Linux Learning Summary (74) automated Operation Koriyuki Ansible

A ansible Introduction

Does not need to install the client, through the sshd to communicate
Module-based work, modules can be developed in any language
Not only supports command line use of modules, but also supports writing YAML format playbook, which is easy to write and read
Installation is simple and can be installed on CentOS directly with Yum
There are UI (browser graphical) Www.ansible.com/tower available, charged
Official Document Http://docs.ansible.com/ansible/latest/index.html
Ansible has been acquired by Redhat, and it is a very popular open source software on GitHub, GitHub address https://github.com/ansible/ansible
A good introductory ebook https://ansible-book.gitbooks.io/ansible-first-book/

Two ansible installation

Prepare two machines, two machines in front of which we do the experiment Lvlinux-1,lvlinux-2
Only need to install ansible on the lvlinux-1
The Yum list |grep ansible can see the 2.4 version of the ansible in its own source.
yum install -y ansible ansible-doc
Generate key pair ssh-keygen-t RSA on Lvlinux-1
Put the public key on the lvinux-2, set the key authentication, and configure it on this machine. You can simulate another one. Can be directly executed on this machine
cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
Increase Ansible Host Group
Vi/etc/ansible/hosts//Increase

[testhost]127.0.0.1192.168.226.130

Description: Testhost is the name of the main group, customized. The following two IP is the machine IP within the group, where 127.0.0.1 refers to the machine. We can define different host groups to classify machines, such as web groups, DB groups. We have already done the hosts, so the second IP can be changed to a domain name lvlinux-2

Three ansible remote execution commands

ansible testhost -m command -a ‘w‘
This allows the command to be executed in bulk. Here the Testhost is the main unit name,-m behind the module name,-a followed by the command. Of course, we can also directly write an IP, for a certain machine to execute the command.
ansible 127.0.0.1 -m command -a ‘hostname‘
Error: "MSG": "Aborting, Target uses selinux but Python bindings (libselinux-python) aren ' t installed!"
Solve:yum install -y libselinux-python
There is also a module that can also be implemented by the shell, the command behind the shell module supports the pipeline, and commands do not support
ansible testhost -m shell -a ‘w‘
Ansible Copying files or directories
ansible lvlinux-2 -m copy -a "src=/etc/ansible dest=/tmp/ansibletest owner=root group=root mode=0755"
Note: The source directory will be placed under the target directory, and it will be created automatically if the target specified directory does not exist. If the file is copied, the name and source specified by Dest are different, and it is not a directory that already exists, which is equivalent to copying the past and then renaming it. Conversely, if Dest is a directory that already exists on the target machine, it will be copied directly to the directory.
ansible testhost -m copy -a "src=/etc/passwd dest=/tmp/123"
The/tmp/123 here is consistent with the/etc/passwd on the source machine, but if the target machine already has a/tmp/123 directory, the passwd file will be created under the/tmp/123 directory.

Quad Ansible Remote Execution script

First create a shell script
vim /tmp/test.shJoin content

 #!/bin/bash echo `date` > /tmp/ansible_test.txt

Then distribute the script to each machine.
ansible testhost -m copy -a "src=/tmp/test.sh dest=/tmp/test.sh mode=0755"
Finally, the shell script is executed in bulk
ansible testhost -m shell -a "/tmp/test.sh"
Shell module, also supports remote execution of commands and with pipelines
ansible testhost -m shell -a "cat /etc/passwd|wc -l "

Five Ansible Management task plan

ansible testhost -m cron -a "name=‘test cron‘ job=‘/bin/touch /tmp/1212.txt‘ weekday=6"
To delete the cron you only need to add a field state=absent
ansible testhost -m cron -a "name=‘test cron‘ state=absent"
Other time indication: minutes minute hours hour date day months month

Six Ansible installation RPM Package/Management Service

ansible testhost -m yum -a "name=httpd"
You can also add state=installed/removed after name
ansible testhost -m service -a "name=httpd state=started enabled=yes"
The name here is the service name in the CentOS system and can be found through Chkconfig--list.
Ansible Use of documents
ansible-doc -lList all the modules
ansible-doc cronView the documentation for the specified module

Use of the seven Ansible playbook

The equivalent of writing the module to the configuration file,
Example 1:
VI/ETC/ANSIBLE/TEST.YML//Add the following:

---- hosts: lvlinux-2  remote_user: root  tasks:    - name: test_playbook      shell: touch /tmp/lvlinux.txt

Note: The first line needs to have three bars, the hosts parameter specifies which hosts to participate in, if more than one machine can be separated by commas, you can also use the host group, in the/etc/ansible/hosts definition;
The user parameter specifies what users are using to log on to the remote host operation;
Tasks specify a task whose name parameter is also a description of the task, which is printed during execution, and the shell is the Ansible module.
Perform:ansible-playbook test.yml
Example 2:
One more example of creating a user:
VI/ETC/ANSIBLE/CREATE_USER.YML//Add the following:

---- name: create_user  hosts: lvlinux-2  user: root  gather_facts: false  vars:    - user: "test"  tasks:    - name: create user      user: name="{{ user }}"

Description: The name parameter provides an overview of the functionality implemented by the playbook, which prints the value of the name variable, which can be omitted, and the gather_facts parameter specifies whether to execute the Setup module to obtain host-related information before executing the following task section. This is used when the subsequent task uses the information obtained by the setup, the VARs parameter specifies a variable, a user variable is specified, and the value is test, it should be noted that the value of the variable must be quoted in quotation marks; the user in the task specifies the call to the user module, The name is a parameter in the user module, and the added user name invokes the value of the above variable.
Perform:ansible-playbook create_user.yml
id testView Create user
Example 3:
Ansible Playbook in the loop
VI/ETC/ANSIBLE/WHILE.YML//Add the following:

---- hosts: testhost  user: root  tasks:    - name: change mode for files      file: path=/tmp/{{ item }} mode=600      with_items:        - 1.txt        - 2.txt        - 3.txt

Description: The item inside the double curly brace represents the loop variable, with_items the object as a loop
Create test files on lvinux-1 and lvlinux-2, respectively 1.txt 2.txt 3.txt
Execute ansible-playbook while.yml and view file permissions
Example 4:
The condition judgment in Ansible Playbook
VI/ETC/ANSIBLE/WHEN.YML//Add the following:

---- hosts: testhost  user: root  gather_facts: True  tasks:    - name: use when      shell: touch /tmp/when.txt      when: ansible_ens33.ipv4.address == "192.168.226.129“

Note: ansible lvlinux-2 -m setup You can view all the facter information. Here the condition is the IPv4 address of the ENS33 network card, so the IP of the lvlinux-1 machine will be matched, so it will skip the lvlinux-2 machine and create the file only on the lvlinux-1 machine.
Perform ansible-playbook when.yml A view of the When.txt file on lvlinux-1
Example 5:
The Handlers in Ansible playbook
After executing a task, some actions to be performed after the server has changed, such as after we have modified the configuration file, we need to restart the service vi/etc/ansible/handlers.yml//add the following content

---- name: handlers test  hosts: lvlinux-2  user: root  tasks:    - name: copy file      copy: src=/etc/passwd dest=/tmp/aaa.txt      notify: test handlers  handlers:    - name: test handlers      shell: echo "111111" >> /tmp/aaa.txt

Note that only the copy module is actually executed to invoke the following handlers related operation. In other words, if the copy source file does not exist, copy does not execute successfully, it will not execute the shell-related commands inside the handlers. This comparison is appropriate for restarting the operation of the service after the configuration file has changed. Equivalent to &&
Example 6:
Playbook Actual Combat-nginx Installation:
The first step
Idea: first on a machine to compile and install the Nginx, packaging, and then use Ansible to the issued

 cd /etc/ansible    //进入ansible配置文件目录 mkdir  nginx_install   //创建一个nginx_install的目录，方便管理  cd nginx_install mkdir -p roles/{common,install}/{handlers,files,meta,tasks,templates,vars}

Description: The roles directory has two roles, common for some preparation operations, install for the installation Nginx operation. There are several directories under each role, handlers the following is the action to take when a change occurs, usually with a change in the configuration file, to restart the service. Files for the installation of some documents, meta for the description of information, the role depends on the information, tasks inside is the core configuration file, templates usually save some configuration files, startup scripts and other template files, VARs under the defined variables
Step Two
You need to prepare the installation files in advance, as follows:
Pre-compile and install Nginx on a single machine, configure the startup script, configure the configuration file.
After installation, we need to pack the Nginx directory and put it under/etc/ansible/nginx_install/roles/install/files/, named Nginx.tar.gz
Cd/usr/local

tar -zcvf nginx.tar.gz --exclude "nginx.conf" --exclude "vhost" nginx/mv nginx.tar.gz /etc/ansible/nginx_install/roles/install/files

Launch scripts, configuration files are put under/etc/ansible/nginx_install/roles/install/templates

cp nginx/conf/nginx.conf /etc/ansible/nginx_install/roles/install/templatescp /etc/init.d/nginx /etc/ansible/nginx_install/roles/install/templates

In the profile directory common, under Subtask directory task, write the playbook that installs the app dependency package
Cd/etc/ansible/nginx_install/roles
Defining Common's tasks,nginx is a need for some dependent packages
Vim./COMMON/TASKS/MAIN.YML//content as follows

- name: Install initializtion require software  yum: name={{ item }} state=installed  with_items:    - zlib-devel    - pcre-devel

Step Three
In the installation directory install, under the sub-variable directory vars, define the relevant variables for the application.
VIM/ETC/ANSIBLE/NGINX_INSTALL/ROLES/INSTALL/VARS/MAIN.YML//content is as follows

nginx_user: wwwnginx_port: 80nginx_basedir: /usr/local/nginx

In the installation directory install, sub-task directory task, write copy.yml, sequentially implement, copy the application package, and unzip. Copy the startup script and copy the master configuration file.
VIM/ETC/ANSIBLE/NGINX_INSTALL/ROLES/INSTALL/TASKS/COPY.YML//content is as follows

- name: Copy Nginx Software  copy: src=nginx.tar.gz dest=/tmp/nginx.tar.gz owner=root group=root- name: Uncompression Nginx Software  shell: tar zxf /tmp/nginx.tar.gz -C /usr/local/- name: Copy Nginx Start Script  template: src=nginx dest=/etc/init.d/nginx owner=root group=root mode=0755- name: Copy Nginx Config  template: src=nginx.conf dest={{ nginx_basedir }}/conf/ owner=root group=root mode=0644

Fourth Step
Next the user is established, the service is started, the package is deleted
VIM/ETC/ANSIBLE/NGINX_INSTALL/ROLES/INSTALL/TASKS/INSTALL.YML//content is as follows

- name: Create Nginx User  user: name={{ nginx_user }} state=present createhome=no shell=/sbin/nologin- name: Start Nginx Service  shell: /etc/init.d/nginx start- name: Add Boot Start Nginx Service  shell: chkconfig --level 345 nginx on- name: Delete Nginx compression files  shell: rm -rf /tmp/nginx.tar.gz

Fifth Step
Create the MAIN.YML again and call copy and install
VIM/ETC/ANSIBLE/NGINX_INSTALL/ROLES/INSTALL/TASKS/MAIN.YML//content is as follows

- include: copy.yml- include: install.yml

To this two roles:common and install the definition is complete, next to define a Portal configuration file
VIM/ETC/ANSIBLE/NGINX_INSTALL/INSTALL.YML//content is as follows

---- hosts: testhost  remote_user: root  gather_facts: True  roles:    - common    - install

Perform:ansible-playbook /etc/ansible/nginx_install/install.yml
Note: We previously developed a monitoring system with shell scripts, and also defined a lot of directories, here we use playbook to install Nginx's entire logic similar to it, that is, the script call. In short, nginx_install the following entry script Instll.yml
Call Common and install, we can consider it as two modules, common do is to install the dependency package, install and call two function scripts, one is the copy is a package, the other is installed. The shell monitoring system can access
http://blog.51cto.com/12606610/2128215
Example 7
Manage Profiles
Most of the time in a production environment, you need to manage the configuration files, and the installation packages are only used when initializing the environment. Let's write a playbook to manage Nginx configuration files.
mkdir -p /etc/ansible/nginx_config/roles/{new,old}/{files,handlers,vars,tasks}
Where new is used for the update, old for rollback, files below for the nginx.conf and vhosts directories, handlers command to restart the Nginx service
About rollback, you need to back up the old configuration before executing playbook, so the management of the old configuration file must be strict, you must not casually modify the configuration of the machine on the line, and to ensure that the configuration and line configuration new/files the same
Put the nginx.conf and vhosts directories under the Files directory first.

 cd /usr/local/nginx/conf/ cp -r nginx.conf vhost  /etc/ansible/nginx_config/roles/new/files/

Defining variables in the VARs directory
VIM/ETC/ANSIBLE/NGINX_CONFIG/ROLES/NEW/VARS/MAIN.YML//define Variables
nginx_basedir: /usr/local/nginx
The handlers directory defines the reload service, which executes after the configuration file copy is completed
VIM/ETC/ANSIBLE/NGINX_CONFIG/ROLES/NEW/HANDLERS/MAIN.YML//define Reload Nginx service

- name: restart nginx  shell: /etc/init.d/nginx reload

The task directory defines a copy of the configuration file and other related files, which are the core tasks
VIM/ETC/ANSIBLE/NGINX_CONFIG/ROLES/NEW/TASKS/MAIN.YML//This is the core task

- name: copy conf file  copy: src={{ item.src }} dest={{ nginx_basedir }}/{{ item.dest }} backup=yes owner=root group=root mode=0644  with_items:    - { src: nginx.conf, dest: conf/nginx.conf }    - { src: vhost, dest: conf/ }  notify: restart nginx

Defines the total ingress playbook to be performed by the Ansible
VIM/ETC/ANSIBLE/NGINX_CONFIG/UPDATE.YML//Finally, define the total ingress configuration

---- hosts: testhost  user: root  roles:  - new

Perform:ansible-playbook /etc/ansible/nginx_config/update.yml
And the rollback of the backup.yml corresponding to the roles is old
rsync-av/etc/ansible/nginx_config/roles/new//etc/ansible/nginx_config/roles/old/
Rollback operation is to overwrite the old configuration, and then reload the Nginx service, each time the Nginx configuration files are backed up to the original, the corresponding directory is/etc/ansible/nginx_config/roles/old/files
VIM/ETC/ANSIBLE/NGINX_CONFIG/ROLLBACK.YML//Finally, define the total ingress configuration

---- hosts: testhost  user: root  roles:  

Note that the rollback means that the configuration file before the change is reloaded, and no other operations have changed. Again, back up the configuration before changing it. The configuration files should be backed up separately, even if they are not backed up here in Ansible. Modify the more important files between the first CP filename Filename.bak is a habit that needs to be cultivated. Playbook File execution process, we need to start with the total import file analysis.

Linux Learning Summary (74) automated Operation Koriyuki Ansible