catalogue
Execute the ansible playbook script
introduce
Understand the concept of CI/CD before being ansible: CICD refers to Continuous Integration and CONTINUOUS DELIVERY, and Continuous Deployment for short. It refers to the automatic implementation of a series of processes from development to deployment in the development process, so as to minimize manual intervention. Ansible execution tools are commonly used for Continuous Deployment.
relationship
Through continuous integration, developers can frequently integrate their code into the main branch of the public code warehouse. Developers can submit works to the warehouse many times at any time, instead of developing each functional module independently and submitting them one by one at the end of the development cycle;
Through continuous delivery, the software delivery process is further automated so that it can be easily deployed to the generation environment at any time. CD relies on the deployment pipeline, and the team automates the testing and deployment process through the pipeline;
Continuous delivery is extended through continuous deployment so that software builds are automatically deployed when all tests pass.
install
Before installing Ansible, you need to install Python 2.4 or higher, RHEL or CentOS operating system, and configure EPEL,
Taking Centos 7 as an example, the command needs to be executed: Yum install EPEL release
For other versions, please refer to the following instructions: https://docs.fedoraproject.org/en-US/epel
1,GCC Source installation #git clone https://github.com/ansible/ansible.git --recursive #cd ./ansible use Bash: #source ./hacking/env-setup 2,YUM install yum install ansible 3,RPM install make rpm Package: provided that rpm-build, make, and python2-devel . #git clone https://github.com/ansible/ansible.git #cd ./ansible #make rpm #rpm -Uvh ~/rpmbuild/ansible-*.noarch.rpm adopt yum download rpm Package: #yum deplist ansible #yum -y install yum-utils #yumdownloader --resolve --destdir: "/tmp ansible #rpm -Uvh /tmp/ansible-*.noarch.rpm
Default profile structure
Introduction to Inventory
Ansible itself records inventory configuration information based on text. The default configuration file is / etc/ansible/hosts. The file location can be in the service configuration file / etc / ansible / ansible Defined in CFG.
Inventory parameter
ansible_ssh_host #The name of the host to which the remote connection will be made. ansible_ssh_port #Port number If it is not the default port number, set it through this variable. ansible_ssh_user #The default ssh user name. ansible_ssh_pass #Password (this method is not secure, we strongly recommend using -- ask pass or SSH key). ansible_su_pass #su password (this method is not secure, and we strongly recommend -- ask sudo pass). ansible_sudo_pass #Sudo password (this method is not secure, and we strongly recommend -- ask sudo pass). ansible_become #Whether to carry out the right raising operation. Set to yes if necessary ansible_become_user #Set as a user with the required privileges - the user you want to be, not the user you log in with ansible_become_method #Specify permission tools, such as sudo, su, pfexec, doas, pbrun, dzdo, ksu, runas, machinectl ansible become_flags #At the play or task level, specific flags are allowed for tasks or roles. A common usage is to change the user to nobody when the shell is set to no login. This instruction is added in Ansible 2.2. ansible_connection #The type of connection to the host For example: local, ssh or paramiko Before ansible 1.2, paramiko.com was used by default 1.2 in the future, 'smart' will be used by default. Whether the 'ssh' method is feasible will be judged according to whether it supports ControlPersist. ansible_ssh_private_key_file #The private key file used by SSH This is applicable when there are multiple keys and you don't want to use SSH proxy. ansible_shell_type #The shell type of the target system By default, the command is executed using 'sh' syntax, which can be set to 'csh' or 'fish'. ansible_python_interpreter #The python path of the target host Applicable to: there are multiple Python in the system, or the command path is not "/ usr/bin/python", such as \ * BSD, or / usr/bin/python is not 2 X version of Python We do not use the "/ usr/bin/env" mechanism because it requires that the path of the remote user is set correctly and that the "Python" executable name cannot be a name other than python (it may actually be named python26). ansible_ruby_interpreter #And ansible_ python_ The interpreter works in the same way. You can set the path such as ruby or perl
Inventory configuration case
vi /etc/ansible/hosts [qitu] //Host group 192.168.1.2 hostname: "host1" //Host 1 parameter information 192.168.1.2 hostname: "host2" //Host 2 parameter information [rds] 192.168.1.3 hostname:"host3" [qitu:vars] //Host group parameter information ansible_ssh_user: "test_user" ansible_ssh_pass: "123456" #Switch user execution #ansible_become: "yes" #ansible_become_user: "root" #ansible_become_method: "su" #ansible_become_pass: "XXXXXX" [all:vars] //Global parameter information ntp_server: "ntp.qitu.example.com
Ansible common modules
command[Command module] Function: command execution ansible 172.16.1.31 -m command -a "chdir=/tmp/ pwd" shell[Universal module] Function: shell Module can meet command The module has all functions, and can support the recognition of special character information < > | ; [root@xxxx ~]# ansible 172.16.1.41 -m shell -a "hostname;pwd" You can use this model,Execute all linux Command of,So it's called universal module script[Script module] Function: call local script for remote execution ansible 172.16.1.7 -m script -a "/server/scripts/mk.sh" copy[Remote replication distribution module] Function: copy files from local to remote host Common parameters backup Backup data information src Define the data information to be pushed dest [must]Defines what directory to push data to the remote host owner Set the master permission of the copied file group Set the group permission of the copied file mode Set file permissions after copying (600 755) give an example ansible 172.16.1.41 -m copy -a "src=/tmp/01.txt dest=/tmp/ backup=yes" fetch[Remote copy upload module] Function: copy files from remote host to local Common parameters backup Backup data information src Define the data information to be pushed dest [must]Defines what directory to push data to the remote host owner Set the master permission of the copied file group Set the group permission of the copied file mode Set file permissions after copying (600 755) give an example ansible 172.16.1.41 -m fetch -a "src=/tmp/01.txt dest=/tmp/ backup=yes" template[Module definition module] Functions: and copy module As powerful as Common parameters backup Backup data information src Define the data information to be pushed dest [must]Defines what directory to push data to the remote host owner Set the master permission of the copied file group Set the group permission of the copied file mode Set file permissions after copying (600 755) validate Validation document give an example: ansible 172.16.1.41 -m template -a "src=etc/ssh/sshd_config.j2 dest=/etc/ssh/sshd_config.j2 owner=root group=root mode='0600' validate=/usr/sbin/sshd -t %s backup=yes" file[File operation module] Function: file processing Common parameters src Define the data information to be pushed dest [must]Defines what directory to push data to the remote host owner Set file ownership permission group Set file group permissions mode Set file permissions (600 755) state Used to specify a directory or file to create give an example Permission parameters ansible 172.16.1.7 -m file -a "dest=/tmp/01.txt owner=test group=test mode=600" state create a file ansible 172.16.1.41 -m file -a "dest=/tmp/02.txt state=touch" state Create directory ansible 172.16.1.41 -m file -a "dest=/tmp/01dir state=directory" yum[Package management module] Function: software installation Common parameters name [must]Execute the name of the software to be installed and the version of the software state installed install absent(uninstall) list Specify the software name to check whether the software can be installed and whether it has been installed give an example ansible 172.16.1.41 -m yum -a "name=iftop state=installed" ansible 172.16.1.41 -m yum -a "name=iftop state=absent" ansible 172.16.1.41 -m yum -a "list=iftop" service[System service management module] Common parameters name [must]Specify the name of the service to be managed (the managed service must be in chkconfig (can be seen in) state stopped started restarted reloaded enabled yes Indicates that the service starts automatically no Indicates that the service should not be started automatically when it is started give an example ansible 172.16.1.41 -m service -a "name=crond state=started enabled=yes" cron[Timed task module] Common parameters minute branch,The writing method is the same as the system timing task,as[0-59] [*] [*/n] hour Time,The writing method is the same as above day day,The writing method is the same as above month month,The writing method is the same as above weekday week,The writing method is the same as above job Execute command,as job='/bin/sh /server/scripts/test.sh &>/dev/null' give an example Add scheduled task ansible 172.16.1.41 -m cron -a "minute=0 hour=0 job='/bin/sh /server/scripts/test.sh &>/dev/null'" ansible 172.16.1.41 -m cron -a "name=test02 minute=0 hour=0 job='/bin/sh /server/scripts/test.sh &>/dev/null'" Delete scheduled task ansible 172.16.1.41 -m cron -a "name=test02 minute=0 hour=0 job='/bin/sh /server/scripts/test.sh &>/dev/null' state=absent" ansible 172.16.1.41 -m cron -a "name=test01 state=absent" Annotation scheduled task ansible 172.16.1.41 -m cron -a "name=test01 minute=0 hour=0 job='/bin/sh /server/scripts/test.sh &>/dev/null' disabled=yes"a ansible 172.16.1.41 -m cron -a "name=test01 job='/bin/sh /server/scripts/test.sh &>/dev/null' disabled=no"
Ansible execution mode
There are two ways to execute tasks: ad-hoc command and Ansible playbook script. The former can solve some simple tasks and the latter can solve more complex tasks
Execute ad-hoc command
Relevant commands are listed in the module introduction, and the syntax is as follows:
ansible host information - m module name - a "related module parameters"“
Host information: remote host IP address, host group name, all represents all hosts
-m: Specify which module to use
-a: Parameters and functions in the module
Execute the ansible playbook script
The syntax is as follows:
The dictionary is expressed in a simple form: key: value
# An employee record martin: name: Martin D'vloper job: Developer skill: Elite ((there must be a space after the colon)
give an example:
ansible-playbook /tmp/sshd.yaml
cat /tmp/sshd.yaml
---
#Take the creation of host ssh mutual trust as an example
- hosts: myhost //Operating host
remote_user: test //User executing tesk
facts: false //Turn off system variables
tasks:
- name: create rsa
shell: yes y |ssh-keygen -b 2048 -t rsa -f /home/test/.ssh/id_rsa -q -N ""
- name: Non secret authentication
authorized_key: user=test key="{{ lookup('file', '/root/.ssh/id_rsa.pub') }}" state=present exclusive=yes
- name: upload id_rsa.pub
fetch: src=/home/test/.ssh/id_rsa.pub dest=/data/roles/sshd/files/{{inventory_hostname}}
- name: clean authorized_key.templates
shell: "echo >/data/roles/sshd/templates/authorized_keys.templates"
delegate_to: localhost
when: "'nexus' in group_names"
- name: create authorized_key
shell: "grep -r '.*' /data/roles/sshd/files/ |grep 10-242-23 |cut -d ':' -f2 |grep -v shell >> /data/roles/sshd/templates/authorized_keys.templates"
delegate_to: localhost
when: "'nexus' in group_names"
- name: upload authorized_key
template: src=authorized_keys.templates dest=/home/test/.ssh/authorized_keys owner=test group=test mode=0700Previous: Linux advanced security authentication module PAM (IX)