 172.16.1.1 16:44 2.00s 1.11s 0.67s / usr/bin/python

Root pts/8 M01 21:05 1.00s 0.10s 0.00s / bin/sh-c / usr

172.16.1.7 | SUCCESS | rc=0 > >

12:05:07 up 1:05, 2 users, load average:0.00, 0.01, 0.05

USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT

Root tty1-11:00 26:21 0.09s 0.09s-bash

Root pts/0 M01 12:05 0.00s 0.30s 0.00s / bin/sh-c / usr

172.16.1.41 | SUCCESS | rc=0 > >

22:36:51 up 18:39, 2 users, load average:0.00, 0.01, 0.05

USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT

Root tty1-03:58 58:54 0.11s 0.11s-bash

Root pts/0 M01 22:36 0.00s 0.32s 0.00s / bin/sh-c / usr

172.16.1.31 | SUCCESS | rc=0 > >

13:45:13 up 6:49, 2 users, load average:0.00, 0.01, 0.05

USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT

Root tty1-Mon20 13:42 0.15s 0.15s-bash

Root pts/0 M01 13:45 0.00s 0.30s 0.00s / bin/sh-c / usr

[root@m01 ~] #

5.8 call the copy module built into ansible

[root@m01 ~] # ansible 172.16.1.8-m copy-a "src=/etc/hosts dest=/tmp" # enter command

172.16.1.8 | SUCCESS = > {

"changed": true

"checksum": "dba0126bf49ea8d4cdc476828f9edb37085c6afe"

"dest": "/ tmp/hosts"

"gid": 0

"group": "root", # subordinate groups after the files have been copied

"md5sum": "09bad48d0c62411850fd04b68f836335"

"mode": "0644", # permissions after the file has been copied

"owner": "root", # owner after the file has been copied

"secontext": "unconfined_u:object_r:admin_home_t:s0"

"size":

"src": "/ root/.ansible/tmp/ansible-tmp-1489411262.1-267125154401179/source"

"state": "file"

"uid": 0

}

[root@m01] # ansible 172.16.1.8-m command-a "ls/tmp" # check what's in the host directory

172.16.1.8 | SUCCESS | rc=0 > >

Ansible_0qlGau

Hosts # here it is, copied successfully

Pulse-d3qHAaSjkIhZ

Pulse-PbcqlrG9QxEK

Virtual-root.yrc60j

Yum.log

[root@m01 ~] # ssh root@172.16.1.8 "ls / tmp" # look again with ssh

`root@172.16.1.8's password: `

Hosts # here it is successfully copied

Pulse-d3qHAaSjkIhZ

Pulse-PbcqlrG9QxEK

Virtual-root.yrc60j

Yum.log

[root@m01 ~] #

Command description:

-m: call ansible built-in module copy copy module

-a: take orders. The format of the command has changed due to the call to the copy module. Src= local file path path where dest= destination is located

Example 4: call the copy module to change the properties of the saved file

[root@m01 ~] # ansible 172.16.1.8-m copy-a "src=/etc/hosts dest=/tmp owner=zhaokai group=zhaokai mode=600"

172.16.1.8 | SUCCESS = > {

"changed": true

"checksum": "dba0126bf49ea8d4cdc476828f9edb37085c6afe"

"dest": "/ tmp/hosts"

Gid: 502

"group": "zhaokai"

"mode": "0600"

"owner": "zhaokai"

"path": "/ tmp/hosts"

"secontext": "unconfined_u:object_r:admin_home_t:s0"

"size":

"state": "file"

Uid: 502

}

[root@m01 ~] # ssh root@172.16.1.8 "ls-l/tmp/hosts"

`root@172.16.1.8's password: `

-rw-. 1 zhaokai zhaokai 294 March 1414purl 00 / tmp/hosts

Command description: for the use of ansible built-in module, you can refer to the return information after the execution of the command. It's very clear.

Note:

The copy module, if there is no directory under the path of the replicated host, will be created recursively

Special hint:

Some modules of ansible do not support

1) Pipeline character "|"

2) redirect ">

< >

> / dev/null 2 > & 1 "

6.9 screenwriting content extension: script task writing multiple hosts

-hosts: 172.16.1.7

Tasks:

-name: restart-network

Cron: name='restart network' minute=00 hour=00 job='/usr/sbin/ntpdate

Time.nist.gov > / dev/null 2 > & 1'

-name: sync time

Cron: name='sync time' minute=*/5 job= "/ usr/sbin/ntpdatepool.ntp.com

> / dev/null 2 > & 1 "

-hosts: 172.16.1.31

Tasks:

-name: show ip addr to file

Shell: echo $(hostname-I) > > / tmp/ip.txt

Chapter 7 commonly used modules

Ansible oldboy-m authorized_key-a "contents of the key=' public key file, contents of the lock 'user=root"-k

# actual combat operation

[root@m01 .ssh] # ansible 172.16.1.41-mauthorized_key-a "key='ssh-dss AAAAB3NzaC1kc3MAAACBAOkVRb7MpNPcYR6HbR5Q6iT2028sSgNlaKX8yXEHDp/YGuobBzYvHKvLMhokak4Eo2DE/g9n29z+J4krWGpWZz9680YaT8T8Z0qmMXorK44FuAQqcifoyvMlW97DPvF+H8ilYNHnSE1D2EY4TXU1ruNPGAeaqLaUr6xcP7enc+hVAAAAFQCv0mTqYI6uraAAwV+YqV0fwynuSwAAAIEA54se+MAC8WxsugYsVEkvCnSWhAhB/KLsBCk5k7Y8pTdirnJ/ZviXM2/GTsPYdMHw9cZFyT4L3lsflorcj9gjsavWiyK9/GDerBe1vXg6JyRXstgWax2hIpH702dzSuENXSlbTua1tGNdBGt2A+mKQouBKqGMgyz3SWoF3CEb0gkAAACBAIUnpl1V9+w4tgccRoVUcnRx7H3hkaVSGzFXz1KxNGyASWVtgBdDn9+VT4T+U9JE9hlwKx4s9ySRyYvivZnT/6kZODleFVvVckr8jEdV/ILlesu+wQ31kLETiaOli5EGCyJmTNNK6x2Uz1Dq3rK4Rlb+tBSH3rMLzFp4aYBP+i+9root@m01' user=root"-k

SSH password:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report