Linux automated operation and maintenance platform ansible deployment

foreword

The development direction of operation and maintenance, centralization, automation, standardization, virtualization, and distribution.
This article shows the tool for the development direction of automated operation and maintenance: ansible. Ansible has many advantages. It only needs ssh and python to use, no client is required, powerful functions, rich modules, easy to use and low threshold, based on python development, it is easier to do secondary development.

Operating environment:

[root@luc ~]# cat /etc/redhat-release 
CentOS Linux release 7.4.1708 (Core) 

Install software and other preparations

Can be installed from source, or yum installation

The following is the ansible software for personal use, which can be used directly as a yum source after decompression
: https://pan.baidu.com/s/1hFly3DnPS01ih60kSh5CIQ Password: 6ge6
Host:

[root@luc ~]# unzip ansible.zip                             //解压
[root@luc ~]# mkdir -p  /var/ftp/yum/myyum         //主要是创建yum源目录，用ftp共享给其他主机使用，但是前提要有ftp服务，也可以使用http服务共享yum
[root@luc ~]# mv  ansible/\*  /var/ftp/yum/myyum   //把解压的文件拷贝到ftp共享的目录下

Host: manager10

[root@manager10 ~]# yum-config-manager --add ftp://192.168.1.1/yum/myyum    //添加新的yum
[root@manager10 ~]# yum clean all                          // 清除yum缓存
[root@manager10 ~]# yum repolist   
源标识                         源名称                                           状态
192.168.1.1_yum_myyum_         added from: ftp://192.168.1.1/yum/myyum/            16
192.168.1.1_yum_rh7dvd_        added from: ftp://192.168.1.1/yum/rh7dvd/        4,620
repolist: 4,636
[root@manager10 ~]# yum -y install ansible               //用yum安装ansible
[root@manager10 ~]# rpm -qc ansible                      //查看配置文件有哪些，实用技能，不知道配置文件软件也可以用这条命令查询配置文件
/etc/ansible/ansible.cfg
/etc/ansible/hosts
[root@manager10 ~]# vim /etc/hosts                //设置本机的DNS解析
192.168.1.10 manager10                                  //ip地址和域名之间用空格隔开
192.168.1.20 nginx20
192.168.1.30 web30
192.168.1.40 web40
192.168.1.50 db50
192.168.1.60 db60
[root@manager10 ~]# ssh-keygen -t rsa       //创建密钥对，后面要用

Note: selinux and firewalld need to be closed

configuration file

Configuration file:
/etc/ansible/ansible.cfg
/etc/ansible/hosts The
configuration file can be modified as follows.

[root@manager10 ~]# vim /etc/ansible/hosts 
[web]                                     //定义web组
web30                             //组成员，可以使用域名或者ip地址，我把主机名和域名写成一样，方便记忆使用
web40
[db]                                     //定义db组
db50
db60
[app:children]                    //定义父组app，及指定子组
web
db
[app:vars]                                    //父组app下所有成员，配置信息，包括登陆用户和密码
ansible_ssh_user="root"
ansible_ssh_pass="123456"
[nginx]                                       //定义nginx主 ，配置内容分别表示：组成名名，登陆用户名，登陆密码。 还可以制定登陆端口ansible_ssh_port="22"
nginx20  ansible_ssh_user="root" ansible_ssh_pass="123456"
[root@manager10 ~]# vim /etc/ansible/ansible.cfg      //ansible 配置文件
host_key_checking = False                       //61行的注释去掉，不读取/root/.ssh/known_hosts 文件，就不用首次登陆输入yes

use of ansible

Ansible configuration is complete, no need to start the service, you can use it directly.
The color of the prompt after the command is executed. If there is no content modification, the color displayed successfully is green. If the content is modified and successfully displayed, the color is orange.

[root@manager10 ~]# ansible all --list-hosts       //查看所有可以配置的主机，或者可以直接查看web，db。出现下面内容，没有报错就是没有问题。
  hosts (5):
    web30
    web40
    db50
    db60
    nginx20

Use module
ansible command format
ansible host grouping -m module -a 'command and parameters'
use ansible-doc module name to view module help information
ansible-doc -l list all modules

[root@manager10 ~]# ansible all -m ping     //使用ping模块，查看是否在线
web40 | SUCCESS => {                               //出现seccess就是成功了
    "changed": false,                                   //没有修改内容
    "ping": "pong"                                       //ping和pong是一对
}
[root@manager10 ~]# ansible all  -m authorized_key -a "user=root exclusive=true manage_dir=true key='$(< /root/.ssh/id_rsa.pub)'" -k
// 给所有主机部署密钥， -m module 模块    -a agrs 模块的参数    -k   ask需要输入密码

Common modules:
shell, copy, yum, service

[root@manager10 ~]# ansible web -m shell -a "mkdir /root/aaaa"      //在web组下的web30和web40下创建/root/aaaa目录
[root@manager10 ~]# ansible web -m shell -a "ls /root"    //验证创建情况
[root@manager10 ~]# ansible web -m shell -a "ls /root"
[root@manager10 ~]# ansible web -m copy -a "src=/root/test.txt dest=/root/"
//将本地文件复制到远程主机，拷贝文件夹时，src如果有“/“ 结尾拷贝目录下内容，和rsync类似
[root@manager10 ~]# ansible web -m yum -a "name="httpd" state=installed"   //安装httpd，删除是removed
[root@manager10 ~]# ansible web -m service -a "name="httpd" enabled="yes" state="started""      //开启httpd服务，开机自启
[root@manager10 ~]# yum -y install nmap        //安装扫描软件nmap
[root@manager10 ~]# nmap -sS 192.168.1.30,40     //使用nmap半开式扫描
Nmap scan report for web30 (192.168.1.30) 
Host is up (0.000090s latency).
Not shown: 998 closed ports        //默认扫描前10000个端口
PORT   STATE SERVICE
22/tcp open  ssh          //ssh开启
80/tcp open  http        //web开启
MAC Address: 74:52:86:86:02:01 (Unknown)  

In fact, the deployment of the ansible automated operation and maintenance platform has basically been completed, and the next step is the flexible use of ansible.

共勉：I hear and I forget. I see and I remember. I do and I understand！