linux--about Ansible Batch control, Volume command and deployment usage

Source: Internet
Author: User

1.ansible Introduction
Ansible is an automated operations tools, based on Python development, the collection of many operations tools (puppet,cfengine,chef,func,fabric) advantages, the implementation of batch (System configuration, program deployment, Run command) and other functions
And Ansible is based on the module work, itself does not have the ability to deploy bulk, really have a batch deployment is ansible run module, ansible just provide a framework. Mainly include:

1.连接插件connetion plugins:负责和被监控端实现通讯;2.host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;3.各种模块核心模块,command模块,自定义模块;4.借助于插件完成纪录日志邮件等功能;5.playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。

Ansible Frame composition

Ansible has a number of configuration parameters, the following are several default configuration parameters:

inventory = /root/ansible/hostslibrary = /usr/share/my_modules/forks = 5sudo_user = rootremote_port = 22host_key_checking = Falsetimeout = 20log_path = /var/log/ansible.log
inventory:该参数表示inventory文件的位置,资源清单(inventory)就是Ansible需要连接管理的一些主机列表。library:Ansible的所有操作都使用模块来执行实现,这个library参数就是指向存放Ansible模块的目录。forks:设置默认情况下Ansible最多能有多少个进程同时工作,默认5个进程并行处理。具体需要设置多少个,可以根据控制端性能和被管理节点的数量来确定。sudo_user:设置默认执行命令的用户,也可以在playbook中重新设置这个参数。remote_port:指定连接被管理节点的管理端口,默认是22,除非设置了特殊的SSH端口,否则不需要修改此参数。host_key_checking:设置是否检查SSH主机的密钥。可以设置为True或False。即ssh的主机再次验证。timeout:设置SSH连接的超时间隔,单位是秒。log_path:Ansible默认不记录日志,如果想把Ansible系统的输出记录到日志文件中,需要设置log_path。需要注意,模块将会调用被管节点的(r)syslog来记录,执行Ansible的用户需要有写入日志的权限。

Ansible Installation

Configuring the source for installation 163 [[email protected] ~]# cd/etc/yum.repos.d///Creating a backup directory [[email protected] yum.repos.d]# mkdir/etc/ repo-bf//back up files from the original Yum repository to repo-bf[[email protected] yum.repos.d]# mv */etc/repo-bf//download 163 source to yum Warehouse [[email  Protected] yum.repos.d]# Curl-o 163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo//will be changed to version 7[[email  Protected] yum.repos.d]# sed-i ' s/\ $releasever/7/g '/etc/yum.repos.d/163.repo[[email protected] yum.repos.d]# Sed-i ' s/enabled=0/enabled=1/g '/etc/yum.repos.d/163.repo//automatically configures Yum's repositories and can configure it yourself [[email protected] yum.repos.d]# yum-y Install epel-release[[email protected] yum.repos.d]# yum-y install ansible ansible-doc[[email  protected] yum.repos.d]# yum clean all//view ansible version [[email protected] yum.repos.d]# ansible-- versionansible 2.6.3 Config file =/etc/ansible/ansible.cfg configured module Search path = [u '/root/.ansible/plugins/mo Dules ', U '/usr/share/ansible/plugins/modules '] ansible python module location =/usr/lib/python2.7/site-packages/ansible executable location =/usr/bin/ansible Python Version = 2.7.5 (default, 4 2017, 00:39: [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]//setting environment [[email protected] yum.repos.d]# yum-y Install WGET[[EMAIL PR Otected] yum.repos.d]# CD

Ansible Configuration
Configuration file:
Ansible Master configuration file/etc/ansible/ansible.cfg
Controlled Host inventory/etc/ansible/hosts

How the managed host inventory is configured

* 分组配置     一个组下添加多个ip* ip配置    也可以网段,例:192.168.56.[1-254]* 域名配置* 通配符配置      [001:006], 1到6 (例:www.001.xxx.com ...)

Grouping settings, for example:

[abc]192.168.56.123192.168.56.138

Ansible through SSH to control the remote host, so to configure SSH trust, otherwise you will be prompted to enter the password.

ssh-keygen -t rsa     //生成密钥[[email protected] ~]# ls .ssh/id_rsa  id_rsa.pubssh-copy-id -i ~/.ssh/id_rsa.pub [email protected](需要免密的受控端ip)

Ansible How to get help
Ansible to obtain help information through the Ansible-doc command, you can use the-s option of this command to get help for the specified module

//查询ping模块的帮助文档[[email protected] ~]# ansible-doc -s ping- name: Try to connect to host, verify a usable python and return `pong‘ on success  ping:      data:                  # Data to return for the `ping‘ return value. If this parameter is set                               to `crash‘, the module will cause an                               exception.

Ansible Common Module Use detailed
Ansible Common modules are:

* ping* yum* template* copy* user* group* service* raw* command* shell* script

Ansible Common Module Raw,command,shell differences:

* shell模块调用的/bin/sh指令执行* command模块不是调用的shell的指令,所以没有bash的环境变量* raw很多地方和shell类似,更多地方建议使用shell和conmmand模块。但是如果是使用老版本python,需要用到raw,又后者是客户端是路由器,因为没有安装python模块,那就需要使用raw模块了

Ansible Common Ping
The ping module is often used to check whether the specified node machine is connected, is simple to use, does not involve parameters, and if the host is online, reply pong

[[email protected] ~]# ansible [all或你设置组,ip等] -m ping例:[[email protected] ~]# ansible abc -m ping192.168.56.123 | SUCCESS => {    "changed": false,    "ping": "pong"}192.168.56.138 | SUCCESS => {    "changed": false,    "ping": "pong"}

command of the Ansible common module
The command module is used to execute commands on the remote host, ansible by default
One drawback of the command module is that you cannot use the pipe and redirect functions, not a demonstration here.

View the/tmp directory contents of the managed machine [[email protected] ~]# ansible abc-a ' ls/tmp ' 192.168.56.123 | SUCCESS | Rc=0 >>ansible_ Bwbaqaks-script-fjmsu1systemd-private-d64c48c29b014817892ff2b800ef4fdf-chronyd.service-sqe1dosystemd-private-d64c48c29b01 4817892ff2b800ef4fdf-httpd.service-reorv8systemd-private-d64c48c29b014817892ff2b800ef4fdf-vgauthd.service-aedf9tsystemd-p Rivate-d64c48c29b014817892ff2b800ef4fdf-vmtoolsd.service-7frejisystemd-private-e09517bf16f64a2fbe7372b98204716d-chronyd.s ervice-nkiaupsystemd-private-e09517bf16f64a2fbe7372b98204716d-vgauthd.service-r1rs7dsystemd-private-e09517bf16f64a2fbe737 2b98204716d-vmtoolsd.service-qxrpmsyum.log192.168.56.138 | SUCCESS | Rc=0 >>ansible__ mxwiiks-script-q6muapsystemd-private-5895f3e39f304700829d55b9a5234b36-chronyd.service-o9f5lpsystemd-private-5895f3e39f304 700829d55b9a5234b36-vgauthd.service-bfquyzsystemd-private-5895f3e39f304700829d55b9a5234b36-vmtoolsd.service-z2u8r9yum.log Create a new file on the managed host [[email protected] ~]# ansible abc-a ' touch/tmp/123 '//managed machine view [[email protected] ~]# ls/tmp/123 

**ansible Common Module Raw
Raw modules are used to execute commands on remote hosts, with pipe and redirect support

//查看[[email protected] ~]# ansible abc -m raw -a ‘cat /tmp/123‘192.168.56.123 | SUCCESS | rc=0 >>123456Shared connection to 192.168.56.123 closed....//支持管道符[[email protected] ~]# ansible abc -m raw -a ‘cat /tmp/123|grep 123‘192.168.56.123 | SUCCESS | rc=0 >>123456Shared connection to 192.168.56.123 closed.

Shell of Ansible Common module
The shell module is used to execute scripts on the managed machine on the managed machine, or to execute commands directly on the managed machine
Support for pipelines and redirects

//查看受控机的脚本(自编)[[email protected] ~]# cat /etc/aaa.sh#!/bin/bashfor i in {1..10};doecho $idone使用shell模块在受控机上执行的脚本[[email protected] ~]# ansible abc -m shell -a ‘bash /etc/aaa.sh|grep 1  &>/tmp/123‘[[email protected] ~]# ansible abc -m shell -a ‘cat /tmp/123‘192.168.56.138 | SUCCESS | rc=0 >>110...

Script for common modules of ansible
Scrip Module performs master script on the managed machine

[[email protected] ~]# scp [email protected]:/etc/aaa.sh /root[[email protected] ~]# mv aaa.sh a123.sh[[email protected] ~]# ansible abc -m script -a ‘a123.sh &> /tmp/123‘192.168.56.123 | SUCCESS => {    "changed": true,    "rc": 0,    "stderr": "Shared connection to 192.168.56.123 closed.\r\n",    "stderr_lines": [        "Shared connection to 192.168.56.123 closed."    ],    "stdout": "",    "stdout_lines": []}...//受控机查看[[email protected] ~]# cat /tmp/123123...可见在受控机上执行了主控机上的脚本,并纪录到了受控机。

Template for common modules of ansible
The template module is used to generate a profile and transfer it to a remote host

//download and set the source for 163 [[[email protected] ~]# cd/etc/yum.repos.d/[[email protected] ~]# Curl-o Centos7-base-163.repo http://mirrors.163.com/.help/centos7-base-163.repo[[email protected] ~]# sed-i ' s/\$ Releasever/7/g '/etc/yum.repos.d/centos7-base-163.repo[[email protected] ~]# sed-i ' s/^enabled=.*/enabled=1/g '/etc/yum.repos.d/centos7-base-163.repo//will set the 163 source to the managed machine [[email protected] ~]# ansible abc-m template-a ' src=/ Etc/yum.repos.d/centos7-base-163.repo Dest=/etc/yum.repos.d/163.repo ' 192.168.56.123 | SUCCESS = {"Changed": True, "checksum": "60b8868e0599489038710c45025fc11cbccf35f2", "dest": "/etc/yum.repos." D/163.repo "," GID ": 0," group ":" Root "," md5sum ":" 5a3e688854d9ceccf327b953dab55b21 "," mode ":" 0644 "," Owne R ":" Root "," size ": 1462," src ":"/root/.ansible/tmp/ansible-tmp-1536578876.83-251571075139699/source "," state ": "File", "UID": 0}...//Managed Machine View [[email protected] ~]# Ls/etc/yum.repos.d/163.repo 

Ansible Common Template Yum
The Yum template is used to manage software through Yum on a designated node machine with two main supported parameters

* name:要管理的包名* state:要进行的操作

Values commonly used by state:

    • Latest: Installing the Software
    • Installed: Installing the Software
    • Present: Installing the Software
    • Removed: Uninstalling software
    • Absent: Uninstalling Software

If you want to use Yum to manage your software, make sure that the Yum source on the managed machine is no exception

//在受控和机上查询vsftpd软件是否安装[[email protected] ~]# rpm -qa|grep vsftpd在ansible主机上使用yum模块在受控机上安装vsftpd[[email protected] ~]# ansible abc -m yum -a ‘name=vsftpd state=present‘192.168.56.123 | SUCCESS => {    "changed": false,    "msg": "",    "rc": 0,    "results": [        "vsftpd-3.0.2-22.el7.x86_64 providing vsftpd is already installed"    ]}...//检查vsftpd[[email protected] ~]# ansible abc -m shell -a ‘rpm -qa|grep vsftpd‘192.168.56.123 | SUCCESS | rc=0 >>vsftpd-3.0.2-22.el7.x86_64192.168.56.138 | SUCCESS | rc=0 >>vsftpd-3.0.2-22.el7.x86_64

Copy of Ansible Common module
Copy module for copying files to remote managed machine

[[email protected] ~]#  lsa123.sh将主控机root下的a123.sh复制到受控机的root/[[email protected] ~]# ansible abc -m copy -a ‘src=a123.sh dest=root/‘192.168.56.123 | SUCCESS => {    "changed": true,    "checksum": "dd788902d7b36afedee8f2087a3e93b4047d33de",    "dest": "root/a123.sh",    "gid": 0,    "group": "root",    "md5sum": "84f03ff2c65a9b9bfea41587ad43e533",    "mode": "0644",    "owner": "root",    "size": 45,    "src": "/root/.ansible/tmp/ansible-tmp-1536584403.91-155709823063677/source",    "state": "file",    "uid": 0}...//受控机查看[[email protected] ~]# ansible abc -m shell -a ‘ls root/‘192.168.56.123 | SUCCESS | rc=0 >>a123.sh192.168.56.138 | SUCCESS | rc=0 >>a123.sh

Group of Ansible Common modules
The group module is used to add or remove groups on the managed machine

//在受控机上添加一个系统组,gid为306,组名mysql[[email protected] ~]# ansible abc -m group -a ‘name=mysql gid=306 state=present‘192.168.56.123 | SUCCESS => {    "changed": true,    "gid": 306,    "name": "mysql",    "state": "present",    "system": false}...在/etc/group里过滤初mysql[[email protected] ~]#  ansible abc -m shell -a ‘grep mysql /etc/group‘192.168.56.123 | SUCCESS | rc=0 >>mysql:x:306:...//删除受控机上的mysql组[[email protected] ~]# ansible abc -m group -a ‘name=mysql state=absent‘192.168.56.123 | SUCCESS => {    "changed": true,    "name": "mysql",    "state": "absent"}...//受控机查看[[email protected] ~]#  ansible abc -m shell -a ‘grep mysql /etc/group‘192.168.56.123 | FAILED | rc=1 >>non-zero return code

Ansible User of common modules
User module is used to manage the managed computer account

Add a System account on the managed machine, username Mysql,uid is 306, set Shell to/sbin/nologin, no home directory [[email protected] ~]# ansible abc-m user-a ' name= MySQL uid=306 system=yes create_home=no shell=/sbin/nologin state=present ' 192.168.56.123 |    SUCCESS = {"Changed": true, "comment": "", "Create_home": false, "group": 306, "Home": "/home/mysql", "Name": "MySQL", "Shell": "/sbin/nologin", "state": "Present", "system": true, "UID": 306}...//check the managed machine [email  protected] ~]# ansible abc-m shell-a ' grep mysql/etc/group ' 192.168.56.123 | SUCCESS | Rc=0 >>mysql:x:306:192.168.56.138 | SUCCESS | Rc=0 >>mysql:x:306: viewing users [[email protected] ~]# ansible abc-m shell-a ' ls/home ' 192.168.56.123 | SUCCESS | Rc=0 >>1192.168.56.138 | SUCCESS | Rc=0 >>1//Modify the UID of the MySQL user to 366[[email protected] ~]# ansible abc-m user-a ' name=mysql uid=366 ' 192.168.56.123 |   SUCCESS = {"Append": false, "changed": true, "comment": "", "group": 306, "Home": "/home/mysql", "Move_home": false, "name": "MySQL", "Shell": "/sbin/nologin", "state": "Present", "UID": 366}...//managed Machine View User [[E Mail protected] ~]# ansible abc-m shell-a ' grep mysql/etc/passwd ' 192.168.56.123 | SUCCESS | Rc=0 >>mysql:x:366:306::/home/mysql:/sbin/nologin192.168.56.138 | SUCCESS | rc=0 >>mysql:x:366:306::/home/mysql:/sbin/nologin//Delete the MySQL user on the managed machine [[email protected] ~]# ansible abc-m User-a ' name=mysql state=absent ' 192.168.56.123 | SUCCESS = {"Changed": True, "force": false, "name": "MySQL", "remove": false, "state": "Absent"}...// Control machine View User [[[email protected] ~]# ansible abc-m shell-a ' grep mysql/etc/passwd ' 192.168.56.123 | FAILED | Rc=1 >>non-zero Return code ...

Service module of the Ansible Common module
to manage services on managed machines

See if the VSFTP service on the managed machine starts [[email protected] ~]# ansible abc-m shell-a ' systemctl is-active vsftpd ' 192.168.56.123 | FAILED | Rc=3 >>unknownnon-zero return code//start the VSFTP service on the managed machine [[email protected] ~]# ansible abc-m service-a ' name=vsft PD state=started ' ...//check if the VSFTPD service on the managed machine starts [[email protected] ~]# ansible abc-m shell-a ' Systemctl is-active vsftpd ' 192.168.56.123 | SUCCESS | Rc=0 >>active192.168.56.138 | SUCCESS | Rc=0 >>active//See if the VSFTPD service on the managed machine is powered on [[email protected] ~]# ansible abc-m shell-a ' Systemctl is-enabled Vsftpd ' 192.168.56.123 | FAILED | Rc=1 >>disablednon-zero return code//set up the VSFTPD service on the managed machine boot automatically start [[email protected] ~]# ansible abc-m service-a ' NAME=VSFTPD Enabled=yes ' 192.168.56.123 | SUCCESS = {"Changed": True, "Enabled": True, "name": "Vsftpd", "status": {...//check if the VSFTPD service on the managed machine is powered on from [[EM Ail protected] ~]# ansible abc-m shell-a ' systemctl is-enabled vsftpd ' 192.168.56.123 | SUCCESS | Rc=0 >>enabled... Stop the VSFTPD service on the managed machine [[email protected] ~]# ansible abc-m service-a ' name=vsftpd state=stopped ' 192.168.56.123 | SUCCESS = {"Changed": True, "name": "VSFTPD", "state": "Stopped", "status": {...//check if the VSFTPD service on the managed machine starts [[EM Ail protected] ~]# ansible abc-m shell-a ' systemctl is-active vsftpd ' 192.168.56.123 | FAILED | Rc=3 >>inactivenon-zero return code//view port [[email protected] ~]# ansible abc-m shell-a ' SS-ANLT ' 192.168.56.1 23 | SUCCESS | Rc=0 >>state recv-q send-q Local address:port Peer address:port LISTEN 0 12                   8 *:22 *:* LISTEN 0 127.0.0.1:25 *:*        LISTEN 0::: +:::* LISTEN 0 100   :: 1:25:::*

linux--about Ansible batch control, volume commands, and deployment use

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.