Theoretical part:
- Common Automated operations Tools:
Puppet
-Ruby-based development with C/S architecture, strong extensibility, SSL-based, and relatively weak remote command execution
Saltstack
-Based on Python development, with C/S architecture, relatively puppet and lightweight, configuration syntax using Ymal, making configuration scripts simpler
Ansible
-Based on Python Paramiko development, distributed, no client, lightweight, configuration syntax using Ymal and JINJA2 template language, stronger remote command to perform operations
Other DevOps please see: https://github.com/geekwolf/sa-scripts/blob/master/devops.md
2.ansible Introduction:
Ansible is a simple automated operations management tool that can be used to automate the deployment of applications, configure, orchestrate tasks (continuous delivery, no downtime updates, etc.), use the Paramiko Protocol library (which is also used by fabric), and connect hosts via SSH or ZeroMQ, approximately every 2 months Publish a major version
Simply put: Let's automate the deployment of apps, automate the management of configuration items, automate continuous delivery, and automate (AWS) cloud service management. Executes the command on the remote server in bulk.
Ansible provides a simple set of processes that you can do with the process to easily complete tasks.
3.Ansible working mechanism:
Developed based on the Paramiko. This is a pure Python implementation of the SSH Protocol library, Ansible in the management node to the Ansible module through the SSH protocol (or Kerberos, LDAP) push to the managed side, automatically delete after execution, you can use SVN to manage the custom modules and orchestration
The composition of the 4.Ansible:
Consists of 5 parts:
Ansible: Core
Modules: Includes the core module and the custom module of Ansible
Plugins: Complete the module functions, including connection plug-ins, mail plugins, etc.
Playbooks: A lot of online translation for the script, the individual feel that the arrangement is more reasonable; define Ansible multi-tasking profile with Ansible automatic execution
Inventory: Defining a checklist for Ansible management hosts
Advantages of 5.ansible:
1, lightweight, he does not need to go to the client Installation Agent, update, only need to perform an update on the operating machine.
2, bulk task execution can be written as a script, and can be executed without distributing to remote.
3, the use of Python written, maintenance is simpler, ruby syntax is too complex.
4, support sudo.
Experimental section:
1. Installing Ansible
Lab Environment:
Role |
Hostname |
Systemrelease |
IP Address |
Node1 |
Node1.server.com |
Rhel-6.5_x86_64 |
192.168.1.63 |
Node2 |
Node2.server.com |
Rhel-6.5_x86_64 |
192.168.1.64 |
Server |
Ansible.server.com |
Centos-6.5_x86_64 |
192.168.1.20 |
Preparatory work:
Close iptables:
Configuration of individual server nodes
1, the Configuration of node 1, modify the host name
[[Email protected] ~]# service iptables stop
[Email protected] ~]# chkconfig iptables off
[Email protected] ~]# hostname node1.server.com
[Email protected] ~]# vim/etc/sysconfig/network
Networking=yes
Hostname=node1.server.com
Logout Logout or reboot restart
2, the configuration of Node 2, modify the host name:
[[Email protected] ~]# service iptables stop
[Email protected] ~]# chkconfig iptables off
[Email protected] ~]# hostname node2.server.com
[Email protected] ~]# vim/etc/sysconfig/network
Add the following content:
Networking=yes
Hostname=node2.server.com
Logout Logout or reboot restart
On the ansible server configuration:
- Firewall and Host name configuration
[[Email protected] ~]# service iptables stop
[Email protected] ~]# chkconfig iptables off
[Email protected] ~]# hostname ansible.server.com
[Email protected] ~]# vim/etc/sysconfig/network
Add to:
Networking=yes
Hostname=ansible.server.com
Reboot, or logout.
- Add hosts parsing
[Email protected] ~]# vim/etc/hosts #编辑hosts文件
[Email protected] ~]# tail-3/etc/hosts
192.168.1.63 node1.server.com #node1
192.168.1.64 node2.server.com #node2
192.168.1.20 ansible.server.com #ansible
Test connectivity
[[email protected] ~]# Ping node1.server.com
[[email protected] ~]# Ping node2.server.com
- Configuring the Epel Source
[Email protected] ~]#
RPM-UVH http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[Email protected] ~]# rpm--import/etc/pki/rpm-gpg/rpm-gpg-key-epel-6
[email protected] ~]# Yum install ansible-y #安装ansible
2.ansible configuration file and function
[Email protected] ~]# RPM-QL ansible | More
/etc/ansible
/etc/ansible/ansible.cfg #主配置文件
/etc/ansible/hosts #节点主机列表
/etc/ansible/roles
/usr/bin/ansible
/usr/bin/ansible-console
/usr/bin/ansible-doc
/usr/bin/ansible-galaxy
/usr/bin/ansible-playbook
/usr/bin/ansible-pull
/usr/bin/ansible-vault
3. Edit the/etc/ansible/hosts (node configuration file):
[Email protected] ~]# vim/etc/ansible/hosts
[Email protected] ~]# tail-3/etc/ansible/hosts
[Webserver]
Node1.server.com
Node2.server.com
All other content can be commented out
- Configure the ansible side to contact each managed node based on the key authentication method.
[Email protected] ~]# Ssh-keygen #生成密钥对
5. Send the key to each node server:
[Email protected] ~]# ssh-copy-id-i ~/.ssh/id_rsa.pub [email protected]
[Email protected] ~]# ssh-copy-id-i ~/.ssh/id_rsa.pub [email protected]
Ansible Simple test
Ansible command
Format: ansible node name [-M module]-a command parameter
Cases:
1. View the time of each node
[Email protected] ~]# ansible all-a Date
[Email protected] ~]# ansible all-m command-a Date
The result of the above two commands is the same, because the command module is called by default, so it can be omitted, all represents all nodes, and a is followed by a parameter
2. View the online situation of each node
[[email protected] ~]# ansible all-m ping//Built-in ping module
3. Output specified information at each node
[Email protected] ~]# ansible all-a "/bin/echo hello,world" #输出信息
[Email protected] ~]# ansible all-a "/bin/df-h" #输出挂载信息
[[email protected] ~]# ansible all-a "/sbin/ip addr show dev eth0" #查看各节点的 eth0 NIC Information
Ansible-playbook
1, Playbook is through the Yaml file to configure the implementation, first to introduce the following YAML syntax!
Yaml's syntax is similar to other high-order languages, and it can simply express data structures such as lists, hash lists, and scalars. \
Its structure (Structure) is shown by a space, the items in the sequence (Sequence) are represented by "-", and the key values in the map are separated by ":". Yaml file extension is typically. Yaml, such as Example.yaml
2. Playbook can be used to manage complex tasks
For more complex tasks that need to be performed repeatedly, we can define Playbook. Playbook is a truly powerful place for Ansible, which allows for the use of variables, conditions, loops, and templates, as well as the ability to reuse existing content through roles and include directives. Let's take a look at some specific examples.
1: Batch install mysql-server software:
[Email protected] ~]# vim Mysql-server.yaml #建立mysql-server. yaml file
The contents are as follows: (note syntax formatting)
Option resolution:
Hosts:webserver #指定要执行指定任务的主机, which can be one or more separate host groups by colons
Remote_user:root #用于指定远程主机上的执行任务的用户
Tasks: # Task
-name:mysql-server Installing # The name of the task
Yum:name=php #利用yum模块, the package with the software installed is named Mysql-server
State=present #状态为安装
State=absent #状态为卸载
Check if node is already installed Mysql-server
[Email protected] ~]# ansible all-a "/bin/rpm-q mysql-server"
[Email protected] ~]# Ansible-playbook Mysql-server.yaml
Seeing the results, ok=2 changed=1 indicates that the Mysql-server installation on the client has been successful!
Verify that Mysql-server is successful
[Email protected] ~]# ansible all-a "/bin/rpm-q mysql-server"
[Email protected]ble ~]# ansible all-a "/sbin/service mysqld start" #启动mysqld
Case 2 Creating a crontab plan
1. Set up Cron.yaml to run/root/backup.sh script for monthly number 10th
[Email protected] ~]# vim Crond.yaml
The contents are as follows:
- Perform
[Email protected] ~]# Ansible-playbook Crond.yaml
Seeing the results, ok=2 Changed=1 explains that the crontab program on the client was created successfully!
- [Email protected] ~]# ansible all-a ' crontab-l ' #查看各个节点crontab:
Note:
The "ansible-doc-l" command to see what modules it has built in.
The Ansible-doc Module name command to view the detailed usage of the specific module.
Add users in bulk using Ansible
Method One: Use the ansible command directly
[email protected] ~]# OpenSSL passwd-salt-l "abc123"
-luvlrzexughm
[Email protected] ~]# ansible all-m user-a "name=baigujing password=-luvlrzexughm Shell=/bin/bash"-u Root
Method Two: Define the host manifest when using the Ansible command
[email protected] ~]# OpenSSL passwd-salt-l "abc123"
-luvlrzexughm
[Email protected] ~]# VIM hosts #添加主机地址
[Email protected] ~]# ansible-i hosts webserver-m user-a "Name=tester Password=-luvlrzexughmshell=/bin/bash"-u Root
Parameter explanation:
-I #指定 the location of the inventory file;
Webserver #清单文件中的主机组名称
-M #指定模块, do not add this option by default using the command module
User #添加用户的模块
-A #编写模块内支持的指定
-U #指定远程用户
Note: The password cannot be plaintext Note that password is not passwd
Note that password must be ciphertext and added directly to the/etc/shadow file.
To create a user group:
Ansible-i test puppet-m group-a "Name=test state=present"-u Root
#建立用户组, using the new module group
To delete a user:
Ansible-i hosts Webserver-m user-a "Name=tester remove=yes state=absent"-u Root
Method Three: Writing a yaml file
1, Generate key
[email protected] ~]# OpenSSL passwd-salt-l "abc123"
-LUVLRZEXUGHM #生成salt密钥
2. Editing a Yaml file
[Email protected] ~]# vim Useradd.yaml #编辑文件
[email protected] ~]# cat Useradd.yaml #查看内容
-Hosts:webserver #定义主机组
User:root #远程链接用户
VARs
User:jerry #添加的用户名
tasks: #任务
-Name:add User #任务名称
Action:user name={{User}} PASSWORD=-LUVLRZEXUGHM shell=/bin/bash home=/home/{{user}} #指定用户相关的信息 password must be a ciphertext salt encrypted login Shel L Host Directory
3. Execute the Yaml file
[Email protected] ~]# Ansible-playbook Useradd.yaml
Success
- Client node Validation
[Email protected] ~]# ansible all-a "/usr/bin/tail-1/etc/shadow"
User name Jerry, the code is the first step to generate the abc123.
Switch user authentication
Enter PlainText abc123
ansible--bulk Linux/unix Server Management tools