"Mac" Ansible installation and basic use

Installation

Environmental release
Mac 10.12.5

#more/system/library/coreservices/systemversion.plist

Installation commands

#ruby-E "$ (Curl--insecure-fssl https://raw.githubusercontent.com/Homebrew/install/master/install)" #brew update# Brew Install Ansible

The hosts default access location after installation

/usr/local/etc/ansible/hosts

Public Private key configuration

Create a public private key

Ssh-keygen-t rsa-c ' [email protected] '

-t specifies the key type, which is RSA by default and can be omitted
-C Set comment text, such as your mailbox

Default storage location

/users/jenkins/.ssh/id_rsa

Copy the public key to the SSH server

Ssh-copy-id [email protected]

Hosts configuration

Defining hosts and Groups
Define a host with an IP of 192.168.1.21 and an SSH port of 2135

192.168.1.21:2135

Defines a host with an alias of jumper, a port of SSH, and an IP of 192.168.1.50

Jumper Ansible_ssh_port=22 ansible_ssh_host=192.168.1.50

Example of group member host name:

[Test] jenkis236 ansible_ssh_port=22 ansible_ssh_host=192.168.1.236

If you have many hosts that follow a pattern, you can also show them that:

[Webservers] web[1:50].lightcloud.com [Database] db-[a:f].lightcloud.com

Defining host Variables

The host can specify a variable, which can then be called by playbooks

[Test] jenkis236 ansible_ssh_port=22 ansible_ssh_host=192.168.1.236 http_port=8080

Defining Group variables

[atlanta]host1host2[atlanta:vars]ntp_server=ntp.atlanta.example.comproxy=proxy.atlanta.example.com

Ansible the built-in connection host variable

Ansible_ssh_host  ansible ssh connected to the IP or fqdnansible_ssh_port  SSH connection port ansible_ssh_user the  user Ansible_ Ssh_pass  SSH connection password (which is unsafe, ansible strongly recommends using the--ask-pass option or using SSH keys) ansible_sudo_pass  sudo user's password Ansible_ Connection  SSH connection type: Local,ssh,paramiko, before ansible 1.2 by default is Paramiko, later intelligent selection, Priority use of controlpersist-based SSH (supported premise) ansible_ssh_private_key_file  SSH connection public key file Ansible_shell_type  Specify the shell interpreter used by the host, the default is SH, you can set to CSH, fish and other shell interpreter Ansible_python_interpreter  used to specify the path of the Python interpreter ansible\_\*\_ Interpreter  is used to specify the path to other syntax interpreters on the host, such as Ruby,perl, etc.

Ansible Common modules and APIs

Command: Execute remote host shell commands

Ansible all-i/users/jenkins/jenkins/lirbary/ansible_hosts/hosts_test-m command-a "Ifconfig"

Script: Remote execution of master local shell scripts. (similar to Scp+shell)

Ansible test-i/users/jenkins/jenkins/lirbary/ansible_hosts/hosts_test-m script-a ". /env_update_shell/test.sh "

Copy: Enables the master to copy files to the target host, similar to the SCP function.

Ansible test-i/users/jenkins/jenkins/lirbary/ansible_hosts/hosts-m copy-a "src=~/test.sh dest=/tmp/owner=root Group =root mode=0755 "

Stat: Get remote file status information, including Atime, CTime, Mtime, MD5, UID, GID and other information.

Ansible test-i/users/jenkins/jenkins/lirbary/ansible_hosts/hosts_test-m stat-a "path=/users/jenkins/jenkins/"

Get_url: Implements the download of the specified URL locally on the remote host.

Ansible test-i/users/jenkins/jenkins/lirbary/ansible_hosts/hosts_test-m get_url-a "url=http://www.cnblogs.com/ Yatho dest=/tmp/index.html mode=0400 Force=yes "

Yum:linux Package Management platform operation, Common will have Yum and apt, here will call Yum management mode

Ansible servers-m yum-a "Name=curl state=latest"

Cron: remote host crontab configuration

Ansible webservers-m cron-a "name= ' check dir ' hour= ' 5,2 ' job= ' ls-alh >/dev/null '"

Service: Remote host system Services management

# ansible webservers-m service-a "Name=crond state=stopped" # ansible webservers-m service-a "Name=crond State=restarte D "# ansible webservers-m service-a" Name=crond state=reloaded "

User:user

Add User: # ansible webservers-m user-a "name=johnd comment= ' John Doe '" Delete User: # ansible webservers-m user-a "NAME=JOHND state =absent Remove=yes "

Playbook

Playbook Introduction

Playbook is a different pattern than using ansible command-line execution, and its function is to integrate a large number of command-line configurations together to form a customizable multi-host configuration management Deployment Tool.

It is defined in YAML format to enable distribution of application deployments to multiple hosts.

Here is a detailed description of a Playbook deployment example for Nginx nested reuse architecture:

1. Building the directory structure

# cd/etc/ansible/# mkdir group_vars# mkdir roles

2. Define the host

# vi/etc/ansible/hosts[webservers]client01.example.comclient02.example.com[nginx01]client01.example.com[nginx02 ]client02.example.com

3. Defining variables

# Vi/etc/ansible/group_vars/nginx01worker_processes:4num_cpus:4max_open_file:65506root:/dataremote_user:root

# Vi/etc/ansible/group_vars/nginx02worker_processes:2num_cpus:2max_open_file:35506root:/wwwremote_user:root

Tips: Here the filename defined under Group_vars must correspond to the group tag under the Hosts file, and the different types of host configurations can be deployed through the various parameters defined here.

4. Create a roles Portal file

# vi/etc/ansible/site.yml-hosts:webservers  roles:  -base_env-hosts:nginx01  roles:  -nginx01-hosts : nginx02  roles:  -nginx02

　　

Tips: Here's roles: The string below needs to correspond to the directory name in the roles directory.

5. Define Global Role Base_env

Create a directory structure

# mkdir-p/etc/ansible/roles/base_env/tasks # vi/etc/ansible/roles/base_env/tasks/main.yml # transfer Epel Yum Source configuration file to client-  Name:create the contains common plays that'll run on all nodes   Copy:src=epel.repo dest=/etc/yum.repos.d/epel.repo- Name:create the GPG key for EPEL  copy:src=rpm-gpg-key-epel-6 dest=/etc/pki/rpm-gpg  # close selinux-name:test to S EE if selling is running  command:getenforce  register:sestatus  changed_when:false# Delete iptables default rule and save- Name:remove the default iptables rules  command:iptables-f-name:save iptables rules  command:service iptables Save

Copy the files that need to be copied to the remote to the Base_env/files directory

# mkdir-p  /etc/ansible/roles/base_env/files# cp/etc/yum.repos.d/epel.repo/etc/ansible/roles/base_env/files# Cp/etc/pki/rpm-gpg/rpm-gpg-key-epel-6/etc/ansible/roles/base_env/files

6. Define NGINX01 and ngnix02 role

Create a directory structure

# mkdir-p/etc/ansible/roles/nginx{01,02}# mkdir-p/etc/ansible/roles/nginx01/tasks# mkdir-p/etc/ansible/roles/ nginx02/tasks# vi/etc/ansible/roles/nginx01/tasks/main.yml # Install Nginx latest version-Name:ensure Nginx is at the latest version
   
    yum:pkg=nginx state=latest# Transfer nginx config file to remote directory-name:write The nginx config files  template:src=nginx.conf dest=/etc /nginx/nginx.conf  notify:restart nginx # reboot nginx# create nginx root directory-name:create Web root  file:dest={{root}} mode=77  5 state=directory owner=nginx Group=nginx  notify:reload nginx-name:ensure nginx is running  Service:name=nginx state=restarted  # CP/HOME/ANSIBLE/ROLES/NGINX01/TASKS/MAIN.YML/HOME/ANSIBLE/ROLES/NGINX02/TASKS/MAIN.YML
   

　　

7. Define Files

# mkdir-p/etc/ansible/roles/nginx01/templates# mkdir-p/etc/ansible/roles/nginx02/templates# vi/etc/ansible/roles/  nginx01/templates/nginx.conf# for more information on configuration, See:user Nginx;  worker_processes {{worker_processes}};  {% if Num_cpus = = 2%} worker_cpu_affinity 01 10;  {% Elif Num_cpus = = 4} worker_cpu_affinity 1000 0100 0010 0001;  {% elif Num_cpus >= 8} worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;  {% Else%} worker_cpu_affinity 1000 0100 0010 0001;    {% ENDIF%} worker_rlimit_nofile {{max_open_file}};  Error_log/var/log/nginx/error.log;  #error_log/var/log/nginx/error.log Notice;    #error_log/var/log/nginx/error.log Info;    Pid/var/run/nginx.pid;  Events {worker_connections {max_open_file}};      } http {include/etc/nginx/mime.types;        Default_type Application/octet-stream; Log_format Main ' $remote _addr-$remote _user [$time _Local] "$request" $status $body _bytes_sent "$http _referer" "" $http _user        _agent "" $http _x_forwarded_for ";        Access_log/var/log/nginx/access.log main;      Sendfile on;        #tcp_nopush on;      #keepalive_timeout 0;        Keepalive_timeout 65;            #gzip on;  # Load config files from the/etc/nginx/conf.d directory # The default server was in conf.d/default.conf #include      /etc/nginx/conf.d/*.conf;          server {Listen default_server;            server_name _;            #charset Koi8-r;            #access_log Logs/host.access.log Main;              Location/{root {{root}};          Index index.html index.htm;          } error_page 404/404.html;          Location =/404.html {root/usr/share/nginx/html; } # REDIRECT Server error pages to the static page/50x.html # ERROR_PAGE 502 503 504/50x.html;          Location =/50x.html {root/usr/share/nginx/html;  }        }    }

　　

Tip:worker_processes, Num_cpus, Max_open_file, root and other parameters call the corresponding variable values in the configuration file in the Group_vars directory

# cp/etc/ansible/roles/nginx01/templates/nginx.conf  /etc/ansible/roles/nginx02/templates/nginx.conf

8. Executive Playbook

# ansible-playbook-i/etc/ansible/hosts/etc/ansible/site.yml-f 10

Tips:-F executes playbook for starting 10 parallel processes,-I defines inventory host file, Site.yml is a portal file

PLAY [webservers] ************************************************************* gathering FACTS ******************* OK: [Client02.example.com]ok: [Client01.example.com]task: [Base_env |  Create the contains common plays that'll run on all nodes] * * * OK: [Client01.example.com]ok: [Client02.example.com]task: [Base_env | Create the GPG key for EPEL] ******************************** OK: [Client02.example.com]ok: [Client01.example.com]task: [base_env | Test to see if selling is running] ************************** OK: [Client01.example.com]ok: [Client02.example. Com]task: [base_env | Remove the default iptables rules] ************************** changed: [client02.example.com] Changed: [client01.example.com]task: [base_env | save iptables rules] **************************************** changed : [client01.example.com]changed: [Client02.example.com]play [nginx01] ******************************************** Gathering FACTS *********OK: [client01.example.com]task: [nginx01 | Ensure Nginx is at The latest version] *********************** OK: [client01.example.com]task: [nginx01 | Write the nginx config file] ****** OK: [client01.example.com]task: [NGINX01 | Create Web Root] ********************************************* OK: [client01.example.com]task: [nginx01 | ensure Nginx is running] ************************************* changed: [Client01.example.com]play [nginx02] ******************** Gathering FACTS **************************************************** OK: [client02.example.com]task: [nginx02 | Ensure Nginx is at the latest version] *********************** OK: [Client02.example.com]  TASK: [nginx02 | Write the nginx config file] ********************************* OK: [client02.example.com]task: [nginx02 | Create Web Root] ********************************************* OK: [client02.example.com]task: [nginx02 | Ensure Nginx is running] ************************************* changed: [ Client02.example.com]play RECAP ******************************************************************** client01.example.com:ok=11 changed=3 unreachable=0 failed=0 client02.example.com:ok=11 changed  =3 unreachable=0 failed=0

The final deployment directory structure is as follows

# tree/etc/ansible/

/etc/ansible/├──ansible.cfg├──group_vars│   ├──nginx01│   └──nginx02├──hosts├──hosts.bak├──roles│   ├── base_env│   │   ├──files│ │ │   ├──epel.repo│   │   │   └──rpm-gpg-key-epel-6│   │   └──tasks│   │       └──main.yml│   ├──nginx01│   │   ├──tasks│   │   │   └── main.yml│   │   └──templates│   │       └──nginx.conf│   └──nginx02│       ├──tasks│       │   └── main.yml│       └──templates│           └──nginx.conf└──site.yml

Jenkins Association Configuration

Choice Parameter
Deploy_environment define the deployment environment name DEV,TEST,UAT,PDT
Execute Shell
Start and end of set +x, Set-x used to open and close the part of the extended parameters and commands
CD $WORKSPACE/leon-playbook-phpcms1.1
Ansible--version
Ansible-playbook-i inventory/$deploy _environment./deploy.yml-e project=phpcms-e branch= $branch _selector-e env=$ Deploy_environment
-I is used to customize the Ansible host file path, the./deploy.yml is the Ansible-playbook portal file, and the-e can be followed by the environment variables added to the current session.

"Mac" Ansible installation and basic use