theory
Ansible-Automated Operation and Maintenance:
- What is the core mission of Ansible?
Answer: Operation and maintenance-maintain the stability of the entire structure & timely investigation & tuning, etc. - Ansible's core mission?
Solve batch deployment service & restart & debugging, etc.
Other similar ansible products (ansible is currently the most popular)
– Puppet
– Saltstack
Puppet & saltstack typical C/S mode tool-several devices are needed as the server side (controlling-sending instructions)
- No matter how many managed terminals, you need to install Client
– Ansible & Saltstack developed through Python --> Compared with the traditional source code C C++
Why is ansible the hottest?
- High concurrent processing
- Lightweight & easy to control
- No client required
- Based on ssh
Optimization of Ansible
In fact , optimization of Ansible-control efficiency is not optimizing Ansible itself-Netcom & protocol based on ssh
ssh All servers are turned on by default.
Verification: Password password verification
Key authentication-key pair-private key & public key
-public key-lock-public key can be transmitted over the Internet
-private key-key-can not be transmitted
need to optimize ssh Service-Prompt to cancel & maximum number of connections & verification time
What is lightweight
What is lightweight: code design & usage For
example: Apache-weight & Nginx-lightweight
-code-Nginx minus many infrequent functions-->Nginx is for a certain environment|industry Development-E-commerce
-Apahce installation and deployment & control-Take up a lot of resources Nginx reduced
Important components:
-Ansible: core-used to process user requests
-inventory: inventory-used to count & specify downstream equipment? --> IP address/network segment & host name
-Playbook: Script-Used to specify the sequence of downstream equipment batch processing tasks
-Module & Plugin: Module & Plugin-specific applications, which need to be called when downstream equipment performs certain operations
Ansible important documents & important command
- File: The default in / etc / ansible
- for Inventory, inventory - in charge of the file can be controlled hosts file
- defines the path Ansible adjust some of the features manifest file path, role adjustment - - anisble.cfg config configuration
- Roles directory-define -roles for multiple tasks in Ansible
Important commands
– the ansible-doc command is used to view the "module|plug-in" specific functions & parameters
– ansible-used to execute a single control command
– ansible-playbook-used to execute a playbook
– ansible-galaxy-used to create Character
Use playbook to deploy multiple LAMP environments
Playbook-Roles will use the directory:
Files: store source files that need to be synchronized to a remote server & configuration file
copy module for transmission-don't put the .j2 suffix in the files directory
tasks: task set-which tasks the downstream device should perform
template : Used to execute template files-generally put some scripts-general configuration files httpd.conf --> httpd.conf.j2
template: used to execute template files-generally put some scripts-general configuration files httpd.conf --> httpd. conf.j2
template module for transmission-.j2 suffix
Copy & template-two modules for file transfer
-copy common-mainly for files in the files directory
-template for the .j2 format (.exe, .doc, etc.) for the template directory
Practice
Build LAMP on Client1 & Client2 by using Ansible on Server
Environment: server: 192.168.1.61
client01: 192.168.1.63
client02: 192.168.1.64
1. Synchronize time & time zone
[root@192 ~]# ntpdate ntp1.aliyun.com
[root@192 ~]# cp -a /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
2. Add epel source to install ansible
[root@192 ~]# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
[root@192 ~]# yum -y install ansible
3. Configure password-free login
46 ssh-keygen
47 ssh-copy-id 192.168.1.63
48 ssh-copy-id 192.168.1.64
4. Configuration checklist test ansible
[root@192 ansible]# pwd
/etc/ansible
[root@192 ansible]# tail -3 hosts
[web]
192.168.1.63
192.168.1.64
[root@192 ansible]# ansible web -m ping
192.168.1.64 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.1.63 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
5.server安装http&mariadb
[root@192 ansible]# yum -y install httpd mariadb-server mariadb
6. Initialization
root@192 roles]# ansible-galaxy init lnmp
- Role lnmp was created successfully
- [root@192 roles]# tree lnmp/
lnmp/
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
7.cp configuration file
[root@192 files]# cp /etc/httpd/conf/httpd.conf ./lnmp/files/
[root@192 files]# cp -a /etc/my.cnf ./lnmp/files/
[root@192 files]# cat index.php
<?php
phpinfo();
?>
[root@192 files]# tree . #完成后一共三个文件
.
├── httpd.conf
├── index.php
└── my.cnf
8. Write a script template
[root@192 tasks]# pwd
/etc/ansible/roles/lnmp/tasks
[root@192 tasks]# cat main.yaml
- name: prepare config
shell: iptables -F
- name: clean the firewalld
shell: systemctl stop firewalld
- name: webserver install
yum: name=httpd state=installed
- name: config file replace
copy: src="httpd.conf" dest="/etc/httpd/conf/httpd.conf"
- name: provide index page
copy: src="index.php" dest="/var/www/html"
- name: mysql install
yum: name=mariadb-server state=installed
- name: config file replace
copy: src="my.cnf" dest="/etc/my.cnf"
- name: install php
yum: name=php,php-mysql state=installed
- name: start httpd service
service: name=httpd state=started
- name: start mariadb service
service: name=mariadb state=started
9. Call
[root@192 roles]# pwd
/etc/ansible/roles
[root@192 roles]# cat install_lamp.yml
- name: LAMP bulid
remote_user: root
hosts: web
roles:
- lamp
[root@192 roles]# ansible-playbook install_lamp.yml
10. Test