Ansible-doc in action

1 ansible

• Tools for managing servers in bulk
• Acquired by Red Hat in 2015
• Written in the Python language
• Management is based on ssh, so there is no need to install any software on the managed side
• When ansible manages remote hosts, it mainly operates through various modules

1.1 Environment preparation

CPU name	IP address	Role
control	192.168.199.51	control node master
node1	192.168.199.52	Controlled node node1
node2	192.168.199.53	Controlled node node2

1.2 Environmental requirements

• Requirements for the control node:
  - configure name resolution, and be able to access all nodes by name
  - configure to log in to all nodes through ssh without password
  - install ansible

配置域名解析
[root@control ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.199.51 control
192.168.199.52 node1
192.168.199.53 node2
[root@control ~]# 

配置免密登录
[root@control ~]# ssh-keygen 
[root@control ~]# ssh-copy-id node1
[root@control ~]# ssh-copy-id node2

安装ansible
[root@control ~]# yum install epel-release.noarch -y

[root@control ~]# yum install ansible -y

1.3 Configure ansible management tools

Because the remote hosts to be managed may be different. So configurations with the same management method are placed in a directory.
The default installation directory is /etc/ansible/

# 创建ansible工作目录，目录名自己定义，不是固定的。
[root@control ~]# mkdir ansible
[root@control ~]# cd ansible

# 创建配置文件。默认的配置文件是/etc/ansible/ansible.cfg，但是一般不使用它，而是在工作目录下创建自己的配置文件
[root@control ansible]# vim ansible.cfg    # 文件名必须是ansible.cfg
[defaults]
inventory = hosts    # 管理的主机，配置在当前目录的hosts文件中，hosts名是自定义的。=号两边空格可有可无。

# 创建主机清单文件。写在[]里的是组名，[]下面的是组内的主机名

[root@control ansible]# vim hosts 

[web1]
node1

[web2]
node2

[root@control ansible]# ansible all --list-hosts
  hosts (2):
    node2
    node1
[root@control ansible]# 

2 ansible-doc commands

2.1 Grammar

ansible 主机或组列表 -m 模块 -a "参数"    # -a是可选的

2.2 ansible module

[root@control ansible]# ansible-doc -l |wc -l
3387

# 查看与yum相关的模块
[root@control ansible]# ansible-doc -l | grep yum
yum                                                           Manages packa...
yum_repository                                                Add or remove...
[root@control ansible]# 

• The learning module mainly knows which module is needed to realize a certain function.
• Modules are used in the same way. Mainly to see what parameters the module has.

2.3 The difference between command module and shell module

• Ansible default module for executing arbitrary commands on remote hosts
• command does not support shell features such as pipes and redirection.

# 在所有被管主机上创建目录/tmp/demo
[root@control ansible]# ansible all -a "mkdir /tmp/demo"

# 查看node1的ip地址
[root@control ansible]# ansible node1 -a "ip a s"
[root@control ansible]# ansible node1 -a "ip a s | head"   # 报错

shell module

• Similar to the command module, but supports shell features such as pipes and redirection

# 查看node1的ip地址，只显示前10行
[root@control ansible]# ansible node1 -m shell -a "ip a s | head"

3 modules in practice

3.1 script module

• Used to execute the script on the remote host, copy the local script to the remote host, and execute

[root@control ansible]# vim test.sh
#!/bin/bash
#author zoey

touch /root/script.txt
echo "this is a script model" >script.txt

[root@control ansible]# ansible all -m script -a "test.sh"
node2 | CHANGED => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to node2 closed.\r\n", 
    "stderr_lines": [
        "Shared connection to node2 closed."
    ], 
    "stdout": "", 
    "stdout_lines": []
}
node1 | CHANGED => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to node1 closed.\r\n", 
    "stderr_lines": [
        "Shared connection to node1 closed."
    ], 
    "stdout": "", 
    "stdout_lines": []
}
[root@control ansible]# 

[root@node1 ~]# cat script.txt 
this is a script model
[root@node1 ~]# 

3.2 file module

• You can create files, directories, links, etc., and modify permissions, attributes, etc.
• Commonly used options:
  • path: specify the file path
  • owner: set the file owner
  • group: Set the group to which the file belongs
  • state: state. touch means to create a file, directory means to create a directory, link means to create a soft link, and absent means to delete
  • mode: set permissions
  • src: shorthand for source, source
  • dest: shorthand for destination, target

# 查看使用帮助
[root@control ansible]# ansible-doc file
EXAMPLES:

- name: Change file ownership, group and permissions
  file:
    path: /etc/foo.conf
    owner: foo
    group: foo
    mode: '0644'

在WEB1主机上创建/tmp/file.txt
[root@control ansible]# ansible web1 -m file -a "path=/tmp/file.txt state=touch"

删除web1主机上/tmp/file.txt
[root@control ansible]# ansible web1 -m file -a "path=/tmp/file.txt state=absent"

在web1主机上创建/etc/hosts的软链接，目标是/tmp/hosts.txt
[root@control ansible]# ansible web1 -m file -a "src=/etc/hosts dest=/tmp/hosts.txt state=link"

3.3 copy module

• Used to copy files from the control end to the controlled end
• Common options:
  • src: source. Control file path
  • dest: destination. The file path of the controlled end
  • content: content. What needs to be written to the file

[root@control ansible]# echo "AAA" > a3.txt

[root@control ansible]# ansible web1 -m copy -a "src=a3.txt dest=/root/"

 #在目标主机上创建/tmp/mytest.txt，内容是Hello World
[root@control ansible]# ansible web1 -m copy -a "content='hello word' dest=/tmp/mytest.txt"

3.4 fetch module

• Contrary to the copy module, copy is upload and fetch is download
• Common options:
  • src: source. The file path of the controlled end
  • dest: destination. Control file path

# 将web1主机上的/etc/hostname下载到本地用户的家目录下
[root@control ansible]# 
[root@control ansible]# ansible web1 -m fetch -a "src=/etc/hostname dest=./"

3.5 lineinfile module

• Used to ensure that there is a certain line of content in the saved target file
• Common options:
  • path: the path of the file to be modified
  • line: a line to write to the file
  • regexp: regular expression, used to find the content in the file

# web1组中的主机，/etc/issue中一定要有一行Hello World。如果该行不存在，则默认添加到文件结尾
[root@control ansible]# ansible web1 -m lineinfile -a "path=/etc/issue line='hello world'"

# web1组中的主机，把/etc/issue中有Hello的行，替换成chi le ma
ansible web1 -m lineinfile -a "path=/etc/issue line='chi le ma' regexp='hello'"

3.6 replace module

• lineinfile will replace a line, and replace can replace keywords
• Common options:
  • path: the path of the file to be modified
  • replace: Replace the content found by the regular expression with the content of replace
  • regexp: regular expression, used to find the content in the file

# 把web1组中主机上/etc/issue文件中的chi，替换成he
[root@control ansible]# ansible web1 -m replace -a "path=/etc/issue regexp='chi' replace='he'"

3.7 Comprehensive exercise of file operation

• All operations take effect on the hosts in the web1 group
• Create the /tmp/mydemo directory on the target host, the owner and group are both adm, and the permissions are 0777
• Upload the /etc/hosts file of the control terminal to the /tmp/mydemo directory of the target host, the owner and group are both adm, and the authority is 0600
• Replace node5 in the target host /tmp/mydemo/hosts file with server5
• Download the target host /tmp/mydemo/hosts file to the current directory of the control terminal

在目标主机上创建/tmp/mydemo目录，属主和属组都是adm，权限为0777
[root@control ansible]# ansible web1 -m file -a "path=/tmp/mydemo owner=adm group=adm mode='0777' state=directory"

将控制端的/etc/hosts文件上传到目标主机的/tmp/mydemo目录中，属主和属组都是adm，权限为0600
[root@control ansible]# ansible web1 -m copy -a "src=/etc/hosts dest=/tmp/mydemo owner=adm group=adm mode='0600'"
[root@node1 ~]# cd /tmp/mydemo/
[root@node1 mydemo]# ls
hosts
[root@node1 mydemo]# cat hosts 
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.199.51 control
192.168.199.52 node1
192.168.199.53 node2
[root@node1 mydemo]# 

替换目标主机/tmp/mydemo/hosts文件中的node1为server1
[root@control ansible]# ansible web1 -m replace -a "path=/tmp/mydemo/hosts regexp='node1' replace='server1'"
[root@node1 mydemo]# cat hosts 
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.199.51 control
192.168.199.52 server1
192.168.199.53 node2
[root@node1 mydemo]# 

将目标主机/tmp/mydemo/hosts文件下载到控制端的当前目录
[root@control ansible]# ansible web1 -m fetch -a "src=/tmp/mydemo/hosts dest=."
node1 | CHANGED => {
    "changed": true, 
    "checksum": "442afbbcbd4539223c68db745e45cc99fdbf4382", 
    "dest": "/root/ansible/node1/tmp/mydemo/hosts", 
    "md5sum": "79d1195a2aa818f6dbfb940121402e57", 
    "remote_checksum": "442afbbcbd4539223c68db745e45cc99fdbf4382", 
    "remote_md5sum": null
}

[root@control ansible]# cd node1/tmp/mydemo/
[root@control mydemo]# ls
hosts
[root@control mydemo]# 

3.8 user module

• Implement linux user management
• Common options:
  • name: the name of the user to be created
  • uid: user ID
  • group: set the main group
  • groups: set additional groups
  • home: set the home directory
  • password: set user password
  • state: state. present means creation, which is the default option. absent means delete
  • remove: delete the home directory, mailbox, etc. The value is yes or true.

 在web1组中的主机上，创建tom用户
[root@control ansible]# ansible web1 -m user -a "name=tom"

# 在web1组中的主机上，创建jerry用户。设置其uid为1010，主组是adm，附加组是daemon和root，家目录是/home/jerry
[root@control ansible]# ansible web1 -m user -a "name=jerry uid=1010 group=adm groups=daemon,root home=/home/jerry"

# 设置tom的密码是123456
# {
   
   {}}是固定格式，表示执行命令。password_hash是函数，sha512是加密算法，则password_hash函数将会把123456通过sha512加密变成tom的密码
[root@control ansible]# ansible web1 -m user -a "name=tom password={
   
   {'123456'|password_hash('sha512')}} "

# 删除tom用户，不删除家目录
[root@control ansible]# ansible web1 -m user -a "name=tom state=absent"

# 删除jerry用户，同时删除家目录
[root@control ansible]# ansible web1 -m user -a "name=jerry state=absent remove=yes"

3.9 group module

• Create and delete groups
• Common options:
  • name: the name of the group to be created
  • gid: the ID number of the group
  • state: present means creation, which is the default option. absent means delete

# 在web1组中的主机上创建名为devops的组
[root@control ansible]# ansible web1 -m group -a "name=devops"

# 在web1组中的主机上删除名为devops的组
[root@control ansible]# ansible web1 -m group -a "name=devops state=absent"

3.10 yum module

• Used for rpm package management, such as installation, upgrade, uninstall
• Common options:
  • name: package name
  • state: state. present means to install, if it is already installed, ignore it; latest means to install or upgrade to the latest version; absent means to uninstall.

#在test组中的主机上安装tar
[root@control ansible]# ansible web1 -m yum -a "name=tar state=present"

# 在web1组中的主机上卸载wget
[root@control ansible]# ansible web1 -m yum -a "name=wget state=absent"

3.11 service

• Used to control services. Startup, shutdown, restart, autostart.
• Common options:
  • name: the service name of the control
  • state: started means start; stopped means shutdown; restarted means restart
  • enabled: yes means to set the boot to start automatically; no means to set the boot to not start automatically.

# 在web1主机上安装httpd
[root@control ansible]# ansible web1 -m yum -a "name=httpd state=latest"

#  在web1主机上启动httpd，并设置它开机自启
[root@control ansible]# ansible web1 -m service -a "name=httpd state=started enabled=yes"

3.12 mount module

• for mounting filesystems
• Common options:
  • path: mount point. If the mount point does not exist, it will be created automatically.
  • src: the device to be mounted
  • fstype: file system type
  • state: mounted, means permanently mounted

# 在web1组中的主机上，把/dev/myvg/mylv永久挂载到/data
[root@control ansible]# ansible web1 -m mount -a "path=/data src=/dev/myvg/mylv state=mounted fstype=xfs"


# 在web1组中的主机上，卸载/dev/myvg/mylv
[root@control ansible]# ansible web1 -m mount -a "path=/data state=absent"