1.Ansible realizes management:
Ad-Hoc--------------------Use the ansible command to directly complete the management, mainly used for temporary command usage scenarios
playbook------------ -------Ansible script, mainly used in large-scale project scenarios, requires preliminary planning
2. Run an ad hoc command (ad-hoc):
2-1: Through the command line, temporary commands can be used to quickly test and change without writing a playbook. Concise and efficient
Ansible command execution process:
1. Load your own configuration file
2. Load the corresponding module file
3. Generate the corresponding temporary py file from the module through ansible, and transfer the file to the corresponding execution user HOME/.ansible/temp of the remote server /tmp/ansible-tmp-number/xxx.py file
4. Execute file +x
5. Execute and return the result
6. Delete temporary file, exit
2-2: Common modules used by temporary commands:
文件模块:
-copy 将本地文件复制到受管主机
-file 设置文件的权限和其他属性
-lineinfile 确保特定行是否在文件中
-synchronize 使用rsync同步内容
系统模块:
-firewalld 使用firewalld管理任意端口和服务
用firewalld 管理任意端口和服务
-reboot 重启
-service 管理服务
-user 添加、删除和管理用户账户
Net Tools模块:
-get_url 通过http、https、或者ftp下载文件
nmcli 管理网络
-uri 与web服务交互
2-3 Commonly used parameters of Ad-hoc:
3. Playbook in Ansible:
3-1. Playbook: It is a list of repeatable tasks written in YAML markup language.
3-2.yaml format usually uses .yml as the extension
ansible-playbook xxx.yml to run the playbook (requires inventory and ansible.cfg in the environment) Note: There must be-between tasks and tasks in playbook, and between play and play -
3-3. The default output of ansible-playbook does not provide detailed task execution information.
The -v parameter provides four levels: -v (display task results) -vv (display task results and task configuration) -vvv (contains connection information with the managed host) -vvvv (add additional details related to the connection plug-in Degree option) (including the user used to execute the script on the managed host and the executed script)
3-4. It is best to perform syntax verification before executing playbool.
Ansible-playbook --syntax-check webserver.yml
has a syntax error, and the error location ERROR!S
3-5.yaml has no strict requirements for indentation, but there are two basic principles:
1). Data elements at the same level in the same hierarchy must have the same indentation (play itself is a collection of key-value pairs, The keys in the same play should use the same indentation); after meeting: there must be a "" space
2). If the item is a child of another item, the indentation must be greater than the parent item. The format is as follows:
3-6: Common execution commands in playbook:
ansible-playbook xxx.yml ... ansible执行playbook
--check|-C ##检测
--syntax-check ##检测语法
--list-hosts ##列出hosts
--list-tags ##列出tag
--list-tasks ##列出task
--limit ##指定执行主机
-v -vv ##显示过程
4. Edit the indentation format of yaml in vimrc:
5. Variables in ansible:
5-1: Role:
replace some values in the playbook with variables, thus simplifying the writing of the playbook
<1. Variables can be reused by playbook
<2 . Variables can be defined for hosts and host groups in the list
<3. Variables can be defined using facts and external files, or in the command line
<4. Why is the register keyword used? Capture command output
<5. Use of
ansible vault <6. Ansible fact is a variable automatically detected from the managed host
5-2: Variable naming
can only contain numbers, underscores, and letters
can only start with underscores or letters
5-3: Variable level
Global:
Paly set from the command line or configuration file: Set in play and related structures
Host: Tasks collected or registered by the list, facts
Variable priority setting:
narrow range takes precedence over wide range
5-4: Common ways of using variables:
5-4-1: Define variables in the vars block at the beginning of the playbook (common way)
5-4-2: Directly add -e parameter to define variable in ad-hoc command line:
ansible test -e “username=westos” ;
5-4-3: Create a variable file in the same level directory of ansible.cfg:
Pay attention to the use of double quotes when calling variables:
such as: "{{username}}"
The use of JINJA2 template:
Introduction:
Jinja2 is the next widely used template engine for Python.
His design idea comes from Django's template engine,
and it has expanded its syntax and a series of powerful functions.
The most notable one is the addition of sandbox execution and optional automatic escaping
Use example:
---
- hosts: all
tasks:
- name: system info
template:
src: hostinfo.j2
dest: /tmp/hostinfo
Note: Import other playbooks or tasks:
- import_playbook: task.yml
6. Management facts in Ansible:
Collect fact information:
gather_acts; you can use gather_acts: no | false to close the collection;
use system variable names, which are common as follows:
hostname: {
{
ansible_facts['hostname'] }}
ip: {
{
ansible_facts["eth0"]["ipv4"]["address"] }}
DNS: {
{
ansible_facts['dns']['nameservers'][-1] }}
vda1: {
{
ansible_facts['devices']['vda']['partitions']['vda1']['size'] }}
kernel: {
{
ansible_facts['kernel'] }}
View factual information: ansible test (list) -m setup | less
7.Ansible's encryption control:
创建建立文件
1.
ansible-vault create westos
2.
vim westos-vault
lee
ansible-vault create --vault-password-file=westos-valut westos
#加密现有文件
ansible-vault encrypt test
#查看加密文件
ansible-vault view westos
ansible-vault view --vault-password-file=westos-valut westos
#编辑加密文件
ansible-vault edit westos1
ansible-vault edit --vault-password-file=westos-valut westos
##解密文件
ansible-vault decrypt westos ##文件永久解密
ansible-vault decrypt westos --output=linux ##文件解密保存为linux
##更改密码
ansible-vault rekey westos1
ansible-vault rekey westos1 --new-vault-password-file=key1
#playbook#
ansible-playbook apache_install.yml --ask-vault-pass