Ansible automated operations tools in Linux

1.ansible Introduction
Ansible is an automated operations tools, based on the development of Python, the collection of the advantages of many operations tools (puppet,cfengine,chef,func,fabric), the implementation of batch system configuration, batch program deployment, batch Run command and other functions.
Ansible is a module-based operation and does not have the capacity to deploy in bulk. The real batch deployment is the module that Ansible runs, and Ansible just provides a framework. Mainly include:
(1) Connection plug-in connection plugins: responsible for and be monitored to achieve communication;
(2) Host Inventory: Specifies the operation of the host, is a configuration file inside the definition of monitoring host;
(3) Various modules Core module, command module, custom module;
(4) Through the use of plug-ins to complete log mail and other functions;
(5) Playbook: When a script performs multiple tasks, it must not be possible for the node to run multiple tasks at once.

2.ansible Frame Composition:

3.ansible Configuration
Configuration file Description
/etc/ansible/ansible.cfg ansible Master configuration file
/etc/ansible/hosts Controlled Host Inventory
Managed Host Inventory Configuration method:
Grouping configuration
IP configuration
Domain Configuration
Wildcard configuration
Ansible through SSH to control the remote host, so to configure SSH trust, otherwise you will be prompted to enter the password.

4.ansible Common Module Use detailed
Ansible Common modules are:
Ping
Yum
Template
Copy
User
Group
Service
Raw
Command
Shell
Script
Ansible Common Module Raw,command,shell differences:
/bin/sh instruction execution for Shell module invocation
Command module is not the command of the calling shell, all environment variables without bash
Raw many places are similar to shells, and more places are recommended to use shell and command modules. However, if you use the old version of Python, you need to use raw, or the client is a router, because the Python module is not installed, then you need to use the raw module

5. Description of the environment:

Server	IP
Ansible Server	192.168.209.12
Managed server	192.168.209.13

   //添加受控主机[[email protected] ~]# vim /etc/ansible/hosts 【lanzhiyong】192.168.209.13//互信秘钥[[email protected] ~]# ssh-keygen -t rsa    [[email protected] ~]# ssh-copy-id 192.168.209.13

6.ansible installation

//配置yum源[[email protected] ~]# cd /etc/yum.repos.d/[[email protected] yum.repos.d]# curl -o 163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo   [[email protected] yum.repos.d]# sed -i ‘s/\$releasever/7/g‘ /etc/yum.repos.d/163.repo [[email protected] yum.repos.d]# sed -i ‘s/^enabled=.*/enabled=1/g‘ /etc/yum.repos.d/163.repo [[email protected] ~]# yum -y install epel-release[[email protected] ~]# yum -y install ansible ansible-doc[[email protected] ~]# ansible --versionansible 2.6.3         config file = /etc/ansible/ansible.cfg         configured module search path = [u‘/root/.ansible/plugins/modules‘, u‘/us r/share/ansible/plugins/modules‘]         ansible python module location = /usr/lib/python2.7/site-packages/ansible                      executable location = /usr/bin/ansible                      python version = 2.7.5 (default, May 3 2017, 07:55:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-14)]

7.ansible How to get help
Ansible to obtain help information through the Ansible-doc command, you can use the-s option of this command to obtain help for the specified module.
Querying the Help documentation for the ping module

[[email protected] ~]# ansible-doc -s ping- name: Try to connect to host, verify a usable python and return `pong‘ on successping:       data:                  # Data to return for the `ping‘ return value. If this                                    parameter is set to                                    `crash‘, the module will                                    cause an                                    exception.

Ping of 8.ansible common modules
The ping module is used to check whether the specified node machine is connected, the usage is simple and does not involve parameters, if the host is online. Then reply pong

[[email protected] ~]# ansible lanzhiyong -m ping192.168.209.13 | SUCCESS => {          "changed": false,          "ping": "pong" }

The command module of the

9.ansible Common module is used to execute commands on the remote host, and ansible by default is the command module. The
Command module has a flaw in the ability to use the pipeline to conform to redirection.

View the/tmp directory contents of the managed host [[email protected] ~]# ansible lanzhiyong-a ' ls/tmp ' 192.168.209.13 | SUCCESS | Rc=0 >>ansible_ Oul4esbad-blocks.txtcrontab.c055bofile1systemd-private-8499d6b3f392482c9040befd22b10899-vgauthd.service-7npbzssystemd-pri vate-8499d6b3f392482c9040befd22b10899-vmtoolsd.service-e69swb//Create a new file under the/tmp directory of the managed host test[[email protected] ~ ]# ansible lanzhiyong-a ' touch/tmp/test ' [WARNING]: Consider using the file module with State=touch rather than running T  Ouch. If youneed to use command because file was insufficient you can add Warn=false to this command task Orset command_warnings= False in ansible.cfg to get rid of this message.192.168.209.13 | SUCCESS | Rc=0 >>//command module does not support pipe characters and does not support redirection [[email protected] ~]# ansible lanzhiyong-a ' echo "I love China" >/tmp/tes T ' 192.168.209.13 | SUCCESS | Rc=0 >>i love >/tmp/test[[email protected] ~]# ansible lanzhiyong-a ' cat/tmp/test ' 192.168.209.13 | SUCCESS | Rc=0 >>[[email protected] ~]# ansible lanzhiyong-a ' ps-ef|grep ssh ' 192.168.209.13 | FAILED | Rc=1 >>error:unsupported SysV optionusage:ps [options] Try ' PS--help <simple|list|output|threads|misc|al L> ' or ' PS--help <s|l|o|t|m|a> ' for additional help text. For more details see PS (1). Non-zero Return code

10.ansible Common Module Raw
Raw modules are used to execute commands on remote hosts, which support pipe and redirect

//支持重定向[[email protected] ~]# ansible lanzhiyong -m raw -a ‘echo "I Love china" > /tmp/test‘192.168.209.13 | SUCCESS | rc=0 >>Shared connection to 192.168.209.13 closed.[[email protected] ~]# ansible lanzhiyong -a ‘cat /tmp/test‘192.168.209.13 | SUCCESS | rc=0 >>I Love china//支持管道符[[email protected] ~]# ansible lanzhiyong -m raw -a ‘ps -ef|grep ssh‘192.168.209.13 | SUCCESS | rc=0 >>root       3287      1  0 07:54 ?        00:00:00 /usr/sbin/sshd -Droot       7688   3287  0 14:07 ?        00:00:00 sshd: [email protected]/1root       8461   3287 23 16:40 ?        00:00:00 sshd: [email protected]/0root       8464   8461  0 16:40 pts/0    00:00:00 bash -c ps -ef|grep sshroot       8476   8464  0 16:40 pts/0    00:00:00 grep sshShared connection to 192.168.209.13 closed.

11.ansible shell of common modules
The shell module is used to execute scripts on the managed machine and execute commands directly on the managed machine.
Shell modules also support piping and redirection

//查看受控机上的脚本[[email protected] ~]# mkdir /scripts[[email protected] ~]# vim /scripts/test.sh#!/bin/bashfor i in $(seq 10);do           echo $idone[[email protected] ~]# ll /scripts/总用量 4-rw-r--r--. 1 root root 49 9月  10 16:53 test.sh//使用shell模块在ansible主服务器上执行受控服务器上 的脚本[[email protected] ~]# ansible lanzhiyong -m shell -a ‘/bin/bash /scripts/test.sh‘192.168.209.13 | SUCCESS | rc=0 >>12345678910

Script of 12.ansible Common module
Script module for executing scripts on the Ansible host on the managed machine

[[email protected] ~]# mkdir /scripts[[email protected] ~]# vim /scripts/lan.sh#!/bin/bashfor i in $(cat /etc/passwd);do          echo $i          echo ‘---------------‘done[[email protected] ~]# ansible lanzhiyong -m script -a ‘/scripts/lan.sh &> /tmp/lan‘192.168.209.13 | SUCCESS => {          "changed": true,          "rc": 0,          "stderr": "Shared connection to 192.168.209.13 closed.\r\n",          "stderr_lines": [                  "Shared connection to 192.168.209.13 closed."          ],           "stdout": "",           "stdout_lines": []   }//查看受控机上的/tmp/lan文件是否存在[[email protected] ~]# ansible lanzhiyong -a ‘cat /tmp/lan‘192.168.209.13 | SUCCESS | rc=0 >>root:x:0:0:root:/root:/bin/bash---------------bin:x:1:1:bin:/bin:/sbin/nologin---------------daemon:x:2:2:daemon:/sbin:/sbin/nologin---------------adm:x:3:4:adm:/var/adm:/sbin/nologin---------------………………此处省略

Template of 13.ansible common modules
The template module is used to generate a module and transfer it to a remote host

//下载一个163的yum源文件并开启此源[[email protected] ~]# cd /etc/yum.repos.d/[[email protected] yum.repos.d]# curl -o 163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo [[email protected] yum.repos.d]# sed -i ‘s/\$releasever/7/g‘ /etc/yum.repos.d/163.repo [[email protected] yum.repos.d]# sed -i ‘s/^enabled=.*/enabled=1/g‘ /etc/yum.repos.d/163.repo //将设置好的163源传到受控主机[[email protected] ~]# ansible lanzhiyong -m template -a ‘src=/etc/yum.repos.d/163.repo dest=/etc/yum.repos.d/163.repo‘//查看受控机上是否有163源[[email protected] ~]# ls /etc/yum.repos.d/163.repo  lanzhiyong.repo

The Yum
Yum module for the

14.ansible Common module is used to manage software on the specified node machine via yum, which supports two main parameters
Name: Package name to manage
State: What to do
Value commonly used by state:
Latest: Install software
installed: Install software
present: Install software
removed: Uninstall software
Absent: Uninstall software
If you want to use Yum to manage your software, Make sure the Yum source on the managed machine is no exception.

//在受控机上查询看vsftpd软件是否安装[[email protected] ~]# ansible lanzhiyong -m shell -a ‘rpm -qa|grep vsftpd‘[WARNING]: Consider using the yum, dnf or zypper module rather than running rpm.  If you needto use command because yum, dnf or zypper is insufficient you can add warn=False to thiscommand task or set command_warnings=False in ansible.cfg to get rid of this message.192.168.209.13 | FAILED | rc=1 >>non-zero return code//在ansible主机上使用yum模块在受控机上安装vsftpd[[email protected] ~]# ansible lanzhiyong -m yum -a ‘name=vsftpd state=present‘192.168.209.13 | SUCCESS => {            "changed": true,            "msg": "",            "rc": 0,            "results": [//查看受控机是否安装了vsftpd[[email protected] ~]# rpm -qa|grep vsftpdvsftpd-3.0.2-22.el7.x86_64

Copy of 15.ansible common modules
Copy module remote managed machine for copying files

[[email protected] ~]# ls /etc/ansible/scripts/a.sh[[email protected] ~]# ansible lanzhiyong -m copy -a ‘src=/etc/ansible/scripts/a.sh dest=/scripts/‘192.168.209.13 | SUCCESS => {         "changed": false,         "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",         "dest": "/scripts/a.sh",         "gid": 0,         "group": "root",         "mode": "0644",         "owner": "root",         "path": "/scripts/a.sh",         "secontext": "system_u:object_r:default_t:s0",         "size": 0,         "state": "file",         "uid": 0 }//查看受控机是否复制过去了[[email protected] ~]# ansible lanzhiyong -m shell -a ‘ls /scripts‘192.168.209.13 | SUCCESS | rc=0 >>a.shtest.sh

Group of 16.ansible Common modules
The group module is used to add or remove groups on the managed machine

//在受控机上添加系统组，其gid为306，组名为mysql[[email protected] ~]# ansible lanzhiyong -m group -a ‘name=mysql system=yes gid=306 state=present‘192.168.209.13 | SUCCESS => {        "changed": false,        "gid": 306,        "name": "mysql",        "state": "present",        "system": true}[[email protected] ~]# ansible lanzhiyong -a ‘grep mysql /etc/group‘192.168.209.13 | SUCCESS | rc=0 >>mysql:x:306://删除受控机上的mysql组[[email protected] ~]# ansible lanzhiyong -m group -a ‘name=mysql state=absent‘192.168.209.13 | SUCCESS => {       "changed": false,       "name": "mysql",       "state": "absent" }[[email protected] ~]# ansible lanzhiyong -m shell -a ‘grep mysql /etc/group‘192.168.209.13 | FAILED | rc=1 >>non-zero return code

User of 17.ansible Common modules
User module is used to manage the managed computer account

Add a system user on the managed machine, username Mysql,uid 306, set its shell to/sbin/nologin, no home directory [[email protected] ~]# ansible lanzhiyong-m user -A ' name=mysql uid=306 system=yes create_home=no shell=/sbin/nologin state=present ' 192.168.209.13 | SUCCESS = {"Changed": true, "comment": "", "Create_home": false, "group": 306, "ho Me ":"/home/mysql "," name ":" MySQL "," Shell ":"/sbin/nologin "," state ":" Present "," System ": t Rue, "UID": 306}[[email protected] ~]# ansible lanzhiyong-m shell-a ' grep mysql/etc/passwd ' 192.168.209.13 | SUCCESS | rc=0 >>mysql:x:306:306::/home/mysql:/sbin/nologin//Modify MySQL user uid to 386[[email protected] ~]# ansible Lanzhiyong-m user-a ' name=mysql uid=386 ' 192.168.209.13 | SUCCESS = {"Append": false, "changed": true, "comment": "", "group": 306, "ho Me ":"/home/mysql "," Move_home ": false," name ":" MySQL "," Shell ":"/sbin/nologin "," StAte ":" Present "," UID ": 386}[[email protected] ~]# ansible lanzhiyong-m shell-a ' grep mysql/etc/passwd ' 192 .168.209.13 | SUCCESS | rc=0 >>mysql:x:386:306::/home/mysql:/sbin/nologin//Delete the MySQL user on the managed machine [[email protected] ~]# ansible Lanzhiyong-m user-a ' name=mysql state=absent ' 192.168.209.13 | SUCCESS = {"Changed": True, "force": false, "name": "MySQL", "remove": false, "state": "Absent"}[[email protected] ~]# ansible lanzhiyong-m shell-a ' grep mysql/etc/passwd ' 192.168.209.13 | FAILED | Rc=1 >>non-zero Return code

Service of 18.ansible Common modules
service modules for managing services on managed machines

 See if the VSFTPD service on the managed machine starts [[email protected] ~]# ansible lanzhiyong-m shell-a ' systemctl is-active vsftpd ' 192.168.209 .13 | FAILED | Rc=3 >> Unknownnon-zero return code//start the VSFTPD service on the managed machine [[email protected] ~]# ansible lanzhiyong-m service-a ' n AME=VSFTPD state=started ' 192.168.209.13 |                    SUCCESS = {"Changed": True, "name": "VSFTPD", "state": "Started", "status": { "Activeentertimestampmonotonic": "0", ... Omit//See if the VSFTPD service on the managed machine starts [[email protected] ~]# ansible lanzhiyong-m shell-a ' systemctl is-active vsftpd ' 192.16 8.209.13 | SUCCESS | Rc=0 >>active//See if the VSFTPD service on the managed machine starts automatically [[email protected] ~]# ansible lanzhiyong-m shell-a ' Systemctl is-enabled vsftpd ' 192.168.209.13 | SUCCESS | Rc=0 >>enabled//Setting up the VSFTPD service on the managed machine boot up automatically [[email protected] ~]# ansible lanzhiyong-m service-a ' name=vsftpd Enabled=yes ' 192.168.209.13 | SUCCESS = {"Changed": false, "Enabled": TRUE, "name": "Vsftpd", "status": {"Activeentertimestamp": "One 2018-09-10 19:43:22 CST",//Stop VSFTPD service on the Stop control machine [[email protected] ~]# ansible lanzhiyong-m service-a ' name=vsftpd state=stopped ' 192.168.209.13 | SUCCESS = {"Changed": True, "name": "VSFTPD", "state": "Stopped", "status": {"Act Iveentertimestamp ":" One 2018-09-10 19:43:22 CST ",//To see if the VSFTPD service is stopped [[email protected] ~]# ansible lanzhiyong-m Shell -A ' systemctl is-active vsftpd ' 192.168.209.13 | FAILED | Rc=3 >>inactivenon-zero return code[[email protected] ~]# ansible lanzhiyong-m shell-a ' ss-antl ' 192.168.209 .13 | SUCCESS | Rc=0 >>state recv-q send-q Local address:port Peer address:portlisten 0 128 *:1 One *:* LISTEN 0 *:22 *:* LISTEN 0 64 *:4               0154 *:* LISTEN 0 64 *:2049      *:* LISTEN 0::: 111:::* LISTEN 0 128::: 22 :::* LISTEN 0::: 2049:::*

Ansible automated operations tools in Linux