The Confession of op sauce since into the expensive circle, every day need a strong heart to maintain the chaos of the line, every day is the same as the Shell/python in papered fill hole ah, feel every day is in and if else deal with Ah, Every time you spend keywords script, the next time to point to new requirements, can reuse the part of the less to do not want to reuse, very desperate ah, there are wood. Batch Run tool or in Lhck lhcp, each time a long series of commands, all kinds of escaping all kinds of irritability ah, there are wood. Escaped also just, also from time to time by the trust relationship and so on Bulabula, ye is root. What is this, root? Ansible vs Puppet vs Saltstack you will not yield, in fact, many people have been up Chong writing various it automation Management Tool/system (ITAMs), and even some people have tasted paraquat, To write a book of experience (admiration). We're going to have to come in. It's also a general trend, and you really don't want to expand to sleep. You must have heard a lot of itams, so which one do you like to watch? The so-called radish greens each people, NA, I come to put my choice reason: First, no one tool is able to meet all the needs of all, so the development is more or less, in the choice of time, our standard is: 1. Can be used as a bulk execution tool  2. Playbook, modular  3 can be supported. Easy to get started, easy to develop and expand 4. In the control of authority can be very good with the current login authorization management system with 5. Community active, there are problems to find a solution on the playbook and modularity, Puppet,saltstack and Ansible Dora, no finer than. Puppet has a product line already in use, the advantage is a long history, more mature, in the remote can be local, powerful, but this fellow bulk executive function is not, in order to batch execute a command to write a configuration file, like a bit of a machete cut mosquito legs feel, and there are clients, and licensing system combined more trouble. Saltstack and Ansible are both Python-streaming, and functionally, both are very similar, but the difference is that salt stack is client-side, and the execution module also implements Pub-sub in 0MQ, Command and execution results can therefore be transmitted efficiently and concurrently, but Chengye Shenya, the first sub phase (Will QuerystThe ring is sent to all machines and then collects machine response stages) too dependent on the client to return, and if the client fails to return or is not responding in time, the Playbook execution phase may be directly missing this part of the machine without any hint, which is unacceptable to the operation. To transform this, we have to push away the existing architecture of saltstack ... Forget it. Compared with the previous two, ansible does not seem to have an eye-catching feature, configuration management (playbook) is definitely compared to Big Brother Puppet, the bulk of the implementation is only a multithreaded, unlike saltstack so tall, But ansible search heat is higher than saltstack three times times more, obviously rely on not bragging, at least, ansible at least not quietly lost the machine, which gave us a reassuring, and only rely on SSH, and login authorization management system of natural integration, simple that is effective, no more wonderful things. So, let's have a taste of ansible. Sam, Ansible's manual three words ansible ansible is a python package, is a complete unpack and play software, the client's only requirement is to have ssh with Python, and installed Python-simplejson package, deployment on simple to heinous. After the installation is complete, there will be several executable commands in the Ansible suite, and we focus on two ansible as a batch execution tool that can be understood as a plug-in LH tool. One of the simplest running examples is as follows: ansible Read the list of machines from Hosts.txt and match the machines whose machine name matches the regular xcache06, execute the date command and then look at one: , compared to the previous, there are some changes. First, in this example, the list of machines is automatically obtained from the system configuration; And then there is a more-m, indicating that we are calling the Yum module, in fact, in the first example, module also has, but is the default shell, we can not write it; The final-a parameter is also somewhat special, and it is not difficult to understand these parameters, and to perform ansible-doc Yum can get help: TripleFlat Host-pattern In the above example, you may notice that the first parameter, called Host-pattern, is used to filter out the list of machines that meet the requirements from the full machine/group list. is released separately because in the Ansible command, the Host-pattern parameter is a more memory-intensive place, and we have made a little change, generally introduced under: " Plain-example ' machine name or group name equals Plain-example's machine ' ~ Regex-excmple " machine name or group name matching Regex-excmple's machine " ~regex-array[1-3] "& nbsp machine name or group name matching regex-array[1-3] machine "with the official version of the difference, the official version of the bug, check the network documentation, please pay attention to" "~regex-array[2 ] " machine name or group name matching Regex-array's machine list 3rd" Why is [2]. Programmer starts from zero .... Rely on the hosts script to return, do not use ... " " ~regex-array[1:2] " machine name or group name matching the 2nd in Regex-array's machine list is 2nd. Left-Right Open + programmer starting from 0 ... rely on the hosts script to return, do not use ... " " Pdl.relation;pd l.bmw " get pdl.relation and PDL.BMW's set, logic" or " " Pdl.relation &PDL.BMW " get the intersection of Pdl.relation and PDL.BMW, logic"with" "pdl.relation; PDL.BMW " acquire a set of machines belonging to Pdl.relation but not PDL.BMW, the logic" not " logic" or "and not" can be used in conjunction with normal or regular rules, such as: However, it should be noted that Ansible's "logical operations" do not conform to typical logical algorithms, and the process is to split by semicolons-all "non" constituent exclude sets-all "and" constitute the intersection,-all "or" Composition of the final results Official program support from the script to obtain machine and packet information, we use this feature with the company's operation and maintenance management system integration, Millet machine with a group of tag to maintain, for each tag, we have in the cache set up a corresponding group, Please assemble according to the above rules For example, Tagstr Pdl.bmw_sbs.fe_srv.nginx can be written as PDL.BMW; &sbs.fe; &srv.nginx, For a description of the script's writing method and the Millet machine management system, see the article "How to write your own host script." More ansible related commands, please check ansible-h three words ansible-shell every time to knock ansible xxx, knock more, is also a bit irritable. Let's try Ansible-shell. This shell comes from GitHub, we made some modifications to him, improved the output, added back log, machine number real-time display, step by and other practical functions, all the changes have now been integrated into the trunk, to see: Support CD Determination operation set, support built-in module command and parameter completion, is not much more convenient. CentOS default does not mount Pip, run natural failure, install a bar: And so on, permissions. No problem, add parameters. Download failed to do it. , forget it, next topic. Oh, can you switch to another account. This is not solved is sorry for everyone to use. As a SRE, the hands of their own thousand-June force, a return car reboot a ticket machine, not into the eternal hate. Add a-p parameter, every time before run confirm, is not a lot of security. Dare not see clearly on the return, are true warriors, everyone in the Y before or confirm the parameters better. Someone's annoying, saying you've got too many screenshots., I still do not understand the basic use of it. Let's talk about the system first. Yes. Ansible-shell built-in commands are four: CD: switch to the specified group/Expression filtering machine Collection list: Displays the current set of machines, list groups You can list all the groups (which may not be useful to us) serial: Concurrency at run time, default is help: As the name suggests, he can generate a simple module to facilitate instant queries but it's obvious that you see more commands. I got a line of arguments, so who's going to do it? Is this: Ansible-shell all of the built-in command/ansible modules and parameter lists are added to the auto complement at startup, and after you knock each command back, it will take the first parameter to determine if you entered a built-in command (cd/list/serial), is executed; otherwise, he is not a ansible module, is run ansible module; otherwise, think he is a shell command, for example, when you enter the Hostname-i, you will find that he will complain, The reason is that there is a ansible module is called hostname, if you must want to run the shell of that hostname, add a in front! That's it, I just want to run the shell. Just put one in front!
Can be used in the attack can be kept Ah, will use No. Hemp no longer need to worry about my bulk operation of the collection team. Let's quickly take the rest of the section. Other tools in the Ansible Suite: Ansible-doc Module document viewer, useful for displaying all modul with Ansible-l E list, use Ansible-doc <module_x> to view detailed documentation for MODULE_X, not too much to introduce Ansible-playbook Legendary configuration management tools, If you have used puppet or saltstack, this can not be introduced, if you do not use, it does not matter, spend 20 minutes to see the official video. The best way to master a thing is to use it, you can download the official example to learn Ansible-galaxy and Samsung okay, you can interpret him as ansible Pip, Can download from galaxy.ansible.com the official playbooks ansible-pull Support directly from git download playbook execution, need to follow its specified directory format, not particularly useful, can not focus on Ansible-vault If your profile contains sensitive information, you may not want him to be seen, vault can help you encrypt/decrypt this profile, advanced usage, please refer to http://blog.ansibleworks.com/2014/02/19/ ansible-vault/If you want to learn more, visit the Official Wiki home page and blog: official documentation: http://docs.ansible.com/intro.html Official blog: http:// Blog.ansibleworks.com I want to develop. Welcome. I github on the address for HTPS://GITHUB.COM/IAMBOCAI, you are welcome to share and exchange in order to facilitate a quick understanding of the code structure, I take the implementation process as a starting point for everyone to talk about the code structure. The ansible execution process is generally as follows, where the warm tonesThe representative has been modular. The code structure is this way, to which piece is not satisfied, together to transform it. Original address: Ansible, thank the original author to share.