Ansible installation and simple use

First, installation

$ pip Install Ansible

#for Debian

$ sudo apt-add-repository ppa:rquillo/ansible

$ sudo apt-get update

$ sudo apt-get install ansible

#for CentOS

$ sudo yum install ansible

Ii. Environmental Notes

1. Control host is native

2. The controlled end is the LAN 192.168.1.5

3. SSH key authentication

Third, the use

#内建的 Ping Module

Ansible all-m Ping

#执行命令

Ansible all-a "/bin/echo Hello, World"

#以上两条命令结果是一样的, since the command module is called by default, it can be omitted, all represents all nodes, and a is followed by a parameter

Ansible all-m command-a "/bin/echo Hello, World"

# Shell Module

Ansible all-m shell-a "Ping baidu.com-c 3"

########################################################

Http://www.kisops.com/?p=23

Ansible and some other project management tools currently on the market are very different, it is designed to be more convenient and efficient configuration management. It is easy to install and use, the syntax is very simple and easy to learn. You can use Ansible to make the usual complex configuration work simple, and become more standardized and easier to control.

The ansible only needs to be run on a common server and does not require the client to be installed on the managed server. Because it is SSH-based, the Linux server cannot be separated from SSH, so ansible does not need to add additional support for the configuration work. You can use ansible from the command line, the server running ansible is commonly referred to as "Management node", and the server managed by Ansible is commonly known as "controlled node".

The management node relies on fewer things, and the list is as follows:

1. Python version 2.6 or later
2. Paramiko (python's SSH module)
3. Pyyaml (Python's YAML parser)
4. JINJA2 (python template engine)

If the managed node is Python 2.4 or Python 2.5, an additional Simplejson module will be installed. To Python version 2.6 or later, the Simplejson module is built in, and no additional dependencies are required for installation. Thankfully, most of the Python versions built into the current mainstream servers are Python version 2.6 or higher.

The first chapter includes the following:

1. Installing Ansible
2. Configure Ansible
3. Using the ansible command line
4. How to get Help

Installation method

It is common for everyone to install and maintain packages using the package management tools that come with each system. However, you are not sure to get the latest or most reliable version of Ansible. Therefore, it is recommended that you use PIP to install and manage ansible.

Pip is a tool specifically designed to manage Python modules, and ansible will update each official release to the PIP repository. So through the PIP installation or update ansible, will be more secure to get the latest stable version.

If you have developed a large number of modules based on ansible, you should always use the corresponding version. It is not recommended that you upgrade to the latest version, so that the module does not function abnormally due to incompatibilities and other issues.

Installing ansible using the Software warehouse

The major Linux distributions have their own package management system that can help you automatically resolve dependencies on your packages. Like what:

• Fedora, RHEL, CentOS, and compatible distributions: $ sudo yum-y install ansible
• Ubuntu, Debian, and compatible distributions: $ apt-get Install ansible

Installing Ansible with PIP

You have previously described using PIP to install Ansible. Note that if you use Pip to install Ansible. When upgrading the operating system, Ansible is not upgraded at the same time. In addition, upgrading the operating system may damage the ansible environment, after all it relies on python. The installation instructions for PIP are:

$ pip install ansible

Install ansible using source code

The most fashionable play is to use the source code installed. You will get the latest version, but not the stable version. Therefore, the use of source installation should pay attention to the bug, actively concerned about the community and version updates. Get the latest code from GitHub with the following installation process:

$ git clone git://github.com/ansible/ansible.git$ cd ansible && sudo make install

Ansible settings

Usually we use Ansible to pull the list of servers that need to be managed by the "Managed node", and we will introduce a lot of related methods later on.

By default, Ansible reads the list of hosts in the/etc/ansible file, in INI format. Each of the brackets represents a grouping, and the list of machines under it falls into this grouping until the next bracket is present. Typically we perform tasks by group, and the same set of managed servers applies the same configuration. A single server can also be attributed to multiple groups to complete the configuration of multiple functional roles. Low-coupling, modular, very flexible! Let's take an example: Row 3 managed servers into the Webservers group, with machine names Site01, SITE02, and SITE01-DR, respectively. There are also 1 production groups containing SITE01, SITE02, Db01 and Bastion. Then the corresponding configuration file/etc/ansible as follows:

[WebServers]Site01Site02Site01-dr[Production]Site01Site02Db01Bastion

Once you've configured the list of hosts, you're ready to start a batch task. The ansible comes with a ping module that can test the network connectivity between the management node and the managed node.

Linux servers are managed remotely using SSH, and the SSH service is a server prerequisite. Ansible simplifies the use of cost on the design and uses SSH to connect "managed nodes" on the "Management node". By creating an SSH connection to send the order and execution, to achieve the purpose of configuration management. This avoids compatibility issues with the use of agents in different versions of the operating system, or even under different operating systems of the release version.

First, let's take a quick look at Ansible's great charm. Use Ansible to test the network connectivity of "managed nodes":

$ ansible Site01 -u root -k -m ping

You will be prompted to enter the root password after the carriage return, and the following results will be printed:

Site01 | success >> {“changed”: false,“ping”: “pong”}

If you are using a key mode to log in to SSH, remove the-K parameter. You can set up a specific user for ansible, and all actions are performed by this user. You can even set different users for each of the managed nodes.

The settings for the global user are shown in the configuration file/etc/ansible/ansible.cfg, modifying the value of Remote_user in the [defaults] paragraph. You can also define ansible by modifying the remote_port to use non-standard 22/SSH ports for connection and management. Ansible will use the global setting by default when there are no specific settings for the managed node or managed group.

You can set Ansible_ssh_user to use the specified user on the "managed node" to perform tasks, you can also set Ansible_ssh_host to specify a different host or domain name, ssh corresponding port can also be modified by Ansible_ssh_port, You can also log in using a specific key. In the following example, we specify the root user to run on the Site01, and the nobody user is run on SITE02, and the configuration mentioned above is also demonstrated:

[WebServers]Site01  ansible_ssh_user=rootSite02  ansible_ssh_user=nobodySite01-dr   ansible_ssh_host=site01-dr.cm[Production]Site01  ansible_ssh_port=7722Site02  Db01    ansible_ssh_private_key_file=/key/.ssh.id_rsaBastion ansible_ssh_user=www

There may be scenarios where root privileges are required to perform configuration management. However, for security reasons, root may be restricted from using SSH login. For example, the Ubuntu system cannot use the root SSH login system by default. Ansible design also takes into account such scenarios, in which case we only need to tell ansible to use sudo to perform those configuration tasks that require root permissions. The prerequisite is that the user performing the ansible task needs sudo permissions.

To set ansible to use sudo, the user performing the ansible task must have sudo permissions. You can do this either by modifying the/etc/sudoers file or the Visudo command, or by using the currently eligible user. The parameter –sudo tells Ansible to use sudo to run the task, and if sudo requires a password, you need to add the-K parameter, or add the Ask_sudo_pass property in the configuration file/etc/ansible/ansible.cfg.

Getting Started with ansible

Ansible accepts parameters using a key-value method, which is the traditional KV method (Key=value). The results are returned in JSON format each time the task is executed. It can parse complex parameters, or use the Playbooks method (2nd chapter will explain). Ansible returns a clear indication of whether the operation was successful, whether there was a change, and the error message when it failed.

The ansible task is usually performed in a playbooks manner, and in rare cases it is run in command-line mode. In the past, we used the ping module of ansible to check if the "Controlled node" was properly controlled. In fact, the Ping module performs only the core functions of ansible and checks the network connectivity, and does not do any other practical actions.

The Setup module is then generated to provide feedback on the availability of the "controlled node" and to collect some system information for use by other modules. The Setup module defines a series of acquisition instructions, such as kernel version, machine name, IP address, and so on, which are stored in built-in variables that can be referenced directly or used to determine conditions when other modules perform tasks.

With the hosts information ready, let's start the 1th attempt at the ansible command line:

$ansible MachineName -u root -k -m setup

The above instruction is to execute the Setup module as root through ansible to the server machinename. As mentioned above, it collects basic information about the system, such as the following table:

字段名 参考值 含义ansible_architecture    x86_64  受控节点系统框架ansible_distribution    CentOS  受控节点的操作系统发行版ansible_distribution_version    6.3 受控节点发行版本的版本号ansible_domain  kisops.org  受控节点的主域名ansible_fqdn    site01.kisops.org   受控节点的完整机器名ansible_interfaces  [“lo”,”eth0”]   列出受控节点所有的网卡ansible_kernel  2.6.32-431.5.1.el6.x86_64   受控节点的内核版本号ansible_memtotal_mb 30099   受控节点总内存大小（兆）ansible_processor_count 24  受控节点的CPU核心ansible_virualization_role  guest   受控节点的身份：host为宿主机，guest为虚拟机ansible_virtualization_type kvm 受控节点的虚拟化类型

The Setup module for Ansible is available in Python. If the managed node is installed with a facter or Ohai module, the value can also be obtained through the Facter or Ohai module. The corresponding result will start with Facter_ or Ohai_.

Ansible also has a basic module called file, which, as its name implies, is related to files. It can be used to view the properties of a file, modify file properties, query whether a file has been modified, and so on. The following is an example of modifying/etc/fstab:

$ ansible MachineName -u root -k -m file -a ‘path=/etc/fstab’

The results are as follows:

MachineName | success >> {“changed”: false,“group”: “root”,“mode”: “0644”,“owner”: “root”,“path”: “/etc/fstab”,“size”: 779,“state”: “file”}

Another example is to create a Ksops folder under the/tmp directory as the nobody User:

$ ansible MachineName -u root -k -m file -a ‘path=/tmp/ksops state=directory mode=0755 owner=nobody’

The returned results are as follows:

achineName | sucess >> {changed”: true,group”: “root”,mode”: “0755”,owner”: “nobody”,path”: “/tmp/ksops”,size”: 4096,state”: “directory”

The value of changed is True if the directory does not exist or if the attributes and presets are inconsistent. If the same (for example, repeated executions), the value of changed becomes false.

Ansible has many modules that are similar to the file module, such as the copy module. The copy module works by copying files from the control node to the managed node. For example, the "Control node" fstab file Copy "controlled node" under the/tmp/fstab, the corresponding instruction is:

$ ansible MachineName -m copy -a ‘src=fstab  dest=/tmp/fstab mode=644 owner=root’

If this is the first run, the return value may be similar:

MachineName | success >> {“changed”: true,“dest”: “/tmp/fstab”,“group”: “root”,“md5sum”: “866563b712d204d82876d1153d06c1f1”,“mode”: “0644”,“owner”: “root”,“size”: 831,“src”: “/home/ksops/tmp/ansible-task-tmp/source”,“state”: “file”}

Ansible has a very useful module that is command, believing that many people need it! The command module is "Remote execution", which means that executing a shell task is a matter of minutes. And you can use the variables defined by the Setup module while the script is running, isn't it super cool?! The command module is unable to determine the success of an order by the return value compared to the built-in module of Ansible. However, Ansible added the properties of creates and removes to check whether the command was executed successfully or whether it should be executed. If you define the creates property, it will no longer execute when the file already exists. Conversely, if the removes attribute is defined, the command will be executed only if the file exists. Like what:

$ ansible MachineName -m command -a ‘rm -rfv /tmp/testfile removes=/tmp/testfile’

If/tmp/testfile does not exist on the "managed node", Ansible prompts to skip and the output is as follows: MachineName | Skipped

Otherwise, if the file exists, the success is returned:

ansibletest | success | rc=0 >>

In fact, the underlying file operation is also recommended for use with the Ansible files module. Because the file module can obtain more information, execution status and other information. The same file module can create or delete files, such as the above with the command module to perform the file deletion operation, with the file module is implemented as follows:

$ ansible MachineName -m file -a ‘path=/tmp/testfile state=absent’

For scenarios where you need to use some of the features of the shell command, the Ansible has a built-in shell module. It can handle functions such as redirection, pipeline output, background tasks, and, as with the command module, it supports the creates property. However, the Shell module does not support the removes property. Examples are as follows:

$ ansible MachineName -m shell -a ‘/opt/kingsoft/bin/monitor.sh > /data/log/ops/ksm.log creates=/data/log/ops/ksm.log’

Get the module to help ansible a lot of modules, we need to go to the official website on-demand view. Related to the Ansible help document is the Ansible-doc command, for example, listing all modules and a brief description:

$ ansible-doc -l

If you want to see the help information for the specified module, take the file module as an example:

$ ansible-doc file

Very simple and very convenient.

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Ansible installation and simple use