[0725] automated operation and maintenance --ansible

24.15 ansible Introduction

• No need to install the client, to communicate via sshd

• Based on the module, the module may be developed by any language

• Not only supports command line using the module, also supports the playbook written yaml format, easy to write and read

• Installation is simple and can be directly installed on centos yum

• There is provided UI (graphical browser) www.ansible.com/tower, charges

• Official documents http://docs.ansible.com/ansible/latest/index.html

• ansible redhat company has been acquired, it is on github is a very popular open-source software, github address https://github.com/ansible/ansible

• A good introductory e-book https://ansible-book.gitbooks.io/ansible-first-book/

24.16 ansible installation

1, to prepare two machines, arslinux-01, arslinux-02

2, is mounted on ansible arslinux-01

[root@arslinux-01 ~]# yum list|grep ansible
[root@arslinux-01 ~]# yum install -y ansible ansible-doc

3, generates a key pair on arslinux-01

[root@arslinux-01 ~]# ssh-keygen -t rsa

If there is no need to generate id_rsa.pub the key pair /root/.ssh/

4, the public key to arslinux-01, /root/.ssh/authorized_keys on arslinux-02 in

5, connection verification

[root@arslinux-01 ~]# ssh 192.168.194.132
Last login: Sun Aug  4 21:08:02 2019 from 192.168.194.1

6, the host group configuration

[root@arslinux-01 ~]# vim /etc/ansible/hosts
[testhost]
127.0.0.1
192.168.194.132

Description: testhost main unit name, custom. Machine ip ip of the following two groups

24.17 ansible remote command execution

• ansible testhost -m command -a ' command '          batch remote command

testhost main unit name here, -m module is behind the name, -a followed by the command. Of course, we can also write directly to a ip, execute a command for a certain machine

[root@arslinux-01 ~]# ansible testhost -m command -a 'w'
127.0.0.1 | CHANGED | rc=0 >>
21:38:20 up  1:11,  3 users,  load average: 0.25, 0.14, 0.15
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    192.168.194.1    117月19 24days  0.05s  0.05s -bash
root     pts/1    192.168.194.1    21:07    4.00s  2.63s  0.00s ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/6220ae23ea -tt arslinux-02 /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1564925899.21-98869728293746/AnsiballZ_command.py && sleep 0'
root     pts/4    localhost        21:38    0.00s  0.25s  0.01s w
arslinux-02 | CHANGED | rc=0 >>

21:38:21 up  3:17,  3 users,  load average: 0.08, 0.03, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    192.168.194.1    146月19 50days  0.04s  0.04s -bash
root     pts/1    192.168.194.1    21:08   53.00s  0.04s  0.04s -bash
root     pts/2    arslinux-01      21:38    1.00s  0.32s  0.01s w

[root@arslinux-01 ~]# ansible 192.168.194.132 -m command -a 'w'
arslinux-02 | CHANGED | rc=0 >>
21:38:52 up  3:18,  3 users,  load average: 0.05, 0.03, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    192.168.194.1    146月19 50days  0.04s  0.04s -bash
root     pts/1    192.168.194.1    21:08    1:24   0.04s  0.04s -bash
root     pts/2    arslinux-01      21:38    1.00s  0.43s  0.01s w

错误： "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"

Solve:  yum install -y libselinux-Python

• ansible testhost -m shell -a ' command '          the shell module can also remotely execute commands

[root@arslinux-01 ~]# ansible testhost -m shell -a 'hostname'
arslinux-02 | CHANGED | rc=0 >>
arslinux-02

127.0.0.1 | CHANGED | rc=0 >>
arslinux-01

24.18 ansible copy files or directories

• ansible arslinux-02 -m copy -a ' src = dest = owner = group = mode ='          copy of the file or directory

[root@arslinux-01 ~]# ansible 192.168.194.132 -m copy -a "src=/etc/ansible dest=/tmp/ansible_test owner=root group=root mode=0755"
192.168.194.132 | CHANGED => {
    "changed": true,
    "dest": "/tmp/ansible_test/",
    "src": "/etc/ansible"
}

[root @ arslinux-02 ~] # LL -d / tmp / ansible_test / 
drwxr-XR-3 root root the X-21 22:02 8 Yue 4 / tmp / ansible_test / 
[root @ arslinux-02 ~] # DATE 
2019 Nian 08 Sunday, May 04 22:03:09 CST

Note: the source directory into the target directory will go, if the target specified directory does not exist, it is created automatically.

If the file is copied, dest specify the name of the source and, if different, and it is not existing directories, equivalent to copy the past and then renamed. But instead, if desc is already present on the target machine directory, it will directly copy the files to that directory

• For file operations

[root@arslinux-01 ~]# ansible 192.168.194.132 -m copy -a "src=/etc/passwd dest=/tmp/123 owner=root group=root mode=0755"
192.168.194.132 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "checksum": "66cfbbd6ccbbfb5edb8b3d364df81d2d9ce9e619",
    "dest": "/tmp/123",
    "gid": 0,
    "group": "root",
    "md5sum": "d5a72a116f1f47476e3156915f62972e",
    "mode": "0755",
    "owner": "root",
    "size": 1776,
    "src": "/root/.ansible/tmp/ansible-tmp-1564927633.07-72798416414339/source",
    "state": "file",
    "uid": 0
}

[root@arslinux-02 ~]# ll /tmp/123
-rwxr-xr-x 1 root root 1776 8月   4 22:07 /tmp/123
[root@arslinux-02 ~]# tail -3 /tmp/123
pure-ftp:x:1020:1020::/home/pure-ftp:/bin/bash
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
zabbix:x:997:994:Zabbix Monitoring System:/var/lib/zabbix:/sbin/nologin

/ Etc on here / tmp / 123 machine and source / passwd is the same, but there have been / tmp / 123 directory if the target machine, it will re-establish passwd file / tmp / 123 directory

24.19 ansible remote script execution

1. Create a script

[root@arslinux-01 ~]# vim /tmp/test.sh
#!/bin/bash
echo `date` > /tmp/ansible_test.txt

2, distribution script

[root@arslinux-01 ~]# ansible testhost -m copy -a "src=/tmp/test.sh dest=/tmp/test.sh mode=0755"
192.168.194.132 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "checksum": "b70386033f7568a51de8209c2065dcbd917ca4b1",
    "dest": "/tmp/test.sh",
    "gid": 0,
    "group": "root",
    "md5sum": "6da17d4e84617796e1b3c7bfdd083d93",
    "mode": "0755",
    "owner": "root",
    "size": 49,
    "src": "/root/.ansible/tmp/ansible-tmp-1564928697.25-67620899139563/source",
    "state": "file",
    "uid": 0
}
127.0.0.1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "checksum": "b70386033f7568a51de8209c2065dcbd917ca4b1",
    "dest": "/tmp/test.sh",
    "gid": 0,
    "group": "root",
    "mode": "0755",
    "owner": "root",
    "path": "/tmp/test.sh",
    "size": 49,
    "state": "file",
    "uid": 0
}

3, execute script

[root@arslinux-01 ~]# ansible testhost -m shell -a "/tmp/test.sh"
192.168.194.132 | CHANGED | rc=0 >>


127.0.0.1 | CHANGED | rc=0 >>

[root @ arslinux-02 ~] # ll / tmp / 
total amount. 8 
-rwxr XR-1776-X. 1 the root the root. 8 22:07 123 dated. 4 
drwxr XR-X-21 is the root. 3 the root. 8 22:02 ansible_test dated. 4 
- rwxr-xr-x 1 root root 49 22:24 test.sh 8 Yue 4 
[root @ arslinux-02 ~] # DATE 
2019 Nian 08 Yue 04 22:26:22 CST Sunday

Scripts require 755 permissions, if not 755 permission, can not perform

4, shell module, also supports remote command execution pipeline and the belt, and the command is not supported

[root@arslinux-01 ~]# ansible testhost -m command -a "cat /etc/passwd |wc -l"
192.168.194.132 | FAILED | rc=1 >>
cat：无效选项 -- l
Try 'cat --help' for more information.non-zero return code

127.0.0.1 | FAILED | rc=1 >>
cat：无效选项 -- l
Try 'cat --help' for more information.non-zero return code

[root@arslinux-01 ~]# ansible testhost -m shell -a "cat /etc/passwd |wc -l"
192.168.194.132 | CHANGED | rc=0 >>
25

127.0.0.1 | CHANGED | rc=0 >>
37

ansible need to first write the script and distributed to each machine, and then execute the batch script

saltstack you can remotely execute batch scripts, no distribution

24.20 ansible Management Task Scheduler

• ansible group name / ip / machine name -m cron -a "name = '' job = '' weekday ="          Remote Management Task Scheduler

[root@arslinux-01 ~]# ansible 192.168.194.132 -m cron -a "name='test cron' job='/bin/touch /tmp/1234546.txt' weekday=6"
192.168.194.132 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "envs": [],
    "jobs": [
        "test cron"
    ]
}

[root@arslinux-02 ~]# crontab -l
#Ansible: test cron
* * * * 6 /bin/touch /tmp/1234546.txt

Description: cron is the module; name name custom crontab task; job refers to the task; weekday refers to a few per week

Other times, said: hour hour minute minute date day month month

• ansible group name / ip / machine name -m cron -a "name = '' state = absent"          Delete cron

[root@arslinux-01 ~]# ansible testhost -m cron -a "name='test cron' state=absent"
192.168.194.132 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "envs": [],
    "jobs": []
}

[root@arslinux-02 ~]# crontab -l
[root@arslinux-02 ~]#

24.21 ansible installation package and management services

• ansible group name / ip / machine name -m yum -a "name = package name "          remote installation package yum

• ansible group name / ip / machine name -m yum -a "name = package names             remote unloaded state = removed"

[root@arslinux-01 ~]# ansible 192.168.194.132 -m yum -a "name=httpd"
[root@arslinux-01 ~]# ansible 192.168.194.132 -m yum -a "name=httpd state=removed"

Re-install, set up and boot

[root@arslinux-01 ~]# ansible 192.168.194.132 -m yum -a "name=httpd state=remove state=installed"

• ansible group name / ip / machine name -m service -a "name = state = enabled ="         to start the service and set boot

[root@arslinux-01 ~]# ansible 192.168.194.132 -m service -a "name=httpd state=started enabled=no"

[root@arslinux-02 ~]# ps aux|grep httpd
root      11746  0.3  0.5 224052  5000 ?        Ss   23:07   0:00 /usr/sbin/httpd -DFOREGROUND
apache    11747  0.0  0.2 224052  2948 ?        S    23:07   0:00 /usr/sbin/httpd -DFOREGROUND
apache    11749  0.0  0.2 224052  2948 ?        S    23:07   0:00 /usr/sbin/httpd -DFOREGROUND
apache    11750  0.0  0.2 224052  2948 ?        S    23:07   0:00 /usr/sbin/httpd -DFOREGROUND
apache    11751  0.0  0.2 224052  2948 ?        S    23:07   0:00 /usr/sbin/httpd -DFOREGROUND
apache    11752  0.0  0.2 224052  2948 ?        S    23:07   0:00 /usr/sbin/httpd -DFOREGROUND
root      11769  0.0  0.0 112724   988 pts/1    R+   23:07   0:00 grep --color=auto httpd
[root@arslinux-02 ~]# date
August 4, 2019 Sunday 23:07:43 CST

Description: name is the name of the service; state is operating, state; enabled refers to whether the boot

• Use Ansible document

ansible-doc -l   list all modules

ansible-doc cron   view the documents specified module

To be continued