Ansible automatic operation and Maintenance tool deployment and use

I. Introduction of Ansible

1 , Introduction

Ansible is a new automated operation tools, based on Python development, the collection of a number of operations tools (puppet, Cfengine, Chef, func, fabric) The advantages of the implementation of batch system configuration, batch program deployment, batch Run command and other functions. Ansible is a module-based operation and does not have the capacity to deploy in bulk. The real batch deployment is the module that Ansible runs, and Ansible just provides a framework. Mainly include:

(1), connection plug-in connection plugins: responsible for and be monitored to achieve communication;

(2), host Inventory: Specifies the operation of the host, is a configuration file inside the definition of monitoring host;

(3), various modules core module, command module, custom module;

(4), with the help of the plug-in to complete log mail and other functions;

(5), playbook: When a script performs multiple tasks, it is not necessary to allow the node to run multiple tasks at once.

2 , features

(1), no agents: no need to install any client on the managed host;

(2), no server: No servers, the use of direct command can be run;

(3), modules in any languages: Based on module work, can use any language development module;

(4), Yaml,not code: Use the Yaml language to customize the script playbook;

(5), SSH by default: work based on SSH;

(6), strong multi-tier solution: Multi-level command can be achieved.

3 , Advantages
(1), lightweight, no need to install agent on the client, update, only need to make an update on the operator machine;
(2), batch task execution can be written as script, and can be executed without distributing to remote;
(3), write using Python, maintenance is more simple, ruby syntax is too complex;
(4), support sudo.

3 , working process

1. Ansible connecting clients via OpenSSH or Python Pramamiko

2. Push the Ansible module to the client$HOME/.ansible/tmp

3. Execute the Ansible module on the client via SSH

4. Execution complete

5. Delete the Ansible module just pushed past

Second, Ansible Basic installation and configuration

1 , Ansible Basic Installation

(1) , python2.7 installation

Https://www.python.org/ftp/python/2.7.8/Python-2.7.8.tgz

# tar Xvzf python-2.7.8.tgz

# CD Python-2.7.8

#./configure--prefix=/usr/local

# make--jobs= ' grep processor/proc/cpuinfo | Wc-l '

# make Install

# # Copy the Python header file to a standard directory to avoid the need for header files when compiling ansible

# cd/usr/local/include/python2.7

# cp-a./*/usr/local/include/

# # Back up old versions of Python and sign links to new versions of Python

# Cd/usr/bin

# mv Python python2.6

# ln-s/usr/local/bin/python

# # Modify the Yum script to point to an older version of Python that has been prevented from running

# Vim/usr/bin/yum

#!/usr/bin/python-#!/usr/bin/python2.6

(2) , Setuptools Module Installation

Https://pypi.python.org/packages/source/s/setuptools/setuptools-7.0.tar.gz

# tar Xvzf setuptools-7.0.tar.gz

# CD setuptools-7.0

# python setup.py Install

(3) , Pycrypto Module Installation

Https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gz

# tar Xvzf pycrypto-2.6.1.tar.gz

# CD pycrypto-2.6.1

# python setup.py Install

(4) , Pyyaml Module Installation

Http://pyyaml.org/download/libyaml/yaml-0.1.5.tar.gz

# tar Xvzf yaml-0.1.5.tar.gz

# CD yaml-0.1.5

#./configure--prefix=/usr/local

# make--jobs= ' grep processor/proc/cpuinfo | Wc-l '

# make Install

Https://pypi.python.org/packages/source/P/PyYAML/PyYAML-3.11.tar.gz

# tar Xvzf pyyaml-3.11.tar.gz

# CD PyYAML-3.11

# python setup.py Install

(5) , JINJA2 Module Installation

Https://pypi.python.org/packages/source/M/MarkupSafe/MarkupSafe-0.9.3.tar.gz

# tar Xvzf markupsafe-0.9.3.tar.gz

# CD MarkupSafe-0.9.3

# python setup.py Install

Https://pypi.python.org/packages/source/J/Jinja2/Jinja2-2.7.3.tar.gz

# tar Xvzf jinja2-2.7.3.tar.gz

# CD jinja2-2.7.3

# python setup.py Install

(6) , Paramiko Module Installation

Https://pypi.python.org/packages/source/e/ecdsa/ecdsa-0.11.tar.gz

# tar Xvzf ecdsa-0.11.tar.gz

# CD ecdsa-0.11

# python setup.py Install

Https://pypi.python.org/packages/source/p/paramiko/paramiko-1.15.1.tar.gz

# tar Xvzf paramiko-1.15.1.tar.gz

# CD paramiko-1.15.1

# python setup.py Install

(7) , Simplejson Module Installation

Https://pypi.python.org/packages/source/s/simplejson/simplejson-3.6.5.tar.gz

# tar Xvzf simplejson-3.6.5.tar.gz

# CD simplejson-3.6.5

# python setup.py Install

(8) , ansible installation

Https://github.com/ansible/ansible/archive/v1.7.2.tar.gz

# tar Xvzf ansible-1.7.2.tar.gz

# CD ansible-1.7.2

# python setup.py Install

2 , Ansible Configuration

(1) , SSH Key-Free login settings

# Generate public/private key

# ssh-keygen-t Rsa-p '

# # Write the trust file (distribute/root/.ssh/id_rsa.pub to other servers and execute the following instructions on all servers):

# cat/root/.ssh/id_rsa.pub >>/root/.ssh/authorized_keys

# chmod 600/root/.ssh/authorized_keys

(2) , ansible Configuration

# mkdir-p/etc/ansible

# vim/etc/ansible/ansible.cfg

......

Private_key_file =/root/.ssh/id_rsa.pub

......

Copy the files in the examples directory in the Ansible installation package to/etc/ansible

Cp–r examples/*/etc/ansible/

# # Host Group definition

# vim/etc/ansible/hosts

[Linuxserver]

10.6.1.211
10.6.1.213

(3) , simple testing

# ansible linuxserver-m command-a Date

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "alt=" image "src=" http://s3.51cto.com/ Wyfs02/m02/85/b0/wkiom1esoenh-yz3aaczfsbkn3a560.png "border=" 0 "height=" 118 "/>

Note: The first time you run, you need to enter "yes" for public key verification, and no further input.

3 , common module use

(1) , Setup (Facts detection module)

# # to see some basic information about a remote host

# ansible LINUXSERVER-M Setup

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "alt=" image "src=" http://s3.51cto.com/ Wyfs02/m00/85/b0/wkiom1esoeqynoqiaah1x55hsdu739.png "border=" 0 "height=" 378 "/>

The main engine above the basic information to detect the general, this module is generally not used alone, generally with the use of playbook,
The single use of the words generally add a filter filtering parameters, such as I want to obtain network card information:

Ansible linuxserver-m setup-a "filter=ansible_eth[0-1]"

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "alt=" image "src=" http://s3.51cto.com/ Wyfs02/m00/85/af/wkiol1esoevjjmq5aaesiskcdtk166.png "border=" 0 "height=" 384 "/>

(2) , Ping

# # To test the running state of a remote host

# ansible Linux-m Ping

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "alt=" image "src=" http://s3.51cto.com/ Wyfs02/m01/85/b0/wkiom1esoeyg2cbpaadex0mnzsy369.png "border=" 0 "height=" 215 "/>

(3) , file

# # Setting properties of a file

The relevant options are as follows:

Force: There are two cases of forcing the creation of a soft link, one where the source file does not exist, but it will be established later, the other is the target soft link already exists, need to first cancel the previous soft chain, and then create a new soft chain, there are two options: Yes|no

Group: Defines the genus of files/directories

Mode: Define permissions for files/directories

Owner: Defines a file/directory owner

Path: Required option, defines the path to the file/directory

Recurse: Recursive settings file properties, only valid for directory

SRC: The path of the source file being linked, only for the case of State=link

Dest: The path to be linked to only the State=link case

State

Directory: Create directories if the directory does not exist

File: Will not be created even if it does not exist

Link: Create a soft link

Hard: Create a rigid link

Touch: If the file does not exist, a new file is created and the last modified time is updated if the file or directory already exists

Absent: Deleting directories, files, or unlinked files

Example:

# # Remote file Symbolic link creation

# ansible linuxserver-m file-a "src=/etc/my.cnf dest=/tmp/my.cnf state=link"

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "alt=" image "src=" http://s3.51cto.com/ Wyfs02/m01/85/b0/wkiom1esoe2a6pdaaadjr8b1so4838.png "border=" 0 "height=" 285 "/>

# # remote File Information view

# ansible linuxserver-m command-a "Ls-l/tmp/my.cnf"

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "alt=" image "src=" http://s3.51cto.com/ Wyfs02/m02/85/af/wkiol1esoe3gdx9haaacuit18ko147.png "border=" 0 "height="/>

# # Remote file Symbolic link Delete

# aansible linuxserver-m file-a "Path=/tmp/my.cnf state=absent"

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "alt=" image "src=" http://s3.51cto.com/ Wyfs02/m00/85/b0/wkiom1esoe6crzzfaacm2_7v9js449.png "border=" 0 "height=" 157 "/>

# # remote File Information view

# ansible linuxserver-m command-a "Ls-l/tmp/my.cnf"

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "alt=" image "src=" http://s3.51cto.com/ Wyfs02/m02/85/b0/wkiom1esoe_h7unhaacxi8mktpq708.png "border=" 0 "height="/>

Description: As shown above, represents a file or link has been deleted.

(4) , Copy

# # Copy files to a remote host

The relevant options are as follows:

Backup: Before overwriting, the source file is backed up, and the backup file contains the time information. There are two options: Yes|no

Content: Used instead of "src", you can set the value of the specified file directly

Dest: Required option. The absolute path of the remote host to which the source file is to be copied, and if the source file is a directory, the path must also be a directory

Directory_mode: Recursively set permissions for the directory, default to system default permissions

Force: If the target host contains the file, but the content is different, if set to Yes, the override is enforced, and if no, the file is copied only if the target location for the destination host does not exist. The default is Yes

Others: All the options in the file module can be used here

SRC: A local file that is copied to the remote host, either an absolute path or a relative path. If the path is a directory, it will be replicated recursively. In this case, if the path ends with "/", only the contents of the directory are copied, and if "/" is not used to end, the entire content, including the directory, is copied, similar to rsync.

Example:

# # Copy the local file "/ETC/MY.CNF" to the remote server

# ansible linuxserver-m copy-a "src=/etc/my.cnf dest=/tmp/my.cnf owner=root group=root mode=0644"

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "alt=" image "src=" http://s3.51cto.com/ Wyfs02/m00/85/b0/wkiom1esofcdokzcaaetngo9bq8993.png "border=" 0 "height=" 287 "/>

# # remote File Information view

# ansible linuxserver-m command-a "Ls-l/tmp/my.cnf"

(5) , Command

# # Execute commands on the remote host

The relevant options are as follows:

Creates: A filename when the file exists, the command does not execute

Free_form: Linux instructions to execute

ChDir: Before executing the instruction, switch to the directory

Removes: A filename when the file does not exist, this option does not execute

Executable: Switch the shell to execute the instruction, the execution path must be an absolute path

Example:

#ansible linuxserver-m command-a ID

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "alt=" image "src=" http://s3.51cto.com/ Wyfs02/m01/85/b0/wkiom1esofgranvdaadkddxflg0294.png "border=" 0 "height=" 113 "/>

(6) , Shell

# # Switch to a shell to execute the specified instruction, with the same parameters as the command.

Unlike command, this module can support the command pipeline while another module also has this capability: raw

Example:

# # First create a shell script locally

vim/root/cpu.sh

===============================================

#!/bin/bash

#显示当前系统的时间.

echo "System Current time is:" ' Date +%f ""%h:%m:%s "

#显示当前系统的核数

echo "Server CPU Cores:" ' grep processor/proc/cpuinfo | Wc-l '

#显示系统的版本
echo "System version:" ' Lsb_release-a | grep "Description" | Awk-f: ' {print $} '

===============================================

#chmod +x/root/cpu.sh

# # distributes the created script files to the remote

# ansible linuxserver-m copy-a "src=~/cpu.sh dest=/tmp/cpu.sh owner=root group=root mode=0755"

# # Remote Execution

# ansible linuxserver-m shell-a "/tmp/cpu.sh"

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "alt=" image "src=" http://s3.51cto.com/ Wyfs02/m01/85/af/wkiol1esofkgfqnhaaelnmso5u8999.png "border=" 0 "height=" 169 "/>

(7), other

Concurrency of 10. The parameter-F 10 means concurrent, that is, 10 processes running simultaneously, when used, the default is 5, select the appropriate data, so that the system can be processed

Ansible atlanta-a "/sbin/reboot"-F 10

Specify user. By default, Ansible is using the current user, and when you need to use other users, you can use the option-u username, as follows

Ansible atlanta-a "/usr/bin/foo"-u username

When you need to use sudo, you can use the following,--ask-sudo-pass (-K) This option is used to ask for sudo password, if set, if not set, then no need to use

Ansible atlanta-a "/usr/bin/foo"-u username--sudo[--ask-sudo-pass]

You can also execute it on sudo to another user, as follows:

Ansible atlanta-a "/usr/bin/foo"-u username-u Otheruser[--ask-sudo-pass]

(8), YUM,APT module, software Management module.

The main state is the parameter, which represents the installation, uninstallation and so on. On the three states, Present,latest,absent, the first two delegates are installed, and the latter one is unloaded.

For example:

Installing NTP

Ansible linuxserver-m yum-a "NAME=NTP state=present"

Uninstalling NTP

Ansible linuxserver-m yum-a "NAME=NTP state=absent"

(9), User Management module

Both users and user groups can be managed.

Modify the password for the user test.

Ansible linuxserver-m user-a ' name=test password= ' $6$j3qo/friabnphb3g$nydeda.sodh4kdtveaj93vvc8y0xz/ Bcl0elgco0sfguvgudv4y/9taacfhxbsvd.2e5oitywpydop/jstflz0 "'

The parameters of the password are sha512 encrypted, can be generated with grub-crypt, or generated using Python modules.

Python-c "from Passlib.hash import Sha512_crypt; Import Getpass; Print Sha512_crypt.encrypt (Getpass.getpass ()) "

(10), Service module

Start, stop, restart, reload, corresponding to 4 state as follows:

• Started

• Stopped

• Restarted

• Reloaded

Start the MySQL service.

Ansible linuxserver-m service-a "Name=mysqld state=started"

Stop the MySQL service.

Ansible linuxserver-m service-a "Name=mysqld state=stopped"

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "alt=" image "src=" http://s3.51cto.com/ Wyfs02/m02/85/af/wkiol1esofpqzm1qaacms2hxqm4285.png "border=" 0 "height=" 164 "/>

(one) , more modules

Other commonly used modules, such as: cron, synchronize are not examples, can be combined with their own system environment for testing.

Service: System service Management

Cron: Scheduling Task management

Yum:yum Package Installation Management

Synchronize: Synchronizing files with rsync

User: System Users Management

Group: Management of System user groups

More modules are available for reference:

#ansible-doc–l

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "alt=" image "src=" http://s3.51cto.com/ Wyfs02/m02/85/af/wkiol1esogoy6-eoaansllpr_a0228.png "border=" 0 "height=" 399 "/>

(a) , some concepts complement

Playbook composition : Playbook is a list of one or more "play" that can be combined to execute in a pre-programmed mechanism; the so-called task is nothing more than a module that calls the Ansible, but a variable can be used in the parameters of modules; module execution is idempotent , which means that multiple executions are safe because the results are consistent;

Execution Model : Tasks in the task list are executed sequentially, one by one, on all hosts specified in the hosts, that is, the first task is completed on all hosts before the second one begins. When a playbook is run sequentially, if an error occurs halfway through, all the executed tasks are rolled back, so you can do it again after modifying the playbook;

Task composition : Each task should have its name, which is used for playbook execution results output, suggesting that its contents describe the task execution steps as clearly as possible. If name is not provided, the result of the action is used for the output;

Notify Specify Handler execution mechanism : the "Notify" action can be used to be triggered at the end of each play, the actions listed in notify are called Handler, and the specified action is performed only once all changes have completed.

Some learning materials:

http://blog.xiaorui.cc/category/ansible/

Http://lixcto.blog.51cto.com/4834175/d-4

Https://github.com/ansible/ansible-examples

Http://rfyiamcool.blog.51cto.com/1030776/d-51

Http://dl528888.blog.51cto.com/2382721/d-4/p-1

Http://edu.51cto.com/course/course_id-2220.html

Http://edu.51cto.com/course/course_id-2032.html

http://www.shencan.net/index.php/category/%e8%87%aa%e5%8a%a8%e5%8c%96%e8%bf%90%e7%bb%b4/ansible/

This article is from the "Technical Achievement Dream" blog, please be sure to keep this source http://pizibaidu.blog.51cto.com/1361909/1836979

Ansible automatic operation and Maintenance tool deployment and use