Ansible Introduction
1. What is ansible
ansible is an open source automation platform, a configuration management tool, an automated operation and maintenance tool
2. The advantages of ansible
- Cross-platform support
- Human-readable automation: ansible provides agentless support for Linux, Windows, unix and network devices, suitable for physical, virtual, cloud and container environments
- Perfect description application: playbook
- Easily manage version control: playbook is plain text and can be regarded as source code
- Support dynamic list
- Orchestration can be easily integrated with other systems: puppet, jenkins
- Infrastructure as code
- Reduce human error
Tasks, play, and playbook are designed to be idempotent, so when the playbook is run, if the target host is in the correct state, no changes will be made.
3. Install ansible
1. Install ansible on the workstation and act as a control node
yum install -y ansible
2. View ansible version information
ansible --version
3. Use the setup module to verify python
ansible -m setup localhost | grep ansible_python_version
“ansible_python_version”: “3.6.8”,
Deploy ansible
To deploy ansible, you must perform password-free authentication on the management host and managed host before you can implement ansible automated deployment.
1. Build ansible list (explain)
What is a list?
The ansible list defines a batch of hosts that ansible will manage
- Static list
One for each line, fill in the host name or ip, such as:
www.westos.org
172.25.254.250
You can also define host groups:
[webservers]
server1.westos.org
server2.westos.org
172.25.0.1
[dbservers]
node1.westos.org
node1.westos.org
'Note: A host can exist in multiple host groups'
- The definition of nested group
ansible host list can contain multiple host groups, such as:
[webservers]
server1.westos.org
server2.westos.org
172.25.0.1
[dbservers]
node1.westos.org
node1.westos.org
[servers:children]
webservers
dbservers
- Simplify host specifications by scope
Can specify host name or ip range or number and letter range
Grammar rules: [START: END]
1.
172.25. [0: 4]. [0: 254] #match 172.25.0.0/24, 172.25.1.0/24…
2.
server [01:10] .example.com #match server01.example.com to server10 .example.com all hosts
3.
[a: c] .example.com #match a.example.com to c.example.com
-
Verification list
[root @ workstation ~] # ansible workstation.lab.example.com --list-hosts
'There are no managed hosts in the current host' -
Default inventory location: / etc / ansible / hosts #Generally not used, but create a new inventory file
by yourself. After the change, the managed host appears.
You can also display the inside of the group:
you can display the ones that are not in the group:
-
Dynamic list-> can be obtained from scripts in the open source community
-
Custom list
mkdir deploy-inventory #Create inventory directory
vim inventory Create inventory file
List hosts
ansible all -i inventory --list-hosts
-i specifies the file
ansible ungrouped -i inventory --list-hosts 列出不在组中的主机
ansible www -i inventory --list-hosts 列出www组中的主机
ansible westos -i inventory --list-hosts westos组包含www组和bbs组
It is
recommended to use multiple virtual machines to change the content of the file , so that the effect can be better seen.
2. Manage ansible configuration files
1. Configure ansible
Configuration file:
/etc/ansible/ansible.cfg
Basic configuration file, if no other configuration file is found, use this, with the lowest priority
~/.ansible.cfg
If this configuration exists and there is no ansible.cfg in the current working directory, this file replaces /etc/ansible/ansible.cfg
./ansible.cfg
If there is ansible.cfg in the directory where the ansible command is executed, use it instead of the two above (recommended, the above two are not commonly used).
View the configuration file used
When the ansible.cfg file exists in the current directory:
the configuration file of the current directory will be used.
Manage settings in configuration files:
[defaults] Set the default value of ansible operation in part
. It doesn't need to be changed. It is common.
[privilege_escalation] Configure how ansible performs privilege escalation on managed hosts
Example: Write your own configuration file.
vim ansible.cfg
[defaults]
inventory = ./inventory
remote_user = student 指定登录受管主机的用户,如不指定则使用当前用户名称
ask_pass = false 是否提示输入ssh密码,做了免密就可以设置为false,否则需为true
[privilege_escalation]
become = true 连接到受管主机上是否进行身份切换
become_method = sudo 切换方式,默认为sudo
become_user = root 切换到的用户
become_ask_pass = false 是否需要为become_method提示输入密码,默认为false
Use sudo for decentralization and use super user to edit files:
vim /etc/sudoers.d/thermal
3. Run the temporary command
Use temporary commands to quickly test and change without writing a playbook
1. Format:
ansible host-pattern -m module [-a 'module arguments'] [-i inventory]
-m 后面接模块
-a 后面接参数
-i 指定文件
Do a good local analysis:
2. Check whether you can run the python module on the managed host
3. Use temporary commands to perform tasks through the module
[root @ workstation ~] # ansible-doc -l #List all modules
There are a lot of modules, from a-z
[ root @ workstation ~] # ansible-doc ping #View ping module help document #
ansible module
File module: -copy: copy local file to managed host
-file: set file permissions and other attributes
-lineinfile: make sure whether specific line
-Synchronize in the file : use rsync to synchronize content
System modules: -firewalld: use firewalld to manage any port and service
-reboot: restart
-service: manage service
-user: add, delete and manage user accounts
Net Tools module-get_url: download files via http, https, or ftp-
nmcli: manage network-uri:
interact with web services
4. Example: Use the user module to ensure that the thermal user exists on rhel71.com and the uid is 1000
ansible -m user -a 'name=thermal uid=1000 state=present' rhel71.com
Run the command on the managed host:
ansible webservers -m command -a /usr/bin/hostname
serverb.lab.example.com | CHANGED | rc = 0 >> #Status report, showing the host name and operation results
serverb.lab.example.com #Command output
ansible webservers -m command -a /usr/bin/hostname -o #加上-o参数,单行显示
'Note: The command module allows remote commands to be executed, but these commands are not processed by the shell, so shell environment variables cannot be accessed, so redirection, transfer, and other operations cannot be performed, and can be executed with the shell module. '
The difference between using shell and command:
ansible localhost -m command -a set
ansible localhost -m shell -a set
Create the / root / deploy-adhoc directory and write a configuration file.
Use the command module to execute temporary commands
[root @ workstation deploy-adhoc] # ansible localhost -m command -a 'id'
[root @ workstation deploy-adhoc] # ansible localhost -m command -a 'id' -u root #Use the
-u option to connect with student And execute the id command
'when the above two commands are executed, they need to be executed in the newly created directory, otherwise the result will not change'
Use the copy module
1. First use the student user, because the student user does not have write permission, it will fail
[root @ workstation deploy-adhoc] # ansible localhost -m copy -a 'content = “westos ansible \ n” dest = / etc / motd '-u student
2. Use privilege escalation
'注意:此处使用特权升级需要先编辑/etc/sudoers.d/student文件'
[root@workstation deploy-adhoc]# cat /etc/sudoers.d/student
student ALL=(ALL) NOPASSWD: ALL
#Run as root [root @ workstation deploy-adhoc] # ansible localhost -m copy -a 'content = “westos ansible \ n” dest = / etc / motd' -u student --become
[root @ workstation deploy-adhoc ] # cat / etc / motd
westos ansible
Use all parameter to change servera and localhost at once
[root@workstation deploy-adhoc]# ansible all -m copy -a 'content="westos ansible\n" dest=/etc/motd' -u thermal --become
You can see localhost shows SUCCESS, and servera shows CHANGED, because localhost is already in the correct state. It
can be seen that the change has been completed.
View
[root @ workstation deploy-adhoc] # ansible all -m command -a 'cat / etc / motd' -u student