1. Overview:
1. Introduction and characteristic analysis
of Ansible automated operation and maintenance tools 2. Ansible automated operation and maintenance tool principles and a bit of in-depth understanding
3. Ansible module enterprise actual combat tools and command exercises
4. Ansible automated operation and maintenance tool playbook application actual combat
5. Detailed explanation Ansible configuration files and advanced performance tuning
The three core functions of linux cloud computing engineers: 
platform architecture formation: responsible for participating in and reviewing the rationality of the architecture design, building the operation and maintenance platform management architecture, and using open source solutions to ensure efficient and stable operation after the product is released, guarantee and continuous Improve service availability, ensure user data security, and improve user experience.
Daily operation guarantee: Responsible for using operation and maintenance technology or operation and maintenance platform to ensure that the product can be released and launched efficiently, and responsible for ensuring the stable operation of the product 7*24 hours. During this period, problems can be quickly located and resolved, and in daily work. Optimize the rationality of system architecture and deployment to improve the stability of system services and
optimize performance and efficiency: use automation tools or operation and maintenance platforms to improve software engineering efficiency in the development cycle, continuously optimize system architecture, improve deployment efficiency, and optimize resource utilization To support the continuous iteration of the product, it is necessary to continuously optimize and adjust the architecture to ensure that the entire product can continue to be enriched and complicated while ensuring high availability.
What is Ansible:
Ansible is simply a configuration management system (configuration management system), you only need to use ssh to access your server or equipment. It is also different from other tools because it uses push methods instead of puppet and so on. In that way, you can deploy the code to any number of servers using the method of pulling and installing the agent!
What Ansible can do:
Ansible can help us complete some batch tasks, or complete some common tasks that need to be repeated frequently; for
example: install nginx services on 100 servers at the same time, and start them after installation. For
example: put a file at once Copy to 100 servers. For
example: whenever a new server joins the work environment, you have to deploy a service for the new server, that is, you need to repeat the same work frequently.
We can use Ansible in these scenarios
Ansible architecture: The 
green on the right is our managed host (virtual machine, physical machine, cloud host, etc.). From the above architecture diagram, we can see that Ansible is composed of host list (configuration), playbook (configuration), and various module plug-ins. Simply put, the user (administrator) calls Ansible's various modules and parameters through Ansible's host list configuration or playbook configuration (a set of tasks) to perform unified management of the hosts in the list.
Ansible can work on Linux, BSD, Mac OS, and other platforms. The minimum requirement for Python environment version is Python2.6 or higher. If the operating system Python software version is 2.4, you need to upgrade to use Ansible tools;
Configuration Ansible actual combat:
1. Hardware environment:
Ansible-server end: 192.168.1.60
Ansible-client end: 192.168.1.70
Ansible-client end: 192.168.1.71
Ansible-client end: 192.168.1.72
Installation method:
source installation, pip, yum installation;
Centos Red Hat operating system can automatically install Ansible based on the YUM tool. Before installing Centos6.x or Centos7.x, you need to install the epel extension source. The code is as follows:
2. Environmental installation:
[root@localhost ~]# yum -y install epel-release //安装扩展源
[root@localhost ~]# yum install -y ansible
(11/15): ansible-2.9.14-1.el7.noarch.rpm
[root@localhost ~]# ansible --version //查看它的版本
ansible 2.9.14
python version = 2.7.5
[root@localhost ~]# ll /etc/ansible/ //可以查看到它的配置文件
-rw-r--r-- 1 root root 19985 10月 8 01:35 ansible.cfg //此文件为Ansible的主配置文件
-rw-r--r-- 1 root root 1016 10月 8 01:35 hosts //定义主机组的
drwxr-xr-x 2 root root 6 10月 8 01:35 roles //定义不同角色Ansible host list:
Ansible remote batch management, in which the execution commands are completed through Ad-Hoc, and several point-to-point single execution commands can be executed quickly, and there is no need to save the executed commands. The default hosts file configures the host list, and you can configure groups. Various ips and rules can be defined, and the hosts list is configured by default.
[root@localhost ansible]# cat hosts |more //查看Ansible主机清单
[root@localhost ansible]# vim hosts
# them like this:
[web] //定义了一个组名
192.168.1.[70:72] //定义了组内的主机、 70/71/72主机
[web] //或者这样定义也可以
192.168.1.70
192.168.1.71
192.168.1.72Ping module actual combat: The
most basic module of Ansible is the ping module, which is mainly used to judge whether the client is online or not. Use the server of ping itself, Fan Hu refers to changed ping;
//ansible web -m ping //使用Ansible对web组内的主机进行ping模块测试
[root@localhost ansible]# ansible web -m ping
Are you sure you want to continue connecting (yes/no)? //提示没有配置秘钥对,解决方案针对问题一
[root@localhost ~]# ansible web -m ping
192.168.1.70 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.1.72 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.1.71 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}Command module: The
Ansible command module is the default Ansible module, which is mainly used to execute linux commands and can directly manage remote servers and task operations.
[root@localhost ~]# ansible web -m command -a "date"
192.168.1.71 | CHANGED | rc=0 >>
Wed Nov 4 14:25:03 UTC 2020
192.168.1.70 | CHANGED | rc=0 >>
Wed Nov 4 14:25:03 UTC 2020
192.168.1.72 | CHANGED | rc=0 >>
Wed Nov 4 14:25:03 UTC 2020
[root@localhost ~]# ansible web -m command -a "ping -c 1 www.baidu.com"
[root@localhost ~]# ansible web -m command -a "yum install httpd -y"
[root@localhost ~]# ansible web -m command -a "systemctl start httpd.service"
[root@localhost ~]# ansible web -m command -a "ss -tan" //查看端口
Ansible Playbook应用:
Playbook由一个或多个“paly”组成的列表,play的主要功能Ansible中的Task定义好的角色,指定剧本对应的服务器组;
远程安装nginx服务器脚本;playbook代码如下;
vim nginx_install.yaml
--- //脚本内容;
-host:web
remote_user:root
tasks:
-name:cvc Pcre-devel and Zlib LIB Install.
yum:name=pcre-devel,pcre,zlib-devel,gcc-c++ state=installed
-name:cvc Nginx WEB Server Install Process.
shell:cd /tmp;rm -rf nginx-1.15.0.tar.gz;wget
http://nginx.org/download/nginx-1.15.0.tar.gz;tar xzf nginx-1.15.0.tar.gz;cd nginx-1.15.0;./configure --prefix=/usr/local/nginx;make,make isntall
[root@localhost ~]# ansible-playbook nginx_install.yam1 -vvv //执行脚本在三台主机上部署nginx
Question one:
[root@localhost ansible]# ansible web -m ping
The authenticity of host '192.168.1.71 (192.168.1.71)' can't be established.
ECDSA key fingerprint is SHA256:+fXgJ0vWlg+shAIaDf+FJKJrFrdECU/NOXu5iVz3fuU.
ECDSA key fingerprint is MD5:bb:c7:9f:3b:69:7e:8c:cc:12:04:23:59:c1:ce:b5:df.
Are you sure you want to continue connecting (yes/no)? The authenticity of host '192.168.1.72 (192.168.1.72)' can't be established.
ECDSA key fingerprint is SHA256:+fXgJ0vWlg+shAIaDf+FJKJrFrdECU/NOXu5iVz3fuU.
ECDSA key fingerprint is MD5:bb:c7:9f:3b:69:7e:8c:cc:12:04:23:59:c1:ce:b5:df.
Are you sure you want to continue connecting (yes/no)? The authenticity of host '192.168.1.70 (192.168.1.70)' can't be established.
ECDSA key fingerprint is SHA256:+fXgJ0vWlg+shAIaDf+FJKJrFrdECU/NOXu5iVz3fuU.
ECDSA key fingerprint is MD5:bb:c7:9f:3b:69:7e:8c:cc:12:04:23:59:c1:ce:b5:df.
Are you sure you want to continue connecting (yes/no)?
错误提示:没有和远程主机配置秘钥对,可以使用ssh-keygen配置秘钥对
解决方案:免秘钥的
[root@localhost ~]# ssh-keygen
[root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub -p 22 [email protected] //将秘钥对拷贝到目标主机。
[root@localhost ~]# ssh 192.168.1.70 //测试目标配置是否成功
Last login: Sun Nov 1 06:29:29 2020 from 192.168.1.101
[root@cb687a8072d1 ~]# ip addr