Shulou(Shulou.com)06/03 Report--

I. basic introduction

=

1. Introduction

Ansible is a new automatic operation and maintenance tool. Based on Python development, it integrates the advantages of many operation and maintenance tools (puppet, cfengine, chef, func, fabric), and realizes the functions of batch system configuration, batch program deployment, batch running commands and so on. Ansible works based on modules and does not have the ability to deploy in batches. What really has batch deployment is the module that ansible runs, and ansible only provides a framework. It mainly includes:

(1) connection plug-in connection plugins: responsible for communicating with the monitored end

(2), host inventory: specify the host for operation, which is the host for monitoring defined in the configuration file.

(3) various modules core module, command module, custom module

(4) with the help of plug-ins, log mail and other functions are completed.

(5), playbook: when the script performs multiple tasks, it is not necessary to let the node run multiple tasks at one time.

2. Overall structure

3. Characteristics

(1), no agents: no client needs to be installed on the controlled host

(2), no server: there is no server, you can run the command directly when you use it.

(3), modules in any languages: based on module work, modules can be developed in any language

(4), yaml,not code: customize the script playbook using Yaml language

(5) ssh by default: work based on SSH

(6) strong multi-tier solution: multi-level command can be realized.

4. Advantages

(1) lightweight, there is no need to install agent on the client side. When updating, you only need to make an update on the manipulator.

(2) batch task execution can be written as a script and can be executed without being distributed to the remote

(3) written in python, the maintenance is simpler, and the ruby syntax is too complex.

(4) support sudo.

5. Task execution process

=

II. Basic installation and configuration of Ansible

=

1-1. Yum source installation

Take centos as an example. By default, there is no ansible in the source, but there is ansible in the fedora epel source. After configuring the epel source, you can install it directly through yum. Take centos6.8 as an example:

# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm # rpm-ivh epel-release-6-8.noarch.rpm# yum install ansible

1-2. Source code installation

(1) install devtoolset

# yum groupinstall "Development tools"

(2) install the packages needed to compile Python

# yum install gcc zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel libffi-devel

(3), python2.7 installation

Wget https://www.python.org/ftp/python/2.7.14/Python-2.7.14.tgztar xvzf Python-2.7.14.tgzcd Python-2.7.14./configuremake & & make altinstall (altinstall distinguishes between existing versions when installed) (workaround for libpython2.7.so.1.0: vi / etc/ld.so.conf add / usr/local/lib Then ldconfig) mv / usr/bin/python / usr/bin/python2.6.6ln-s / usr/local/bin/python2.7 / usr/bin/python## copies the python header file to the standard directory to avoid not finding the required header file cd / usr/local/include/python2.7/cp-a. / * / usr/include/## when compiling ansible to modify the yum script to point to the old version of python It has been avoided that it is unable to run vim / usrqinqinxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

(4), setuptools module installation

Wget https://pypi.python.org/packages/2.7/s/setuptools/setuptools-0.6c11-py2.7.egg-- no-check-certificate chmod + x setuptools-0.6c11-py2.7.egg sh setuptools-0.6c11-py2.7.egg

(5) installation of pycrypto module

Wget https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gztar zxvf pycrypto-2.6.1.tar.gzcd pycrypto-2.6.1python setup.py installcd..

(6), PyYAML module installation

# # install libyamlwget http://pyyaml.org/download/libyaml/yaml-0.1.5.tar.gztar zxvf yaml-0.1.5.tar.gzcd yaml-0.1.5./configure-- prefix=/usr/localmake-- jobs= `grep processor / proc/cpuinfo | wc-l`make installcd.. # # install PyYAMLwget http://pyyaml.org/download/pyyaml/PyYAML-3.11.tar.gztar zxvf PyYAML-3.11.tar.gzcd PyYAML-3.11python setup.py installcd..

(7), Jinja2 module installation

# # install MarkupSafewget https://pypi.python.org/packages/source/M/MarkupSafe/MarkupSafe-0.9.3.tar.gztar zxvf MarkupSafe-0.9.3.tar.gzcd MarkupSafe-0.9.3python setup.py installcd.. # # install Jinjawget https://pypi.python.org/packages/source/J/Jinja2/Jinja2-2.7.3.tar.gztar zxvf Jinja2-2.7.3.tar.gzcd Jinja2-2.7.3python setup.py installcd..

(8), paramiko module installation

# # install ecdsawget https://pypi.python.org/packages/source/e/ecdsa/ecdsa-0.11.tar.gztar xvzf ecdsa-0.11.tar.gzcd ecdsa-0.11python setup.py installcd.. # # install paramikowget https://pypi.python.org/packages/2b/27/b64860e7b208ff1dd36fe208d07bca1f9637a11fe733e2f2ceea587c3f75/paramiko-1.7.5.zipunzip paramiko-1.7.5.zipcd paramiko-1.7.5python setup.py installcd..

(9), simplejson module installation

Wget https://pypi.python.org/packages/08/48/c97b668d6da7d7bebe7ea1817a6f76394b0ec959cb04214ca833c34359df/simplejson-3.11.1.tar.gztar zxvf simplejson-3.11.1.tar.gzcd simplejson-3.11.1python setup.py installcd..

(10), ansible installation

Wget https://github.com/ansible/ansible/archive/stable-2.3.zipunzip stable-2.3.zipcd ansible-stable-2.3/python setup.py install

2. Ansible configuration

Configure username and password

(1) use examles package as the default configuration, as shown below:

Mkdir-p / etc/ansiblecp-r examples/* / etc/ansible/ls / etc/ansible/ansible.cfg DOCUMENTATION.yml hosts hosts.yaml hosts.yml playbooks scripts

(2) after using the default sample configuration file, back up the file and edit the / etc/ansible/hosts file:

Cp / etc/ansible/hosts / etc/ansible/hosts.bak vim / etc/ansible/hosts. [all:children] testdev [test] # set the default connection user of the host, and the password 172.16.52.236 ansible_ssh_user=root ansible_ssh_pass=test # sets the connection method of ssh. The default is openssh. Openssh is recommended on the official website, because paramiko is time-consuming and inefficient when querying key. 172.16.52.226 ansible_connection= Paramiko [dev] # give the host an individual name "qsh_test". If the default port of ssh is not 22, you can specify a specific port, qsh_test ansible_ssh_host=172.16.52.100 ansible_ssh_port=21100#, specify the ssh port, or you can specify the port as below. 172.16.52.23 [1:9]: 22 ssh-Note: 1. The all group consists of two subgroups: test below, and dev2 and the above two methods of specifying ssh ports, only for a small number of our hosts that are special ports. There is an option in the configuration file to change the port we need to OK. After modification, the global valid grep "remote_port" / etc/ansible/ansible.cfg remote_port = 223,172.16.52.236 can be in different groups. In reality, it is a reason that I can install either mysql or apache on a server. 4. The following users and password entries are not required. In the case of configuring key authentication, you can operate directly without using a password. If you are not using key, you can also ask for a manual password before the operation with the-k parameter in ansible.

(3) modify the default remote port number

There is an option in the configuration file to change the port we need to OK, which is valid globally after modification.

Lixc@ansible:~$ grep "remote_port" / etc/ansible/ansible.cfg remote_port = 2222

(4) verify whether ansible is available in the following ways, and output the results to prove that the installation is successful.

Ansible test-a 'uptime'172.16.52.236 | SUCCESS | rc=0 > > 18:33:05 up 7 days, 8:07, 1 user, load average: 0.06,0.05,0.00172.16.52.226 | SUCCESS | rc=0 > 18:33:05 up 7 days, 8:08, 1 user, load average: 0.00,0.00,0.00

Error: "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\ r\ n"

Resolve:

Prompt to install sshpass, which is also provided by the epel source to install sshpass,sshpass

[root@ansible~] # yum install-y sshpass

SSH Keyless Login Settings

(1) generate public / private keys

# ssh-keygen-t rsa-P''

# # write the trust file (install the local ssh public key file to the account corresponding to the remote host):

# ssh-copy-id-I ~ / .ssh/id_rsa.pub remote-host

(2), ansible configuration

# mkdir-p / etc/ansible

# vim / etc/ansible/ansible.cfg

Remote_port = 36000

Private_key_file = / root/.ssh/id_rsa_ansible

……

(3) simple test

# ansible test-m command-a 'uptime'

Note: when you run it for the first time, you need to enter "yes" [for public key verification], and you don't need to enter it again later.

Let's talk about the workflow of ansible. The workflow is something like this.

Ansible connects to the client through OPENSSH or python's pramamiko

Push the ansible module to the client. Where is it pushed to the client? please see

[root@qsh_server ansible] # grep "remote_tmp" / etc/ansible/ansible.cfg remote_tmp = $HOME/.ansible/ TMP [root @ qsh_server ansible] # ansible test-a "ls ~ / .ansible" 172.16.52.236 | SUCCESS | rc=0 > > tmp

3. Execute ansible module on the client through ssh

4. Execution completed

5. Delete the ansible module that has just been pushed

3. Use of common modules

(1), setup

# # used to view some basic information of remote hosts

# ansible test-m setup | more

(2), ping

# # used to test the running status of remote hosts

# ansible test-m ping

(3), file

# # setting file attributes

The relevant options are as follows:

Force: you need to force the creation of a soft link in two cases, one is that the source file does not exist but will be established later; the other is that the destination soft link already exists and you need to cancel the previous soft link and then create a new one. There are two options: yes | no

Group: define the subordinate group of the file / directory

Mode: define permissions for files / directories

Owner: define the owner of the file / directory

Path: required, define the path to the file / directory

Recurse: recursively sets the properties of a file, valid only for directories

Src: the path to the linked source file, applicable only in the case of state=link

Dest: the path to be linked to, only in the case of state=link

State:

Directory: if the directory does not exist, create the directory

File: even if the file does not exist, it will not be created

Link: creating soft links

Hard: creating hard links

Touch: if the file does not exist, a new file is created, and if the file or directory already exists, its last modification time is updated

Absent: delete directories, files, or unlink files

Example:

# # creating symbolic links to remote files

# ansible test-m file-a "src=/etc/resolv.conf dest=/tmp/resolv.conf state=link"

# # viewing remote File Information

# ansible test-m command-a "ls-al / tmp/resolv.conf"

# # deleting symbolic links from remote files

# ansible test-m file-a "path=/tmp/resolv.conf state=absent"

# # viewing remote File Information

# ansible test-m command-a "ls-al / tmp/resolv.conf"

Description: as shown above, the file or link has been deleted.

# # Recursive create a folder

# ansible test-m file-a "dest=/tmp/a/b/c owner=root group=root mode=755 state=directory"

(4), copy

# # copying files to a remote host

The relevant options are as follows:

Backup: before overwriting, back up the source file, which contains time information. There are two options: yes | no

Content: used instead of "src", you can directly set the value of the specified file

Dest: required. The absolute path of the remote host to which the source file is to be copied, and if the source file is a directory, the path must also be a directory

Directory_mode: recursively sets the permissions of the directory, which defaults to the system default permissions

Force: if the target host contains the file, but the content is different, if it is set to yes, it is forced to be overwritten, and if it is no, it is copied only if the file does not exist at the target host's destination location. Default is yes

Others: the options in all file modules can be used here

Src: a local file copied to a remote host, either absolute or relative. If the path is a directory, it will be copied recursively. In this case, if the path ends with "/", only the contents of the directory are copied, and if it does not end with "/", the entire content, including the directory, is copied, similar to rsync.

Example:

# # copy the local file "/ etc/ansible/ansible.cfg" to the remote server

# ansible test-m copy-a "src=/tmp/test.txt dest=/tmp/test.txt owner=root group=root mode=0644"

# # backup before copy

# ansible test-m copy-a "src=/tmp/test.txt dest=/tmp/test.txt owner=root group=root mode=0644 backup=yes"

Error message:

"Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"

Solution: shut down the remote server selinux

(5), command

# # execute commands on remote hosts

The relevant options are as follows:

Creates: a file name that is not executed when the file exists

Free_form: the linux instruction to be executed

Chdir: change to this directory before executing the instruction

Removes: a file name that is not executed when the file does not exist

Executable: switch shell to execute instructions. The execution path must be an absolute path.

Example:

# ansible test-m command-a "uptime"

(6), shell

# # switch to a shell to execute the specified instruction with the same parameters as command.

Unlike command, this module supports command pipelines, and there is another module that also has this function: raw

Example:

# # create a SHELL script locally

# vim / tmp/ansible_test.sh

#! / bin/sh

Date +% F_%H:%M:%S

# chmod + x / tmp/ansible_test.sh

# # distribute the created script files to the remote

# ansible test-m copy-a "src=/tmp/ansible_test.sh dest=/tmp/ansible_test.sh owner=root group=root mode=0755"

# # remote execution

# ansible test-m shell-a "/ tmp/ansible_test.sh"

(7), more modules

Other commonly used modules, such as service, cron, yum and synchronize, are not exemplified and can be tested in combination with their own system environment.

Service: system service management

Cron: scheduled task management

Yum:yum package installation management

Synchronize: synchronizing files with rsync

User: system user management

Group: system user group management

For more modules, refer to:

# ansible-doc-l

Http://docs.ansible.com/modules_by_category.html

Http://www.ansible.cn/docs/

(a mirror site in China to avoid being hit by walls ^ _ ^)

(8) some concepts are added.

Composition of playbook: playbook is a list of one or more "play", which can be executed together according to a pre-arranged mechanism; the so-called task is nothing more than calling a module of ansible, while variables can be used in module parameters; module execution is idempotent, which means that multiple execution is safe because the results are consistent.

Execution model: the tasks in task list are executed sequentially on all hosts specified in hosts, that is, the first task is completed on all hosts and then the second one is started. When running a playbook sequentially, if an error occurs midway, all executed tasks will be rolled back, so you can execute it again after modifying the playbook

Task composition: each task should have its own name, which is used to output the execution results of the playbook. It is recommended that its content describe the task execution steps as clearly as possible. If no name is provided, the result of the action will be used for output

Notify specifies the execution mechanism of the handler: the action "notify" can be used to trigger at the end of each play, and the actions listed in the notify are called handler, and the specified operations are performed only once all the changes have been completed.

=

III. Follow-up work

=

1. Deeply study the playbook and extension modules of ansible.

2. Realize the basic monitoring according to the business environment to replace the current way of calling the automatic deployment platform API.

3. Try to automate the operation and maintenance tool saltstack and compare it with ansible.

Some learning materials:

Http://lansgg.blog.51cto.com/5675165/1745040

Http://blog.xiaorui.cc/category/ansible/

Http://lixcto.blog.51cto.com/4834175/d-4

Https://github.com/ansible/ansible-examples

Http://rfyiamcool.blog.51cto.com/1030776/d-51

Http://dl528888.blog.51cto.com/2382721/d-4/p-1

Http://edu.51cto.com/course/course_id-2220.html

Http://edu.51cto.com/course/course_id-2032.html

Http://www.shencan.net/index.php/category/%e8%87%aa%e5%8a%a8%e5%8c%96%e8%bf%90%e7%bb%b4/ansible/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.