[Reprint] allows you to use Ansible system management automation

Others 2020-01-01 09:20:54 views: null

Use Ansible make your system management automation

https://linux.cn/article-9331-1.html

 

Author:  Steve Ovens  Translator:  LCTT  DarkSun 

| 2018-02-10 12:11 Favorite:  4    

Sophisticated system management capabilities and your Linux skills and learn how to set up tools to simplify the management of multiple machines.

Do you want to brush up on your Linux system management capabilities and skills? Maybe run something on your local network, and you want to live a little easier - that's how to do it? In this article, I will show you how to set up tools to simplify the management of multiple machines.

There are a lot of remote management tools, SaltStack, Puppet, Chef, and Ansible are very popular choice. In this article, I will focus on Ansible and explain how it is to help you, whether you have five or 1,000 virtual machines.

Let's multi-machine (whether these machines are virtual or physical) of the basic management began. I assume you know what to do with the foundation of Linux administration skills (at least to have the ability to perform each task can find specific steps). I will show you how to use this tool, but whether it is up to you.

What is Ansible?

Ansible will explain the site as "a super simple IT automation engine, can be automatically fed cloud, configuration management, application deployment, service interior layout, as well as many other IT needs." By the set in a central position well defined server , Ansible can perform the same tasks on multiple servers.

If you Bash's  for circulation is very familiar with, you will find Ansible operation is very similar with this. The difference is that Ansible curtain is like idempotent. Popular, Ansible is generally only perform the requested action if you actually change. For example, suppose you run a Bash for loop to create multiple user machines, like this:

  1. for server in serverA serverB serverC; do ssh ${server} "useradd myuser"; done

This creates on serverA, serverB, and serverC myuser user; however, regardless of whether the user exists, will be executed each time you run the for loop  useradd command. A screen, such as the system will first check if the user exists only in the absence of the will to create it. Of course, this example is very simple, but the benefits of tools such as curtain will over time become more and more apparent.

How Ansible works?

Ansible will Ansible playbooks converted into a command run by SSH, which has many advantages in the management of UNIX-like environment:

  1. The vast majority of UNIX-like machines are opened by default SSH.
  2. SSH remote host does not need to rely on proxy means.
  3. All without having to install additional software in most cases, Ansible need 2.6 or later Python. The vast majority of Linux distributions are the default version (or later) of Python installed.
  4. Ansible do not need to master. He can run on any host computer equipped with Ansible and through SSH access.
  5. Although you can run from cron Ansible, but by default, Ansible will run without your explicit requirements.

Configuring SSH key authentication

One common method is to use Ansible do not need to configure SSH key login password in order to facilitate management. (Ansible Vault can be used to provide protection for sensitive information such as passwords, but this is beyond the scope of this article). Now only need to use the following command to generate a SSH keys, as shown in Example 1.

  1. [09:44 user ~]$ ssh-keygen
  2. Generating public/private rsa key pair
  3. Enter file in which to save the key (/home/user/.ssh/id_rsa):
  4. Created directory '/home/user/.ssh'
  5. Enter passphrase (empty for no passphrase):
  6. Enter same passphrase again:
  7. Your identification has been saved in /home/user/.ssh/id_rsa
  8. Your public key has been saved in /home/user/.ssh/id_rsa.pub
  9. The key fingerprint is:
  10. SHA256:TpMyzf4qGqXmx3aqZijVv7vO9zGnVXsh6dPbXAZ+LUQ user@user-fedora
  11. The key's randomart image is:
  12. +---[RSA 2048]----+
  13. | |
  14. | |
  15. | E |
  16. | o . .。|
  17. | . + S o+。|
  18. | . .o * . .+ooo|
  19. | . .+o o o oo+。*|
  20. |。.ooo* o。* .*+|
  21. | . o+*BO.o+ .o|
  22. +----[SHA256]-----+

Example 1: SSH key to generate a

In Example 1, a direct press Enter to accept the default. Any non-privileged users can generate an SSH key to the remote system can be installed in any user's SSH  authorized_keys file. After generating the keys, it also needs to be copied to the remote host up, run the following command:

  1. ssh-copy-id root@servera

Note: do not need root privileges to run Ansible itself; however, if you use a non-root user, you need to configure the appropriate permissions sudo for the task to be performed.

Servera enter the root password, this command will install your SSH key to the remote host up. After installing the SSH keys, and then through the SSH login remote host will no longer need to enter the root password.

Installation Ansible

Ansible mounted on that host needs SSH key generation in the example 1. If you are using Fedora, enter the following command:

  1. sudo dnf install ansible -y

If you are running CentOS, you need to configure additional package for EPEL Warehouse:

  1. sudo yum install epel-release -y

Then use yum to install Ansible:

  1. sudo yum install ansible -y

For Ubuntu based systems can be installed from the Ansible PPA:

  1. sudo apt-get install software-properties-common -y
  2. sudo apt-add-repository ppa:ansible/ansible
  3. sudo apt-get update
  4. sudo apt-get install ansible -y

If you are using macOS, it is recommended to install by Python PIP:

  1. sudo pip install ansible

For other distributions, see  Ansible installation documentation  .

Ansible Inventory

Ansible use an INI style file to track the server to be managed, this file is called inventory Inventory. By default, this file is located  /etc/ansible/hosts. In this paper, I use the example shown in the inventory Ansible 2 to operate the required host (for brevity has been cut):

  1. [arch]
  2. nextcloud
  3. prometheus
  4. desktop1
  5. desktop2
  6. vm-host15
  8. [fedora]
  9. netflix
  11. [centos]
  12. conan
  13. confluence
  14. 7-repo
  15. vm-server1
  16. gitlab
  18. [ubuntu]
  19. trusty-mirror
  20. nwn
  21. kids-tv
  22. media-centre
  23. nas
  25. [satellite]
  26. satellite
  28. [ocp]
  29. lb00
  30. ocp_dns
  31. master01
  32. app01
  33. infra01

Example 2: Ansible host file

Each packet identification and group names enclosed within brackets (like this  [group1] ), is applied to a group of any group name server. A server can exist in more than one group, no problem. In this case, I have a packet of the operating system ( arch, , ubuntu, centos), fedorabut also packet based server function ( ocp, satellite). Ansible host file can handle more complex than this case. For details, please refer to the  inventory documents .

Run command

After your SSH keys copied to all servers in the inventory list, you can start using the Ansible. Ansible a basic function is to run a specific command. The syntax is:

  1. ansible -a "some command"

For example, suppose you want to upgrade all of CentOS server, you can run:

  1. ansible centos -a 'yum update -y'

Note: It is not necessary to be grouped according to the server operating system. I will mention below, Ansible Facts  can be used to collect this information; however, the use of Facts, then run specific commands will become very complicated, so if you manage a heterogeneous environment, then for the sake of convenience, I Some recommend created the operating system to divide the group.

It will traverse  centos all servers in the group and install all updates. A more useful commands should be Ansible of the  ping module, and can be used to verify that the server is ready to accept commands:

  1. ansible all -m ping

This will make Ansible try to log inventory of all servers in via SSH. 3 can be seen in the example  ping command output section.

  1. nwn | SUCCESS => {
  2. "changed":false
  3. "ping":"pong"
  4. }
  5. media-centre | SUCCESS => {
  6. "changed":false
  7. "ping":"pong"
  8. }
  9. nas | SUCCESS => {
  10. "changed":false
  11. "ping":"pong"
  12. }
  13. kids-tv | SUCCESS => {
  14. "changed":false
  15. "ping":"pong"
  16. }
  17. ...

Example 3: Ansible ping command output

The ability to run the specified command helps to quickly complete the task (LCTT Annotation: should refer to the kind of one-time task), but also in the future if I want to run the same tasks in the same way that how to do it? Ansible  playbooks  is used to do this.

Complex tasks Ansible playbooks

Ansible play playbook is YAML file format contains Ansible instructions. I'm not going to explain these relatively similar Roles and Templates profound content. Are interested, please read  Ansible document .

In the previous chapter, I recommend that you use the  ssh-copy-id command to transfer your SSH keys; however, this article focuses on how a consistent, repeatable way to accomplish the task. 4 shows one example of offerings like manner, even if the SSH key already exists on the target host can ensure the correctness of the implementation.

  1. ---
  2. - hosts:all
  3. gather_facts:false
  4. vars:
  5. ssh_key:'/root/playbooks/files/laptop_ssh_key'
  6. tasks:
  7. - name:copy ssh key
  8. authorized_key:
  9. key:"{{ lookup('file',ssh_key) }}"
  10. user:root

Example 4: Ansible Script "push ssh keys.yaml"

- hosts: Line identifies the play should be performed on the host group. In this example, it checks the inventory in all hosts.

gather_facts: Whether line indicates Ansible to search for detailed information on each host. I will do a more detailed check again later. Now in order to save time, we set  gather_facts to  false.

vars: Part, by definition, the script is used to define the variables used. In this brief example 4, the script is not really necessary, but traditionally we set a variable.

Finally, the  tasks: mark of this section, is the main place to store instructions. Each task has a  -name:. Ansbile this name will be displayed when you run the script.

authorized_key: The script is used Ansible module name. Can command  ansible-doc -a to query relevant information Ansible module; but viewed through a web browser  documentation  may be more convenient. authorized_key module  has many good reference examples. To run the example 4 script, just run  ansible-playbook the command on the line:

  1. ansible-playbook push_ssh_keys.yaml

If this is the first time to add SSH keys, SSH will prompt you to enter the root password.

Now SSH key has been transmitted to the server to go, you can do something interesting happened.

Use Ansible collect information

Ansible be able to collect all kinds of information about the target system. If many of your number of hosts, that it will be particularly time-consuming. According to my experience, each host will probably take a 1-2 seconds, or even longer; however, sometimes collecting information is good. Consider this script, it disables the root user password remotely log into the system:

  1. ---
  2. - hosts:all
  3. gather_facts:true
  4. vars:
  5. tasks:
  6. - name:Enabling ssh-key only root access
  7. lineinfile:
  8. dest:/etc/ssh/sshd_config
  9. regexp:'^PermitRootLogin'
  10. line:'PermitRootLogin without-password'
  11. notify:
  12. - restart_sshd
  13. - restart_ssh
  15. handlers:
  16. - name:restart_sshd
  17. service:
  18. name:sshd
  19. state:restarted
  20. enabled:true
  21. when:ansible_distribution == 'RedHat'
  22. - name:restart_ssh
  23. service:
  24. name:ssh
  25. state:restarted
  26. enabled:true
  27. when:ansible_distribution == 'Debian'

Example 5: Lock SSH root access

In Example 5,  sshd_config modify the file there is a condition  , and that's only done in the case of a match is found in the release. In this case, Red Hat-based distributions based on Debian release naming SSH service is not the same, this is also where the purpose of the use of conditional statements. Although there are other ways to achieve the same effect, but this is a good example demonstrates the effect of Ansible information. If you want to see all the information collected Ansible default, you can run locally  setup modules:

  1. ansible localhost -m setup |less

All information gathered can be used for Ansible judgment, just like the example 4  vars: as part of the presentation. The difference is, Ansible information is seen as built-in variables without defined by the system administrator.

One step closer

You can now begin to explore and create their own basic Ansible a. Ansible is a rich depth, complexity and flexibility of the tool, an article alone can not put it thoroughly publicize. Hopefully this article can arouse your interest and encourage you to explore the Ansible function. In the next article, I will talk about  Copy, systemd, service, apt, yum, virt, and  user modules. We can combine these modules in the script, you can also create a simple Git server to store all of these scripts.

Guess you like

Origin www.cnblogs.com/jinanxiaolaohu/p/12092662.html
Recommended
Face Wall Intelligence releases the Eurux-8x22B open source large model - it can be called the "science champion"
Kaiyuan Daily | Google supports Hongmeng to take over; open source Rabbit R1; Android phones supported by Docker; Microsoft’s anxiety and ambition; Haier Electric shuts down the open platform
Ranking
Jianzhi offer interview questions 68-II. The nearest common ancestor of a binary tree (recursive)
jQuery Mobile development 1-UI components
Summary of Kotlin function knowledge
[ZZ] The Naked Truth About Anisotropic Filtering
Diagnosis: record a recovery of abnormal CRASH storage caused the database to be unable to be opened normally
Redis introduction and Linux installation Redis
Experiment 2 Introduction to switches
glances open source command-line system monitoring tools introduced
Use of selector
vue3 handwriting a carousel picture
Daily
More
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)

Code World

© 2018 codetd.com