Overview of Automation Operation and Maintenance:
- Nowadays, with the rapid development of the Internet, the efficiency of traditional operation and maintenance methods is too low. Deployment of automated operation and maintenance can safely and efficiently complete the maintenance work, which has become the main mode of operation and maintenance at present.
- Generally, automated operation and maintenance tools are divided into two categories: one is to use proxy tools, that is, to complete management functions based on special Agent programs, such as Puppet, Func, Zabbix; the other is to complete management functions directly without configuring proxy tools based on SSH services, such as Ansible, Fabric, etc.
Ansible Profile:
- ansible is a new automatic operation and maintenance tool. It is based on Python development. It combines the advantages of many operation and maintenance tools (puppet, chef, func, fabric). It realizes the functions of batch system configuration, batch program deployment, batch operation command and so on.
- ansible can manage Linux in Redhat, Linux in Debian, and Windows hosts at the same time. The management node only connects to the remote host when executing the script, and there is no special synchronization mechanism, so the anomalies such as power failure generally do not affect ansbile.
- Ansible is modular-based and does not have the capability to deploy in batches. The real batch deployment is the modules that ansible runs, and ansible just provides a framework. It mainly includes:
(1) connection plugins: responsible for communication with the monitored end;
(2) host inventory: The host that specifies the operation is the host that defines the monitoring in a configuration file;
(3) Various modules core module, command module, custom module;
(4) Complete the functions of logging email with plug-in;
(5) playbook: When a script performs multiple tasks, it is not necessary for a node to run multiple tasks at one time. - ansible architecture: connect to other hosts by default Using ssh protocol, through the following figure can be clear about the deployment of various modules and plug-ins.
- ansible OPERATION AND MANAGEMENT RELATIONSHIP DIAGRAM:
Understand the characteristics of Ansible:
- The deployment is simple, only need to deploy the Ansible environment in the main control end, and the controlled end need not do any operation.
- By default, SSH protocol is used to manage devices.
- There are a large number of conventional operation and maintenance modules, which can achieve most of the daily operations.
- Simple configuration, powerful function and strong expansibility;
- Support API and custom module, can be easily extended through Python;
- Powerful configuration and state management are customized through Playbooks.
- Lightweight, do not need to install agent in the client, update only once on the operator;
- Provide a powerful and operational Web management interface and REST API interface - AWX platform.
Install and configure Ansible:
1. Environmental preparation:
| host name | operating system | IP address | Installation software | Group name |
|---|---|---|---|---|
| Management end | CentOS7.5 | 192.168.72.128 | Ansible | / |
| Managed terminal | CentOS7.5 | 192.168.72.129 | / | webserver |
| Managed terminal | CentOS7.5 | 192.168.72.130 | / | mysql |
2. Installation services:
Install epel source on the management host before installing Ansible:
* systemctl stop firewalld.service #Close the firewall * setenforce 0 #Turn off Enhanced Safety Function * yum install -y epel-release #Install epel source * yum install ansible -y #Install Ansible * ansible --version #View the ansible version * yum install tree -y #Installation Tree Structure Query Service * tree /etc/ansible/ #Tree Structure Display Folder /etc/ansible/ ├── ansible.cfg #ansible configuration file ├── hosts #ansible's main repository for storing information about remote hosts that need to be managed └── roles #role
3. Configure host list:
* cd /etc/ansible * vi hosts #Configure host list [webserver] #Define a group name for the managed end 192.168.72.129 #Specify the IP of the managed host [mysql] 192.168.72.130
4. Set SSH passwordless login:
* ssh-keygen-t RSA # Generate Key * ssh-copy-id root@192.168.72.129 * ssh-copy-id root@192.168.72.130 Configuration Key Pair Verification _Exchange-free proxy * ssh-agent bash * ssh-add
ansible command line module:
1.command module (for running commands on managed hosts)
// Command format: ansible [host] [-m module] [-a args] * ansible-doc -l #List all installed module notes: Quit by q * ansible-doc -s yum #- s lists yum module description information and operation actions * ansible 192.168.80.182 -m command -a 'date' #Specify ip execution date * ansible webserver -m command -a 'date' #Specify Category Execution date * ansible mysql -m command -a 'date' * ansible all -m command -a 'date' #All hosts execute the date command * ansible all -a 'ls /' # If no - m module is added, the command module is run by default
2.cron module (used to define task plan)
// Two state s: present means add (can be omitted), absent means remove. * ansible-doc -s cron #View cron module information * ansible webserver -m cron -a 'minute="*/1" job="/bin/echo heihei" name="test cron job"' * ansible webserver -a 'crontab -l' * ansible webserver -m cron -a 'name="test cron job" state=absent' #Remove the planned task. If the planned task is not named, name=None will do.
3.user module (for creating new users and changing and deleting existing users)
// The user module requests three instructions: useradd, userdel and usermod * ansible-doc -s user * ansible mysql -m user -a 'name="test01"' #Create user test01 * ansible mysql -m command -a 'tail /etc/passwd' * ansible mysql -m user -a 'name="test01" state=absent' #Delete user test01
4.group Module (Managing User Groups)
//The group module requests three instructions: group add, group del and group mod. * ansible-doc -s group * ansible mysql -m group -a 'name=mysql gid=306 system=yes' * ansible mysql -a 'tail /etc/group' * ansible mysql -m user -a 'name=test01 uid=306 system=yes group=mysql' * ansible mysql -a 'tail /etc/passwd' * ansible mysql -a 'id test01'
5.copy module (for file replication and batch downloading)
// src=: Define local source files //dest=: Define the remote target file path // Content=: Instead of src=, this means that the target file content is generated directly from the information specified here. * ansible-doc -s copy * ansible mysql -m copy -a 'src=/etc/fstab dest=/opt/fstab.back owner=root mode=640' * ansible mysql -a 'ls -l /opt' * ansible mysql -a 'cat /opt/fstab.back' * ansible mysql -m copy -a 'content="hello heihei!"dest=/opt/fstab.back' #Write hello heihei! To / opt/fstab.back * ansible mysql -a 'cat /opt/fstab.back'
6.file module (setting file properties)
//src=: Specify the source file //Path=: Specifies the symbolic link file path * ansible-doc -s file * ansible mysql -m user -a 'name=mysql system=yes' * ansible mysql -m group -a 'name=mysql system=yes' * ansible mysql -m file -a 'owner=mysql group=mysql mode=644 path=/opt/fstab.back' #Modify file ownership group permissions, etc. * ansible mysql -m file -a 'path=/opt/fstab.link src=/opt/fstab.back state=link' #Set / opt/fstab.link to / opt/fstab.back * ansible mysql -m file -a "path=/opt/fstab.back state=absent" #Delete a file * ansible mysql -m file -a "path=/opt/test state=touch" #Create a file
7.ping module (test whether the specified host can connect)
//Test whether the specified host is connected * ansible all -m ping
8.service module (used to control the running status of management services)
// nabled=: Whether to start automatically, take the value true or false //Name=: service name // State=: The value of state is started, stopped, restarted * ansible-doc -s service * ansible webserver -a 'yum install -y httpd' #Installing httpd requires httpd services to control web servers * ansible webserver -m service -a 'enabled=true name=httpd state=started' #service httpd start * ansible webserver -a 'systemctl status httpd' #View httpd running status of web server * systemctl status httpd #Check to see if it's open on the host of the webserver group
9.shell module (running commands on remote hosts, especially complex commands with pipeline functions)
* ansible-doc -s shell * ansible mysql -m shell -a 'echo abc123|passwd --stdin mysql' #Create a password for the user in non-interactive mode
10.script module (copy local scripts to remote hosts and run them). Note: Relative path specifying scripts should be applied)
* ansible-doc -s script * vi test.sh #!/bin/bash echo "hello ansible from script"> /opt/script.txt * chmod +x test.sh * ansible mysql -m script -a 'test.sh' * ansible mysql -a 'cat /opt/script.txt'
11.yum module (installer package)
// name=: specify the package to be installed, with version number // state=: present, latest for installation, absent for uninstallation * ansible-doc -s yum * ansible mysql -m yum -a 'name=zsh' #yum install zsh * ansible mysql -a 'rpm -q zsh' #Check if zsh is installed * ansible mysql -m yum -a 'name=zsh state=absent' #Uninstall zsh * ansible mysql -a 'rpm -q zsh'
12.setup module (collecting facts from remote hosts)
//Before each managed node accepts and runs the management command, it will report its host related information, such as operating system version, IP address, etc. to the remote ansible host. * ansible-doc -s setup * ansible mysql -m setup #Get facts information for mysql group hosts
