Automated operation and maintenance tool Ansible - overview and command line module
Automated operation and maintenance tool Ansible - overview and command line module
Table of contents
Machine management
Ansible overview
The four components of Ansible
Ansible features
ansible environment installation and deployment
Install ansible on the management side
Ansible commonly used command line modules
command module
Commonly used parameters
shell module
Example 1
Example 2:
cron module
Example 1
Example 2
Delete system backup task
user module
Example 1
Example 2
Example 3
group module
Example
copy module
Example 1
Example 2
Example 3
file module
Example 1
Example 2
Example 3
hostname module
ping module
yum module
Example 1: Install httpd
Example 2: Uninstall httpd
service/systemd module
Example
script module
Example
setup module
Summarize
Machine management
Considerations for machine management tool selection can include the following three aspects:
- Is it simple? Does it need to deploy Agent (client) on each machine?
- Choice of language (Puppet/Chef vs Ansible/SaltStack) In open source technology, it is not enough to be proficient without looking at the official website, and it is not enough to be proficient in the source code: Puppet and Chef are developed based on Ruby, and Ansible and SaltStack are developed based on Python.
- Choice of speed (Ansible vs SaltStack) Ansible transmits data based on the SSH protocol, and SaltStack uses the information queue ZeroMQ to transmit data. The large-scale concurrency capability is suitable for brothers with a real-time platform of -200 units. The performance of Ansible is also acceptable. If one operation It is better to use salt for thousands of units.
| tool | language | Architecture | protocol |
|---|---|---|---|
| Puppet | Ruby | C/S | HTTP |
| Chef | Ruby | C/S | HTTP |
| Ansible | Python | No Client | SSH |
| Saltstack | Python | C/S (can be without Client) | SSH/ZMQ/RAET |
Generally, startups choose Ansible to solve most problems. It is simple and does not require the installation of additional clients. It can be run from the command line and does not require the use of configuration files. As for more complex tasks, Ansible is configured through a configuration file called Playbook. To process it using YAML syntax, Playbook can also use templates to extend its functionality.
Three Musketeers of Automated Operation and Maintenance :
- saltstack
- pubbet
- ansible
Ansible overview
Ansible is a configuration management and application deployment tool developed based on Python, and it is now also shining in the field of automated management. It combines the advantages of many established operation and maintenance tools. Ansible can basically implement all the functions that Pubbet and Saltstack can achieve.
Ansible can configure, deploy, and manage thousands of hosts in batches. For example, in the past, it was necessary to switch to one or more operations performed on each host. Using Ansible, you only need to complete the operations of all hosts on a fixed Ansible control node.
Ansible works based on modules. It only provides a running framework. It does not have the ability to complete tasks. It is Ansible's modules that actually perform operations . For example, the copy module is used to copy files to the remote host, and the service module is used for management. Starting, stopping, restarting services , etc.
The four components of Ansible
- Inventory host inventory (host group)
- Modules
- Plugins
- Playbooks (equivalent to scripts)
Ansible features
Feature one:
One of the more distinctive features of Ansible is Agentless , that is, there is no Agent (no agent, that is, no client). It is just like an ordinary command. It is not a c/s software and only needs to be run on a host as a control node. Just install Ansible once. Usually it controls the remote host based on ssh connection. There is no need to install Ansible or other additional services on the remote host.
When the user enters commands or playbooks in the server terminal, the playbook will be disassembled into plays through predetermined rules (a play is a Linux operation), and then organized into tasks that can be recognized by ansible, calling modules and plug-ins. The host list sends temporary files to the remote client through SSH for execution and returns the results, which are automatically deleted after execution.
Feature two:
Another distinctive feature of Ansible is that most of its modules are idempotent . The so-called idempotence means that multiple operations or multiple executions have a consistent impact on system resources.
- For example, when executing
systemctl stop xxxthe command to stop a service, when it is found that the target service to be stopped is already in a stopped state, it will do nothing, so the result of multiple stops is still stop, which will not change the result. It is idempotent , while systemctl restart xxx is non-idempotent.
Ansible的很多模块在执行时都会先判断目标节点是否要执行任务,所以,可以放心大胆地让Ansible去执行任务,重复执行某个任务绝大多数时候不会产生任何副作用。
ansible 环境安装部署
- 管理端 ansible :192.168.44.20
- 被管理端:192.168.44.30
- 被管理端:192.168.44.40
管理端安装 ansible
- yum安装epel-release和ansible
2. yum install -y ansible
3. 复制代码
- ansible 目录结构
2. 配置主机清单
3. 配置密钥对验证。ansible默认使用ssh连接,所以管理前要设置免密登录。
- 如果有成百上千台主机,不可能一次一次输入密码,因此就需要sshpass。sshpass这个工具可以实现ssh的免交互。格式 :
sshpass -p '密码' ssh-copy-id 用户@IP地址
ansible常用的命令行模块
2. ansible <主机IP> -m <模块> -a <参数列表>
3. ansible <主机名> -a <参数列表> #不加-m指定模块默认使用command
4. 复制代码
选项解释
- -m:指定模块
- -a:指定命令
列出所有已安装的模块:ansible-doc -l
查看指定模块的描述信息和操作动作:ansible-doc -s 模块
command模块
注意 :在远程主机执行命令,不支持管道、重定向等shell的特性。
常用的参数
- chdir:在远程主机上运行命令前提前进入目录
- creates:判断指定文件是否存在,如果存在,不执行后面的操作
- removes:判断指定文件是否存在,如果存在,执行后面的操作
chdir
在远程主机上运行命令前提前进入目录
creates
判断指定文件是否存在,如果存在,不执行后面的操作。
removes
判断指定文件是否存在,如果存在,执行后面的操作
shell模块
在远程主机执行命令,相当于调用远程主机的shell进程,然后在该shell下打开一个子shell运行命令。支持管道符号和重动向等功能。
示例1
shell模块支持管道符号。
提取对方IP地址。
示例2:
shell模块支持重定向功能。
cron模块
在远程主机定义任务计划。其中有两种状态(state)
- present 表示添加(可以省略)
- absent 表示移除。
示例1
每天晚上12:30备份系统日志
ansible webservers -m cron -a 'minute=30 hour=0 job="/usr/bin/co -f /var/log/messages /root/backuper/messages-$(date +%Y/%m/%d)" name="backup syslog"'
示例2
星期一到星期五,上午9点到下午5点期间,每隔半小时执行一次同步时间任务 ansible webservers -m cron -a 'minute=*/30 hour="9-17" weekday="1-5" job="/usr/sbin/ntpdate ntp.aliyum.com" name="ntp job" '
删除系统备份任务
删除backup syslog计划任务:ansible webservers -m cron -a 'name="backup syslog" state=absent'
user模块
管理用户的模块。 查看user模块包含的操作动作: ansible-doc -s user
常用参数:
| 参数 | 说明 |
|---|---|
| name | 用户名,必选参数。 |
| state=present 或 absent | 创建账号或者删除账号,present表示 创建,absent 表示删除。 |
| system=yes 或 no | 是否为系统账号。(默认为系统账号) |
| uid | 用户uid。 |
| group | 用户基本组。 |
| groups | 用户附加组。 |
| shell | 默认使用的登录shell |
| move_home=yes 或 no | 如果设置的家目录已经存在,是否将已经存在的家目录进行移动。 |
| password | 用户的密码,建议使用加密后的字符串。 |
| comment | 用户的注释信息。 |
| remove=yes 或 no | 表示当state=absent时,是否删除用户的家目录。即删除用户时,是否同时删除家目录。yes表示删除用户的家目录。 |
示例1
添加用户zhangsan:ansible webservers -m user -a 'name=zhangsan'
示例2
删除用户并删除家目录:ansible webservers -m user -a 'name=zhangsan state=absent remove=yes'
示例3
创建用户并指定UID号并添加密码:ansible webservers -m user -a 'name=zhangsan uid=9527 shell=/sbin/nologin password=123123'
不建议使用password指定密码,因为是明文保存,安全性低
group模块
管理用户组的模块。
注意:字符串类型的值建议加双引号,防止有空格。数字和布尔值不要加双引号
示例
创建aa组,并设置gid号为1024:ansible webservers -m group -a 'name=aa gid=1024'
创建lisi用户,设为系统用户,附加组为aa组
copy模块
用于将本地文件复制到远程主机。
查看copy模块包含的操作动作:ansible-doc -s copy
常用参数:
| 参数 | 说明 |
|---|---|
| src | 指出源文件的路径(位于控制节点,即管理端),可以使用相对路径或绝对路径,支持直接指定目录,如果源是目录则目标也要是目录。 |
| dest | 指出复制文件的目标及位置,使用绝对路径,如果源是目录则目标也要是目录,如果目标文件已经存在会覆盖原有的内容。 |
| mode | 指出复制时,目标文件的权限。 |
| owner | 指出复制时,目标文件的属主。 |
| group | 指出复制时,目标文件的属组。 |
| content | 指出复制到目标主机上的内容,不能与src一起使用。 |
示例1
把本地的hosts文件复制到远程主机:ansible webservers -m copy -a 'src=/etc/ansible/hosts dest=/opt/myhosts mode=700 owner=one'
示例2
复制目录到远程主机:ansible webservers -m copy -a 'src=/etc/ansible dest=/opt'
示例3
输入内容到远程主机文件中,覆盖原有内容:ansible webservers -m copy -a 'content="Hello World!" dest=/opt/ansible/hosts'
file模块
为远程主机创建/删除文件或目录,设置文件属性。
主要参数如下:
| 参数 | 说明 |
|---|---|
| path | 指定远程服务器的路径,也可以写成"dest","name" |
| state | 状态,可以将值设定为directory表示创建目录,设定为touch表示创建文件,设定为link表示创建软链接,设定为hard表示创建硬连接,设定为absent表示删除目录文件或链接 |
| mode | 文件复制到远程并设定权限,默认file=644,directory=755 |
| owner | 文件复制到远程并设定属主,默认为root |
| group | 文件复制到远程并设定属组,默认为root |
| recurese | 递归修改 |
| src | 指的是目标主机上的源文件。与copy模块不同 。 |
示例1
修改文件的属主、属组、权限等
示例2
创建和删除文件、目录
示例3
创建软链接文件
如果源地址不存在,则必须添加force=yes 才能创建
hostname模块
用于管理远程主机上的主机名。
ping模块
测试远程主机的连通性。
yum模块
在远程主机上安装与卸载软件包, 需要被管理端配置好yum源。
主要的参数如下:
| 参数 | 说明 |
|---|---|
| name | 指定安装软件包名或软件包URL |
| state | 指定yum对应的方法,present(默认)、installed表示安装、latest表示安装最新版本软件包;absent、removed表示卸载。支持多程序一起安装,用逗号隔开。 |
| enablerepo | 允许从哪些仓库获取软件 |
| disablerepo | 禁止从哪些仓库获取软件 |
| exclude | 排除某些软件包,例如kernel |
| download_only | 仅下载软件包,不安装 |
| disable_gpg_check | 不进行gpg检测 |
| update_cache | 可以在安装包的同时更新yum缓存 |
Example 1: Install httpd
Example 2: Uninstall httpd
service/systemd module
Used to manage the running status of services on remote hosts.
The main parameters are as follows:
| parameter | illustrate |
|---|---|
| name | Specify the name of the service that needs to be controlled |
| state | Specify the service status, its value can be stopped, started, reloaded, restarted, status |
| enabled | Specify whether the service is started at boot, yes means to start, no means not to start |
| daemon_reload | yes: Restart the systemd service to make the unit file take effect |
Example
First install httpd back for testing
script module
Implement remote batch running of local shell scripts.
Note: The script module is not idempotent. So it is recommended to use a script for execution.
Example
Write a script locally and give it permission to use it.
Note : The script module is not idempotent.
setup module
The facts component is used to collect managed node information. This information can be obtained using the setup module.
Summarize
ansible: automated operation and maintenance tools that can manage multiple (hundreds or thousands) hosts in batches and application-level cross-host orchestration tools
Features:
- Do not install client applications on controlled nodes
- Communicates with the controlled node through ssh protocol
- Implement command operations on the controlled node based on modules
- Many modules are idempotent, meaning that if the status of multiple operations does not change, they will not be executed repeatedly.
What are the ansible modules : command, shell, copy, user, scrip, yum, service, group, ping, setup, hostname, cron
Command format
2. -m file -a 'path=文件路径 mode =755 owner= state=file|directory|touch|link src= '
3. -m copy -a 'src= dest= mode= owner= group'