Python learning-ansible easy to use 1

First, Introduction

Ansible, an open source platform for integrated IT system configuration management, application deployment, and execution-specific tasks, is a project owned by Ansibleworks Company, founded in 2012 by the authors of Cobbler and Func.

Ansible is based on the Python language, and is built from two key modules of Paramiko and Pyyaml.

Ansible Features:

>> deployment is simple, just deploy the Ansible environment on the host side, and no action is required on the controlled side.
>> the device is managed by default using the SSH (Secure Shell) protocol.
>> Centralized management of master and slave.
>> simple configuration, powerful, and strong extensibility.
>> support API and custom modules that can be easily expanded with Python.
>> Customize powerful configuration and state management with playbooks.
>> has good support for cloud computing platforms and big data.

Second, the installation of ansible
Ansible only needs to be deployed on the management side, and it can be installed by Yum by default.

Yum Install Ansible-y

2.1 Ansible Configuration and testing

The first step is to modify the host and group configuration, file location/etc/ansible/hosts, format ini, add two host IP, and define two IP to webservers group, update the content as follows:

"/etc/ansible/hosts" [webservers] #组名 websevers## alpha.example.org## beta.example.org172.31.101.51 #主机1 172.31.101.52 #主机2

Ping module to test the connectivity of the host, respectively, the single host and the group of pings

Ansible 172.31.101.52-m ping-k #单个主机 ansible webservers-m ping-k #单个组

Test host connectivity as shown

Since SSH certificate trust is not configured by the master and the host, the Ansible command is required to add the-K parameter, which requires a root (default) account password, which indicates "SSH password:" When you enter

Ping Module Parameter description

#-I specify the Hosts file location #-u username Specify the user name of the SSH connection #-K Specify the remote user password #-F to specify the number of concurrent #-S If root permission is required to execute When using (connecting user is not root) #-k-s,-K Enter the root password

2.2 Configuring the Linux host SSH password-free access

in order to avoid entering the target host password when ansible issued the instruction, the certificate can be signed to achieve SSH without password access.

Create key on the master side, execute ssh-keygen-t RSA

[[email protected] ~]# ssh-keygen -t rsa               generating public/private rsa key pair. enter file in which to save the key  (/ROOT/.SSH/ID_RSA):  (carriage return) enter passphrase  (empty for no passphrase):                     (carriage return) enter same  passphrase again:                                        (carriage return) your identification has been saved in /root/. Ssh/id_rsa. your public key has been saved in /root/.ssh/id_rsa.pub.the key  Fingerprint is:8b:8a:91:2e:04:2E:dd:4d:99:c0:e9:f0:5f:f9:85:bb [email protected]the key ' s randomart image is:+- -[ RSA 2048]----+|   . .            | |   . +            | |    + . o . .     | |.    o + o . .    | | o. . + . s. o     | |. o... o. .o      | | o o   . .  .     | |.  o .    e      | |  .o .            |+-----------------+

Next, synchronize the public key file Id_rsa.pub to the target host, using the Ssh-copy-id Public key Copy tool, the command format is/usr/bin/ssh-copy-id [-i[identity-file]][[email protected]] Machine

Ssh-copy-id-i/root/.ssh//id_rsa.pub [email protected]ssh-copy-id-i/root/.ssh//id_rsa.pub [email protected]

2.3 Defining host and Group rules

Ansible the matching target host is remotely operated by a defined host and group rule (Inventory), the configuration rule file is/etc/ansible/hosts by default, as illustrated below:

www.abc.com     #  define domain name 192.168.1.100   #  definition   ip192.168.1.150:37268   #  Specify the port number [webserver]            #  Define grouping 192.168.1.10192.168.1.20192.168.1.30[dbserver]             #  Define multiple grouping 192.168.1.50192.168.1.60monitor ansible_ssh_port= 12378 ansible_ssh_host=192.168.1.200   #  Define alias # ansible_ssh_host  connection destination host address #  ansible_ssh_port  Connect destination host port, default  22  do not specify # ansible_ssh_user  connection destination host Default User #  ansible_ssh_pass  Connection Destination Host Default user password # ansible_ssh_connection  target host connection type, can be  local , ssh , or  paramiko# ansible_ssh_private_key_file  connect the target host's  ssh  private key # ansible_*_interpreter   Specify other scripting languages that are not  Python , such as  Ruby , perl , or other similar  ansible_python_interpreter  Interpreter [webservers]         #  Host name support regular description www[01:50].example.com[dbservers]db-[a:f].example.com 

2.4 Target Matching

target match, format ansible <pattern_goes_here>-M <module_name>-a <arguments> Example: Restart all Apache services in the Webservers group

Ansible webservers-m service-a "name=httpd state=restarted"

Rules	Meaning
192.198.1.2 or one.example.com	Match Destination IP address or host name, multiple IP or hostname delimited with ":" Number
Webservers	Match target group is webserver, multiple groups are delimited with ":"
All or ' * '	Match Target all hosts
~ (web|db). *\.example\.com or 192.168.1.*	Supports regular expressions to match all hosts or IP addresses
webservers:!192.168.1.22	Match Websevers group and exclude 192.168.1.22 host IP
Webservers:&dbservers	Matches the intersection of Webservers and dbservers two groups
webservers:! {{excluded}}:&{{required}}	Ways to support variable matching

2.5 query Support module and module description

ANSIBLE-DOC-L # list Ansible supported modules Ansible-doc Ping # View the module Help information

Iii. Common modules and APIs

3.1 Remote Command Module

modules include command, script, and Shell to enable remote shell commands to run. Command as the default module for Ansible, you can run all shell commands in the remote permission range, and the script function is to execute the shell script file on the remote host, which is equivalent to the Scp+shell combination Shell function is a shell script file that executes a remote host

Ansible webservers-m command-a "free-m" ansible webservers-m script-a "/home/test.sh" ansible webservers-m sh Ell-a "/home/test.sh"

3.2copy Module

The implementation of the master side to the target host copy files, similar to the SCP function. The following example implements a copy of the/root/pip-10.0.1.tar.gz file to the Webserver group target host/tmp/directory, and updates the file owner and permissions

# ansible webservers-m copy-a "src=/root/pip-10.0.1.tar.gz dest=/tmp/owner=root group=root mode=0755"

3.3 Stat Module

Get status information about remote files, including Atime, CTime, MD5, and more

Ansible webservers-m stat-a "path=/tmp/pip-10.0.1.tar.gz"

4.4 Get_url Module

Implementation to download the specified URL locally on the remote host, support sha256sum file checksum

Ansible webservers-m get_url-a "url=http://www.baidu.com dest=/tmp/index.html mode=0440 Force=yes"

4.5 Yum Module

Linux Platform software package management operations, common with YUM,APT management methods

Ansible webservers-m yum-a "Name=wget state=latest

4.6 Cron Module

Remote host crontab Configuration

Ansible webservers-m cron-a "name= ' Check dirs ' hour= ' 5,2 ' job= ' ls-alh >/dev/null '"

Viewing scheduled tasks on a remote host

4.7 Mount Module

partition mount for remote host

Ansible webservers-m mount-a "name=/mnt/date src=fstype=exts opts=ro state=present"

4.8 Service Module

Remote Host system service Management

Ansible webservers-m service-a "Name=firewalld state=stopped" ansible webservers-m service-a "Name=firewalld State=star Ted "Ansible webservers-m service-a" Name=firewalld state= "RESTARTD" ansible webservers-m service-a "NAME=FIREWALLD stat E=reloded "

4.8 User Service Module

Remote Host System User management

Ansible webservers-m user-a "Name=yangchao comment= ' Yangchao '" #增加用户ansible webservers-m user-a "Name=yangchao state=a Bsent Remove=yes "#删除用户

For ansible other modules and detailed usage, please refer to

Http://www.ansible.com.cn/docs/modules_intro.html

Python learning-ansible easy to use 1