ansible

• Tools for batch management server
• 2015 Acquired by red hat in
• Use Python language-written
• be based on ssh Conduct management , Therefore, there is no need to install any software on the managed end
• ansible When managing remote hosts , It is mainly operated through various modules

One 、 Environmental preparation

• 6 Console host , The host name needs to be configured 、IP Address 、YUM. close SELINUX And the firewall

• control Node requirements ：

  • Configure name resolution , Access to all nodes by name
  • Configuration can be done through ssh Log in to all nodes without secret
  • Copy /linux-soft/2/ansible_soft.tar.gz To control, And unzip the installation

#  Configure name resolution 
[root@control ~]# echo -e "192.168.4.253\tcontrol" >> /etc/hosts
[root@control ~]# for i in {1..5}
> do
> echo -e "192.168.4.1$i\tnode$i" >> /etc/hosts
> done
[root@control ~]# tail -6 /etc/hosts
192.168.4.253	control
192.168.4.11	node1
192.168.4.12	node2
192.168.4.13	node3
192.168.4.14	node4
192.168.4.15	node5

#  Configure password free login 
[root@control ~]# ssh-keygen #  All three questions go straight to enter , Use the default value 
[root@control ~]# for i in node{1..5} #  answer yes And password 
> do
> ssh-copy-id $i
> done

#  Pack 
[root@zzgrhel8 ~]# scp /linux-soft/2/ansible_soft.tar.gz 192.168.4.253:/root
[root@control ~]# yum install -y tar
[root@control ~]# tar xf ansible_soft.tar.gz 
[root@control ~]# cd ansible_soft/
[root@control ansible_soft]# yum install -y *.rpm

Two 、 To configure ansible management environment

• Because the remote hosts to be managed may be different . Therefore, configurations with the same management mode are placed in a directory .

#  establish ansible working directory , The directory name is defined by itself , Not fixed .
[root@control ~]# mkdir ansible
[root@control ~]# cd ansible

#  create profile . The default configuration file is /etc/ansible/ansible.cfg, But you don't usually use it , Instead, create your own configuration file in the working directory 
[root@control ansible]# vim ansible.cfg #  The file name must be ansible.cfg
[defaults]
inventory = hosts    #  Managed hosts , Configure in the current directory hosts In file ,hosts The name is custom .= The space on both sides of the sign is optional .

#  Create host manifest file . Written in [] In the is the group name ,[] The following is the host name in the group 
[root@control ansible]# vim hosts
[test]
node1

[proxy]
node2

[webserver]
node[3:4]     # node3 and node4 The simplified way of writing , From 3 To 4

[database]
node5

# cluster Group name , Self defined ;:children It's fixed writing , Indicates that the following group name is cluster Subgroup of .
[cluster:children]
webserver
database

#  View all managed hosts . Be careful , Be sure to execute the command in the working directory .
[root@control ansible]# ansible all --list-hosts
  hosts (5):
    node1
    node2
    node3
    node4
    node5
#  see webserver All hosts in the group 
[root@control ansible]# ansible webserver --list-hosts
  hosts (2):
    node3
    node4

3、 ... and 、ansible management

• ansible For remote management Two methods ：
  • adhoc Provisional order ： Is to execute management commands on the command line .
  • playbook Script ： Write management tasks to files in a specific format .
• Either way , They are managed through modules and parameters .

1、adhoc Provisional order

• grammar ：

ansible  List of hosts or groups  -m  modular  -a " Parameters "    # -a It's optional 

• Test connectivity to remote hosts

[root@control ansible]# ansible all -m ping

Four 、ansible modular

View the basic information of the module

#  List ansible Number of all modules 
[root@control ansible]# ansible-doc -l | wc -l
2834
#  List ansible All modules of 
[root@control ansible]# ansible-doc -l 
#  Check with yum Related modules 
[root@control ansible]# ansible-doc -l | grep yum

#  see yum Instructions for using the module , Mainly check the... Below EXAMPLE Example 
[root@control ansible]# ansible-doc yum

• Learning modules , Mainly know how to realize a certain function , Which module is needed .
• Modules are used in the same way . Mainly to check the parameters of the module .

1、command modular

• ansible Default module , Used to execute arbitrary commands on a remote host
• command I won't support it shell characteristic , Like pipes 、 Redirect .

#  Create directories on all managed hosts /tmp/demo
[root@control ansible]# ansible all -a "mkdir /tmp/demo"

#  see node1 Of ip Address 
[root@control ansible]# ansible node1 -a "ip a s"
[root@control ansible]# ansible node1 -a "ip a s | head" #  Report errors 

2、shell modular

• And command The module is similar to , But support shell characteristic , Like pipes 、 Redirect .

#  see node1 Of ip Address , Show only before 10 That's ok 
[root@control ansible]# ansible node1 -m shell -a "ip a s | head"

3、script modular

• Used to execute scripts on remote hosts

#  Create a script on the control side 
[root@control ansible]# vim test.sh
#!/bin/bash

yum install -y httpd
systemctl start httpd

#  stay test Execute the script on the host of the group 
[root@control ansible]# ansible test -m script -a "test.sh"

4、file modular

• You can create files 、 Catalog 、 Links, etc. , You can also modify permissions 、 Properties, etc
• Common options ：
  • path： specify the path to a file
  • owner： Set file owner
  • group： Set the group to which the file belongs
  • state： state .touch Means to create a file ,directory Means create directory ,link Means to create a soft link ,absent Said to delete
  • mode： Set the permissions
  • src：source Abbreviation , Source
  • dest：destination Abbreviation , The goal is

#  View usage help 
[root@control ansible]# ansible-doc file
... ...
EXAMPLES:

- name: Change file ownership, group and permissions  #  Ignore 
  file:                           #  Module name . Here are its various parameters 
    path: /etc/foo.conf           #  The path of the file to modify 
    owner: foo                    #  File owner 
    group: foo                    #  All groups of files 
    mode: '0644'                  #  jurisdiction 
... ...
#  According to the above example,-m file -a The content of is doc Replace the colon of each parameter with = Number 

#  stay test Create... On the host /tmp/file.txt
[root@control ansible]# ansible test -m file -a "path=/tmp/file.txt state=touch" # touch Means if the file does not exist , Create 

#  stay test Create... On the host /tmp/demo Catalog 
[root@control ansible]# ansible test -m file -a "path=/tmp/demo state=directory"

#  take test On a host /tmp/file.txt The owner of is changed to sshd, The generic group is changed to adm, Authority changed to 0777
[root@control ansible]# ansible test -m file -a "path=/tmp/file.txt owner=sshd group=adm mode='0777'"
[root@control ansible]# ansible test -a "ls -l /tmp/file.txt"

#  Delete test On a host /tmp/file.txt
[root@control ansible]# ansible test -m file -a "path=/tmp/file.txt state=absent" # absent English absent 、 There is no the 

#  Delete test On a host /tmp/demo
[root@control ansible]# ansible test -m file -a "path=/tmp/demo state=absent"

#  stay test Create... On the host /etc/hosts The soft links , The goal is /tmp/hosts.txt
[root@control ansible]# ansible test -m file -a "src=/etc/hosts dest=/tmp/hosts.txt state=link"

5、copy modular

• It is used to copy files from the control end to the controlled end
• Common options ：
  • src： Source . The file path of the control side
  • dest： The goal is . The file path of the controlled end
  • content： Content . What needs to be written to the file

[root@control ansible]# echo "AAA" > a3.txt
#  take a3.txt copy to test The host /root/
[root@control ansible]# ansible test -m copy -a "src=a3.txt dest=/root/"

#  Create... On the target host /tmp/mytest.txt, The content is Hello World
[root@control ansible]# ansible test -m copy -a "content='Hello World' dest=/tmp/mytest.txt"

6、fetch modular

• And copy Module is the opposite ,copy It's upload ,fetch It's a download
• Common options ：
  • src： Source . The file path of the controlled end
  • dest： The goal is . The file path of the control side

#  take test Host computer /etc/hostname Download to the home directory of local users 
[root@control ansible]# ansible test -m fetch -a "src=/etc/hostname dest=~/"
[root@control ansible]# ls ~/node1/etc/ # node1 yes test Hosts in the group 
hostname

7、lineinfile modular

• Used to ensure that there is a line in the save target file
• Common options ：
  • path： File path to be modified
  • line： Write one line of the file
  • regexp： Regular expressions , Used to find the contents of a file

# test Hosts in the group ,/etc/issue There must be a line Hello World. If the line does not exist , It is added to the end of the file by default 
[root@control ansible]# ansible test -m lineinfile -a "path=/etc/issue line='Hello World'"

# test Hosts in the group , hold /etc/issue There is Hello The line of , Replace with chi le ma
[root@control ansible]# ansible test -m lineinfile -a "path=/etc/issue line='chi le ma' regexp='Hello'"

8、replace modular

• lineinfile Will replace a line ,replace You can replace keywords
• Common options ：
  • path： File path to be modified
  • replace： Check the contents of regular expression , Replace with replace The content of
  • regexp： Regular expressions , Used to find the contents of a file

#  hold test On hosts in the group /etc/issue In the document chi, Replace with he
[root@control ansible]# ansible test -m replace -a "path=/etc/issue regexp='chi' replace='he'"

Comprehensive exercise of document operation

• All operations are correct test The hosts in the group take effect
• Create... On the target host /tmp/mydemo Catalog , Both the main and the group are adm, Permission is 0777
• Connect the... Of the control end /etc/hosts Upload the file to the target host /tmp/mydemo Directory , Both the main and the group are adm, Permission is 0600
• Replace target host /tmp/mydemo/hosts In the document node5 by server5
• Put the target host /tmp/mydemo/hosts Download the file to the current directory of the control end

#  Create... On the target host /tmp/mydemo Catalog , Both the main and the group are adm, Permission is 0777
[root@control ansible]# ansible test -m file -a "path=/tmp/mydemo owner=adm group=adm mode='0777' state=directory" 

#  Connect the... Of the control end /etc/hosts Upload the file to the target host /tmp/mydemo Directory , Both the main and the group are adm, Permission is 0600
[root@control ansible]# ansible test -m copy -a "src=/etc/hosts dest=/tmp/mydemo owner=adm group=adm mode='0600'"

#  Replace target host /tmp/mydemo/hosts In the document node5 by server5
[root@control ansible]# ansible test -m replace -a "path=/tmp/mydemo/hosts regexp='node5' replace='server5'"

#  Put the target host /tmp/mydemo/hosts Download the file to the current directory of the control end . The file will be saved to the current directory of the control side node1/tmp/mydemo/
[root@control ansible]# ansible test -m fetch -a "src=/tmp/mydemo/hosts dest=."

9、user modular

• Realization linux User management
• Common options ：
  • name： User name to be created
  • uid： user ID
  • group： Set primary group
  • groups： Set up additional groups
  • home： Set home directory
  • password： Set user password
  • state： state .present Representation creation , It's the default option .absent Said to delete
  • remove： Delete home directory 、 Mailbox, etc . The value is yes or true Fine .

#  stay test On hosts in the group , establish tom user 
[root@control ansible]# ansible test -m user -a "name=tom"

#  stay test On hosts in the group , establish jerry user . Set up uid by 1010, The main group is adm, Additional groups are daemon and root, The home directory is /home/jerry
[root@control ansible]# ansible test -m user -a "name=jerry uid=1010 group=adm groups=daemon,root home=/home/jerry"

#  Set up tom The password for is 123456
# {
    {}} Is a fixed format , To execute a command .password_hash Is the function ,sha512 It's encryption algorithm , be password_hash The function will put 123456 adopt sha512 Encryption becomes tom Password 
[root@control ansible]# ansible test -m user -a "name=tom password={
    {'123456'|password_hash('sha512')}}"

#  Delete tom user , Don't delete home directory 
[root@control ansible]# ansible test -m user -a "name=tom state=absent"

#  Delete jerry user , Also delete home directory 
[root@control ansible]# ansible test -m user -a "name=jerry state=absent remove=yes"

10、group modular

• establish 、 Delete the group
• Common options ：
  • name： Name of the group to be created
  • gid： Of the group ID Number
  • state：present Representation creation , It's the default option .absent Said to delete

#  stay test Create a host named... On the host in the group devops Group 
[root@control ansible]# ansible test -m group -a "name=devops"

#  stay test Delete the host named... From the group devops Group 
[root@control ansible]# ansible test -m group -a "name=devops state=absent"

e=absent remove=yes"

#### 10、group modular 

-  establish 、 Delete the group 
-  Common options ：
  - name： Name of the group to be created 
  - gid： Of the group ID Number 
  - state：present Representation creation , It's the default option .absent Said to delete 

```shell
#  stay test Create a host named... On the host in the group devops Group 
[root@control ansible]# ansible test -m group -a "name=devops"

#  stay test Delete the host named... From the group devops Group 
[root@control ansible]# ansible test -m group -a "name=devops state=absent"