Table of contents
2. Installation and use of Ansible
3. Ansible commands and modules
1. Introduction to Ansible
Ansible is a configuration management and application deployment tool based on Python, and now it is also shining in the field of automation management. It combines the advantages of many old-fashioned operation and maintenance tools. Ansible can basically achieve the functions that Pubbet and Saltstack can achieve.
Ansible can configure, deploy, and manage thousands of hosts in batches. For example, in the past, it was necessary to switch to one or more operations performed on each host, but using Ansible only needs to complete the operations of all hosts on a fixed Ansible control node.
Ansible works based on modules . It just provides a running framework. It does not have the ability to complete tasks. It is Ansible modules that actually perform operations. For example, the copy module is used to copy files to remote hosts, and the service module is used to manage Start, stop, restart, etc. of the service.
One of the more distinctive features of Ansible is Agentless, that is, there is no Agent. It is like an ordinary command, not a C/S software. It only needs to install Ansible once on a host as a control node. Usually it is based on ssh connection to control the remote host , there is no need to install Ansible or other additional services on the remote host.
When users use it, they input commands or playbooks at the server terminal, and the playbook will be disassembled into plays according to predetermined rules, and then organized into tasks that can be recognized by ansible, calling modules and plug-ins, and sending temporary files through SSH according to the host list. Execute and return the result to the remote client, and delete it automatically after execution
Another distinctive feature of Ansible is that most of its modules are idempotent . The so-called idempotence means that multiple operations or multiple executions have the same impact on system resources. If the status of multiple operations does not change, it will not be repeated. For example, execute the systemctl stop xxx command to stop the service. When it finds that the target service to be stopped is already in the stopped state, it will not do anything, so the result of multiple stops is still stopped, and the result will not be changed. It is idempotent. And systemctl restart xxx is non-idempotent.
Many modules of Ansible will first judge whether the target node wants to execute the task when executing it. Therefore, you can safely and boldly let Ansible execute the task. Most of the time, repeated execution of a task will not cause any side effects.
Ansible summary
- Automated operation and maintenance tools, capable of batch configuration, deployment, and management of thousands of hosts;
- No agent exists, no client application needs to be installed on the controlled node;
- Communication with the controlled node through the SSH protocol;
- Module-based It is working, and the command operation can be executed on the controlled node through the module;
- Many modules are idempotent, realizing: if the state of multiple operations does not change, it will not be executed repeatedly.
2. Installation and use of Ansible
1. Download
#先安装epel源,再安装ansible
yum install -y epel-release
yum install -y ansible
Ansible directory structure
/etc/ansible/
├── ansible.cfg #ansible configuration file, generally no need to modify
├── hosts #ansible host list, used to store information about remote hosts that need to be managed
└── roles/ # public character directory
2. use
First you need to add the managed hostname in the /etc/ansible/hosts file
Then do ssh secret-free verification on these hosts that need to be managed (first turn off ssh host verification, and then do key pair verification)
#配置密钥对验证
ssh-keygen -t rsa #一路回车,使用免密登录
sshpass -p '123123' ssh-copy-id [email protected]
sshpass -p '123123' ssh-copy-id [email protected]
...
3. Ansible commands and modules
1. Command format
ansible hostname -m module -a parameter list
Group name # will operate on all hosts in the group
all # will operate on all hosts in all groups
2. Command line module
ansible-doc -l # can list all installed modules (press q to exit)
ansible-doc -s module name # -s lists the description information and operation actions of the specified module
(1) command module
Executing commands on a remote host does not support shell features such as pipes and redirection.
example
Common parameters
chdir: enter the directory in advance before running the command on the remote host
creates: judge whether the specified file exists, if it exists, do not perform the subsequent operation
removes: determine whether the specified file exists, if it exists, perform the following operation
example
(2) shell module
Executing commands on the remote host is equivalent to calling the shell process of the remote host, and then opening a subshell to run commands under the shell (supporting functions such as pipe symbols)
module parameters
example
(3) cron module
Define task schedules on remote hosts. There are two states (state):
- present means to add (can be omitted);
- absent means to remove.
module parameters
Commonly used parameters
minute/hour/day/month/weekday: minute/hour/day/month/week
job: task plan command to be executed
name: task plan name
present add
absentdelete
(4) user module
user management module
Commonly used parameters
name: username, mandatory parameters
state=present, absent: create an account or delete an account, present means create, absent means delete
system=yes, no: whether it is a system account
uid: user uid
group: user basic groupgroups: user additional group
shell: the shell used by default
move_home=yse, no: if the set home directory already exists, whether to move the existing home directory
password: the password of the user, it is recommended to use an encrypted string (if specified here password in plaintext, the password in the /etc/shadow file will not be encrypted)
comment: user’s comment information
remove=yes, no: when state=absent, whether to delete the user’s home directory
new user
delete users
(5) group module
Modules for user group management
module parameters
new group
delete group
(6) copy module
Used to copy the specified host file to the remote host
Commonly used parameters
dest: point out the destination and location of the copied file, use an absolute path, if the source is a directory, the target must also be a directory, if the target file already exists, the original content will be overwritten src: point out the path of the source file, you can use
a relative path or absolute path, support directly specifying the directory, if the source is a directory, the target should also be a directory
mode: point out the permission of the target file when copying
owner
: point out the owner of the target file when copying Group
content: indicates the content copied to the target host, cannot be used with src
example
(7) file module
Create and delete file directory, set properties
Common parameters
path: the path of the specified file (this parameter is required)
mode: file permissions, represented by numbers
state: the default is file to modify the file directory attribute; touch to create a file; directory to create a directory; absent to delete a file or directory; link to add a soft link
src: specify the file for soft link
Create a file
modify properties
Delete Files
(8) hostname module
Used to manage hostnames on remote hosts
(9) ping module
Check the connectivity of the remote host
(10) yum module
Install and uninstall packages on remote hosts
yum install
yum delete
(11) service/systemd module
Used to manage the running status of the management service on the remote host
Common parameters
name: the name of the managed service
state=started|stopped|restarted: the action includes startup, shutdown or restart
enabled=yes|no:
indicates whether to set the service to start automatically after startup Under which running targets to start automatically
(12) script module
Realize remote batch running of local shell scripts
Write a test script to create a user and give x execution permission, then execute -a and add the script file path and parameters
(13) setup module
The facts component is used to collect managed node information, which can be obtained using the setup module
You can use filter to filter the required information
4. Inventory host list
Inventory supports grouping of hosts. Multiple hosts can be defined in each group, and each host can be defined in any one or more host groups. If there are hosts with similar names, you can use a list to identify each host.
1. Host name and port
2. Variables in inventory
Inventory variable name | meaning |
---|---|
ansible_host | IP address when ansible connects to the node |
ansible_port | The port number of the other party to connect to, the default is 22 for ssh connection |
ansible_user | The username used when connecting to the other host. When not specified, the user who executes the ansible or ansible-playbook command will be used |
ansible_password | The user's ssh password when connecting, only valid if the key pair is not used for authentication |
ansible_ssh_private_key_file | Specify the private key file for key authentication ssh connection |
ansible_ssh_common_args | Additional parameters provided to ssh, sftp, scp commands |
ansible_become | Allow privilege escalation |
ansible_become_method | Specify the way to elevate privileges, for example, sudo/su/runas can be used |
ansible_become_user | Which user's authority to upgrade to, the default is root |
ansible_become_password | Password when elevating to specified user privileges |
(1) Set host variables
(2) Set host group variables
(3) Set global variables
3. Nesting of groups