1, existing enterprise server environments
In today's enterprises, especially Internet companies, many of their volume of business; such as load balancing servers, web servers, dynamic analysis (php) server, database (mysql) server and Web caching server, and so on;
For example: there is a hadoop cluster on the front desk of the server; this is the case, how batch management of these servers is a big problem;
The second question, in order to improve management efficiency, environment and facilities must be the basis of server configured, just like a highway, if uneven, the speed of the car can not lift;
So, we first need a batch management system program, and secondly, the system's hardware devices can not be that much difference;
2, a basic introduction to operation and maintenance work
Want to do the bulk of the management, we must first know that those things need to be batch operations; basically, a lot of operation and maintenance work is needed, or that can all be batch operations;
Overall, operation and maintenance personnel, including basic work:
1, system installation (including physical and virtual machines)
2, the installation package
Configures a program to meet the needs of users, then you need to start services to ensure the normal operation of the service;
3, the program released
Program here generally refers to program code developers, and operation and maintenance personnel need to be deployed and configured in a production environment below; now update and are now developed to agile mode, need to be updated once a week, and deployed to the production environment;
The same web page, the code of the game, too, and the game code updates more frequently, and more code is deployed at night, this time the flow will be relatively small, relatively little impact will be relatively small;
4, monitoring
Here's monitoring operation on the more complex, in addition to the normal operation of the system; we also need to monitor the normal operation of services; server CPU, memory usage; the operation of network equipment; bandwidth traffic of occupation and so on;
At the same time, if there is an error monitoring, we need to make some corresponding operation corresponding!
Based on the above four points, we will be roughly the operation and maintenance work atmosphere at three levels:
On the operational level system (OS Provisioning), we need to install the operating system; the physical machine, we can use PXE, Cobbler, kickstack to achieve mass deployment server; and for virtual machine instances, we use a variety of cloud management tools (cloud stack) to implement batch installation, customized glance, or is the image templates to start the virtual machine image file;
Service on the operational level (configration), we use the puppet tool (ruby development of an automated operation and maintenance tool), saltstack (python developing an automatic tool change operation and maintenance), chef, cfengine software program to implement the service installation, service configuration start with the service;
Batch operational level (command and control), fabric (python developed a command-line tool). In the slightly larger size of the company which will own research and development of bulk management tools, the blue whale is Tencent own automated operation and maintenance tools;
3, ansible basic introduction
3.1, ansible history
The first version is 0.0.1 Ansible, released on March 9, 2012, its author and founder Michael DeHaan. Michael DeHaan has worked at Puppet Labs, RedHat, Michael, has a wealth of experience in configuration management and architectural design.
After the main development during his tenure in the RedHat Cobble, undergone various systems to simplify, automate infrastructure failures and painful operation, after trying Puppet, Chef, Cfengine, Capistrano, Fabric, Function, Plain SSH and other kinds of tools, decision own to build a tool that binds many of the advantages of automated tools, Ansible born.
3.2, ansible features
1, a gentle curve entry, ansible easy to learn;
2, no need for bootstrapping (this is a repeated sampling algorithm) function;
3, ansible mode of use is a non-effective form directed acyclic graph;
4, no Agent (no agents);
5, no server, not the C / S architecture, mounted directly on the ansible service, the server can be controlled;
6, does not rely on additional PKI mechanisms;
7, ansible is a modular structure, what needs to function, the module can be inserted or what to call;
8, using the YAML template language file; YAML can be used to write playbook, to implement various functions playbook, if the function is more load, need to coordinate multiple playbook complete, you need to use roles to specify the relationship between the various playbook;
9, using ssh to communicate between servers by default;
10, a powerful task scheduling tool, similar to kubernetes;
3.3, ansible works
ansible included numerous advantages of automation tools;
Of these, at the system level Red Hat's satellite service, you need to buy (rarely used), as well as cobbler, func unified installation and management systems;
Next, in a configuration having a top level and cfengin puppet, the chef and configuration functions;
ansible on what basis to accept automation platform manage it? In fact, there are two methods in the management system, in an agent terminal is a terminal of the agent is not;
There ends agent: e.g. puppet, func management agent are required to install, this management is relatively cumbersome, but relatively stable;
No agent side (agentless): for example ansible, fabirc, no agent-side management programs can be carried out by ssh program management, this time there is a problem, we need to have root privileges, if not root it is necessary to mention the right by sudo, so as to achieve the purpose of management of other servers;
In contrast, there are agent-side program more secure, it agentless is not available; therefore, ansible management tool for security presents certain challenges, the client needs to have a secret key server, so if the server is compromised people, then all servers will be very dangerous;
So, ansible use ssh password to log in to the management, so that if a managed client does not obtain the public key, then it can not be added to the server farm managed in the past, will not be broken up;
3.4, ansible architecture
ansible belongs to a modular architecture; all modules are connected with the main module ansible, as shown below:
In addition to the main core module --ansible, further comprising a number of other modules, for example: core modules (core modules), costome modules (custom modules), plugins (third-party plug-ins), connection plugins (link plug), host inventory ( host list), playbooks (screenplay);
Wherein the core modules costome modules and a series of operations specified operation;
playbooks is YAML language module by calling up, for arrangement, in a certain order to perform the corresponding operation;
The host inventory list specifies a list indicating what the machine to be operated in the playbook;
It is used to associate connection plugins managed hosts;
4, ansible installation and basic usage
yum install ansible -y
ansible main configuration file
/etc/ansible/ansible.cfg
/etc/ansible/hosts
ssh keys without certification
Basic usage of ansible-doc