Ansible operation and maintenance Automation (I.)

The ansible only needs to be run on a common server and does not require the client to be installed on the managed server. Because it is SSH-based, the Linux server cannot be separated from SSH, so ansible does not need to add additional support for the configuration work. You can use ansible from the command line, the server running ansible is commonly referred to as "Management node", and the server managed by Ansible is commonly known as "controlled node".

Ansible Advantages: 1) Lightweight, do not need to go to the client Installation Agent, update, only need to perform an update on the operating machine, the use of SSH protocol.
2) Bulk task execution can be written as a script and can be executed without being distributed to the remote.
3) written in Python, maintenance is simpler.
4) Support sudo general user commands.

1. Installing Ansible

CentOS can be installed directly using Yum, install Epel source code before installation.

2. Configure Ansible

Ansible default profile: ll /etc/ansible/ total 20 -rw-r--r-- 1 root root 8347 Jul 8 11:14 ansible.cfg -rw-r--r-- 1 root root 106 Jul 8 16:45 hosts drwxr-xr-x 2 root root 4096 Jul 8 11:13 roles ansible.cfg ansible configuration file

Hosts define hosts, support IP and domain names, and support grouping. There are static and dynamic points. Dynamic hosts follow-up introduction

Simple hosts: [Test] 172.20.9.141 ansiblesshuser=root ansiblesshpass=xxxxx [test2]
172.20.9.145 ansiblesshuser=root ansiblesshpass=xxxxx ansiblesshport=22222 [local] 127.0.0.1 ansiblesshuser=root ansiblesshpass=xxxxx [test3] 172.16.10.125:55536 ansibleSSH user=root ansiblesshpass=xxxxx [test4] 172.16.10.126:55536 ansiblesshuser=root ansible SSHpass=xxxxx

Test group Information 172.20.9.141 the IP ansiblesshuser=root ansible ssh in this group uses the root user ansiblesshpass password ansible SSHport=22222 Remote port free key configuration: Do SSH key authentication to copy the key of your SSH user to the machine in the group.

3. Ansible Common Module Demonstration Common parameters Introduction

-U with what user executes the command on the remote host. By default, Root-i is used to specify the inventory file, which is the host manifest file by default HOSTS-M module specifies which module to use to run the default command module-a specified module parameters, each module has the corresponding module parameter-F 10 Specifies the number of concurrent, high concurrency when the value can be Modifying a configuration file
-K Prompt to enter password

Ansible-i/etc/ansible/hosts test-u root-m command-a ' ls-l/home '-K

172.20.9.141 | Success | Rc=0 >> Total drwxr-xr-x. 6 git git 4096 Jul 21:33 git drwxr-xr-x. 2 Gitlabci gitlabci 4096 Jul 18:10 gitlab_ci drwx------. 2 root root 16384 Jul 02:13 lost+found drwx------. 5 www www 4096 Jul 06:44 www

Ansible test-a ' ls-l/home ' This is shorthand for the previous command.

Ansible-doc-l View all your own modules

3.1 File Module

The file module contains the following options: Force: A soft link needs to be forced in both cases, one where the source file does not exist but is then established, the other is the target soft link already exists, the previous soft chain needs to be canceled first, and then a new soft chain is created with two options: Yes|no Group: Define the genus of files/Directories mode: Define permissions for files/directories owner: Define file/Directory Master path: Required option, define path to File/directory recurse: Recursive settings file properties, only valid for directory SRC: The path of the source file to be linked, Conditions that apply only to State=link dest: The path that is linked to, applies only to State=link situations state:directory: If the directory does not exist, create a directory file: Even if the file does not exist, it will not be created link: Create a soft link Hard: Create rigid link touch: If the file does not exist, a new file is created, and if the file or directory already exists, update its last modified time absent: example of deleting a directory, file, or unlinked file:ansible test -m file -a ‘src=/etc/fstab dest=/tmp/fstab state=link‘ 172.20.9.141 | success >> { "changed": true, "dest": "/tmp/fstab", "gid": 0, "group": "root", "mode": "0777", "owner": "root", "size": 10, "src": "/etc/fstab", "state": "link", "uid": 0 }

ansible test -m file -a ‘path=/tmp/abc state=directory‘ 172.20.9.141 | success >> { "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/abc", "size": 4096, "state": "directory", "uid": 0 }

3.2 Copy Module

Copying files to the remote host copy module contains the following options: Backup: Back up the original file before overwriting, the backup file contains the time information. There are two options: yes|no content: Used instead of "src", you can directly set the value of the specified file dest: Required option. To copy the source file to the absolute path of the remote host, if the source file is a directory, then the path must also be a directory Directory_mode: Recursively set the permissions of the directory, default to the system default permissions force: If the target host contains the file, but the content is different, if set to Yes, Then the overwrite is enforced, and if no, the file is copied only if the target location for the destination host does not exist. The default is yes others: all options in the file module can be used here SRC: The local address of the file to be copied to the remote host, either an absolute path or a relative path. If the path is a directory, it will be replicated recursively. In this case, if the path ends with "/", only the contents of the directory are copied, and if "/" is not used to end, the entire content, including the directory, is copied, similar to rsync. Validate:the Validation command to run before copying into place. The path to the file to validate was passed in via '%s ' which must was present as in the Visudo example below. Example:ansible test -m copy -a "src=/root/is143 dest=/tmp/is143 owner=root group=root mode=0644" 172.20.9.141 | success >> { "changed": true, "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "dest": "/tmp/is143", "gid": 0, "group": "root", "md5sum": "d41d8cd98f00b204e9800998ecf8427e", "mode": "0644", "owner": "root", "size": 0, "src": "/root/.ansible/tmp/ansible-tmp-1445325647.87-130157182838705/source", "state": "file", "uid": 0 }If the contents of the file are not modified, the Execute command does not update the file because the MD5 value is updated if the file content is updated and the Run command updates the file

3.3 Command Module

creates：一个文件名，当该文件存在，则该命令不执行free_form：要执行的linux指令chdir：在执行指令之前，先切换到该指定的目录removes：一个文件名，当该文件不存在，则该选项不执行executable：切换shell来执行指令，该执行路径必须是一个绝对路径

Example:ansible test -a ‘pwd chdir=/etc‘ 172.20.9.141 | success | rc=0 >> /etc

3.4 Shell Module

and command-like support pipeline "[[email protected] ~]# ansible test-m shell-a" chdir=/etc find./-name "hosts"-type f |awk-f '/' ' {print $} ' 172.20.9.141 | Success | Rc=0 >>/hosts./ansible/hosts

[[email protected] ~]# ansible test-a "chdir=/etc Find/-name" hosts "-type f |awk-f '/' {print $} '"
172.20.9.141 | FAILED | Rc=1 >> find:paths must precede expression: |awk Usage:find [-h] [-l] [-P] [-olevel] [-D Help|tree|search|stat|rat ES|OPT|EXEC] [path ...] [Expression] "

3.5 Service Module

For Management Services The module contains the following options: arguments: Provides some options for the command line enabled: Boot Yes|no name: Required, service Name pattern: Defines a pattern that does not respond if the status command is used to view the state of the service , it will be found in the process based on the PS instruction, and if it matches, the service is still running RunLevel: Run level sleep: If restarted is executed, a few seconds between stop and start state: Start the current service execution, Examples of operations such as stop, restart, reload, and so on (started,stopped,restarted,reloaded):ansible test -m service -a "name=sshd state=started enabled=yes runlevel=3,5" 172.20.9.141 | success >> { "changed": true, "enabled": true, "name": "sshd", "state": "started" }

ansible test -m service -a "name=network state=restarted args=eth0" 172.20.9.141 | success >> { "changed": true, "name": "network", "state": "started" }

3.6 Synchronize Module

Sync files with rsync archive checksum delete #yes dest target directory src source directory destPort Compress=yes on compression, default to existingOnly:skip CR eateing new files on receiver links owner mode: (Push, pull) push mode for draw mode and push mode recursive Rsync_path Times:preserve modificatio N Times Example:

3.7 Get_url Module

Download moduleansible test -m get_url -a "dest=/tmp url=http://nginx.org/download/nginx-1.9.5.tar.gz" 172.20.9.141 | success >> { "changed": true, "checksum": "669f1653f539358ad1d1b8281041f962597ec637", "dest": "/tmp/nginx-1.9.5.tar.gz", "gid": 0, "group": "root", "md5sum": "2562320f1535e3e31d165e337ae94f21", "mode": "0644", "msg": "OK (884023 bytes)", "owner": "root", "sha256sum": "", "size": 884023, "src": "/tmp/tmpe6NYWN", "state": "file", "uid": 0, "url": "http://nginx.org/download/nginx-1.9.5.tar.gz" }

3.8 Script Module

Remote machine Execution Ansible Local script172.20.9.141 | Success >> {"Changed": True, "RC": 0, "stderr": "Openssh_5.3p1, OpenSSL 1.0.1e-fips" 2013\ndebug1:reading Co Nfiguration data/etc/ssh/ssh_config\r\ndebug1:applying options for *\r\ndebug1:auto-mux:trying existing master\r\ Ncontrol socket Connect (/root/.ansible/cp/ansible-ssh-172.20.9.141-22-root): Connection refused\r\ndebug1: Connecting to 172.20.9.141 [172.20.9.141] Port 22.\R\NDEBUG1:FD 3 clearing o_nonblock\r\ndebug1:connection established. \r\ndebug1:permanently_set_uid:0/0\r\ndebug1:identity file/root/.ssh/identity type-1\r\ndebug1:identity File/root /.ssh/identity-cert type-1\r\ndebug1:identity file/root/.ssh/id_rsa Type 1\r\ndebug1:identity file/root/.ssh/id_ Rsa-cert type-1\r\ndebug1:identity FILE/ROOT/.SSH/ID_DSA type-1\r\ndebug1:identity file/root/.ssh/id_dsa-cert Type- 1\r\ndebug1:identity FILE/ROOT/.SSH/ID_ECDSA type-1\r\ndebug1:identity File/root/.ssh/id_ecdsa-cert type-1\r\ Ndebug1:remote Protocol version 2.0, Remote Software version openssh_5.3\r\ndebug1:match:openssh_5.3 Pat openssh*\r\ndebug1:enabling compatibility mode for PROTOC OL 2.0\r\ndebug1:local Version string Ssh-2.0-openssh_5.3\r\ndebug1:ssh2_msg_kexinit sent\r\ndebug1:ssh2_msg_ Kexinit received\r\ndebug1:kex:server->client aes128-ctr hmac-md5 [email protected]\r\ndebug1:kex:client- >server aes128-ctr hmac-md5 [Email protected]\r\ndebug1:ssh2_msg_kex_dh_gex_request (1024<1024<8192) Sent\r\ndebug1:expecting Ssh2_msg_kex_dh_gex_group\r\ndebug1:ssh2_msg_kex_dh_gex_init sent\r\ndebug1:expecting Ssh2_msg_kex_dh_gex_reply\r\ndebug1:host ' 172.20.9.141 ' is known and matches the RSA Host key.\r\ndebug1:found key in/r Oot/.ssh/known_hosts:2\r\ndebug1:ssh_rsa_verify:signature Correct\r\ndebug1:ssh2_msg_newkeys SENT\R\NDEBUG1: Expecting Ssh2_msg_newkeys\r\ndebug1:ssh2_msg_newkeys received\r\ndebug1:ssh2_msg_service_request sent\r\ndebug1: Ssh2_msg_service_accept received\r\ndebug1:authentications that can COntinue:publickey,gssapi-keyex,gssapi-with-mic,password\r\ndebug1:next Authentication method:password\r\ndebug1: Enabling compression at level 6.\r\ndebug1:authentication succeeded (password). \r\ndebug1:setting up Multiplex master so Cket\r\ncontrolsocket/root/.ansible/cp/ansible-ssh-172.20.9.141-22-root already exists, disabling multiplexing\r\ Ndebug1:channel 0:new [client-session]\r\ndebug1:requesting [email protected]\r\ndebug1:entering Interactive Session.\r\ndebug1:sending environment.\r\ndebug1:sending env LANG = zh_cn. Utf-8\r\ndebug1:sending Command:lang=c lc_ctype=c/root/.ansible/tmp/ansible-tmp-1445328794.5-82306162559014/h.sh \r\ndebug1:client_input_channel_req:channel 0 Rtype exit-status reply 0\r\ndebug1:client_input_channel_req:channel 0 Rtype [email protected] reply 0\r\ndebug1:channel 0:free:client-session, nchannels 1\r\ndebug1:fd 1 clearing O_NO NBLOCK\R\NDEBUG1:FD 2 clearing o_nonblock\r\nconnection to 172.20.9.141 Closed.\r\ntransferreD:sent 1832, received 2048 bytes, in 0.0 seconds\r\nbytes per Second:sent 176371.2, received 197166.1\r\ndebug1:exit St ATUs 0\r\ndebug1:compress outgoing:raw Data 530, compressed 368, factor 0.69\r\ndebug1:compress Incoming:raw data 114, Compressed, Factor 0.81\r\n "," stdout ":" 141.com\r\n "}There are other common modules I do not introduce the Ansible-doc module-H to see the module help information

Ansible operation and maintenance Automation (I.)