Ansible_Day1

1, the traditional O & M Operations & automation concept

1) The traditional concept of operation and maintenance (hardware, software, systems, networks)

• Manual installation systems, computer room construction;
• Software configuration services, deployed by manual operation;
• No automated scripts, processes;
• Rely on a lot of operation and maintenance personnel to complete the task;

2) Automated operation and maintenance concept (hardware, software, systems, networks)

• Automatically install system, computer room construction;
• Software service configuration, deployment through automation scripts, tools;
• Writing automated scripts, customized processes;
• A small amount of operation and maintenance personnel to perform complex tasks;

2, automated operation and maintenance tool -Ansible combat

1 Overview

Ansible is based on the Python language development operation and maintenance of an automated tool, mainly to help the operation and maintenance personnel to manage Linux servers, help for easy operation and maintenance personnel of the operating system, software, services, configuration file management, etc., can use an automated way to maintenance and operation.

2) Ansible automated operation and maintenance tool features:

• Lightweight, all operations can be completed on the server;
• Server with client communications using the SSH protocol (passwords, keys);
• Ansible client without having to install a client program;
• Based on the Python language, the code is simple, easy maintenance;
• Support Root, ordinary users, Sudo user's operation;

3) Ansible automation tool operation and maintenance principles:

Ansible server reads the list of local hosts file (IP client list), local calls and a variety of plug-in modules, based on SSH protocol (username | password | keys file) Client IP remote host, so that the client host command execution , modify the configuration, perform the task (Ansible server issued) and other client performs the task is completed the results will be fed back to the server or executing screen terminals.

4) Ansible automated operation and maintenance tool installation and configuration:

[1] Installation:

[root@localhost ansible]# yum -y remove ansible
Loaded plugins: fastestmirror, langpacks
Resolving Dependencies
--> Running transaction check
---> Package ansible.noarch 0:2.4.2.0-2.el7 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

=========================================================================================================
 Package                Arch                  Version                       Repository              Size
=========================================================================================================
Removing:
 ansible                noarch                2.4.2.0-2.el7                 @extras                 38 M

Transaction Summary
=========================================================================================================
Remove  1 Package

Installed size: 38 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Erasing    : ansible-2.4.2.0-2.el7.noarch                                                          1/1 
warning: /etc/ansible/hosts saved as /etc/ansible/hosts.rpmsave
  Verifying  : ansible-2.4.2.0-2.el7.noarch                                                          1/1 

Removed:
  ansible.noarch 0:2.4.2.0-2.el7                                                                         

Complete!
[root@localhost ansible]# ls
hosts_bak  hosts.rpmsave
[root@localhost ansible]# cd /
[root@localhost /]# cd 
[root@localhost ~]# yum -y install ansible
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package ansible.noarch 0:2.4.2.0-2.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=========================================================================================================
 Package                Arch                  Version                        Repository             Size
=========================================================================================================
Installing:
 ansible                noarch                2.4.2.0-2.el7                  extras                7.6 M

Transaction Summary
=========================================================================================================
Install  1 Package

Total download size: 7.6 M
Installed size: 38 M
Downloading packages:
ansible-2.4.2.0-2.el7.noarch.rpm                                                  | 7.6 MB  00:00:01     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : ansible-2.4.2.0-2.el7.noarch                                                          1/1 
  Verifying  : ansible-2.4.2.0-2.el7.noarch                                                          1/1 

Installed:
  ansible.noarch 0:2.4.2.0-2.el7                                                                         

Complete!

[2] see the / etc / ansible / file directory

[root@localhost ~]# ll /etc/ansible/
total 32
-rw-r--r-- 1 root root 19179 Jan 30  2018 ansible.cfg
-rw-r--r-- 1 root root  1016 Jan 30  2018 hosts
-rw-r--r-- 1 root root    57 Jul 31 21:55 hosts.rpmsave
drwxr-xr-x 2 root root     6 Jan 30  2018 roles

[3] modify the hosts file (not a local DNS file)

 

[root@localhost ansible]# cp hosts hosts_bak
cp: overwrite ‘hosts_bak’? y
[root@localhost ansible]# vim hosts
[root@localhost ansible]# cat hosts
[localhost]
192.168.249.135
[Nginx1]
192.168.249.132

[4] parameter understand

• -m: module to be executed, the default is command
• -a: parameter module
• -u: username ssh connection with the default root, ansible.cfg can configure
• -k: ssh login prompt for a password when using password authentication with
• -s: sudo run
• -U: sudo to which the user is root by default
• -K: sudo prompts for a password, use mode when not NOPASSWD
• -C: just to test what will change, not really to perform
• -c: connection type (default = smart)
• -f: fork how many processes concurrent processing, the default is 5
• -i: Specifies the hosts file path, default default = / etc / ansible / hosts
• -I: Specifies the pattern, the host has been matched filter once again
• --list-host: print only what the host will execute this command, not the actual implementation
• -M: path module to be executed, the default is / usr / share / ansible
• -o: compressed output, output summary
• --private-key: the private key path
• -T: ssh connection timeout, default is 10 seconds
• -t: Log output to the directory, log file name to a host name
• -v: Show log

[5] Common module

Only familiar with shell module and the copy module to the rest of the file, yum, command module like can be used instead of the module shell

[6] combat operations

　　1. Remote Execution "df -h" command

[root@localhost ansible]# ansible 192.168.249.132 -m command -a "df -h"
The authenticity of host '192.168.249.132 (192.168.249.132)' can't be established.
ECDSA key fingerprint is SHA256:6t+bT9udQAxIkfD6ncqowUKRgNalEatjusRkAw8pbWo.
ECDSA key fingerprint is MD5:46:d3:59:fc:d6:44:03:36:6e:d0:51:c6:66:55:a5:e5.
Are you sure you want to continue connecting (yes/no)? yes
192.168.249.132 | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.249.132' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", 
    "unreachable": true
}

We found that we enter a password, we have not entered yet, it has been given, so we need to add a parameter to enter a password -k

[root@localhost ansible]# ansible -k 192.168.249.132 -m command -a "df -h"
SSH password: 
192.168.249.132 | SUCCESS | rc=0 >>
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root   17G  3.4G   14G  20% /
devtmpfs                 475M     0  475M   0% /dev
tmpfs                    487M     0  487M   0% /dev/shm
tmpfs                    487M  7.6M  479M   2% /run
tmpfs                    487M     0  487M   0% /sys/fs/cgroup
/dev/sda1               1014M  192M  823M  19% /boot
tmpfs                     98M     0   98M   0% /run/user/0

　　2. This operation is performed using ssh

[root@localhost /]# ssh -l root 192.168.249.132 "ip ad"
SSH password：
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:61:2d:0a brd ff:ff:ff:ff:ff:ff
    inet 192.168.249.132/24 brd 192.168.249.255 scope global noprefixroute dynamic ens32
       valid_lft 1037sec preferred_lft 1037sec
    inet6 fe80::dfe1:38b4:8e7d:8765/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

We can achieve the same ah, so why do we use if the ansible it? We continue to do experiments down

　　3. The hosts 2 simultaneously operate, performing "df -h" command

[root @ localhost ansible] # ansible all shell -a -m " df -h "   # here all refers to all hosts in the hosts file operations
 192.168 . 249.135 | SUCCESS | rc = 0 >> 
Filesystem Size Used Avail the Use % Mounted ON
 / dev / Mapper / CentOS-the root. 17G   . 1 .7G 16G   10 % / 
devtmpfs 475M      0   475M    0 % / dev 
tmpfs 487m 487m 144K    . 1 % / dev / SHM 
tmpfs 487m   7.6M   479M    2 % / RUN
tmpfs                    487M     0  487M   0% /sys/fs/cgroup
/dev/sda1               1014M  179M  836M  18% /boot
tmpfs                     98M     0   98M   0% /run/user/0

192.168.249.132 | SUCCESS | rc=0 >>
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root   17G  3.4G   14G  20% /
devtmpfs                 475M     0  475M   0% /dev
tmpfs                    487M     0  487M   0% /dev/shm
tmpfs                    487M  7.6M  479M   2% /run
tmpfs                    487M     0  487M   0% /sys/fs/cgroup
/dev/sda1               1014M  192M  823M  19% /boot
tmpfs                     98M     0   98M   0% /run/user/0

　　4.ssh not realize, however! I can use a while loop ah:

[root@localhost ansible]# for i in `seq 132 135`;do echo -e "\033[32m10.10.10.$i | CHANGED |rc=0 >>\033[0m";ssh -l root 192.168.249.$i "df -h";done
192.168.249.132 | CHANGED |rc=0 >>
root@192.168.249.132's password: 
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root   17G  3.4G   14G  20% /
devtmpfs                 475M     0  475M   0% /dev
tmpfs                    487M     0  487M   0% /dev/shm
tmpfs                    487M  7.6M  479M   2% /run
tmpfs                    487M     0  487M   0% /sys/fs/cgroup
/dev/sda1               1014M  192M  823M  19% /boot
tmpfs                     98M     0   98M   0% /run/user/0192.168.249.135 | CHANGED |rc=0 >>
root@192.168.249.135's password: 
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root   17G  1.7G   16G  10% /
devtmpfs                 475M     0  475M   0% /dev
tmpfs                    487M     0  487M   0% /dev/shm
tmpfs                    487M  7.6M  479M   2% /run
tmpfs                    487M     0  487M   0% /sys/fs/cgroup
/dev/sda1               1014M  179M  836M  18% /boot
tmpfs                     98M     0   98M   0% /run/user/0

Well, this so what difference does it make? When we perform, it is clear can be found, ansible is performed simultaneously, both results appear, that is parallel, and circulation came first results of the first host, the results of the second host again, so It is serial . Now I do not feel it, after all, only two machines, if it is a cluster of servers? So we chose Ansible.