Linux ansible Introduction

Ansible automated operations tools with the following features
1. Modularization: Call a specific module to complete a specific task
2, have paramiko,pyyaml,jinja2 (template language) three key modules
3. Support Custom Module
4, based on Python language implementation
5, simple deployment, based on Python and SSH (installed by default), agentless
6, security, based on OpenSSH
7, Support playbook Orchestration task
8, Idempotent: A task executes 1 times and executes n times the same effect, does not cause the unexpected situation by the repetition execution
9. No agent is not dependent on PKI (no SSL required)
11, can use any programming language to write the module
12. Yaml format, orchestration task, support rich data structure
13, strong multi-layer solutions

The architecture diagram is as follows:

Using the Installation

 [[email protected] ~]# yum -y install ansible

Configuring hosts

 [[email protected] ansible]# vim /etc/ansible/hosts[frontend]192.168.1.1.201192.168.1.1.202[backend]192.168.1.1.203192.168.1.1.210

How to use Ansible1, module query

 [[email protected] ansible]# ansible-doc -l

2. Specific module Help

[[email protected] ansible]# ansible-doc -s group- name: Add or remove groups  group:      gid:                   # Optional `GID‘ to set for the group.      name:                  # (required) Name of the group to manage.      state:                 # Whether the group should be present or not on the remote host.   创建present 删除absent      system:                # If `yes‘, indicates that the group created is a system group.

3. Testing

[[email protected] ansible]# ansible all -m group -a "gid=3001 name=mygrp1 state=present system=no" -C192.168.1.210 | SUCCESS => {    "changed": true}...

4. Implementation

[[email protected] ansible]# ansible all -m group -a "gid=3000 name=mygrp state=present system=no"192.168.1.210 | SUCCESS => {    "changed": true,    "gid": 3000,    "name": "mygrp",    "state": "present",    "system": false}.....

4. Revocation

[[email protected] ansible]# ansible all -m group -a "gid=3000 name=mygrp state=absent system=no"192.168.1.210 | SUCCESS => {    "changed": true,    "name": "mygrp",    "state": "absent"}....

Many modules are similar to this operation

User Module

Use view

[[email protected] ansible]# ansible-doc -s user

Add (absent delete)

[[email protected] ansible]# ansible all -m user -a ‘uid=5000 name=testuser state=present groups=mygrp‘192.168.1.202 | SUCCESS => {    "changed": true,    "comment": "",    "create_home": true,    "group": 5000,    "groups": "mygrp",    "home": "/home/testuser",    "name": "testuser",    "shell": "/bin/bash",    "state": "present",    "system": false,    "uid": 5000}

Verify

[[email protected] ~]# id testuseruid=5000(testuser) gid=5000(testuser) groups=5000(testuser),3000(mygrp)

Copy Module

Use view

[[email protected] ansible]# ansible-doc -s copy

Copy Directory

[[email protected] ~]# ansible all -m copy -a ‘src=/root/aa dest=/root/ mode=600‘192.168.1.210 | SUCCESS => {    "changed": true,    "dest": "/root/",    "src": "/root/aa"}#src   若果没有/   复制整个目录；如果带/，复制目录中的文件

Copying files

[[email protected] ~]# ansible all -m copy -a ‘src=/root/b.exp dest=/root/bb.exp mode=600‘192.168.1.210 | SUCCESS => {    "changed": true,    "checksum": "4e838c8f13d7ca2f3dd9c46383160aded4b75bd9",    "dest": "/root/bb.exp",    "gid": 0,    "group": "root",    "md5sum": "d05c1a3a2690061ef62cc018c2226bd5",    "mode": "0600",    "owner": "root",    "size": 378,    "src": "~None/.ansible/tmp/ansible-tmp-1528591498.22-24846919673848/source",    "state": "file",    "uid": 0}

[[email protected] ~]# ansible all -m copy -a ‘content="hello world\n" dest=/root/hi.txt mode=600‘192.168.1.210 | SUCCESS => {    "changed": true,    "checksum": "22596363b3de40b06f981fb85d82312e8c0ed511",    "dest": "/root/hi.txt",    "gid": 0,    "group": "root",    "md5sum": "6f5902ac237024bdd0c176cb93063dc4",    "mode": "0600",    "owner": "root",    "size": 12,    "src": "~None/.ansible/tmp/ansible-tmp-1528591685.59-213464252719003/source",    "state": "file",    "uid": 0}

Fetch Pull

[[email protected] ~]# ansible-doc -s fetch

[[email protected] ~]# ansible 192.168.1.201 -m fetch -a ‘dest=/root/ src=/root/rules.sh‘192.168.1.201 | SUCCESS => {    "changed": true,    "checksum": "68fa058075bcabe9640367e48b934482bb96f64d",    "dest": "/root/192.168.1.201/root/rules.sh",    "md5sum": "af3fbce7c4b620497adf4324f7d92afa",    "remote_checksum": "68fa058075bcabe9640367e48b934482bb96f64d",    "remote_md5sum": null}[[email protected] ~]# ls 192.168.1.201/root/rules.sh

Command shell module

Command: Do not shell parsing
Shell: more useful

[[email protected] ~]# ansible-doc -s command[[email protected] ~]# ansible-doc -s shell

[[email protected] ~]# ansible all -m command  -a ‘chdir=/root ls‘192.168.1.210 | SUCCESS | rc=0 >>aaanaconda-ks.cfgbb.exphi.txt~Noneoriginal-ks.cfg

command does not support pipeline operations

[[email protected] ~]# ansible all -m command  -a ‘echo "zander"|passwd testuser --stdin‘192.168.1.210 | SUCCESS | rc=0 >>zander|passwd testuser --stdin

Shell can parse shell commands

[[email protected] ~]# ansible all -m shell  -a ‘echo "zander"|passwd testuser --stdin ‘192.168.1.210 | SUCCESS | rc=0 >>Changing password for user testuser.passwd: all authentication tokens updated successfully.

File module

[[email protected] ~]# ansible-doc -s file

Recursive creation

[[email protected] ~]# ansible all -m file -a ‘path=/var/tmp/aaa/hello.dir state=directory‘192.168.1.210 | SUCCESS => {    "changed": true,    "gid": 0,    "group": "root",    "mode": "0755",    "owner": "root",    "path": "/var/tmp/aaa/hello.dir",    "size": 6,    "state": "directory",    "uid": 0}

Create an empty file No, file is suitable for setting properties of files. Empty files can be copied with copy

[[email protected] ~]# ansible all -m file -a ‘path=/var/tmp/aaa/hello.txt state=file‘192.168.1.210 | FAILED! => {    "changed": false,    "msg": "file (/var/tmp/aaa/hello.txt) is absent, cannot continue",    "path": "/var/tmp/aaa/hello.txt",    "state": "absent"}

Setting up a soft connection

[[email protected] ~]# ansible all -m file -a ‘src=/root/hi.txt  path=/var/tmp/aaa/hello.txt state=link‘192.168.1.210 | SUCCESS => {    "changed": true,    "dest": "/var/tmp/aaa/hello.txt",    "gid": 0,    "group": "root",    "mode": "0777",    "owner": "root",    "size": 12,    "src": "/root/hi.txt",    "state": "link",    "uid": 0}

Timed Task Module

[[email protected] ~]# ansible-doc -s cron

Add? Name must be added, otherwise the deletion has a problem (name to be unique)

[[email protected] ~]# ansible all -m cron -a ‘minute=*/3 job="/usr/sbin/update 192.168.1.200 &>/dev/null" name=updatetime state=present‘192.168.1.210 | SUCCESS => {    "changed": true,    "envs": [],    "jobs": [        "updatetime"    ]}[[email protected] ~]# crontab -l#Ansible: updatetime*/3 * * * * /usr/sbin/update 192.168.1.200 &>/dev/null

Delete only see name? Do not accidentally delete

[[email protected] ~]# ansible all -m cron -a ‘minute=*/3 job="/usr/sbin/update 192.168.1.200 &>/dev/null" name=updatetime state=absent‘

Yum Module

[[email protected] ~]# ansible-doc -s yum

[[email protected] ~]# ansible all -m yum -a ‘name=zsh state=present‘

Service Module

[[email protected] ~]# ansible-doc -s service

#`started‘/`stopped‘[[email protected] ~]# ansible all -m service -a ‘name=mynginx state=reloaded‘

Remote Script Module

[[email protected] ~]# ansible-doc -s script

[[email protected] ~]# ansible 192.168.1.203 -m script -a ‘script‘  本地脚本到远端执行

Setup variable module

[[email protected] playbooks]# ansible-doc -s setup

[[email protected] playbooks]# ansible 192.168.1.201 -m setup

Playbook

Simple to use

[[email protected] ~]# mkdir playbooks[[email protected] ~]# cd playbooks/[[email protected] playbooks]# vim first.yml- hosts: 192.168.1.201  remote_user: root  tasks:  - name: install vsftpd    yum:  name=vsftpd state=latest  - name: config    copy: src=/root/playbooks/vsftpd.conf dest=/etc/vsftpd/vsftpd.conf mode=600    notify: restart vsftpd    # 通知下面 handlers name=restart vsftpd的项   如果文件没有修改，不会触发，（比较过文件）  - name: start vsftpd    service: name=vsftpd state=started enabled=false  handlers:   - name: restart vsftpd     #接收到通知执行     service: name=vsftpd state=restarted- hosts: 192.168.1.202  tasks:  - name: ip show    shell: ip a- hosts: all  tasks:  - name: list    shell: ls

Grammar check

[[email protected] playbooks]# ansible-playbook first.yml --syntax-checkplaybook: first.yaml

Host task view

[[email protected] playbooks]# ansible-playbook --list-hosts --list-tasks first.yml

Trial run

[[email protected] playbooks]# ansible-playbook first.yml -C

Notification trigger notify handlers

- hosts: 192.168.1.201  remote_user: root  tasks:  - name: install vsftpd    yum:  name=vsftpd state=latest  - name: config    copy: src=/root/playbooks/vsftpd.conf dest=/etc/vsftpd/vsftpd.conf mode=600    notify: restart vsftpd    # 通知下面 handlers name=restart vsftpd的项     - name: start vsftpd    service: name=vsftpd state=started enabled=false  handlers:   - name: restart vsftpd     #接收到通知执行     service: name=vsftpd state=restarted

Execute a specified label tags

- hosts: 192.168.1.201  remote_user: root  tasks:  - name: install vsftpd    yum:  name=vsftpd state=latest  - name: config    copy: src=/root/playbooks/vsftpd.conf dest=/etc/vsftpd/vsftpd.conf mode=600    notify: restart vsftpd    tags: config   #指定标签  - name: start vsftpd    service: name=vsftpd state=started enabled=false  handlers:   - name: restart vsftpd     service: name=vsftpd state=restarted

[[email protected] playbooks]# ansible-playbook -t config first.yml   #根据标签执行

Variable

- hosts: websrvs  remote_user: root  vars:  - pbvar: playbook var  tasks:  - name: command line vars    copy: content={{ cmdvar }} dest=/tmp/cmd.var    #来自命令行穿参数  - name: playbook var    copy: content={{ pbvar }} dest=/tmp/pb.var        #来自上面的pbvar  - name: host var    copy: content={{ https_port }}{{ http_port  }} dest=/tmp/host.var   #来自host文件 组和hosthost文件[websrvs:vars]http_port=8080[websrvs]192.168.1.201 https_port=4431  ansible_ssh_port=22 ansible_ssh_user=zander ansible_ssh_pass=zander192.168.1.202 https_port=4432  ansible_ssh_port=22 ansible_ssh_user=zander ansible_ssh_pass=zander

[[email protected] playbooks]# ansible-playbook sencond.yml -e cmdvar=‘aaaaaaa‘[[email protected] ~]# cat /tmp/cmd.varaaaaaaa[[email protected] ~]#[[email protected] ~]# cat /tmp/pb.varplaybook var[[email protected] ~]#[[email protected] ~]# cat /tmp/host.var44318080[[email protected] ~]#

Template

/root/playbooks/nginx.conf.j2：   变量查看setup模块worker_processes  worker_processes {{ ansible_processor_vcpus-1 }};#listen {{ ansible_ens34.ipv4.address }}- hosts: websrvs  remote_user: root  vars:  tasks:  - name: command line vars    template: src=/root/playbooks/nginx.conf.j2 dest=/tmp/nginx.conf    when: ansible_distribution_major_version == "7"   #加判断[[email protected] playbooks]# ansible-playbook sencond.yml每个节点能用对应的变量[[email protected] ~]# cat /tmp/nginx.confworker_processes  worker_processes 2;#listen 192.168.1.201[[email protected] ~]# cat /tmp/nginx.confworker_processes  worker_processes 2;#listen 192.168.1.202

Role Brief Introduction

Roles defining a path

[[email protected] playbooks]# vim /etc/ansible/ansible.cfg#roles_path    = /etc/ansible/roles

[[email protected] playbooks]# mkdir -pv /etc/ansible/roles/nginx/{files,templates,tasks,vars,handlers,meta,default}

roles/    project/         tasks/          定义task,role的基本元素，至少应该包含一个名为 main.yml的文件;其它的文件需要在此文件中通过include进行 包含        files/          存放由copy或script模块等调用的文件        vars/ 不常用     定义变量，至少应该包含一个名为main.yml的文件;其 它的文件需要在此文件中通过include进行包含        default/ 不常用  设定默认变量时使用此目录中的main.yml文件        templates/      template模块查找所需要模板文件的目录        handlers/       至少应该包含一个名为main.yml的文件;其它的文 件需要在此文件中通过include进行包含        meta/ 不常用     定义当前角色的特殊设定及其依赖关系,至少应该包含一 个名为main.yml的文件，其它文件需在此文件中通过include进 行包含

[[email protected] tasks]# pwd/etc/ansible/roles/nginx/tasks[[email protected] tasks]# vim main.yml- name: install nginx  yum: name=nginx state=latest- name: install conf  template: src=vhost1.conf.j2 dest=/etc/nginx/conf.d/vhost1.conf    #src 可以写相对路径  在role中

[[email protected] playbooks]# vim nginx.yml- hosts: websrvs  remote_user: root  roles:  - nginx

Linux ansible Introduction