Shulou(Shulou.com)06/01 Report--

A brief introduction to Ansible

Ansible is a new automatic operation and maintenance tool. Based on Python development, it integrates the advantages of many operation and maintenance tools (puppet, chef, func, fabric), and realizes the functions of batch system configuration, batch program deployment, batch running commands and so on. Ansible is based on paramiko development, and is based on modular work, and does not have the ability to deploy in batches. What really has batch deployment is the module that ansible runs, and ansible only provides a framework. Ansible does not need to install client/agents on remote hosts because they communicate with remote hosts based on ssh. Ansible has been officially acquired by Red Hat and is the most recognized automated operation and maintenance tool. It is easy to use and easy to learn. It is one of the skills that every operation and maintenance engineer must master.

Features:

1. The deployment is simple. You only need to deploy the Ansible environment on the main control side, and the controlled side does not need to do anything.

2. The SSH protocol is used by default to manage the device.

3. There are a large number of routine operation and maintenance operation modules, which can realize most of the daily operations.

4. Simple configuration, powerful function and strong expansibility

5. Support API and custom modules, which can be easily extended through Python

6. Customize powerful configuration and state management through Playbooks

7. Lightweight, there is no need to install agent on the client side. When updating, you only need to make an update on the operator.

8. Provide a powerful and operational Web management interface and REST API interface-AWX platform.

Architecture:

Ansible:Ansible core program.

HostInventory: records host information managed by Ansible, including port, password, ip, etc.

Playbooks: "script" YAML format file, where multiple tasks are defined in one file, defining which modules the host needs to call to complete the function.

CoreModules: core module, the main operation is to call the core module to complete the management task.

CustomModules: custom module, complete the core module can not complete the function, support multiple languages.

ConnectionPlugins: connection plug-in, used for Ansible and Host communication.

Run the process:

The operation mode of the managed node by the control host in the Ansible system can be divided into two types, namely adhoc and playbook:

Ad-hoc mode (point-to-point mode)

Using a single module, batch execution of a single command is supported. The ad-hoc command is a command that can be entered quickly and does not need to be saved. It is equivalent to a word shell in bash.

Playbook mode (script mode)

It is not only the main management mode of Ansible, but also the key to the powerful function of Ansible. Playbook completes a class of functions through multiple task collections, such as the installation and deployment of Web services, batch backups of database servers, and so on. You can simply think of playbook as a configuration file by combining multiple ad-hoc operations.

Command execution process:

1. Load your own configuration file, default / etc/ansible/ansible.cfg

2. Find the corresponding host configuration file and find the host or group to be executed

3. Load your own corresponding module files, such as command

4. Generate the corresponding temporary py file (python script) through ansible, and transfer the file to the remote server.

5. The .ansible / tmp/XXX/XXX.PY file corresponding to the home directory of the executing user

6. Give file + x execution permission

7. Execute and return the result

8. Delete the temporary py file and exit with sleep 0

II. Ansible installation

Ansible can be installed on Linux, BSD, Mac OS X and other platforms, and the minimum requirement for Python version is 2.6.

This installation is installed in a Centos 7 environment:

Use the command: yum install ansible-y to install.

Note: if it cannot be installed, please replace the Yum source warehouse and try to install again.

III. Cisco switch configuration

The Cisco switch needs to be configured with SSH login. The specific configuration is as follows:

Ip domain-name wlxbc.cn configuration domain name

Username cisco password 15 cisco create ssh user

Crypto key generate rsa create key

Ip ssh version 2 sets the SSH version

Line vty 0 4 VTY configuration

Transport input ssh only allows SSH protocol transmission.

Login local local login

IV. Ansible operation and maintenance operation

Officially use it after installation. The default configuration file path for ansible is: / etc/ansible.

Modify the ansible configuration file to remove the following line comments

Host_key_checking = False

This line means that when ssh logs in, it checks to see if there is a key for the IP in the known_hosts file. The default is to check, and if it does not exist, the login fails. At this time, you can manually ssh once, and ssh will automatically add the key to the known_hosts file, or uncomment it so that it does not check the file.

Save when the settings are complete.

Clear and configure the hosts file: echo > hosts

[cisco] # Group name

192.168.108.251 # Group member

192.168.108.252

192.168.108.253

[centos]

192.168.100.225

Ansible 192.168.100.225-m ping-u root-k tests whether the ansible command is reachable

Common Ansible commands:

Ansible-- list-host all queries all hosts

Ansible IP address-m raw-a "show ip int brief"-u admin-k executes a single host

Ansible cisco-m raw-a "show clock"-u admin-k executes a group

Ansible all-m raw-a "show clock"-u admin-k executes all groups

Ansible-playbook arp.yml-u admin-k executes the script

Ansible-playbook arp.yml-u admin-k | grep'ok:\ | 8001' execute script, match and filter

Script: network module address: https://docs.ansible.com/ansible/latest/modules/list_of_network_modules.html

Reference configuration:

Query ARP: script

-

-name: Get ARP information

Hosts: cisco

Gather_facts: false

Tasks:

-name: show arp

Raw: "show arp"

Register: print_output

-debug: var=print_output.stdout_lines

Multiple commands:

-

-name: run multiple commands on remote devices

Hosts: all

Gather_facts: false

Connection: local

Tasks:

-name: show ver and show ip int brief

Ios_command:

Commands:

-show clock

-show ip int brief

Register: print_output

-debug: var=print_output.stdout_lines

Configure the switch:

-

-name: enable ospf

Hosts: all

Gather_facts: false

Connection: local

Tasks:

-name: enable ospf

Ios_config:

Authorize: yes

Parents: router ospf 2

Lines:

-network 0.0.0.0 255.255.255.255 area 0

Register: print_output

-debug: var=print_output

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.