ansible relatively simple, playbook (script) used to implement more complex with respect to the task, Roles used to achieve a more complex task.
ansible exploited using modules, various commands corresponding to the set of parameters.
https://baike.baidu.com/item/%E4%BA%91%E6%9C%8D%E5%8A%A1/7843499?fr=aladdin cloud services as detailed in the above link
Cloud computing (Cloud Computing) is the Distributed Computing (Distributed Computing), Parallel computing (Parallel Computing), utility computing (Utility Computing), network storage (Network Storage Technologies), virtualization (Virtualization), load balancing (Load Balance) content distribution network tradition (Content Delivery network) and other computer and network technology development integration of the product.
Simply put, cloud services may be required for enterprise hardware and software, all data on the Web, at any time, anywhere, using different IT devices are connected to each other, to achieve the purpose of data access, operation and so on. Currently, there is a common public cloud services cloud (Public Cloud) and private cloud (Private Cloud) two kinds [2].
Public cloud costs low
Public cloud is the most basic of services, multiple clients can share system resources of a service provider, they need not erect any management personnel and equipped, you can enjoy professional IT services, which for the average entrepreneur, SMEs, the It is undoubtedly a good way to reduce costs. Public cloud can be subdivided into three categories, including Software-as-a-Service, SaaS (software as a service), Platform-as-a-Service, PaaS (Platform as a Service) and Infrastructure-as-a-Service, IaaS (infrastructure as a service).
We normally commonly used Gmail, Hotmail, online photo albums are considered a form of SaaS, it focuses on a single network software-driven; As for places PaaS service provided in the form of application development, deployment platform, to accelerate the users to write their own CRM (customer relationship management), ERP function (enterprise resource planning) systems, the user must have a wealth of IT knowledge.
iaaS (Infrastructure as a Service): Infrastructure as a Service (just to give you hardware)
PaaS (Paltform as a Service): Platform as a Service (even the operating system to give you a)
SaaS (Software as a Service): software as a service (what you want the software to give you what software)
Gray publish: a production server 100, which first published 10 servers, which is 10 gray server. (Server-based, users region are) usually soft connection type, a soft link from the original version to the new version.
Common automated operation and maintenance tools:
- Ansible: Python, do not need to deploy agents, small and medium sized environments
- Saltstack: python, which normally takes deploy agent (agent), high efficiency
- Puppet (fear with special): powerful, complex configuration, suitable for large-scale environment
- Fabric:python
- Cfengine:
- func:
ansible architecture:
A host control multiple hosts
Master (central control, master, fortress machine): Host Inventory: host list, ansible which hosts know how to manage it? So what host record in this file needs to be controlled.
/ Etc / ansible / hosts: host inventory of stored files, then go to the store to control ansible
If some small daily task, you can use some of the modules to achieve, but some routine tasks, you use the Playbook to achieve.
Also supports some add-ons, such as log, mail, etc., and these middle in order to associate the remote host or control, the need for connecting plug-in that the current situation is based on SSH protocol to achieve.
Host: proxy (QQ remote control), agentless (SSH service), there is no better than the proxy agent performance.
ansible features:
- Idempotence: perform the same task again and execute n times the effect will not be performed repeatedly to bring unforeseen circumstances (if you first use the ansible created a user, you create a second ansible in use when it most it is not executed, no error)
- You can use any programming language to write modules
- Security, based on SSH protocol
- Support for custom modules
- It can not be a master windows
ansible works:
By ansible manage remote host, the user can type commands, you can use the batch execution Playbook, also through public cloud / private cloud, you can also use the CMDB (configuration management database)
ansible command Source:
User: ordinary users, knocking command
CMDB: API calls
PUBLIC / PRIVATE CLOUD: API calls
Ansible PlayBook:
ansible implementation management:
AdHoc: That Ansible command for an interim order to use scene
Ansible PlayBook: mainly used for good long-term planning, the scene of large-scale projects
ansible installation:
ansible Relevant documents:
For the first time to join a new host, it is impossible to use ssh every link, so you can add a line to the configuration file:
host_key_checking = False
It recommended to enable logging:
log_path
ansible-doc: Help display module, the equivalent of the man command
ansible-doc -l: display the available modules
ansible's command:
ansible webservers -m command -a 'ls /root' -u lxw -k -b -K
-k: Use key for authentication
-b: sudo to user profiles
-K: sudo user's password
sudo用户的方法:visudo,打开选项%wheel,然后修改用户的附加组为wheel,但是如果不想输入sudo密码的话就修改visudo文件,打开%wheel选项下的NOPASSWD选项。(echo export EDITOR=vim >> /etc/profile.d/env.sh然后重新加载一下环境变量)
基于key验证:
ssh-keygen生成密钥对,然后使用ssh-copy-id传送到每个主机上
ssh-copy-id 192.168.15.138
*:通配所有
: :或的关系,两个组包含的所有主机(123)(126)(1236)
‘ :& ’ :与的关系,两个组都有的主机(123)(126)(12)
‘ :! ’ :非的关系,在前边组但是不再后边组
支持正则表达式:
“~(web|db). * \ .baidu \ . com”
ansible的执行过程:
1、加载自己的配置文件,默认为/etc/ansible/ansible.cfg
2、加载自己对应的模块文件,如command
3、通过ansible将模块或命令生成对应的临时 .py文件,并将文件传输至远程服务器的对应执行用户$HOME/.ansible/tmp/ansible-tmp-随机数字/XXX.py文件
4、给文件+x执行
5、执行并返回结果
6、删除临时py文件,sleep 0退出
ansible是否执行成功的颜色在ansible配置文件中有定义
ansible的常见模块:
查看帮助文档:ansible-doc
command模块:默认使用,可以省略。
chdir:先切换目录并且执行命令,不管存在不存在都执行命令
creates:如果文件存在,则不执行命令
removes:如果文件不存在,则不执行命令
ansible all -a 'chdir=/etc/fs cat /etc/fstab'
ansible all -a 'chdir=/boot ls'相当于查看boot文件夹
ansible all -a 'creates=/etc/fs cat /etc/fstab'
ansible all -a 'removes=/etc/fs cat /etc/fstab'
shell模块:不是默认模块,要使用-m shell,支持一些特殊符号,比如管道和$。
修改用户密码:
ansible web -m shell -a 'echo 123456|passwd --stdin lxw'
script模块:不需要复制脚本去其他主机,只需要在ansible主机上编好脚本,然后就可以在指定的主机上执行。
file模块:专门管理文件的模块
copy模块:把本机文件复制到远程
mode:权限
owner:所有者
ansible all -m copy -a 'src=/root/ansible/selinux dest=/etc/selinux/config backup=yes'
ansible all -m copy -a 'content="hello\nworld\n" dest=/data/f2'直接给文件写入内容
fetch:从客户端拉取文件至服务器,与copy相反,但是只能拉取单个文件,要是目录的话,必须先进行打包。
ansible all -m fetch -a 'src=/var/logs/messages dest=/data'
archive:打包模块 unarchive:解包模块
file模块:ansible-doc file
ansible all -m file -a 'name/path/dest=/data/test state=touch'---创建新文件
ansible all -m file -a 'name/path/dest=/data/test state=absent'---删除文件/目录
ansible all -m file -a 'name/path/dest=/data/dir1 state=directory'---创建目录
ansible all -m file -a 'src=/etc/fstab dest/path/name=/data/fstab.link state=link'---创建软连接
Cron:计划任务模块
ansible all -m cron -a 'minute=* weekday=1,3,4 job="/usr/bin/wall FBI warning" name=warningcron'---创建计划任务
ansible all -m cron -a 'disabled=true/yes job="/usr/bin/wall FBI warning" name=warningcron'---注销计划任务,必须加name,不加那么就会创建一个新的定时任务默认注释,只不过name为null
disabled=false/no---重新启用定时任务
absible all -m cron -a 'job="/usr/bin/wall FBI warning" name=warningcron state=absent'
yum:yum模块
ansible all -m yum -a 'name=vsftpd,memcached state=present/installd/lastest'----安装
state=absent/removed----卸载
先批量cp过去,然后再使用rpm的方式安装。
也可以使用disable_gpg_check=yes来跳过检查。
update_cache=yes用来更新缓存,但是安装包,EX:'name=httpd update_cache=yes'
service:服务模块
ansible all -m service -a 'name=vsftpd state=started/restarted/reloaded/stopped ensbled=yes/true'
setup:显示被控制主机的信息
ansible all -m setup -a 'filter=ansible_*'—————filter表示过滤
user:管理用户模块
ansible all -m user -a 'name=nginx shell=/sbin/nologin system=yes home=/home/nginx groups=root uid=8080 comment(描述)=nginx service'
group是指定基本组的,groups是指定附加组的
ansible all -m user -a 'name=nginx state=absent remove=yes(是否删除家目录)'
group:管理组模块
ansible all -m user -a 'name=nginx system=yes gid=8080 state=absent/present'
ansible命令:
ansile-galaxy:可以自动连接galaxy.ansible.com网站下载你要的roles,首先找到并复制你想要的roles,然后在虚拟机上使用ansible-galaxy install/remove rolesname下载
ansible-vault:加入playbook文件有敏感信息,可以对playbook文件进行加密操作
ansible-vault encrypt hello.yml————加密后则不能查看playbook文件内容,并且加密后不能运行,要想运行,必须要先解密
ansible-vault decrypt hello.yml----解密playbook文件
ansible-vault view hello.yml----查看加密的文件内容
ansible-vault edit hello.tml----修改加密文件
ansible-vault rekey hello.yml----修改密码
ansible-vault create hello2.yml---创建新的加密文件
ansible-console:交互式控制
可以使用cd,执行命令时,前边是模块名,后边是对应的命令(ansible用法)
ansible-playbook:(相当于脚本)
play的主要功能是在于将实现归并为一组的主机装扮成事先通过ansible中的task定义好的角色,从根本上来讲,task就是调用ansible的一个模块,将多个play组织在一个playbook中,让他们联合起来按照事先编排的机制执行
语法:
--- //习惯而已,不写也行,表示里边要写playbook了
- hosts: webserver //接下来的要对那些主机执行操作
remote_user: root //接下来要执行的操作以谁的身份来执行
tasks:
- name: hello //只是一个说明而已,说明要执行什么
command: hostname //模块名:用法
ansible-playbook hello.yaml
工作流程:
YAML格式:
- 它是一种语言,并不是ansible特有的
- 在单一档案中,可用连续的三个 - 区分多个档案,另外,用三个 . 来表示该档案结尾
- 次行开始写内容,一般建议写上该playbook的功能。
- 使用#注释代码
- 缩进必须统一,不能和tab混用
- 区分大小写,K/V值均需大小写敏感
- k/v可以同行写,也可以换行写,同行使用:分开,v也可以是一个列表
- 一个完整的代码块最少需要一个name和一个task,并且一个name只能包括一个task
YAML语法:
列表:所有的元素均使用"-"打头
Directory:字典
name:lxw
job:student
hobby:play
{name:lxw,job:student,hobby:play}
playbook核心元素:
- hosts:执行的远程主机列表
- tasks:任务集
- Varniables:内置变量或自定义变量在playbook中调用
- templates:模板,可替换模板文件中的变量并实现一些简单逻辑的文件
- handlers和notity结合使用,由特定条件触发的操作,满足才执行。
- tags:标签,指定某条任务执行,用于选择运行playbook中的部分代码,ansible具有幂等性,因此会跳过没有变化的部分,但是有的代码测试其确实没有ansible-playbook -t tagsname useradd.yml
---
- host: all
remote_user: root
tasks:
- name: create new file
file: name=/data/test state=touch
- name: create new user
user: name=ymy system=yes shell=/sbin/nologin
- name: install package
yum: name=httpd
- name: copy html
copy: src=/var/www/html/index.html dest=/var/www/html
- name: start service
service: name=httpd state=started enabled=yes
sudo: yes
sudo_user: lxw---需要授权
ansible-playbook -C file.yml----检查有没有错误
让出错之后继续执行下去方法:
- name: error
shell: /usr/bin/somecommand || /bin/true
或者ignore_errors: True
--limit 192.168.15.101——————只在特定的主机上执行
一个模块对应一个内容,相同的内容都不行。
tasks中的src如果写成相对路径的话,就是相对于当前用户的家目录而言的
Handlers和notify的使用:
tasks:按照次序执行,如果服务已经启动,然么再将修改过的配置文件拷贝过去后,服务不会重启,所以配置文件就不会生效,所以就要用handlers。
---
#httpd的基本配置文件
- hosts: all
remote_user: root
tasks:
- name: install httpd package
yum: name=httpd
- name: copy conf file
copy: src=files/httpd.conf dest=/etc/httpd/conf backup=yes
notify: restart service——————必须和handlers中的name保持一致
- name: start service
service: name=httpd state=started enabled=yes
handlers:
- name: restart service
service: name=httpd state=restarted
________________________________________________
notify:
- restart service
- check nginx process
handlers:
- name: restart service
service: name=httpd state=restarted enabled=yes
- name: check nginx process
shell: killall -0 nginx > /tmp/nginx.log
tags:标签,作用就是将来可以调用标签中的内容
---
#httpd的基本配置文件
- hosts: all
remote_user: root
tasks:
- name: install httpd package
yum: name=httpd
tags: installhttpd
- name: copy conf file
copy: src=files/httpd.conf dest=/etc/httpd/conf backup=yes
notify: restart service——————必须和handlers中的name保持一致
- name: start service
service: name=httpd state=started enabled=yes
tags: restartedhttpd
handlers:
- name: restart service
service: name=httpd state=restarted
ansible-playbook httpd.yml -t installhttpd,restartedhttpd httpd.yml——————挑某个标签来执行
--skip_tags two————跳该标记
多个动作可以使用同一个标签,将标签名字起相同就行了。
Playbook中的变量:
可以针对不同的主机执行不同的操作。
变量名:仅能由字母、数字、下划线组成,且只能由字母开头
变量来源:
-
ansible setup facts远程主机的所有变量都可以调用
-
在/etc/ansible/hosts中定义(就是对组中的某个主机有效,也可以对组中所有主机有效)
- 普通变量:主机组中单独定义,优先级高于公共变量
- 公共(组)变量:针对主机组中所有主机定义同一变量
-
通过命令行指定变量,优先级最高
-
在playbook中定义
- vars:
- vars1: value1
- vars2: value2
- vars:
-
在role中定义
-
在变量文件中定义(后缀为 .yml)
#直接在命令行中定义变量
---
- hosts: all
remote_user: root
tasks:
- name: install package
yum: name={{ pkname }}
- name: start service
service: name={{ pkname }} state=started enable=yes
ansible-playbook -e 'pkname=vsftpd' app.yml----两个变量赋值可以使用逗号分开
#可以在playbook中直接定义变量:
---
- hosts: all
remote_user: root
vars:
- pkname1: httpd
- pkname2: vsftpd
tasks:
- name: install package
yum: name={{ pkname1 }}
- name: start service
service: name={{ pkname2 }} state=started enable=yes
#在/etc/ansible/hosts中定义
[web01]
192.168.15.100 http_port=81
192.168.15.101 http_port=82
[web01:vars]
name1=www.
name2=.com
---
- host: web01
remote_user: root
tasks:
- name: set hostname
hostname: name={{ name1 }}{{ http_port }}{{ name2 }}
#在变量文件中定义
var1: httpd
var2: vsftpd
---
- host: all
remote_user: root
vars_files:
- vars.yml
tasks:
- name: install package
yum: name={{ var1 }}
template template: You can only use the playbook command line, you can not ansible (adhoc) is used, use the syntax Jinja2
Scenario: When configuring the service, the machine may lead to different hardware, different profiles of services, copy modules can not achieve this function, only use template template.
templates file must exist in the templates directory and file name suffix .j2, templates and directories. yml same level file suffixes
---
- host: all
remote_user: root
tasks:
- name: install package
yum: name=nginx
- name: copy template
template: src=nginx.conf.j2 dest=/etc/nginx.conf backup=yes
notify: restart service
- name: start service
service: name=nginx state=started enabled=yes
handlers:
- name: restart service
service: name=nginx state=restarted
tasks:
- name: "shutdown RedHat"
command: /sbin/shutdown -h now
when: ansible_os_family=="RedHat"
Variables can be set up using the module variable
Iteration (loop):
---
- host: all
remote_user: root
tasks:
- name: create some files
file: name=/data/{{ item }} state=touch
when: ansible_distribution_major_version == "7"
with_items:
- file1
- file2
- file3
- name: install some packages
yum: name={{ item }}
with_items:
- htop
- sl
- hping3
#固定结构
#用户属于各自的组
- name: install some packages
yum: name={{ item.name }} group={{ item.group }}
with_items:
- { name: 'user1', group: 'g1' }
- { name: 'user2', group: 'g2' }
- { name: 'user3', group: 'g3' }
for loop:
---
- name: all
remote_user: root
vars:
prots:
- 81
- 82
- 83
tasks:
- name:copy conf
template: src=for1.conf.j2 dest=/data/for1.conf
-----------------------
cat for1.conf.j2-->
{% for port in ports %}
server{
listen {{ port }}
}
{% endfor %}
#另一种方式
---
- name: all
remote_user: root
vars:
prots:
- web1:
port: 81
name: www.baidu1.com
rootdir: /data/web1
- web2:
port: 82
name: www.baidu2.com
rootdir: /data/web2
- web3:
port: 83
name: www.baidu3.com
rootdir: /data/web3
tasks:
- name:copy conf
template: src=for1.conf.j2 dest=/data/for1.conf
-----------------------
cat for1.conf.j2-->
{% for pin ports %}
server{
listen {{ p.port }}
servername {{ p.name }}
documentroot {{ p.rootdir }}
}
{% endfor %}
Analyzing iteration and used in combination:
{% for pin ports %}
server{
listen {{ p.port }}
{% if p.name is defined %}
servername {{ p.name }}
{% endif %}
documentroot {{ p.rootdir }}
}
{% endfor %}
roles:
Suitable for large mandate, structure more clearly. The original thing in the playbook in all apart, the variables in a file, in a template file, you need to copy the files in a file, open the task, in a file folder. The idea is modular, high code reuse.
