preface

When there are more and more servers, unified management becomes particularly important. It is essential to choose a management tool that is compatible with both newly deployed and previously deployed machines, and the client-less version of Ansible management tool may be one of the priorities.

Know ansible

Ansible is an automated operation and maintenance tool that solves the problem of performing the same tasks over and over again in our IT work. With it, we can solve the problem once and then automate our solution. Today, thousands of companies are using a simple but powerful IT automation engine that I believe will help us accelerate our DevOps efforts. By the way, it’s made by Red Hat.

features

  1. Simple, powerful, agentless
  2. No client, push
  3. Tasks are executed in sequence
  4. Application deployment, configuration management
  5. Workflow orchestration
  6. Coordinate the application lifecycle
  7. Use OpenSSH and WinRM, agentless architecture
  8. No agents used or updated

Frame structure

The installation

Recommended PIP installation

[sl@localhost ~]# easy_install pip
[sl@localhost ~]# pip install ansible
Copy the code

Other Installation methods

It’s easy to run Ansible from a project’s Checkout. Ansible doesn’t require root permissions, doesn’t rely on other software, doesn’t require running background processes, and doesn’t need to set up a database.

Steps to install from source code

$ git clone git://github.com/ansible/ansible.git --recursive
$ cd./ansible // use Bash: $source/hacking/env-setup // Use Fish: $.. /hacking/env-setup.fishCopy the code

Yum source installation

$ sudo yum install ansible
Copy the code

Apt to install

$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update
$ sudo apt-get install ansible
Copy the code

Management of the machine

Edit machine list

Modify the /etc/ansible/hosts list

[test] 10.10.100.205:22 ANsible_sSH_user =sl ansible_sSH_pass =1 10.10.100.230:22 ANsible_sSH_user = SL ansible_sSH_pass =1Copy the code

Here I used the username and password connection, of course, the official does not recommend this connection, the following describes the certificate connection. If a message is displayed indicating that sshPass cannot be found, install it.

yum install sshpass
Copy the code

You can also add them as groups, such as:

[test] 10.10.100. [1-10] server [1-10] [a-z]. Company.comCopy the code

Each of these represents a group of machines.

The other parameters

Ansible_ssh_host Name of the remote host to connect to. Ansible_ssh_port SSH port number if the host alias is different from the one you want. Ansible_ssh_pass SSH password (this is not a secure method and we strongly recommend using --ask-pass or SSH key) Ansible_sudo_exe (new in version 1.8) sudo (this is not a secure method and we strongly recommend --ask-sudo-pass) Command path (applicable to 1.8 and later versions) ANSIBle_Connection Connection type of the host. For example, local, SSH, or paramiko. Ansible uses paramiko by default before 1.2. After 1.2,'smart' is used. Ansible_ssh_private_key_file Private key file used by SSH. Ansible_shell_type Specifies the shell type of the target system. By default, the command is executed using the 'sh' syntax, which can be set to either 'CSH' or 'fish'.anSIBLE_PYTHon_interpreter The Python path of the target host. Use when there are more than one Python on the system, or when the command path is not "/usr/bin/python", such as \*BSD, or /usr/bin/pythonCopy the code

Add machines based on certificate authentication

The SSH key pair is generated on the control host

ssh-keygen -t rsa
Copy the code

Go all the way down and execute

SSH /id_rsa.pub [email protected] ssh-copy-id -i ~/. SSH /id_rsa.pub [email protected] ssh-copy-id -i ~ /. SSH/id_rsa. Pub [email protected]Copy the code

Simple to use

Listing files

ansible test -a "ls "
Copy the code

Test whether the machine works

[sl@localhost ~]# ansible test -m ping10.10.100.205 | SUCCESS = > {"changed": false."failed": false."ping": "pong"} 10.10.100.230 | SUCCESS = > {"changed": false."failed": false."ping": "pong"
}

Copy the code

Other commands

Execute remote command
# ansible test -m command -a 'uptime'

# Execute the master terminal script
# ansible test -m script -a '/etc/ansible/script/test.sh'

Execute scripts for remote hosts
# ansible test -m shell -a 'ps aux|grep zabbix'

Similar to # shell
# ansible test -m raw -a "ps aux|grep zabbix|awk '{print \$2}'"

Create soft link
# ansible test -m file -a "src=/etc/resolv.conf dest=/tmp/resolv.conf state=link"

Delete soft links
# ansible test -m file -a "path=/tmp/resolv.conf state=absent"

Copy files to remote server
# ansible test -m copy -a "src=/etc/ansible/ansible.cfg dest=/tmp/ansible.cfg owner=root group=root mode=0644"
Copy the code

The use of the device

The Playbook is a completely different approach to adhoc task execution, and it’s particularly powerful. In short, Playbooks is the foundation for a very simple configuration management and multi-machine deployment system, unlike any existing configuration system, and is ideal for deploying complex applications.

Yml grammar

Yml is a relatively concise syntax structure, through the space to control the level, the specific step baidu.

Check whether Apache is up to date

---
- hosts: test
  vars:
    http_port: 80
    max_clients: 200
  remote_user: root
  tasks:
  - name: ensure apache is at the latest version
    yum: name=httpd state=latest
  - name: write the apache config file
    template: src=/srv/httpd.j2 dest=/etc/httpd.conf
    notify:
    - restart apache
  - name: ensure apache is running (and enable it at boot)
    service: name=httpd state=started enabled=yes
  handlers:
    - name: restart apache
      service: name=httpd state=restarted

Copy the code

Save as test.yml and run

ansible-playbook test.yml
Copy the code

Basic structure of YML

-host: test remote_user: tasks: -task1 module_name: module_args -task 2 handlers: – The handler1-Handler2 hosts line is a list of one or more groups or host modes, colon-separated, for each task defined by remote users:

- hosts: webservers remote_user: root tasks: - name: test connection ping: remote_user: yournameCopy the code

Tasks are divided into service, Command, shell, etc. :

tasks:
  - name: make sure apache is running
    service: name=httpd state=started
    
tasks:
  - name: enable selinux
    command: /sbin/setenforce 1
    
tasks:
  - name: run this command and ignore the result
    shell: /usr/bin/somecommand || /bin/true
    
tasks:
  - name: run this command and ignore the result
    shell: /usr/bin/somecommand
    ignore_errors: True
    
tasks:
    - name: restart everything
      command: echo "this task will restart the web services"
      notify: "restart web services"
Copy the code

Install Nginx using the PlayBook

Write the sh script vim nginx-install.yml to install nginx

- hosts: test
  vars:
    http_port: 80
    max_clients: 200
  remote_user: root
  tasks:
  - name: copy nginx-install.sh to client
    copy: src=nginx-install.sh dest=/tmp/nginx-install.sh
  - name: chomd a+x
    shell: chmod +x /tmp/nginx-install.sh
  - name: install nginx
    shell: /tmp/nginx-install.sh

Copy the code

Perform ansible – the playbook

[shaolei@localhost ~]# ansible-playbook nginx-install.yml 
Copy the code

[shaolei@localhost html]# ps -ef |grep nginx
shaolei      2477 31369  0 13:09 pts/0    00:00:00 grep --color=auto nginx
Copy the code

conclusion

In general, Ansible is very powerful and suitable for most scenarios in most companies. This article introduces the basic usage of Ansible and some simple practices of Playbook scripts. Of course, if you are familiar with Python, you can also use Python to write various operations commands that are suitable for your own company.