At present, with the rapid development of the IT industry, a large number of automated management tools have emerged on the market. These tools allow us to manage and control thousands of different devices through one device, making us more convenient and faster. dimension management.

At present, the mainstream automated operation and maintenance tools include PSSH, Puppet, Chef, SaltStack, Ansible, etc., and Internet companies use Ansible, Saltstack, and Puppet the most. Below, I mainly introduce the characteristics of Puppet and Saltstack tools:

1.1 Features of Puppet tools

Puppet is an early automated operation and maintenance management tool for Linux, which can centrally manage platforms such as Linux, Windows, and Unix. The development of Puppet has been very mature so far. It can manage remote servers in batches. It has rich modules and complex configuration. It is written based on Ruby language and is a typical C/S mode. It needs to install the server and client. The management device of Puppet is the server, and the managed device is the client. Each client periodically (period is 30 minutes by default) sends a request to the server to obtain the latest configuration information and ensure configuration synchronization. Puppet is suitable for the entire process of server management, such as initial installation, configuration, update and system offline.

1.2 Saltstack tool features

Similar to Puppet, Saltstack is also an automated management control tool based on the C/S model. Slatstack is written based on the Python language, and has added MQ message queue and ELK message synchronization, which can return the execution command and execution result efficiently, but the execution process needs to wait for the client to return completely. If the client does not return in time or respond, it may As a result, some devices have no execution results.

Two: ansible overview

Ansible is a new automated operation and maintenance tool, developed based on Python, which integrates the advantages of many operation and maintenance tools (puppet, chef, func, fabric), and realizes functions such as batch system configuration, batch program deployment, and batch operation commands .
Ansible is developed based on paramiko, and based on modular work, it does not have the ability to deploy in batches. What really has batch deployment is the module run by ansible, and ansible just provides a framework. Ansible does not need to install client/agents on the remote host, because they communicate with the remote host based on ssh.
Ansible has been officially acquired by Red Hat. It is the most recognized automated operation and maintenance tool, and it is easy to use and easy to learn. It is one of the skills that every operation and maintenance engineer must master.

2.1 Principle of Ansible operation and maintenance tool

Ansible is divided into the control terminal and the controlled terminal . It mainly manages the client based on the SSH protocol . The controlled terminal does not need to install the Agent plug-in. Ansible will read the hosts file of the control terminal and call the local hosts file according to the IP list information defined in the file. Each module of each module realizes batch and concurrent configuration management and maintenance for the controlled end machine. If the task is more complicated, it can be written as a PlayBook script for distribution management;

Advantages of Ansible automatic operation and maintenance management tool:

Lightweight, when updating, it only needs to be updated once on the operating machine;
Using the SSH protocol;
No need to go to the client to install the agent;
Batch task execution can be written as a script, and can be executed without distributing to remote;
Written in python, easier to maintain;
Support sudo common user commands;
Decentralized management.

2.2 Ansible architecture diagram

The main modules we see in the above figure are as follows:

Ansible: Ansible core program.
Host Inventory: Record host information managed by Ansible, including port, password, ip, etc.
Play books: "playbook" YAML format file, multiple tasks are defined in one file, which defines which modules the host needs to call to complete the function.
Core Modules: core modules , the main operation is to complete management tasks by calling core modules.
Custom Modules: Custom modules, complete functions that cannot be completed by core modules, and support multiple languages.
Connection Plugins: connection plug-ins, used by Ansible and Host for communication

2.3 The purpose of Ansible

Automatic deployment of APP
Automatically manage configuration items
Automated Continuous Delivery
Automated cloud service management

2.4 Why choose Ansible?

(1) Ansible is completely developed based on Python, and DevOps (promoting communication, collaboration and integration between development, technical operations and quality assurance (QA) departments) is already a trend in China. Python is gradually popularized, and operation and maintenance personnel themselves The threshold of development tools is gradually lowered, so it is convenient for the secondary development of Ansible

(2) Ansible's rich built-in modules, and even functional modules specially developed for commercial platforms, can fully meet the needs of daily functions

(3) Under the concept of Ansible decentralization ( everyone is a node, anyone can also be a center), the copy operation can complete the migration of the management configuration center

(4) Agentless (no client) , the client does not need any configuration, it can be used after being configured by the management terminal

2.5 ansible task execution

ansible task execution mode

The Ansible system can be divided into two types by the control host to the managed node, namely :adhocplaybook

Ad-hoc mode (point-to-point mode): Use a single module to support batch execution of single commands. An ad-hoc command is a command that can be entered quickly and does not need to be saved. It is equivalent to a sentence shell in bash.
Playbook mode (script mode): It is the main management method of Ansible and the key to the powerful functions of Ansible. Playbook completes a class of functions through multiple task sets, such as installation and deployment of Web services, batch backup of database servers, and so on. A playbook can be simply understood as a configuration file that combines multiple ad-hoc operations.

Ansible execution process:

A simple understanding is that when Ansible is running, it first reads ansible.cfgthe configuration in, obtains Inventorythe list of management hosts in accordance with the rules, executes configuration tasks on these hosts in parallel, and finally waits for the results returned by the execution.

Ansible command execution process

Load your own configuration file, default /etc/ansible/ansible.cfg;
Find the corresponding host configuration file and find the host or group to be executed;
Load its own corresponding module file, such as command;
Generate the corresponding temporary py file (python script) from the module or command through ansible, and transfer the file to the remote server;
The .ansible/tmp/XXX/XXX.PY file corresponding to the execution user's home directory;
Give the file +x execution permission;
Execute and return the result;
Delete the temporary py file, sleep 0 to exit;

Three: Ansible installation

3.1 Ansible installation method

There are two common ways to install ansible: yum installation and pip program installation

Install using pip (Python's package management module)

First, we need to install a python-pippackage. After the installation is complete, we can directly use pipthe command to install our package. The specific operation process is as follows:

yum install python-pip
pip install ansible

Install using yum

Yum installation is the installation method we are very familiar with. We need to install a epel-releasepackage first, and then install our ansible.

yum install epel-release -y
yum install ansible –y

3.2 Ansible related documents

Configuration file:

/etc/ansible/ansible.cfg Main configuration file, configure ansible working characteristics (generally no need to modify)

/etc/ansible/hosts host list (put managed hosts into this file)

/etc/ansible/roles/ Directory for storing roles

program

/usr/bin/ansible main program, temporary command execution tool

/usr/bin/ansible-doc View configuration documents, module function viewing tool

/usr/bin/ansible-galaxy Official website platform for downloading/uploading excellent code or Roles module

/usr/bin/ansible-playbook Custom automation tasks, scripting tools

/usr/bin/ansible-pull A tool for remotely executing commands

/usr/bin/ansible-vault file encryption tool

/usr/bin/ansible-console Execution tool based on Console interface and user interaction

3.3 Ansible related commands

3.4 install ansible

3.4.1 Preparation for installation

#192.168.111.60
hostname ansible
su 
#192.168.111.50
hostname webserver
su
#192.168.111.15
hostname mysql
su
systemctl stop firewalld
setenforce 0

3.4.2 Install the epel extension source on the Ansible control terminal and install the ansible automation management tool

#安装epel扩展源
yum -y install epel-release
yum -y install ansible

#树型查询工具
yum -y install tree
 
tree /etc/ansible

3.4.3 Configure host list

vim /etc/ansible/hosts
 
#配置主机清单
[webserver]
192.168.111.60
[mysql]
192.168.111.15

3.4.4 Generating a key pair

#生成密钥对
ssh-keygen -t rsa
123123
123123
 
ssh-copy-id [email protected]
ssh-copy-id [email protected]

3.4.5 Use ssh-agent agent

#每次查询都需要输入密钥
#可以使用ssh-agent代理
ssh-agent bash
ssh-add
123123

查询webserver组中主机的日期 
ansible webserver -m command -a 'date'

查询mysql组中主机的日期
ansible mysql -m command -a 'date'

Four: ansible command module

4.1 command module

This module can directly execute commands on the remote host and return the result to the host.

The command module accepts a command name followed by a space-separated list of arguments. The given command will be executed on all selected nodes. It won't work through the shell, like $HOME and operations like "<", ">", "|", ";", "&" (need to use the (shell) module for these). Note that this command does not support the | pipeline command.
Let's take a look at several commonly used commands under this module:

chdir # Before executing the command, switch to the directory
executable # To switch the shell to execute the command, you need to use the absolute path of the command
free_form # The Linux command to be executed is generally replaced by the -a parameter of Ansible.
creates # A file name, if the file exists, the command will not be executed, it can be used
for judgment
removes # A file name, if the file does not exist, the command will not be executed

命令格式：ansible [主机] [-m 模块] [-a args]
 
#列出所有已安装的模块，按q退出
ansible-doc -l    		
 
#所有主机执行data命令，其中all可以换成IP或者分类名称，例：192.168.111.60 / webserver
ansible all -m command -a 'date'   
 
#不加-m模块，则默认使用command模块
ansible all -a 'date'
ansible all -a 'ls /'

4.2 cron module

This module is suitable for managing cronscheduled tasks.

Two states (state): present means adding (can be omitted), absent means removing

crontabThe syntax it uses is consistent with the syntax in our file, and the following options can be specified:

day= #day the job should run ( 1-31, *, */2, )
hour= # hour( 0-23, *, */2, )
minute= # minute( 0-59, *, */2 , )
month= # month ( 1-12, *, /2, )
weekday= # week ( 0-6 for Sunday-Saturday,, )
job= # specify what command to run
name= #timed task description
reboot # task Run when restarting, not recommended, it is recommended to use special_time
special_time #Special time range, parameters: reboot (restart), annual (every year), monthly (monthly), weekly (weekly), daily (every day), hourly (Hourly)
state #Specify the state, present means to add a scheduled task, which is also the default setting, and absent means to delete a scheduled task
user # Execute as which user

两种状态（state）：present表示添加（可以省略），absent表示移除
 
#查看cron模块信息
ansible-doc -s cron
 
#webserver：分类  -m指定模块 -a输出模块内的指令  分钟：每分钟，工作：输出hello，工作名称：test
ansible webserver -m cron -a 'minute="*/1" job="/usr/bin/echo hello" name="test"'
 
#查看计划性任务命令
ansible webserver -a 'crontab -l'
 
#移除计划性任务
ansible webserver -m cron -a 'name="test" state=absent'

4.3 user module

This module is mainly used to manage user accounts.

comment # User's description information
createhome # Whether to create a home directory
force # When using state=absent, the behavior is consistent with userdel –force.
group # Specify the basic group
groups # Specify additional groups, if specified as (groups=) means delete all groups
home # Specify the user's home directory
move_home # If it is set to home=, try to move the user's home directory to the specified directory
name # Specify the user name
non_unique # This option allows changing the non-unique user ID value
password # Specify the user password
remove # in When state=absent is used, the behavior is consistent with userdel –remove
shell # Specify the default shell
state # Set the account status, if it is not specified, it is created, and the specified value is absent to delete
system # When creating a user, set the user to be a system user. This setting cannot change the existing user
uid # Specify the user's uid

The user module requests three instructions, useradd, userdel, usermod

#模块信息
ansible-doc -s user
 
#创建用户
ansible all -m user -a 'name=zhangsan'
 
#查看用户账户信息
ansible all -m 'command' -a 'tail -1 /etc/passwd'
 
#移除指令
ansible all -m user -a 'name="zhangsan" state=absent'

4.4 group module

This module is mainly used to add or remove groups.

gid=　　#Set the GID number of the group
name=　　#Specify the name of the group
state=　　#Specify the state of the group, the default is created, the set value is absentdeleted
system=　　#Set the value yes, indicating that it is created as a system group

The group module requests the groupadd, groupdel, groupmod modules

#查看模块信息
ansible-doc -s group
 
#system=yes 创建系统组
ansible mysql -m group -a 'name=lisi gid=1111 system=yes'
 
#查看组账户信息
ansible mysql -a 'tail -1 /etc/group'
 
#创建用户并加入组
ansible mysql -m user -a 'name=zhangsan uid=1234 group=lisi system=yes'
 
#查看用户test02的用户id和组id信息
ansible mysql -a 'id zhangsan'
 
#删除组
ansible mysql -m group -a 'name=lisi state=absent'

4.5 copy module

This module is used to copy files to remote hosts, and supports generating files and modifying permissions for given content.

src #The local file that is copied to the remote host. It can be an absolute path or a relative path. If the path is a directory, it will be copied recursively, the usage is similar to "rsync"
content #Used to replace "src", you can directly specify the value of the file
dest #Required option, the absolute path
of the remote host to which the source file is copied backup # When the content of the file changes, back up the source file before overwriting, and the backup file contains time information
directory_mode #Recursively set the permissions of the directory, the default is the system default permissions
force #When the target host contains the file, but the content is different, set it to "yes" means mandatory overwriting; set to "no" means the file will be copied only if the target location of the target host does not exist. The default is "yes"
others #All options in the file module can be used here

ansible-doc -s copy
 
ansible mysql -m copy -a 'src=/etc/fstab dest=/opt/fstab.back'
 
ansible mysql -a 'ls /opt'
ansible mysql -a 'cat /opt/fstab.back'
 
ansible mysql -m copy -a 'content="hello lic" dest=/opt/test.txt'
ansible mysql -a 'cat /opt/test.txt'

4.6 file module

This module is mainly used to set the properties of the file, such as creating a file, creating a link file, deleting a file, etc.

force #Need to forcibly create a soft link in two cases, one is when the source file does not exist, but will be created later; the other is that the target soft link already exists, you need to cancel the previous soft link first, and then create a new one There are two options for the soft link: yes|no
group #Define the group of the file/directory. Mode can be added later: define the permission
owner of the file/directory #Define the owner of the file/directory. It must be followed by path: the path of the defined file/directory
recurse #Recursively set the attributes of the file, only valid for the directory, followed by src: the path of the source file to be linked, only applicable to the case of state=link
dest #Linked to The path is only applied to the case of state=link
state　　#status, with the following options:

directory: If the directory does not exist, create the directory

file: Even if the file does not exist, it will not be created

link: create a soft link

hard: create a hard link

touch: If the file does not exist, a new file will be created, if the file or directory already exists, its last modification time will be updated

absent: delete directory, file or unlink file

ansible-doc -s file
 
ansible mysql -m user -a 'name=mysql system=yes'
 
ansible mysql -m file -a 'owner=mysql group=mysql mode=600 path=/opt/test.txt'
ansible mysql -a 'ls -l /opt/test.txt'
 
#创建
#ansible mysql -m file -a 'path=/opt/abc.txt state=touch'
 
ansible mysql -m file -a 'src=/opt/test.txt path=/opt/test.txt.link state=link'
ansible mysql -a 'ls -l /opt'
 
#移除文件/opt/test.txt
ansible mysql -m file -a 'path=/opt/test.txt state=absent'

4.7 ping module

Host Connectivity Test

We use ansible web -m pingthe command to perform host connectivity testing

ansible all -m ping

4.8 service module

This module is used for the management of service programs.

Main options:

arguments #The command line provides additional parameters
enabled #Set the boot to start.
name= #Service name
runlevel #The level of startup, generally do not need to be specified.
sleep #Whether to wait while restarting the service. For example, wait for 2 seconds after the service is shut down and then start it again. (Defined in the script.)
state #There are four states, namely: started--->start service, stopped--->stop service, restarted--->restart service, reloaded--->reload configuration

ansible-doc -s service
 
#192.168.111.60  执行
yum -y install httpd

ansible webserver -a 'systemctl status httpd'
 
ansible webserver -m service -a 'enabled=true name=httpd state=started'

systemctl status httpd
systemctl is-enabled httpd

4.9 shell module

ansible-doc -s shell
 
ansible mysql -m user -a 'name=zhangsan'
ansible mysql -m shell -a 'echo 123123 | passwd --stdin zhangsan'

4.10 script module

This module is used to run the local script on the managed machine.
This module can directly specify the path of the script. Let’s use an example to see how to use it:
First, we write a script and add execution permissions to it:

ansible-doc -s script
 
vim test.sh
#!/bin/bash
echo 'hello ansible from script' > /opt/script.txt
 
chmod +x test.sh
ansible all -m script -a 'test.sh'

4.11 yum module

This module is mainly used for software installation

name=　　#所安装的包的名称
state=　　#present--->安装， latest--->安装最新的, absent---> 卸载软件。
update_cache　　#强制更新yum的缓存
conf_file　　#指定远程yum安装时所依赖的配置文件（安装本地已有的包）。
disable_pgp_check　　#是否禁止GPG checking，只用于presentor latest。
disablerepo　　#临时禁止使用yum库。 只用于安装或更新时。
enablerepo　　#临时使用的yum库。只用于安装或更新时。

ansible-doc -s yum
 
ansible mysql -m yum -a 'name=httpd'
ansible mysql -a 'rpm -q httpd'
 
ansible mysql -m yum -a 'name=httpd state=absent'
ansible mysql -a 'rpm -q httpd'

4.12 setup module

This module is mainly used to collect information, which is realized by calling the facts component

The facts component is a function used by Ansible to collect the information of the managed machine. We can use the setup module to check all the facts information of the machine, and we can use the filter to view the specified information. The entire facts information is wrapped in a JSON-formatted data structure, and ansible_facts is the topmost value.
facts are variables, built-in variables. Various information of each host, such as the number of CPUs, memory size, etc. Will exist in a variable in facts. After the call, a lot of information corresponding to the host is returned, and different operations can be performed according to different information in subsequent operations. For example, the redhat series uses yum to install, while the debian series uses apt to install software.

ansible-doc -s setup
 
#获取MySQL组主机的facts信息
ansible mysql -m setup

Ansible facts is the information of the remote system, mainly including IP address, operating system, Ethernet device, mac address, time/date related data, hardware information and other information.

/etc/ansible/hosts
is the ansible default host list
If the hosts have similar names, you can use the list to identify each host

[webserver]
www[01:50].example.org ansible_ssh_user=root ansible_ssh_pass=123123
indicates the host of www01.example.org~www50.example.org, the ssh login user is root, and the password is 123123

4.12.1 View information

ansible webserver -m setup -a 'filter="*mem*"'
#查看内存信息

We can check the size of the memory with the command to confirm whether it is consistent:

It can be seen that the information is consistent

4.12.2 Saving information

Our setup module also has a very useful function, which is to save the information we screened to our host. At the same time, the file name is the IP of our controlled host, so that we can easily know which machine has the problem. .

ansible webserver -m setup -a 'filter="*mem*"' --tree /tmp/facts
 
[root@ansible ~]# cd /tmp/facts/
[root@ansible facts]# ls
192.168.111.60
[root@ansible facts]# cat 192.168.111.60 
{"ansible_facts": {"ansible_memfree_mb": 404, "ansible_memory_mb": {"nocache": {"free": 1167, "used": 652}, "real": {"free": 404, "total": 1819, "used": 1415}, "swap": {"cached": 0, "free": 39999, "total": 39999, "used": 0}}, "ansible_memtotal_mb": 1819, "discovered_interpreter_python": "/usr/bin/python"}, "changed": false}

4.13 fetch module

This module is used to obtain (copy) files from a remote host to the local

dest: The directory used to store files
src: the file pulled remotely, and must be a file, not a directory

#实例
ansible all -m fetch -a "src=/etc/hostname dest=/mnt" 
ansible all -m fetch -a "src=/etc/hostname dest=/mnt flat=yes" 
加了flat=yes是表示只复制最后一个文件，
从受控主机拷贝到/mnt/hostname同一个文件里后一个会覆盖掉前一个的内容，
不加表示复制所有文件，一层一层的

[root@server ~]# ansible webserver -m fetch -a 'src=/data/hello dest=/data'  
192.168.111.60 | SUCCESS => {
    "changed": true, 
    "checksum": "22596363b3de40b06f981fb85d82312e8c0ed511", 
    "dest": "/data/192.168.111.60/data/hello", 
    "md5sum": "6f5902ac237024bdd0c176cb93063dc4", 
    "remote_checksum": "22596363b3de40b06f981fb85d82312e8c0ed511", 
    "remote_md5sum": null
}

We can check on this machine whether the files have been copied successfully. It should be noted that the path where the file is saved is under the directory under the receiving directory we set 被管制主机ip:

[root@server ~]# cd /data/
[root@server data]# ls
1  192.168.111.60    fastdfs  web
[root@server data]# cd 192.168.111.60
[root@server 192.168.111.60]# ls
data
[root@server 192.168.111.60]# cd data/
[root@server data]# ls
hello

Five: Summary

Ansible is an open source automated operation and maintenance tool. It is developed based on Python and integrates the advantages of many operation and maintenance tools (puppet, cfengine, chef, func, fabric). It realizes functions such as batch system configuration, batch program deployment, and batch operation commands. Ansible does not need to install client/agents on the remote host, because they communicate with the remote host based on ssh.
Ansible works based on modules and does not have the ability to deploy in batches. What really has batch deployment is the module run by ansible, and ansible just provides a framework.

Mainly include:
(1), connection plug-in connection plugins: responsible for communicating with the monitored end;
(2), host inventory: the host for the specified operation, which is the host defined in the configuration file for monitoring;
(3), the core of various modules Modules, command modules, custom modules;
(4), with the help of plug-ins to complete functions such as recording log emails;
(5), playbook: When the script executes multiple tasks, it is not necessary to let the node run multiple tasks at one time.

Automated operation and maintenance tool ansible: (1) Concept and deployment

1: Introduction to automated operation and maintenance