Basic concept of ansible, ad-hoc operations
Basic concept of ansible, ad-hoc operations
Ansible is an automated tool used to manage configuration files and deploy applications.
Very efficient
Through the ssh protocol, mq, database, and agentless do not need to be installed on the client, which is lightweight and has better compatibility.
Ansible common parameters
Concurrency: 10
$ ansible atlanta -a "/sbin/reboot" -f 10
Specify user
$ ansible atlanta -a "/usr/bin/foo" -u username
Ad-hoc tasks
It is generally used to do some one-time work. ansible also supports so-called playbook, a piece of script, which can be retained and reused.
For example, installing a software, opening a service, and executing a command or something.
Let's start with the simplest ping.
1. ping Module
[root@monitor ]# ansible test -m ping120.25.145.42 | success >> { "changed": false, "ping": "pong"}
Simply add the-m parameter to ping the module. He returns two, changed, and ping,
2. shell Module
It is easy to execute a shell command.
For example, echo hello
[root@monitor ~]# ansible test -m shell -a 'echo hello'120.25.145.42 | success | rc=0 >>hello
-A indicates the parameters of the shell module.
3. copy, file transmission module
Copy can remotely transmit local files to the target machine.
For example
[root@monitor ~]# ansible test -m copy -a "src=/etc/hosts dest=/tmp/hosts"120.25.145.42 | success >> { "changed": false, "checksum": "9d85f37d33366a82f2486c304c4c420a214f2aba", "dest": "/tmp/hosts", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "path": "/tmp/hosts", "size": 353, "state": "file", "uid": 0}
The file module can modify the owner, group, and mode of the file.
[root@monitor ~]# ansible test -m file -a " dest=/tmp/hosts owner=nobody"120.25.145.42 | success >> { "changed": true, "gid": 0, "group": "root", "mode": "0644", "owner": "nobody", "path": "/tmp/hosts", "size": 353, "state": "file", "uid": 99}
These parameters can also be uploaded to the copy module. The implementation of the copy module seems to use scp.
4. yum, apt module, and software management module.
Ansible-doc yum
The parameter state indicates installation and uninstallation.
state Whether to install (`present', `latest'), or remove (`absent') a package. (Choices: present, latest, absent) [Default: present]
There are three statuses: present, latest, and absent. The first two are for installation, and the last two are for uninstallation. It's easy to understand.
In use:
[Root @ monitor ~] # Ansible test-m yum-a "name = ntp state = present" 120.25.145.42 | success >>{ "changed": false, "msg": "", "rc ": 0, "results": ["ntp-4.2.6p5-3.el6.centos.x86_64 providing ntp is already installed"]} uninstall: [root @ monitor ~] # Ansible test-m yum-a "name = ntp state = absent" 120.25.145.42 | success >>{ "changed": true, "msg": "", "rc ": 0, "results": ["Loaded plugins: refresh-packagekit, security \ nSetting up Remove Process \ nResolving Dependencies \ n --> Running transaction check \ n ---> Package ntp. x86_64 0: 4. 2.6p5-3. el6.centos will be erased \ n --> Finished Dependency Resolution \ n \ nDependencies Resolved \ n ============ ========================================================== =================================\ N Package Arch Version Repository Size \ n ============ ========================================================== =================================\ nRemoving: \ n ntp x86_64 4.2.6p5-3. el6.centos @ updates 1.6 M \ n \ nTransaction Summary \ n ======================== ========================================================== ===============\ nRemove 1 Package (s) \ n \ nInstalled size: 1.6 M \ nDownl Oading Packages: \ nRunning rpm_check_debug \ nRunning Transaction Test \ nTransaction Test Succeeded \ nRunning Transaction \ n \ r Erasing: ntp-4.2.6p5-3.el6.centos.x86_64 1/1 \ nwarning:/etc/ntp. conf saved as/etc/ntp. conf. rpmsave \ nUnable to connect to nation \ n \ r Verifying: ntp-4.2.6p5-3.el6.centos.x86_64 1/1 \ n \ nRemoved: \ n ntp. x86_64 0: 4. 2.6p5-3. el6.centos \ n \ nComplete! \ N "]}
5. User management module
Both users and user groups can be managed.
[root@monitor ~]# ansible test -m user -a "name=ss password='$6$SZpOojUl/UdHCgBZ$cr17itDcLSvLSQnkCrofKUW9k/.TDmJ6rFJZ3pSxKuJ8DquwRpk0OfEuzSIPsRC0xK7RsBM5K/fHEMwyPtX8s/'"120.25.145.42 | success >> { "append": false, "changed": true, "comment": "", "group": 504, "home": "/home/ss", "move_home": false, "name": "ss", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "uid": 503}
The password parameter is sha512 encrypted,
It can be generated using grub-crypt or python modules.
python -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(getpass.getpass())"
Detailed can see http://docs.ansible.com/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module
[root@monitor install-zabbix-playbook]# ansible test -m user -a 'name=fuck password="$6$rounds=40000$M.jOLGeGue3hPdYb$FTaslz1igc8IKi7TolGxkDrr9XSRLPT0QXtgwRCqac9XsTEqmWagxLY.1s8oQMjuQUI6hlK/DyFb3Kxye5nar0"'120.25.145.42 | success >> { "append": false, "changed": true, "comment": "", "group": 506, "home": "/home/fuck", "move_home": false, "name": "fuck", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "uid": 505}
Check whether the modification is successful
[root@iZ94wi1x5hoZ ~]# cat /etc/shadow|grep -E 'fuck|root'root:$6$AXHXCLyd$vXQw0C/WuHqEM0htW/c9lGAW03Gm8NXnUD9MSHvz9kjBoqqL/AvhxWBX2/NhAXemFtgJPGUYsP0A8hXDMUgns0:16579:0:99999:7:::fuck:$6$rounds=40000$M.jOLGeGue3hPdYb$FTaslz1igc8IKi7TolGxkDrr9XSRLPT0QXtgwRCqac9XsTEqmWagxLY.1s8oQMjuQUI6hlK/DyFb3Kxye5nar0:16583:0:99999:7:::
6. Git Module
Deployment Project
Set a repo. Of course, you must set the git: repo to be authenticated by ssh. Here is an example of https authentication.
[root@monitor install-zabbix-playbook]# ansible test -m git -a "repo=https://code.csdn.net/aca_jingru/tomcat.git dest=/data"120.25.145.42 | success >> { "after": "b11ee2f3471fe647a70a514acb22ecf8b1146628", "before": null, "changed": true}
7. Service Module
Start, stop, restart, And reload. The corresponding four States are as follows:
started stopped restarted reloaded
[root@monitor ~]# ansible test -m service -a "name=httpd state=restarted"120.25.145.42 | success >> { "changed": true, "name": "httpd", "state": "started"}
8. facts detection module
Detects all the basic information on the host. This module is not only used exclusively, but generally used with playbook,
If it is used separately, a filter parameter is usually added. For example, I want to obtain the NIC information:
[root@monitor ~]# ansible test -m setup -a "filter=ansible_eth[0-2]"120.25.145.42 | success >> { "ansible_facts": { "ansible_eth0": { "active": true, "device": "eth0", "ipv4": { "address": "10.116.133.68", "netmask": "255.255.248.0", "network": "10.116.128.0" }, "macaddress": "00:16:3e:00:00:ab", "module": "xen_netfront", "mtu": 1500, "promisc": false, "type": "ether" }, "ansible_eth1": { "active": true, "device": "eth1", "ipv4": { "address": "120.25.145.42", "netmask": "255.255.252.0", "network": "120.25.144.0" }, "macaddress": "00:16:3e:00:18:9b", "module": "xen_netfront", "mtu": 1500, "promisc": false, "type": "ether" } }, "changed": false}