1, the traditional O & M Operations & automation concept
1) The traditional concept of operation and maintenance (hardware, software, systems, networks)
- Manual installation systems, computer room construction;
- Software configuration services, deployed by manual operation;
- No automated scripts, processes;
- Rely on a lot of operation and maintenance personnel to complete the task;
2) Automated operation and maintenance concept (hardware, software, systems, networks)
- Automatically install system, computer room construction;
- Software service configuration, deployment through automation scripts, tools;
- Writing automated scripts, customized processes;
- A small amount of operation and maintenance personnel to perform complex tasks;
2, automated operation and maintenance tool -Ansible combat
1 Overview
Ansible is based on the Python language development operation and maintenance of an automated tool, mainly to help the operation and maintenance personnel to manage Linux servers, help for easy operation and maintenance personnel of the operating system, software, services, configuration file management, etc., can use an automated way to maintenance and operation.
2) Ansible automated operation and maintenance tool features:
- Lightweight, all operations can be completed on the server;
- Server with client communications using the SSH protocol (passwords, keys);
- Ansible client without having to install a client program;
- Based on the Python language, the code is simple, easy maintenance;
- Support Root, ordinary users, Sudo user's operation;
3) Ansible automation tool operation and maintenance principles:
Ansible server reads the list of local hosts file (IP client list), local calls and a variety of plug-in modules, based on SSH protocol (username | password | keys file) Client IP remote host, so that the client host command execution , modify the configuration, perform the task (Ansible server issued) and other client performs the task is completed the results will be fed back to the server or executing screen terminals.
4) Ansible automated operation and maintenance tool installation and configuration:
[1] Installation:
[root@localhost ansible]# yum -y remove ansible Loaded plugins: fastestmirror, langpacks Resolving Dependencies --> Running transaction check ---> Package ansible.noarch 0:2.4.2.0-2.el7 will be erased --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================= Package Arch Version Repository Size ========================================================================================================= Removing: ansible noarch 2.4.2.0-2.el7 @extras 38 M Transaction Summary ========================================================================================================= Remove 1 Package Installed size: 38 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Erasing : ansible-2.4.2.0-2.el7.noarch 1/1 warning: /etc/ansible/hosts saved as /etc/ansible/hosts.rpmsave Verifying : ansible-2.4.2.0-2.el7.noarch 1/1 Removed: ansible.noarch 0:2.4.2.0-2.el7 Complete! [root@localhost ansible]# ls hosts_bak hosts.rpmsave [root@localhost ansible]# cd / [root@localhost /]# cd [root@localhost ~]# yum -y install ansible Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package ansible.noarch 0:2.4.2.0-2.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================= Package Arch Version Repository Size ========================================================================================================= Installing: ansible noarch 2.4.2.0-2.el7 extras 7.6 M Transaction Summary ========================================================================================================= Install 1 Package Total download size: 7.6 M Installed size: 38 M Downloading packages: ansible-2.4.2.0-2.el7.noarch.rpm | 7.6 MB 00:00:01 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : ansible-2.4.2.0-2.el7.noarch 1/1 Verifying : ansible-2.4.2.0-2.el7.noarch 1/1 Installed: ansible.noarch 0:2.4.2.0-2.el7 Complete!
[2] see the / etc / ansible / file directory
[root@localhost ~]# ll /etc/ansible/ total 32 -rw-r--r-- 1 root root 19179 Jan 30 2018 ansible.cfg -rw-r--r-- 1 root root 1016 Jan 30 2018 hosts -rw-r--r-- 1 root root 57 Jul 31 21:55 hosts.rpmsave drwxr-xr-x 2 root root 6 Jan 30 2018 roles
[3] modify the hosts file (not a local DNS file)
[root@localhost ansible]# cp hosts hosts_bak cp: overwrite ‘hosts_bak’? y [root@localhost ansible]# vim hosts [root@localhost ansible]# cat hosts [localhost] 192.168.249.135 [Nginx1] 192.168.249.132
[4] parameter understand
- -m: module to be executed, the default is command
- -a: parameter module
- -u: username ssh connection with the default root, ansible.cfg can configure
- -k: ssh login prompt for a password when using password authentication with
- -s: sudo run
- -U: sudo to which the user is root by default
- -K: sudo prompts for a password, use mode when not NOPASSWD
- -C: just to test what will change, not really to perform
- -c: connection type (default = smart)
- -f: fork how many processes concurrent processing, the default is 5
- -i: Specifies the hosts file path, default default = / etc / ansible / hosts
- -I: Specifies the pattern, the host has been matched filter once again
- --list-host: print only what the host will execute this command, not the actual implementation
- -M: path module to be executed, the default is / usr / share / ansible
- -o: compressed output, output summary
- --private-key: the private key path
- -T: ssh connection timeout, default is 10 seconds
- -t: Log output to the directory, log file name to a host name
- -v: Show log
[5] Common module
Only familiar with shell module and the copy module to the rest of the file, yum, command module like can be used instead of the module shell
[6] combat operations
1. Remote Execution "df -h" command
[root@localhost ansible]# ansible 192.168.249.132 -m command -a "df -h" The authenticity of host '192.168.249.132 (192.168.249.132)' can't be established. ECDSA key fingerprint is SHA256:6t+bT9udQAxIkfD6ncqowUKRgNalEatjusRkAw8pbWo. ECDSA key fingerprint is MD5:46:d3:59:fc:d6:44:03:36:6e:d0:51:c6:66:55:a5:e5. Are you sure you want to continue connecting (yes/no)? yes 192.168.249.132 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.249.132' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "unreachable": true }
We found that we enter a password, we have not entered yet, it has been given, so we need to add a parameter to enter a password -k
[root@localhost ansible]# ansible -k 192.168.249.132 -m command -a "df -h" SSH password: 192.168.249.132 | SUCCESS | rc=0 >> Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos-root 17G 3.4G 14G 20% / devtmpfs 475M 0 475M 0% /dev tmpfs 487M 0 487M 0% /dev/shm tmpfs 487M 7.6M 479M 2% /run tmpfs 487M 0 487M 0% /sys/fs/cgroup /dev/sda1 1014M 192M 823M 19% /boot tmpfs 98M 0 98M 0% /run/user/0
2. This operation is performed using ssh
[root@localhost /]# ssh -l root 192.168.249.132 "ip ad" SSH password: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:61:2d:0a brd ff:ff:ff:ff:ff:ff inet 192.168.249.132/24 brd 192.168.249.255 scope global noprefixroute dynamic ens32 valid_lft 1037sec preferred_lft 1037sec inet6 fe80::dfe1:38b4:8e7d:8765/64 scope link noprefixroute valid_lft forever preferred_lft forever
We can achieve the same ah, so why do we use if the ansible it? We continue to do experiments down
3. The hosts 2 simultaneously operate, performing "df -h" command
[root @ localhost ansible] # ansible all shell -a -m " df -h " # here all refers to all hosts in the hosts file operations 192.168 . 249.135 | SUCCESS | rc = 0 >> Filesystem Size Used Avail the Use % Mounted ON / dev / Mapper / CentOS-the root. 17G . 1 .7G 16G 10 % / devtmpfs 475M 0 475M 0 % / dev tmpfs 487m 487m 144K . 1 % / dev / SHM tmpfs 487m 7.6M 479M 2 % / RUN tmpfs 487M 0 487M 0% /sys/fs/cgroup /dev/sda1 1014M 179M 836M 18% /boot tmpfs 98M 0 98M 0% /run/user/0 192.168.249.132 | SUCCESS | rc=0 >> Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos-root 17G 3.4G 14G 20% / devtmpfs 475M 0 475M 0% /dev tmpfs 487M 0 487M 0% /dev/shm tmpfs 487M 7.6M 479M 2% /run tmpfs 487M 0 487M 0% /sys/fs/cgroup /dev/sda1 1014M 192M 823M 19% /boot tmpfs 98M 0 98M 0% /run/user/0
4.ssh not realize, however! I can use a while loop ah:
[root@localhost ansible]# for i in `seq 132 135`;do echo -e "\033[32m10.10.10.$i | CHANGED |rc=0 >>\033[0m";ssh -l root 192.168.249.$i "df -h";done 192.168.249.132 | CHANGED |rc=0 >> root@192.168.249.132's password: Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos-root 17G 3.4G 14G 20% / devtmpfs 475M 0 475M 0% /dev tmpfs 487M 0 487M 0% /dev/shm tmpfs 487M 7.6M 479M 2% /run tmpfs 487M 0 487M 0% /sys/fs/cgroup /dev/sda1 1014M 192M 823M 19% /boot tmpfs 98M 0 98M 0% /run/user/0192.168.249.135 | CHANGED |rc=0 >> root@192.168.249.135's password: Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos-root 17G 1.7G 16G 10% / devtmpfs 475M 0 475M 0% /dev tmpfs 487M 0 487M 0% /dev/shm tmpfs 487M 7.6M 479M 2% /run tmpfs 487M 0 487M 0% /sys/fs/cgroup /dev/sda1 1014M 179M 836M 18% /boot tmpfs 98M 0 98M 0% /run/user/0
Well, this so what difference does it make? When we perform, it is clear can be found, ansible is performed simultaneously, both results appear, that is parallel, and circulation came first results of the first host, the results of the second host again, so It is serial . Now I do not feel it, after all, only two machines, if it is a cluster of servers? So we chose Ansible.