ansible--bulk Linux/unix Server Management tools

Theoretical part:

1. Common Automated operations Tools:

Puppet

-Ruby-based development with C/S architecture, strong extensibility, SSL-based, and relatively weak remote command execution

Saltstack

-Based on Python development, with C/S architecture, relatively puppet and lightweight, configuration syntax using Ymal, making configuration scripts simpler

Ansible

-Based on Python Paramiko development, distributed, no client, lightweight, configuration syntax using Ymal and JINJA2 template language, stronger remote command to perform operations

Other DevOps please see: https://github.com/geekwolf/sa-scripts/blob/master/devops.md

2.ansible Introduction:

Ansible is a simple automated operations management tool that can be used to automate the deployment of applications, configure, orchestrate tasks (continuous delivery, no downtime updates, etc.), use the Paramiko Protocol library (which is also used by fabric), and connect hosts via SSH or ZeroMQ, approximately every 2 months Publish a major version

Simply put: Let's automate the deployment of apps, automate the management of configuration items, automate continuous delivery, and automate (AWS) cloud service management. Executes the command on the remote server in bulk.

Ansible provides a simple set of processes that you can do with the process to easily complete tasks.

3.Ansible working mechanism:

Developed based on the Paramiko. This is a pure Python implementation of the SSH Protocol library, Ansible in the management node to the Ansible module through the SSH protocol (or Kerberos, LDAP) push to the managed side, automatically delete after execution, you can use SVN to manage the custom modules and orchestration

The composition of the 4.Ansible:

Consists of 5 parts:

Ansible: Core

Modules: Includes the core module and the custom module of Ansible

Plugins: Complete the module functions, including connection plug-ins, mail plugins, etc.

Playbooks: A lot of online translation for the script, the individual feel that the arrangement is more reasonable; define Ansible multi-tasking profile with Ansible automatic execution

Inventory: Defining a checklist for Ansible management hosts

Advantages of 5.ansible:
1, lightweight, he does not need to go to the client Installation Agent, update, only need to perform an update on the operating machine.
2, bulk task execution can be written as a script, and can be executed without distributing to remote.
3, the use of Python written, maintenance is simpler, ruby syntax is too complex.
4, support sudo.

Experimental section:

1. Installing Ansible

Lab Environment:

Role	Hostname	Systemrelease	IP Address
Node1	Node1.server.com	Rhel-6.5_x86_64	192.168.1.63
Node2	Node2.server.com	Rhel-6.5_x86_64	192.168.1.64
Server	Ansible.server.com	Centos-6.5_x86_64	192.168.1.20

Preparatory work:

Close iptables:

Configuration of individual server nodes

1, the Configuration of node 1, modify the host name

[[Email protected] ~]# service iptables stop

[Email protected] ~]# chkconfig iptables off

[Email protected] ~]# hostname node1.server.com

[Email protected] ~]# vim/etc/sysconfig/network

Networking=yes

Hostname=node1.server.com

Logout Logout or reboot restart

2, the configuration of Node 2, modify the host name:

[[Email protected] ~]# service iptables stop

[Email protected] ~]# chkconfig iptables off

[Email protected] ~]# hostname node2.server.com

[Email protected] ~]# vim/etc/sysconfig/network

Add the following content:

Networking=yes

Hostname=node2.server.com

Logout Logout or reboot restart

On the ansible server configuration:

1. Firewall and Host name configuration

[[Email protected] ~]# service iptables stop

[Email protected] ~]# chkconfig iptables off

[Email protected] ~]# hostname ansible.server.com

[Email protected] ~]# vim/etc/sysconfig/network

Add to:

Networking=yes

Hostname=ansible.server.com

Reboot, or logout.

1. Add hosts parsing

   [Email protected] ~]# vim/etc/hosts #编辑hosts文件

   [Email protected] ~]# tail-3/etc/hosts

   192.168.1.63 node1.server.com #node1

   192.168.1.64 node2.server.com #node2

   192.168.1.20 ansible.server.com #ansible

Test connectivity

[[email protected] ~]# Ping node1.server.com

[[email protected] ~]# Ping node2.server.com

1. Configuring the Epel Source

[Email protected] ~]#

RPM-UVH http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

[Email protected] ~]# rpm--import/etc/pki/rpm-gpg/rpm-gpg-key-epel-6

[email protected] ~]# Yum install ansible-y #安装ansible

2.ansible configuration file and function

[Email protected] ~]# RPM-QL ansible | More

/etc/ansible

/etc/ansible/ansible.cfg #主配置文件

/etc/ansible/hosts #节点主机列表

/etc/ansible/roles

/usr/bin/ansible

/usr/bin/ansible-console

/usr/bin/ansible-doc

/usr/bin/ansible-galaxy

/usr/bin/ansible-playbook

/usr/bin/ansible-pull

/usr/bin/ansible-vault

3. Edit the/etc/ansible/hosts (node configuration file):

[Email protected] ~]# vim/etc/ansible/hosts

[Email protected] ~]# tail-3/etc/ansible/hosts

[Webserver]

Node1.server.com

Node2.server.com

All other content can be commented out

1. Configure the ansible side to contact each managed node based on the key authentication method.

[Email protected] ~]# Ssh-keygen #生成密钥对

5. Send the key to each node server:

[Email protected] ~]# ssh-copy-id-i ~/.ssh/id_rsa.pub [email protected]

[Email protected] ~]# ssh-copy-id-i ~/.ssh/id_rsa.pub [email protected]

Ansible Simple test

Ansible command

Format: ansible node name [-M module]-a command parameter

Cases:

1. View the time of each node

[Email protected] ~]# ansible all-a Date

[Email protected] ~]# ansible all-m command-a Date

The result of the above two commands is the same, because the command module is called by default, so it can be omitted, all represents all nodes, and a is followed by a parameter

2. View the online situation of each node

[[email protected] ~]# ansible all-m ping//Built-in ping module

3. Output specified information at each node

[Email protected] ~]# ansible all-a "/bin/echo hello,world" #输出信息

[Email protected] ~]# ansible all-a "/bin/df-h" #输出挂载信息

[[email protected] ~]# ansible all-a "/sbin/ip addr show dev eth0" #查看各节点的 eth0 NIC Information

Ansible-playbook

1, Playbook is through the Yaml file to configure the implementation, first to introduce the following YAML syntax!

Yaml's syntax is similar to other high-order languages, and it can simply express data structures such as lists, hash lists, and scalars. \

Its structure (Structure) is shown by a space, the items in the sequence (Sequence) are represented by "-", and the key values in the map are separated by ":". Yaml file extension is typically. Yaml, such as Example.yaml

2. Playbook can be used to manage complex tasks

For more complex tasks that need to be performed repeatedly, we can define Playbook. Playbook is a truly powerful place for Ansible, which allows for the use of variables, conditions, loops, and templates, as well as the ability to reuse existing content through roles and include directives. Let's take a look at some specific examples.

1: Batch install mysql-server software:

[Email protected] ~]# vim Mysql-server.yaml #建立mysql-server. yaml file

The contents are as follows: (note syntax formatting)

Option resolution:

Hosts:webserver #指定要执行指定任务的主机, which can be one or more separate host groups by colons

Remote_user:root #用于指定远程主机上的执行任务的用户

Tasks: # Task

-name:mysql-server Installing # The name of the task

Yum:name=php #利用yum模块, the package with the software installed is named Mysql-server

State=present #状态为安装

State=absent #状态为卸载

Check if node is already installed Mysql-server

[Email protected] ~]# ansible all-a "/bin/rpm-q mysql-server"

[Email protected] ~]# Ansible-playbook Mysql-server.yaml

Seeing the results, ok=2 changed=1 indicates that the Mysql-server installation on the client has been successful!

Verify that Mysql-server is successful

[Email protected] ~]# ansible all-a "/bin/rpm-q mysql-server"

[Email protected]ble ~]# ansible all-a "/sbin/service mysqld start" #启动mysqld

Case 2 Creating a crontab plan

1. Set up Cron.yaml to run/root/backup.sh script for monthly number 10th

[Email protected] ~]# vim Crond.yaml

The contents are as follows:

1. Perform

   [Email protected] ~]# Ansible-playbook Crond.yaml

Seeing the results, ok=2 Changed=1 explains that the crontab program on the client was created successfully!

1. [Email protected] ~]# ansible all-a ' crontab-l ' #查看各个节点crontab:

Note:

The "ansible-doc-l" command to see what modules it has built in.

The Ansible-doc Module name command to view the detailed usage of the specific module.

Add users in bulk using Ansible

Method One: Use the ansible command directly

[email protected] ~]# OpenSSL passwd-salt-l "abc123"

-luvlrzexughm

[Email protected] ~]# ansible all-m user-a "name=baigujing password=-luvlrzexughm Shell=/bin/bash"-u Root

Method Two: Define the host manifest when using the Ansible command

[email protected] ~]# OpenSSL passwd-salt-l "abc123"

-luvlrzexughm

[Email protected] ~]# VIM hosts #添加主机地址

[Email protected] ~]# ansible-i hosts webserver-m user-a "Name=tester Password=-luvlrzexughmshell=/bin/bash"-u Root

Parameter explanation:

-I #指定 the location of the inventory file;

Webserver #清单文件中的主机组名称

-M #指定模块, do not add this option by default using the command module

User #添加用户的模块

-A #编写模块内支持的指定

-U #指定远程用户

Note: The password cannot be plaintext Note that password is not passwd

Note that password must be ciphertext and added directly to the/etc/shadow file.

To create a user group:

Ansible-i test puppet-m group-a "Name=test state=present"-u Root

#建立用户组, using the new module group

To delete a user:

Ansible-i hosts Webserver-m user-a "Name=tester remove=yes state=absent"-u Root

Method Three: Writing a yaml file

1, Generate key

[email protected] ~]# OpenSSL passwd-salt-l "abc123"

-LUVLRZEXUGHM #生成salt密钥

2. Editing a Yaml file

[Email protected] ~]# vim Useradd.yaml #编辑文件

[email protected] ~]# cat Useradd.yaml #查看内容

-Hosts:webserver #定义主机组

User:root #远程链接用户

VARs

User:jerry #添加的用户名

tasks: #任务

-Name:add User #任务名称

Action:user name={{User}} PASSWORD=-LUVLRZEXUGHM shell=/bin/bash home=/home/{{user}} #指定用户相关的信息 password must be a ciphertext salt encrypted login Shel L Host Directory

3. Execute the Yaml file

[Email protected] ~]# Ansible-playbook Useradd.yaml

Success

1. Client node Validation

   [Email protected] ~]# ansible all-a "/usr/bin/tail-1/etc/shadow"

   User name Jerry, the code is the first step to generate the abc123.

   Switch user authentication

   Enter PlainText abc123

ansible--bulk Linux/unix Server Management tools