table of Contents
Ansible
Ansible overview
Ansible is an open source operation and maintenance automation tool that has become more and more popular in recent years. Through Ansible, operation and maintenance automation can be realized, which improves the work efficiency of operation and maintenance engineers and reduces human errors.
Ansible can implement various management tasks through its own integrated very rich modules, with more than a thousand of its own modules. More importantly, it is very simple to operate, even a novice can easily get started, but it provides very rich functions, in the field of operation and maintenance, you can do almost anything.
ansible features
- Modularization: call specific modules to complete specific tasks, rich built-in modules, can almost meet all requirements
- Support custom modules, you can use any programming language to write modules
- Based on python language implementation
- Secure, based on OpenSSH
- Support playbook scheduling tasks, yaml format, support rich data structure
- Idempotence: the result of executing once and executing n times is the same
Precautions
- The host that executes ansible is generally called the master, central, master or bastion
- The main control end python version needs 2.6 or above
- The controlled end python version is less than 2.4, you need to install python-simplejson
- The controlled end needs to install libselinux-python if SELinux is turned on
- Windows cannot be used as the host
Ansible installation and getting started
ansible installation
- Epel source rpm package installation
yum install epel-release -y
yum install -y ansible
- Compile and install
yum install -y python-jinja2 PyYAML python-paramiko python-babel python-crypto
tar xf ansible-1.5.4.tar.gz
cd ansible-1.5.4
python setup.py build
python setup.py install
mkdir /etc/ansible
cp -r examples/* /etc/ansible
- git install
git clone https://github.com/ansible/ansible.git
cd ./ansible
source ./hacking/env-setup
- pip install
yum install -y python-pip python-devel
yum install -y gcc glibc-devel zibl-devel rpm-build openssl-devel
pip install --upgrade pip
pip install ansible --upgrade
Ansible related configuration files
- /etc/ansible/ansible.cfg: The main configuration file, which configures the working characteristics of ansible
- /etc/ansible/hosts: List of managed hosts
- /etc/ansible/roles: The directory where the roles are stored
Several important parameters of the main configuration file:
| parameter | Detailed |
|---|---|
| inventory = /etc/ansible/hosts | List of managed hosts |
| library = /usr/share/my_modules/ | Library file storage directory |
| remote_tmp = ~/.ansible/tmp | Temporary py command files are stored in the managed host directory |
| local_tmp = ~/.ansible/tmp | Directory for storing py command files locally |
| forks = 5 | Default concurrent number |
| sudo_user = root | Default sudo user |
| ask_sudo_pass = True | Whether to ask for sudo password every time the ansible command is executed |
| ask_pass = True | Whether to ask for ssh password |
| remote_port = 22 | ssh port number |
| host_key_checking = False | Check the host_key of the corresponding server, it is recommended to uncomment |
| log_path = /var/log/ansible.log | Log file path, it is recommended to enable |
| module_name = command | Default module |
Several common ways of writing ansible's hosts:
[nginx]
192.168.0.181
[httpd]
192.168.0.178
[web]
192.168.0.[178:181]
[ssh]
192.168.0.178:17777
[hostname]
db-[99:101]-node.example.com
The main ways to use ansible to achieve management:
- Ad-Hoc: Use the ansible command, mainly used for temporary command usage scenarios
- Ansible-playbook: Mainly used for long-term planned, large-scale project scenarios, which require a preliminary planning process
Basic use of ansible related tools
- ansible: main program, temporary command execution tool
format:
ansible <host-pattern> [-m module_name] [-a args]
ansible all -m ping #验证被管理端连通性
ansible --version #显示ansible版本信息
ansible -v #显示ansible执行过程 -vv,-vvv显示的更详细
ansible -k #提示输入ssh连接密码,默认key验证
ansible --check #预执行,检查语法,预执行时候可能会报错,但在实际执行过程中不一定会报错
ansible -T,--timeput=TIMEOUT #执行命令超时时间,默认10s
ansible -u,--user=REMOTE_USER #执行远程执行的用户
ansible -k #提示输入sudo时的口令
example:
ansible all -m ping
# *:通配符
ansible "*" -m ping
ansible 192.168.0.* -m ping
# 或关系
ansible "nginx:ssh" -m ping
# 逻辑与
ansible "web:&nginx" -m ping
# 逻辑非
ansible 'web:!nginx' -m ping
# 正则表达式
ansible "~(ng|htt)*" -m ping
Note: The hosts matched above are all matched from the hosts file of ansible
- ansible-doc: This tool is used to display module help
format:
ansible-doc [options] [module]
-l,--list #列出可用模块
-s,--snippet #显示指定模块的playbook片段
example:
#列出所有模块
ansible-doc -l
#查看指定模块帮助用法
ansible-doc ping
#查看指定模块playbook用法
ansible-doc -s ping
- ansible-galaxy: official website platform for downloading/uploading excellent code or Roles module
Will connect to https://galaxy.ansible.com/ to download the corresponding roles (a bunch of playbooks)
format:
ansible-galaxy install [ROLESNAME]
example:
#下载roles
ansible-galaxy collection install newswangerd.collection_demo
#列出已下载的roles
ansible-galaxy list
- ansible-pull: This tool will push ansible commands to the remote, with unlimited efficiency and high requirements for operation and maintenance
- ansible-playbook: Customize automated tasks and execute playbook tools
example:
ansible-palybook hello.yml
cat hello.yml
---
- hosts: web
remote_user: root
tasks:
- name: hello world
command: /usr/bin/wall hello world
- ansible-vault: file encryption tool
format:
ansible-vault [create|decrypt|edit|encrypt|rekey|view]
example:
ansible-vault encrypt hello.yml #加密
ansible-vault decrypt hello.yml #解密
ansible-vault view hello.yml #查看
ansible-vault edit hello.yml #编辑加密文件
ansible-vault rekey hello.yml #修改密码
ansible-vault create new.yml #创建新文件
- ansible-console: an execution tool based on the console interface and user interaction
Ansible common modules
Common module help documentation address: https://docs.ansible.com/ansible/2.9/modules/modules_by_category.html
command module
Function: Execute the command on the remote host. This is the default module and the -m option can be ignored.
Note: The command module does not support some special symbols such as: "$ENVNAME, *, >,|" etc.
Example:
ansible web -m command -a "ls /opt"
ansible web -m command -a "chdir=/opt ls"
shell module
Function: The function is similar to the command module, and special symbols can be used.
Example:
ansible web -m shell -a 'echo $HOSTNAME'
ansible web -m shell -a 'chdir=/opt echo 1 > test.txt'
ansible web -m shell -a 'chdir=/opt ls'
Modify the default module of ansible to shell:
[root@k8s-2 ~]# vim /etc/ansible/ansible.cfg
module_name = shell
script module
Function: Execute the script on the management machine on the remote host
Example:
vim /data/run.sh
mkdir /opt/test.txt
ansible web -m script -a '/data/run.sh'
copy module
Function: Transfer files from the management host to the managed host
Example:
#将本地文件发送到被控主机上,可指定文件名称,属主和权限等
touch /data/copy.text
ansible web -m copy -a "src=/data/copy.text dest=/opt/copy.text1 owner=root mode=600 backup=yes"
#在被控主机创建文件,并指定文件内容
ansible web -m copy -a 'content=hello dest=/opt/content1.text owner=root mode=600'
#复制目录下文件到被控主机,不包括bak目录本身
ansible web -m copy -a 'src=/data/bak/ dest=/backup'
fetch module
Function: Obtain files from the controlled host to the management host. Directory is not supported.
Example:
ansible web -m fetch -a "src=/etc/redhat-release dest=/data/os"
file module
Function: Create, delete files, etc.
Examples:
#创建文件
ansible web -m file -a 'path=/data/file.text state=touch owner=mysql group=root mode=755'
#删除文件
ansible web -m file -a 'path=/data/file.text state=absent'
#创建目录
ansible web -m file -a 'path=/data/file state=directory owner=mysql group=mysql'
#创建软连接
ansible web -m file -a ‘src=/data/testfile dest=/data/testfile-link state=link’
archive module
Function: Compress the package
Example:
# 将被控主机文件打包,并指定存放在远程主机的路径
ansible web -m archive -a 'path=/var/log dest=/opt/log.tar.bz2 format=bz2'
unarchive module
Function: Decompress the package
Two implementation methods:
- Transfer the compressed package on the ansible host to the remote host and decompress it to the specified directory, set "copy=yes"
- Unzip the compressed package on the remote host to the specified path and set "copy=no"
Common parameters:
- copy: The default is yes. When copy is yes, the copied file is copied from the ansible host to the remote host. If it is set to no, it will look for the file in the path specified by src on the remote host
- remote_src: Same function as copy and mutually exclusive, yes means the compressed file is on the remote host, no means the file is on the ansible host
- src: The path of the compressed file, which can be on the ansible host or the controlled host. If the file is on the controlled host, you need to set copy to no
- dest: The path where the setting file is stored in the controlled host after decompression
- mode: set file permissions after decompression
Example:
#将本地文件解压至被控主机
ansible web -m unarchive -a 'src=/data/foo.zip dest=/opt/software/foo'
#解压被控主机的文件
ansible web -m unarchive -a 'src=/tmp/foo.zip dest=/opt/software/foo copy=no mode=0777'
#从网络上下载并解压
ansible web -m unarchive -a 'src=https://example.com/example.zip dest=/data copy=no'
hostname module
Function: Manage host name
Example:
ansible nginx -m hostname -a 'name=nginx'
cron module
Function: Timing task
Support time: minute, hour, day, month, weekday
Examples:
#每天下午两点半执行备份脚本(脚本必须在被控主机存在)
ansible db -m cron -a 'minute=30 hout=2 name="backup mysql" job=/root/mysql_backup.sh'
#停止定时任务
ansible db -m cron -a 'name="backup mysql" disabled=yes'
#启用定时任务
ansible db -m cron -a 'name="backup mysql" disabled=no'
#删除计划任务
ansible db -m cron -a 'name="backup mysql" state=absent'
yum module
Function: Manage the installation and deletion of software packages, only supports RHEL, CentOS, fedora, and does not support Ubuntu
examples:
#安装服务
ansible web -m yum -a 'name=httpd state=present'
#卸载服务
ansible web -m yum -a 'name=httpd state=absent'
service module
Function: Start and stop the service management
paradigm
#启动服务,并允许开机自启
ansible web -m service -a 'name=httpd state=start enable=true'
#重启服务
ansible web -m service -a 'name=httpd state=restarted'
#停止服务
ansible web -m service -a 'name=httpd state=stopped'
group module
Function: Management Group
Example:
#创建一个nginx的系统组
ansible web -m group -a 'name=nginx gid=88 system=yes'
#删除组
ansible web -m group -a ‘name=nginx state=absent’
user module
Function: Manage users
Example:
#创建用户
ansible web -m user -a 'name=nginx uid=1024 home=/home/nginx group=nginx'
ansible web -m user -a 'name=http uid=2048 group=nginx groups="root,docker" shell=/sbin/nologin system=yes create_home=no'
#删除用户
ansible web -m user -a 'name=nginx state=absent remove=yes'
lineinfile imitation
When ansible uses sed to replace, it often encounters the problem of escaping, and when ansible encounters special symbols for replacement, there is a problem and it cannot be replaced normally.
Function: It is equivalent to sed to modify the content of the file.
Example:
#禁用selinux
ansible web -a lineinfile -a "path=/etc/selinux/config regexp='^SELINUX=' line='SELINUX=disabled"
#删除以‘#’开头的行
ansible all -m lineinfile -a 'dest=/etc/fstab state=absent regexp="^#"'
replace module
Function: similar to sed
Example:
#添加注释行
ansible web -m replace -a "path=/etc/fstab regexp='^(UUID.*) replace='#\1'"
#取消注释
ansible web -m replace -a "path=/etc/fstab regexp='^#(.*) replace='\1'"
setup module
Function: to collect the system information of the host. These facts can be used directly in the form of variables. However, if more hosts will affect the execution speed, you can use "gather_facts:no" to prohibit ansible from collecting facts information.
Example:
ansible web -m setup
ansible web -m setup -a 'filter=ansible_nodename'