Sort out relevant contents of ansible

In practice , Maintenance services or servers will produce a certain order of magnitude , If you modify parameters one by one , Not only the workload is heavy, but also the repetition is boring . Need to use automatic operation and maintenance , Then the application scenarios of automatic operation and maintenance are as follows ： File transfer 、 Application deployment 、 Configuration Management 、 Task flow choreography .

Common automatic operation and maintenance tools

  Ansible：python,Agentless, Small and medium-sized application environment

   Saltstack：python, It usually needs to be deployed agent, More efficient execution

   Puppet：ruby, Powerful , Configure a complex , heavy , Suitable for large environments

   Fabric：python,agentless

   Chef：ruby, Few applications in China

   Cfengine

   func

   The more you go back, the less you use

1、Ansible Introduction and Architecture

   The company plans to do a large marketing promotion at the end of the year , Full sprint of trading volume , Prepare for next year's launch . The company requires all business groups to prepare for the year-end promotion , The operation and maintenance department requires three times expansion of all business capacity , And build a number of sets of environment can be a total of development and testing personnel to do testing , In order to perform at the end of the year , Ask the students in the operation and maintenance department to realize , When you receive this task , Is there a faster solution ？

1.1、Ansible The history of

author ：Michael DeHaan（ Cobbler And Func author ）

ansible The name comes from science fiction 《 Ender's game 》 Instant messaging tools across time and space , It can be used at a distance of several light years , Remote real-time control of Fleet Combat on the front line .
2012-03-09, Release 0.0.1 edition ,2015-10-17,Red Hat announce 1.5 US $100 million acquisition

Official website ：https://www.ansible.com/
Official documents ：https://docs.ansible.com/

1.2、Ansible characteristic

  Non service type ： No, service file , There is no need to set it to startup, self startup and other operations , Because it needs to connect or perform tasks .

modularization ：playbook, Call a specific module to complete a specific task , Support for custom modules , The module can be written in any programming language

 Paramiko（python Yes ssh The implementation of the ）,PyYAML,Jinja2（ Template language ） Three key modules
be based on Python Language implementation

Simple deployment , be based on python and SSH( Default installed ),agentless, No agent, no dependency PKI（ There is no need to ssl）
Security , be based on OpenSSH
Idempotency ： A task execution 1 And execute n The effect is the same , No accidents due to repeated execution
Support playbook Choreograph the task ,YAML Format , Choreograph the task , Support rich data structure
More powerful multi tier solutions role

1.3、Ansible framework

1.3.1、Ansible form

Combine INVENTORY、API、MODULES、PLUGINS The green box of , by ansible Command tool , It is the core execution tool .

    INVENTORY：Ansible Manage the list of hosts /etc/anaible/hosts
MODULES：Ansible Function module for executing commands , Most are built-in core modules , You can also customize
PLUGINS： Supplement module functions , Such as connection type plug-in 、 Cycle plugin 、 Variable plug in 、 Filter plug-ins, etc , This function is not commonly used
API： Application programming interfaces for third-party program calls

  1.3.2、Ansible Command execution source

    USER Ordinary users , namely SYSTEM ADMINISTRATOR
PLAYBOOKS： Task script （ Set of tasks ）, Choreography definition Ansible The configuration file for the task set , from Ansible Execute in sequence
That's ok , Usually JSON Format YML file
CMDB（ Configuration management database ） API call
PUBLIC/PRIVATE CLOUD API call
USER-> Ansible Playbook -> Ansibile

  1.3.3 matters needing attention

         perform ansible The host of is generally called the main control terminal , central ,master Or fortress , Only need to be installed at the main control end ansible, The controlled end does not need to be installed
Main control end Python Version needs to be 2.6 Or more
  Charged end Python Version less than 2.4, Need to install python-simplejson
  The controlled end is open SELinux Need to install libselinux-python
 windows It can't be the main controller

 2、 Ansible Installation and getting started

ansible There are many ways to install , I am here centos7 and centos8 Use it all yum install , A hundred problems , The environment is different , Finally, the source code compilation method is used to install , But in order to record learning , The installation methods are still written below .

  2.1、EPEL The source of rpm Package installation

   yum install epel-release

yum install ansible

  2.2、 Compilation and installation

     yum -y install python-jinja2 PyYAML python-paramiko python-babel python-crypto

     tar -xvf ansible-2.9.27.tar.gz

     cd ansible-2.9.27/

 python setup.py build

     python setup.py install

mkdir /etc/ansible

cp -r examples/*  /etc/ansible

Install the package on the official website or a third-party platform .

2.3、Git The way

git clone git://github.com/ansible/ansible.git --recursive
cd ./ansible
source ./hacking/env-setup

2.4、pip install

pip It's installation Python Package manager , similar yum

yum install python-pip python-devel
yum install gcc glibc-devel zibl-devel rpm-bulid openssl-devel
pip install --upgrade pip
pip install ansible –upgrade

You can see ansible Installation and details

3、Ansible Related documents

3.1、 The configuration file

/etc/ansible/ansible.cfg Master profile , To configure ansible Working characteristics
/etc/ansible/hosts Host list
/etc/ansible/roles/ The directory where the characters are stored

3.1.1、ansible Master profile

 Ansible Configuration file for /etc/ansible/ansible.cfg , Most of the configuration contents do not need to be modified

The following parameters need to be opened ：

log_path = /var/log/ansible.log

host_key_checking = False

Or change ssh Profile of file StrictHostKeyChecking no

3.1.2、inventory Host list

 ansible The main function of the system lies in batch host operation , In order to easily use some of the hosts , Can be in inventory file Group them and name them , Batch management ; You can also name a single host .

default inventory file by /etc/ansible/hosts

inventory file There can be multiple , And it can also be done through Dynamic Inventory To generate dynamically

  Host manifest file format

 inventory The document follows INI Document style , The characters in brackets are group names . The same host can be merged into multiple different groups at the same time , Besides , If the target host uses a non default SSH port , You can also use a colon and port number after the host name to indicate .
If the host name follows a similar naming pattern , You can also use a list to identify each host .

Example ：

4、Ansible Related tools

    /usr/bin/ansible The main program , Temporary command execution tool
/usr/bin/ansible-doc View the configuration documentation , Module function view tool , amount to man
/usr/bin/ansible-playbook Custom automated tasks , Script tools , It's like a script
/usr/bin/ansible-pull A tool for remotely executing commands
/usr/bin/ansible-vault File encryption tools
/usr/bin/ansible-console be based on Console Tools that interact with the user interface
/usr/bin/ansible-galaxy download / Upload excellent code or Roles The official website platform of the module

  utilize ansible Main ways to realize management ：

    Ad-Hoc It is using ansible command , It is mainly used in temporary command usage scenarios
Ansible-playbook Mainly for long-term planning , Large project scenarios , There needs to be an early planning process

4.1、ansible-doc

   This tool is used to display module help

Format

  ansible-doc [options] [module...]
-l, --list # List the available modules
-s, --snippet # Displays the playbook fragment

Example ：

List all modules ansible-doc -l

View specified (ping) Module help usage ansible-doc ping

-s Simple help description

Check the host list

ansible all --list

ansible service –list

ansible mysql --list

4.2、ansible

This tool passes ssh agreement , Realize the configuration management of remote host 、 Application deployment 、 Task execution and other functions
Suggest ： Before using this tool , First configure ansible The master can contact each managed node based on key authentication

Example ： utilize sshpass Batch implementation is based on key Validation script

cat push_ssh_key.sh

#!/bin/bash

IPLIST=" 

192.168.48.121

192.168.48.118

192.168.48.110"      

rpm -q sshpass &> /dev/null || yum -y install sshpass

[ -f /root/.ssh/id_rsa ] || ssh-keygen -f /root/.ssh/id_rsa -P ''

export SSHPASS=123456

for IP in $IPLIST;do

sshpass -e ssh-copy-id -o StrictHostKeyChecking=no $IP

done

Execute the script , Make it secret free

sh push_ssh_key.sh

ansible Of Host-pattern

List of hosts used to match controlled

All ： Express all Inventory All hosts in

*. Support for wildcards

  ansible "*" -m ping
ansible 192.168.1.* -m ping
ansible "srvs" -m ping

Or relationship

  ansible service:mysql -m ping

  ansible "192.168.1.10:192.168.1.20" -m ping

Logic and

  ansible service:&mysql -m ping

Logic is not

  # stay websrvs Group , But not here. dbsrvs Hosts in the group
# Be careful ： Single quotation mark here
ansible 'websrvs:!dbsrvs' –m ping

Synthetic logic

  ansible 'websrvs:dbsrvs:&appsrvs:!ftpsrvs' –m ping

Regular expressions

Example ：

Test connectivity ansible all  -m ping

ansible Command execution process

1. Load your own profile Default /etc/ansible/ansible.cfg
2. Load the corresponding module file , Such as ：command
3. adopt ansible Generate the module or command corresponding to the temporary py file , And transfer the file to the corresponding user of the remote server $HOME/.ansible/tmp/ansible-tmp- Numbers /XXX.PY file
4. Give the papers +x perform
5. Execute and return results
6. Delete temporary py file , sign out

ansible Implementation status of ：

   green ： Perform operations that are successful and do not need to change
yellow ： Change the target successfully
Red ： Execution failure

ansible Examples of use

# With wang User execution ping Survival tests
ansible all -m ping -u wang -k
# With wang sudo to root perform ping Survival tests
ansible all -m ping -u wang -k -b
# With wang sudo to mage User execution ping Survival tests
ansible all -m ping -u wang -k -b --become-user=mage
# With wang sudo to root User execution ls
ansible all -m command -u wang -a 'ls /root' -b --become-user=root -k -K

4.3、ansible-playbook

  This tool is used to perform written playbook Mission , Be similar to shell Script .

  The script file is yaml Format , Follow strict indentation format , If you indent one character , Then the indentation of the whole document should also be unified

Example ：

4.4、ansible-vault

This tool can be used for encryption and decryption yml file

Format ：

  ansible-vault [create|decrypt|edit|encrypt|rekey|view

Example ：

  ansible-vault encrypt hello.yml # encryption

ansible-vault decrypt hello.yml # Decrypt
ansible-vault view hello.yml # see
ansible-vault edit hello.yml # Edit encrypted files
ansible-vault rekey hello.yml # Modify password
ansible-vault create new.yml # Create a new file

4.5、ansible-console

This tool can execute commands interactively , Support tab,ansible 2.0+ newly added

Prompt format :

Perform user @ The host group of the current operation ( Number of hosts in the current group )[f: Concurrency number ]$

Common subcommands :

   Set the number of concurrent ： forks n for example ： forks 10
Switch group ： cd Host group for example ： cd web
List the hosts of the current group ： list
List all the built-in commands ： ? or help

Example ：

 [[email protected] ~]#ansible-console
Welcome to the ansible console.
Type help or ? to list commands.
[email protected] (3)[f:5]$ list
10.0.0.8
10.0.0.7
10.0.0.6
[email protected] (3)[f:5]$ cd websrvs
[email protected] (2)[f:5]$ list
10.0.0.7
10.0.0.8
[email protected] (2)[f:5]$ forks 10
[email protected] (2)[f:10]$ cd appsrvs
[email protected] (2)[f:5]$ yum name=httpd state=present
[email protected] (2)[f:5]$ service name=httpd state=started

4.6、ansible-galaxy

This tool will connect https://galaxy.ansible.com Download the corresponding roles

Example ：

 # List all installed galaxy
ansible-galaxy list

ansible-galaxy install geerlingguy.ntp --ignore-errors

List all installed galaxy

ansible-galaxy list

install galaxy

ansible-galaxy install geerlingguy.redis

Delete galaxy

ansible-galaxy remove geerlingguy.redis

ansible-pull

Push command to remote , The efficiency is infinitely improved , High requirements for operation and maintenance

5、Ansible Common modules

2015 end of the year 270 Multiple modules ,2016 reach 540 individual ,2018 year 01 month 12 The day has 1378 A module ,2018 year 07 month 15 Japan 1852 A module ,2019 year 05 month 25 Japan （ansible 2.7.10） when 2080 A module ,2020 year 03 month 02 The day has 3387 A module .
    Although there are many modules , But the most common module is 2,30 A just , For a specific business, only 10 Several modules
Common module help document reference ：
https://docs.ansible.com/ansible/latest/modules/modules_by_category.htm

5.1、Command modular

   function ： Execute command on remote host , This is the default module , Negligible -m Options

Be careful ： This command does not support $VARNAME < > | ; & etc. , use shell Module implementation

Examples are as follows ：

ansible all -m command -a "chdir=/data ls"

ansible all -m command -a "creates=/etc/fstab  ls"

meaning ： If the file exists , Do not execute the following commands

5.2、script modular

Highlight features ： Running on a remote host ansible Scripts on the server ( No execution rights are required ), Scripts are only stored in ansible Server , The remote server does not need to upload

5.3、copy modular

Highlight features ： from ansible The master server copies files to the remote host

# If the target exists , Default override , Backup first is specified here
ansible mysql  -m copy -a "src=/data/single.sh  dest=/tmp/single.sh  owner=ttyang

mode=600 backup=yes"

# Specify content , Directly generate the target file

content Generate a new file , The content of the file is the content in quotation marks ,
ansible mysql -m copy -a "content='test line1\ntest line2' dest=/tmp/test.txt"

Go to the destination to view the contents of the file \n Newline character

# Copy /etc The catalog itself , Be careful /etc/ There is no /
ansible mysql -m copy -a “src=/etc dest=/backup”

Go to the destination server to view

# Copy /etc/ The files under the , barring /etc/ The catalog itself , Be careful /etc/ In the back /
ansible websrvs -m copy -a "src=/etc/ dest=/backup"

cemtos6 Host name location

vim /etc/sysconfig/network

centos7 /8/Ubunto Host name location

vim /etc/hostname

5.4、Fetch modular

function ： Extract files from remote host to ansible The main control terminal of ,copy contrary , Directory is not currently supported

ansible mysql -m fetch -a 'src=/data/all.sql  dest=/data/'

from ansible Main control end view , The directory where the file exists is shown in the following screenshot ;

5.5、File modular

function ： Set file properties

Example ：

# Create an empty file , Set genus group 、 Belong to
ansible all -m file -a 'path=/data/test.txt state=touch'
ansible all -m file -a 'path=/data/test.txt state=absent'
ansible all -m file -a "path=/root/test.sh  owner=wang mode=755"
# Create directory
ansible all -m file -a "path=/data/mysql state=directory owner=mysql
group=mysql"
# Create soft link
ansible all -m file -a 'src=/data/testfile dest=/data/testfile-link state=link'

5.6、unarchive modular

function ： Unpack and decompress

There are two ways to implement ：
1、 take ansible After the compressed package on the host is sent to the remote host, it is decompressed to a specific directory , Set up copy=yes
2、 Decompress a compressed package on the remote host to the specified path , Set up copy=no

Common parameters ：
copy： The default is yes, When copy=yes, The copied file is from ansible Host copy to remote host , If set to
copy=no, Will look for... On the remote host src Source file
remote_src： and copy The functions are the same and mutually exclusive ,yes On the remote host , be not in ansible host ,no Indicates that the document is in ansible On a host
src： The source path , It can be ansible The path on the host , It can also be a remote host ( Managed end or third party host ) Upper path , If it's a path on a remote host , You need to set copy=no
dest： The destination path on the remote host
mode： Set the permissions of the extracted file

Example ：

ansible all -m unarchive -a 'src=/data/foo.tgz dest=/var/lib/foo owner=wang
group=bin'
ansible all -m unarchive -a 'src=/tmp/foo.zip dest=/data copy=no mode=0777'
ansible all -m unarchive -a 'src=https://example.com/example.zip dest=/data
copy=no'

5.7、Archive modular

function ： The package is stored in the managed node

Example ：

 ansible websrvs -m archive -a 'path=/var/log/ dest=/data/log.tar.bz2 format=bz2
owner=wang mode=0600

5.8、Hostname modular

function ： Manage host names , This module is generally not processed in batch , Because if different hosts are changed to the same host name, it will be meaningless

ansible node1 -m hostname -a "name=websrv"
ansible 10.0.0.18 -m hostname -a 'name=node18.magedu.com

5.9、Cron modular

function ： Planning tasks
Support time ：minute,hour,day,month,weekday

  Example , Posted the teacher's picture directly

5.10、yum modular

function ： Management package , Only support RHEL,CentOS,fedora, I won't support it Ubuntu Other versions
Example ：

ansible websrvs -m yum -a 'name=httpd'

5.11、Service modular

function ： management service

Start and set it to start automatically ：

ansible websrvs -m service  -a 'name=httpd state=started enabled=yes'

It can be seen that it is in the state of startup and self startup

5.12、User modular

function ： Manage users

Example ：

# Create user
ansible all -m user -a 'name=user1 comment="test user" uid=2048 home=/app/user1
group=root'
ansible all -m user -a 'name=nginx comment=nginx uid=88 group=nginx
groups="root,daemon" shell=/sbin/nologin system=yes create_home=no
home=/data/nginx non_unique=yes'
#remove=yes It means deleting data such as user and home directory , Default remove=no
ansible all -m user -a 'name=nginx state=absent remove=yes'

Delete data such as user and home directory

ansible srv -m user -a ‘name=user1 state=absent remove=yes‘

remove Parameters , Delete home directory

5.13、Group modular

function ： Management Group

Example ：

# Create group
ansible websrvs -m group -a 'name=nginx gid=88 system=yes'
# Delete the group
ansible websrvs -m group -a 'name=nginx state=absent'

5.14、user modular

  function ： Manage users

  Example ：

 # Create user
ansible all -m user -a 'name=user1 comment="test user" uid=2048 home=/app/user1
group=root'

ansible all -m user -a 'name=nginx comment=nginx uid=88 group=nginx
groups="root,daemon" shell=/sbin/nologin system=yes create_home=no
home=/data/nginx non_unique=yes'

#remove=yes It means deleting data such as user and home directory , Default remove=no

ansible all -m user -a 'name=nginx state=absent remove=yes'

5.15、Lineinfile modular

ansible In the use of sed When replacing , We often encounter the problem of escape , and ansible When a special symbol is encountered to replace , Existing problems , Unable to replace properly . Actually in ansible It provides two modules ：lineinfile Module and replace modular , It can be easily replaced .

function ： amount to sed, You can modify the contents of the document

  Example ：

  ansible websrvs -m lineinfile -a "path=/etc/httpd/conf/httpd.conf regexp='^Listen' line='Listen 80'"
  ansible all -m lineinfile -a "path=/etc/selinux/config regexp='^SELINUX='
line='SELINUX=disabled'"
  ansible all -m lineinfile -a 'dest=/etc/fstab state=absent regexp="^#"

5.16、Replace modular

The module is a bit like sed command , It is mainly based on regular matching and replacement , It is recommended to use

Example ：

  ansible all -m replace -a "path=/etc/fstab regexp='^(UUID.*)' replace='#\1'"
ansible all -m replace -a "path=/etc/fstab regexp='^#(.*)' replace='\1'"

5.17、Setup modular

function ： setup Module to collect the system information of the host , these facts Information can be used directly in the form of variables , But if there are more hosts , It affects execution speed , have access to gather_facts: no To prohibit Ansible collect facts Information

 ansible mysql   -m setup -a "filter=ansible_name"

Example ：

ansible Series of commands

Ansible Galaxy