In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/03 Report--
Chapter 2 A brief introduction to ansible: what is 2.1ansible?
Ansible is a new automatic operation and maintenance tool based on Python. It combines the advantages of many established operation and maintenance tools to realize the functions of batch operating system configuration, batch program deployment, batch running commands and so on. Only need to install the ansible program on the management workstation to configure the IP information of the controlled host, and the controlled host has no client. Ansible applications exist in epel (third-party community) sources and depend on many python components
Python language is a must language for operation and maintenance staff!
Ansible is an automated operation and maintenance tool developed based on Python.
The function of ansible realizes the remote connection service based on SSH
Ansible can realize the functions of batch system configuration, batch software deployment, batch file copy, batch run command and so on.
2.2 ansible features:
Modular design, which calls specific modules to accomplish specific tasks, is itself a core component, short and pithy:
Based on Python language, implemented by
The implementation of three key modules: Paramiko (a concurrently connectable ssh host function library of python), PyYAML and Jinja2 (templating)
1) there is no need to install the client separately. Based on the sshd service that comes with the system, sshd is equivalent to the client of ansible
2) No server is required
3) need to rely on a large number of modules to achieve batch management
4) configuration file / etc/ansible/ansible.cfg
Configuration file
Main configuration file / etc/ansible/ansible.cfg for ansible application
Host Inventory defines the control host: / etc/ansible/hosts
Follow the INI style; the characters in square brackets are group names; a host can belong to multiple groups at the same time
[webserver]
172.16.1.7
172.16.1.8
[server]
172.16.1.7
3. A collection of hosts belonging tothe'webservers' group; A batch of hosts belong to a group, such as a group defined as' webservers'
[webservers]
172.16.1.31
175.16.1.31
# [webservers] the group name below is that the managed CVM can manage the CVM of a group in batch, only if the sshkey key is authenticated.
Note: root users are used by default, but the password is entered multiple times for connection operations based on ssh. For convenience, authentication based on ssh keys can be used.
Chapter 3 install ansible3.1 mo1 Manager install ansible
# epel.repo source needs to be installed before installing ansible
Wget-O / etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
# install the ansible tool
Yum-y install ansible
3.2 all managed clients need to be installed:
# managed machines must be installed
Yum-y install libselinux-python
# check after installation
[root@nfs01 ~] # rpm-qa | grep libselinux-python
Libselinux-python-2.0.94-7.el6.x86_64
Chapter 4 ansible Command help
Ansible-doc command: get the list of modules and the format in which they are used
Ansible-doc-l: get a list to view all modules
Ansible-doc-s module_name: gets the usage information of the specified module
Ansible-doc-s service to view specified module usage
Common parameters of ansible command
-C-- check don't make any changes; instead, tryto predict some
Connection Options: # check without making any changes; instead, try to predict some
-v display output information-vvvv can be up to 4v
# detailed explanation of ansible command help parameters
[root@m01 /] # ansible-- help
Usage: ansible [options]
Options:
-a MODULE_ARGS,-- args=MODULE_ARGS
Module arguments
-- ask-vault-pass ask forvault password
-BSECONDS-- background=SECONDS
Run asynchronously,failing after X seconds
(default=N/A)
-C-- check don't make any changes; instead, tryto predict some
Of the changes that mayoccur
-Dame Murmurdiff when changing (small) files and templates, show the
Differences in thosefiles; works great with-check
-eEXTRA_VARS-- extra-vars=EXTRA_VARS
Set additional variablesas key=value or YAML/JSON
-fFORKS-- forks=FORKS
Specify number ofparallel processes to use
(default=5)
-hmam Mustang help show this help messageand exit
-iINVENTORY-- inventory-file=INVENTORY
Specify inventory hostpath
(default=/etc/ansible/hosts) or comma separated host
List.
-lSUBSET-- limit=SUBSET
Further limit selectedhosts to an additional pattern
-- list-hosts outputs alist of matching hosts; does not execute
Anything else
-m MODULE_NAME,--module-name=MODULE_NAME
Module name to execute (default=command)
-M MODULE_PATH,--module-path=MODULE_PATH
Specify path (s) tomodule library (default=None)
-- new-vault-password-file=NEW_VAULT_PASSWORD_FILE
New vault password filefor rekey
-Omega Mustang, condense output.
-- output=OUTPUT_FILE output filename for encrypt or decrypt; use-for
Stdout
-PPOLL_INTERVAL-- poll=POLL_INTERVAL
Set the poll intervalif using-B (default=15)
-- syntax-check perform asyntax check on the playbook, but do not
Execute it
-tTREE-- tree=TREE log output to thisdirectory
-- vault-password-file=VAULT_PASSWORD_FILE
Vault password file
-vmam Murtel verbose verbose mode (- vvv formore,-vvvv to enable)
Connection debugging)
-- version showprogram's version number and exit
Connection Options:
Control as whom and how to connect to hosts
-kmam, Mustang, Musk, pass ask for connectionpassword
-private-key=PRIVATE_KEY_FILE,-key-file=PRIVATE_KEY_FILE
Use this file toauthenticate the connection
-uREMOTE_USER-- user=REMOTE_USER
Connect as this user (default=None)
-cCONNECTION-- connection=CONNECTION
Connection type to use (default=smart)
-TTIMEOUT-- timeout=TIMEOUT
Override the connectiontimeout in seconds
(default=10)
-- ssh-common-args=SSH_COMMON_ARGS
Specify common arguments topass to sftp/scp/ssh (e.g.
ProxyCommand)
-- sftp-extra-args=SFTP_EXTRA_ARGS
Specify extra argumentsto pass to sftp only (e.g.-f)
-l)
-- scp-extra-args=SCP_EXTRA_ARGS
Specify extra argumentsto pass to scp only (e.g.-l)
-- ssh-extra-args=SSH_EXTRA_ARGS
Specify extra argumentsto pass to ssh only (e.g.-R)
Privilege Escalation Options:
Controlhow and which user you become as on target hosts
-smam Murdo run operations with sudo (nopasswd) (deprecated, use)
Become)
-USUDO_USER-- sudo-user=SUDO_USER
Desired sudo user (default=root) (deprecated, use)
Become)
-Smam Mursu run operations with su (deprecated, use become)
-RSU_USER-- su-user=SU_USER
Run operations with suas this user (default=root)
(deprecated, usebecome)
-bjime Mustang murbecome run operations withbecome (does not imply password)
Prompting)
-- become-method=BECOME_METHOD
Privilege escalationmethod to use (default=sudo)
Valid choices: [sudo | su | pbrun | pfexec | doas |
Dzdo | ksu | runas]
-- become-user=BECOME_USER
Run operations as thisuser (default=root)
-- ask-sudo-pass ask for sudopassword (deprecated, use become)
-- ask-su-pass ask for supassword (deprecated, use become)
-Kremlin, Mutual, MusaskbecomePass,
Ask for privilegeescalation password
4.1 ansible syntax format
.ansible command format
Ansible [- m module_name] [- an args]
Command host mode specifies module default (command) d
Indicates that the control host, expressed in mode or directly given IP, must be defined in advance in the file; all sets all; host group
[- m module_name]
Using that kind of module management operation, all operations need to be specified through the module
The module is not specified to be command by default
[- an args]
Indicates the module-specific parameters; args is generally in key=value format
Note: the parameters of command module are not in kv format, but can be directly given the command to be executed; for example:-a "hostname"
Note: read / etc/ansible/hosts by default, and you can also specify the custom file path.
-iPATH,-- inventory=PATH: indicates the path of the host inventory file used
4.2 ☆ common modules (module_name): 4.3 functional summary of important modules
Functional summary of important modules of ansible
Command (important module) executes command module, ansible command executes default module
Shell (important module) executes shell script module
Script (important module) sends the script to the client and then executes it; executes script commands on the remote server
Copy (important module) sends local files to the remote end
Cron (important module) module for writing scheduled tasks
4.3.1 command (Command Module)
The default module can be omitted. Perform operation commands on the remote host. -a "hostname"
Note: the parameters of the comand module are not in key=value format, and the commands to be executed are given directly.
4.3.2 cron (scheduled task module)
-a "name= state= minute= hour= day= month= weekday= job="
4.3.3 Common parameters of cron explain in detail 4.3.4 timing actual combat operation
# add a scheduled task description to host 172.16.1.41 through ansible to update the system time every other hour and five minutes for By Kaile uptime
# first of all, you can manage the machine for testing
Ansible 172.16.1.41-C-m cron-a "name='ByKaile uptime' minute=5 job='/usr/sbin/ntpdate
Time.nist.gov > / dev/null 2 > & 1' "
# create scheduled tasks for 172.16.1.4 hosts
[root@m01 /] # ansible 172.16.1.41-m cron-a "name='By Kaile uptime' minute=5 job='/usr/sbin/ntpdate time.nist.gov > / dev/null 2 > & 1'"
172.16.1.41 | SUCCESS = > {
"changed": true
"envs": []
"jobs": [
"By Kaile uptime"
]
}
# check scheduled tasks
[root@m01 /] # ansible 172.16.1.41-a "crontab-l"
172.16.1.41 | SUCCESS | rc=0 > >
# Ansible: By Kaile uptime
05 * / usr/sbin/ntpdate time.nist.gov > / dev/null 2 > & 1
4.3.5 Delete the specified scheduled task
4.3.6 scheduled task comments
Root@m01 /] # ansible 172.16.1.31-m cron-a "name='timecrontab' disabled='yes'job='/usr/sbin/ntpdate time.nist.gov > / dev/null 2 > & 1'"
172.16.1.31 | SUCCESS = > {
"changed": true
"envs": []
"jobs": [
"time crontab"
]
}
[root@m01 /] # ansible 172.16.1.31-a "crontab-l"
172.16.1.31 | SUCCESS | rc=0 > >
# crond-id-001:time sync By Kaile
* / 5 * / usr/sbin/ntpdate time.nist.gov > / dev/null 2 > & 1
#-002:time backup
00 * / bin/sh / server/scripts/nfs_back.sh > / dev/null 2 > & 1
# Ansible: time crontab
# * / usr/sbin/ntpdate time.nist.gov > / dev/null 2 > & 1
Scheduled tasks turn on comment information
[root@m01 /] # ansible 172.16.1.31-m cron-a "name='timecrontab' disabled='no'job='/usr/sbin/ntpdate time.nist.gov > / dev/null 2 > & 1'"
172.16.1.31 | SUCCESS = > {
"changed": true
"envs": []
"jobs": [
"time crontab"
]
}
[root@m01 /] # ansible 172.16.1.31-a "crontab-l"
172.16.1.31 | SUCCESS | rc=0 > >
# crond-id-001:time sync By Kaile
* / 5 * / usr/sbin/ntpdate time.nist.gov > / dev/null 2 > & 1
#-002:time backup
00 * / bin/sh / server/scripts/nfs_back.sh > / dev/null 2 > & 1
# Ansible: time crontab
* / usr/sbin/ntpdate time.nist.gov > / dev/null 2 > & 1
4.4 the environment prepares the IP list
Server description
Public network IP
Private network IP
Hostnam
Nginx web
10.0.0.8/24
172.16.1.7/24
Web02
NFS storage server
10.0.0.31/24
172.16.1.31/24
Nfs01
Rsync backup server
10.0.0.41/24
172.16.1.41/24
Backup
Manage server
10.0.0.61/24
172.16.1.61/24
M01
Chapter 5 ansible basic configuration 5.1 ansibile Command Syntax format 5.2 Common Parameter Module 5.3 ansible configuration file:
[root@m01 ~] # tree / etc/ansible/
/ etc/ansible/
├── ansible.cfg # ansible profile
├── hosts # list of hosts managed by ansible (grouped)
└── roles
1 directory, 2 files
Edit ansible's host configuration file hosts and add host group zhaokai
[root@m01] # cp / etc/ansible/hosts {, .bak} # pre-backup is a good habit
[root@m01] # tail-6 / etc/ansible/hosts
[guanli]
172.16.1.31
172.16.1.41
172.16.1.61
172.16.1.7
5.5 for testing
If the ssh key connection is set, the hosts file will be configured here. But we haven't set it up yet, so we still need to continue processing ansible's host mapping file / etc/ansible/hosts.
[root@m01] # tail-6 / etc/ansible/hosts
[zhaokai]
172.16.1.31 ansible_ssh_user=root ansible_ssh_pass= login password
172.16.1.41 ansible_ssh_user=root ansible_ssh_pass= login password
172.16.1.61 ansible_ssh_user=root ansible_ssh_pass= login password
172.16.1.7 ansible_ssh_user=root ansible_ssh_pass= login password
172.16.1.8 ansible_ssh_user=root ansible_ssh_pass= login password
Command description:
User name of the ansible_ssh_user:ssh connection
Password for ansible_ssh_pass:ssh connection
Note:
If the key authentication is not done and hosts is not configured as above, the remote connection of ansible will fail.
5.6 remote batch execution of commands using ansible
Syntax:
Ansible zhaokai-m command-a 'uptime'
Ansible host group-m ansible built-in function module name-a command
Ansible command test
Example 1: get w information of 172.16.1.8 host
[root@m01] # ansible 172.16.1.8-m command-a "w"
172.16.1.8 | SUCCESS | rc=0 > >
13:44:07 up 5:32, 3 users, load average:0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
Root tty1-Sat09 14:16 0.07s 0.07s-bash
Root pts/0 172.16.1.1 Mon23 1315 29m 0.08s 0.00s-bash
Root pts/1 M01 13:44 0.00s 0.14s 0.00s / bin/sh-c / usr
[root@m01 ~] #
5.7 get the corresponding "w" information of the whole zhaokai host group
[root@m01] # ansible zhaokai-m command-a "w"
172.16.1.8 | SUCCESS | rc=0 > >
13:45:12 up 5:33, 3 users, load average:0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
Root tty1-Sat09 15:21 0.07s 0.07s-bash
Root pts/0 172.16.1.1 Mon23 1315 30m 0.08s 0.00s-bash
Root pts/1 M01 13:45 0.00s 0.12s 0.00s / bin/sh-c / usr
172.16.1.61 | SUCCESS | rc=0 > >
21:05:58 up 6:34, 3 users, load average:0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
Root tty1-14:41 4VR 22m 0.07s 0.07s-bash
Root pts/0 172.16.1.1 16:44 2.00s 1.11s 0.67s / usr/bin/python
Root pts/8 M01 21:05 1.00s 0.10s 0.00s / bin/sh-c / usr
172.16.1.7 | SUCCESS | rc=0 > >
12:05:07 up 1:05, 2 users, load average:0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
Root tty1-11:00 26:21 0.09s 0.09s-bash
Root pts/0 M01 12:05 0.00s 0.30s 0.00s / bin/sh-c / usr
172.16.1.41 | SUCCESS | rc=0 > >
22:36:51 up 18:39, 2 users, load average:0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
Root tty1-03:58 58:54 0.11s 0.11s-bash
Root pts/0 M01 22:36 0.00s 0.32s 0.00s / bin/sh-c / usr
172.16.1.31 | SUCCESS | rc=0 > >
13:45:13 up 6:49, 2 users, load average:0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
Root tty1-Mon20 13:42 0.15s 0.15s-bash
Root pts/0 M01 13:45 0.00s 0.30s 0.00s / bin/sh-c / usr
[root@m01 ~] #
5.8 call the copy module built into ansible
[root@m01 ~] # ansible 172.16.1.8-m copy-a "src=/etc/hosts dest=/tmp" # enter command
172.16.1.8 | SUCCESS = > {
"changed": true
"checksum": "dba0126bf49ea8d4cdc476828f9edb37085c6afe"
"dest": "/ tmp/hosts"
"gid": 0
"group": "root", # subordinate groups after the files have been copied
"md5sum": "09bad48d0c62411850fd04b68f836335"
"mode": "0644", # permissions after the file has been copied
"owner": "root", # owner after the file has been copied
"secontext": "unconfined_u:object_r:admin_home_t:s0"
"size":
"src": "/ root/.ansible/tmp/ansible-tmp-1489411262.1-267125154401179/source"
"state": "file"
"uid": 0
}
[root@m01] # ansible 172.16.1.8-m command-a "ls/tmp" # check what's in the host directory
172.16.1.8 | SUCCESS | rc=0 > >
Ansible_0qlGau
Hosts # here it is, copied successfully
Pulse-d3qHAaSjkIhZ
Pulse-PbcqlrG9QxEK
Virtual-root.yrc60j
Yum.log
[root@m01 ~] # ssh root@172.16.1.8 "ls / tmp" # look again with ssh
`root@172.16.1.8's password: `
Hosts # here it is successfully copied
Pulse-d3qHAaSjkIhZ
Pulse-PbcqlrG9QxEK
Virtual-root.yrc60j
Yum.log
[root@m01 ~] #
Command description:
-m: call ansible built-in module copy copy module
-a: take orders. The format of the command has changed due to the call to the copy module. Src= local file path path where dest= destination is located
Example 4: call the copy module to change the properties of the saved file
[root@m01 ~] # ansible 172.16.1.8-m copy-a "src=/etc/hosts dest=/tmp owner=zhaokai group=zhaokai mode=600"
172.16.1.8 | SUCCESS = > {
"changed": true
"checksum": "dba0126bf49ea8d4cdc476828f9edb37085c6afe"
"dest": "/ tmp/hosts"
Gid: 502
"group": "zhaokai"
"mode": "0600"
"owner": "zhaokai"
"path": "/ tmp/hosts"
"secontext": "unconfined_u:object_r:admin_home_t:s0"
"size":
"state": "file"
Uid: 502
}
[root@m01 ~] # ssh root@172.16.1.8 "ls-l/tmp/hosts"
`root@172.16.1.8's password: `
-rw-. 1 zhaokai zhaokai 294 March 1414purl 00 / tmp/hosts
Command description: for the use of ansible built-in module, you can refer to the return information after the execution of the command. It's very clear.
Note:
The copy module, if there is no directory under the path of the replicated host, will be created recursively
Special hint:
Some modules of ansible do not support
1) Pipeline character "|"
2) redirect ">
< >> / dev/null 2 > & 1 "
6.9 screenwriting content extension: script task writing multiple hosts
-hosts: 172.16.1.7
Tasks:
-name: restart-network
Cron: name='restart network' minute=00 hour=00 job='/usr/sbin/ntpdate
Time.nist.gov > / dev/null 2 > & 1'
-name: sync time
Cron: name='sync time' minute=*/5 job= "/ usr/sbin/ntpdatepool.ntp.com
> / dev/null 2 > & 1 "
-hosts: 172.16.1.31
Tasks:
-name: show ip addr to file
Shell: echo $(hostname-I) > > / tmp/ip.txt
Chapter 7 commonly used modules
Ansible oldboy-m authorized_key-a "contents of the key=' public key file, contents of the lock 'user=root"-k
# actual combat operation
[root@m01 .ssh] # ansible 172.16.1.41-mauthorized_key-a "key='ssh-dss AAAAB3NzaC1kc3MAAACBAOkVRb7MpNPcYR6HbR5Q6iT2028sSgNlaKX8yXEHDp/YGuobBzYvHKvLMhokak4Eo2DE/g9n29z+J4krWGpWZz9680YaT8T8Z0qmMXorK44FuAQqcifoyvMlW97DPvF+H8ilYNHnSE1D2EY4TXU1ruNPGAeaqLaUr6xcP7enc+hVAAAAFQCv0mTqYI6uraAAwV+YqV0fwynuSwAAAIEA54se+MAC8WxsugYsVEkvCnSWhAhB/KLsBCk5k7Y8pTdirnJ/ZviXM2/GTsPYdMHw9cZFyT4L3lsflorcj9gjsavWiyK9/GDerBe1vXg6JyRXstgWax2hIpH702dzSuENXSlbTua1tGNdBGt2A+mKQouBKqGMgyz3SWoF3CEb0gkAAACBAIUnpl1V9+w4tgccRoVUcnRx7H3hkaVSGzFXz1KxNGyASWVtgBdDn9+VT4T+U9JE9hlwKx4s9ySRyYvivZnT/6kZODleFVvVckr8jEdV/ILlesu+wQ31kLETiaOli5EGCyJmTNNK6x2Uz1Dq3rK4Rlb+tBSH3rMLzFp4aYBP+i+9root@m01' user=root"-k
SSH password:
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.