Linux Advanced - continuous deployment software ansible

catalogue

introduce

relationship

install

Default profile structure

Introduction to Inventory

Inventory parameter

Inventory configuration case

Ansible common modules

Ansible execution mode

Execute ad-hoc command

Execute the ansible playbook script

introduce

Understand the concept of CI/CD before being ansible: CICD refers to Continuous Integration and CONTINUOUS DELIVERY, and Continuous Deployment for short. It refers to the automatic implementation of a series of processes from development to deployment in the development process, so as to minimize manual intervention. Ansible execution tools are commonly used for Continuous Deployment.

relationship

Through continuous integration, developers can frequently integrate their code into the main branch of the public code warehouse. Developers can submit works to the warehouse many times at any time, instead of developing each functional module independently and submitting them one by one at the end of the development cycle;

Through continuous delivery, the software delivery process is further automated so that it can be easily deployed to the generation environment at any time. CD relies on the deployment pipeline, and the team automates the testing and deployment process through the pipeline;

Continuous delivery is extended through continuous deployment so that software builds are automatically deployed when all tests pass.

install

Before installing Ansible, you need to install Python 2.4 or higher, RHEL or CentOS operating system, and configure EPEL,

Taking Centos 7 as an example, the command needs to be executed: Yum install EPEL release

For other versions, please refer to the following instructions: https://docs.fedoraproject.org/en-US/epel

1,GCC Source installation
#git clone https://github.com/ansible/ansible.git --recursive
#cd ./ansible
 use Bash:
#source ./hacking/env-setup
 
2,YUM install
yum install ansible
 
3,RPM install
 make rpm Package: provided that rpm-build, make, and python2-devel .
#git clone https://github.com/ansible/ansible.git
#cd ./ansible
#make rpm
#rpm -Uvh ~/rpmbuild/ansible-*.noarch.rpm
 adopt yum download rpm Package:
#yum deplist ansible
#yum -y install yum-utils
#yumdownloader --resolve --destdir: "/tmp ansible
#rpm -Uvh /tmp/ansible-*.noarch.rpm

Default profile structure

Introduction to Inventory

Ansible itself records inventory configuration information based on text. The default configuration file is / etc/ansible/hosts. The file location can be in the service configuration file / etc / ansible / ansible Defined in CFG.

Inventory parameter

ansible_ssh_host    #The name of the host to which the remote connection will be made.
ansible_ssh_port    #Port number If it is not the default port number, set it through this variable.
ansible_ssh_user    #The default ssh user name.
ansible_ssh_pass    #Password (this method is not secure, we strongly recommend using -- ask pass or SSH key).
ansible_su_pass     #su password (this method is not secure, and we strongly recommend -- ask sudo pass).
ansible_sudo_pass   #Sudo password (this method is not secure, and we strongly recommend -- ask sudo pass).
ansible_become     #Whether to carry out the right raising operation. Set to yes if necessary
ansible_become_user    #Set as a user with the required privileges - the user you want to be, not the user you log in with
ansible_become_method  #Specify permission tools, such as sudo, su, pfexec, doas, pbrun, dzdo, ksu, runas, machinectl
ansible become_flags #At the play or task level, specific flags are allowed for tasks or roles. A common usage is to change the user to nobody when the shell is set to no login. This instruction is added in Ansible 2.2.
ansible_connection  #The type of connection to the host For example: local, ssh or paramiko Before ansible 1.2, paramiko.com was used by default 1.2 in the future, 'smart' will be used by default. Whether the 'ssh' method is feasible will be judged according to whether it supports ControlPersist.
ansible_ssh_private_key_file #The private key file used by SSH This is applicable when there are multiple keys and you don't want to use SSH proxy.
ansible_shell_type  #The shell type of the target system By default, the command is executed using 'sh' syntax, which can be set to 'csh' or 'fish'.
ansible_python_interpreter #The python path of the target host Applicable to: there are multiple Python in the system, or the command path is not "/ usr/bin/python", such as \ * BSD, or / usr/bin/python is not 2 X version of Python We do not use the "/ usr/bin/env" mechanism because it requires that the path of the remote user is set correctly and that the "Python" executable name cannot be a name other than python (it may actually be named python26).
ansible_ruby_interpreter #And ansible_ python_ The interpreter works in the same way. You can set the path such as ruby or perl

Inventory configuration case

vi /etc/ansible/hosts
[qitu] //Host group
192.168.1.2 hostname: "host1"    //Host 1 parameter information
192.168.1.2 hostname: "host2"    //Host 2 parameter information
[rds]
192.168.1.3 hostname:"host3"
[qitu:vars] //Host group parameter information
ansible_ssh_user: "test_user"
ansible_ssh_pass: "123456"
#Switch user execution
#ansible_become: "yes"
#ansible_become_user: "root"
#ansible_become_method: "su"
#ansible_become_pass: "XXXXXX"
[all:vars] //Global parameter information
ntp_server: "ntp.qitu.example.com

Ansible common modules

command[Command module]
Function: command execution
ansible 172.16.1.31 -m command -a "chdir=/tmp/ pwd"
shell[Universal module]
Function: shell Module can meet command The module has all functions, and can support the recognition of special character information < > | ;
[root@xxxx ~]# ansible 172.16.1.41 -m shell -a "hostname;pwd"
You can use this model,Execute all linux Command of,So it's called universal module
script[Script module]
Function: call local script for remote execution
ansible 172.16.1.7 -m script -a "/server/scripts/mk.sh"
copy[Remote replication distribution module]
Function: copy files from local to remote host
 Common parameters
backup  Backup data information
src     Define the data information to be pushed
dest    [must]Defines what directory to push data to the remote host
owner   Set the master permission of the copied file
group   Set the group permission of the copied file
mode    Set file permissions after copying (600 755)
give an example
ansible 172.16.1.41 -m copy -a "src=/tmp/01.txt dest=/tmp/ backup=yes"
fetch[Remote copy upload module]
Function: copy files from remote host to local
 Common parameters
backup  Backup data information
src     Define the data information to be pushed
dest    [must]Defines what directory to push data to the remote host
owner   Set the master permission of the copied file
group   Set the group permission of the copied file
mode    Set file permissions after copying (600 755)
give an example
ansible 172.16.1.41 -m fetch -a "src=/tmp/01.txt dest=/tmp/ backup=yes"
template[Module definition module]
Functions: and copy module As powerful as
 Common parameters
backup  Backup data information
src     Define the data information to be pushed
dest    [must]Defines what directory to push data to the remote host
owner   Set the master permission of the copied file
group   Set the group permission of the copied file
mode    Set file permissions after copying (600 755)
validate Validation document
 give an example:
ansible 172.16.1.41 -m template -a "src=etc/ssh/sshd_config.j2 dest=/etc/ssh/sshd_config.j2 owner=root group=root mode='0600' validate=/usr/sbin/sshd -t %s backup=yes"
file[File operation module]
Function: file processing
 Common parameters
src     Define the data information to be pushed
dest    [must]Defines what directory to push data to the remote host
owner   Set file ownership permission
group   Set file group permissions
mode    Set file permissions (600 755)
state   Used to specify a directory or file to create
 give an example
 Permission parameters
ansible 172.16.1.7 -m file -a "dest=/tmp/01.txt owner=test group=test mode=600"
state create a file
ansible 172.16.1.41 -m file -a "dest=/tmp/02.txt state=touch"
state Create directory
ansible 172.16.1.41 -m file -a "dest=/tmp/01dir state=directory"
yum[Package management module]
Function: software installation
 Common parameters
name    [must]Execute the name of the software to be installed and the version of the software
state   installed install  absent(uninstall)
list    Specify the software name to check whether the software can be installed and whether it has been installed
 give an example
ansible 172.16.1.41 -m yum -a "name=iftop state=installed"
ansible 172.16.1.41 -m yum -a "name=iftop state=absent"
ansible 172.16.1.41 -m yum -a "list=iftop"
service[System service management module]
Common parameters
name    [must]Specify the name of the service to be managed (the managed service must be in chkconfig (can be seen in)
state   stopped started restarted reloaded
enabled yes Indicates that the service starts automatically no Indicates that the service should not be started automatically when it is started
 give an example
ansible 172.16.1.41 -m service -a "name=crond state=started enabled=yes"
cron[Timed task module]
Common parameters
minute  branch,The writing method is the same as the system timing task,as[0-59] [*] [*/n]  
hour    Time,The writing method is the same as above
day     day,The writing method is the same as above
month   month,The writing method is the same as above
weekday week,The writing method is the same as above
job     Execute command,as job='/bin/sh /server/scripts/test.sh &>/dev/null'
give an example
 Add scheduled task
ansible 172.16.1.41 -m cron -a "minute=0 hour=0 job='/bin/sh /server/scripts/test.sh &>/dev/null'"
ansible 172.16.1.41 -m cron -a "name=test02 minute=0 hour=0 job='/bin/sh /server/scripts/test.sh &>/dev/null'"
Delete scheduled task
ansible 172.16.1.41 -m cron -a "name=test02 minute=0 hour=0 job='/bin/sh /server/scripts/test.sh &>/dev/null' state=absent"
ansible 172.16.1.41 -m cron -a "name=test01 state=absent"
Annotation scheduled task
ansible 172.16.1.41 -m cron -a "name=test01 minute=0 hour=0 job='/bin/sh /server/scripts/test.sh &>/dev/null' disabled=yes"a
ansible 172.16.1.41 -m cron -a "name=test01 job='/bin/sh /server/scripts/test.sh &>/dev/null' disabled=no"

Ansible execution mode

There are two ways to execute tasks: ad-hoc command and Ansible playbook script. The former can solve some simple tasks and the latter can solve more complex tasks

Execute ad-hoc command

Relevant commands are listed in the module introduction, and the syntax is as follows:

ansible host information - m module name - a "related module parameters"“

Host information: remote host IP address, host group name, all represents all hosts

-m: Specify which module to use

-a: Parameters and functions in the module

Execute the ansible playbook script

The syntax is as follows:

The dictionary is expressed in a simple form: key: value

# An employee record
martin:
    name: Martin D'vloper
    job: Developer
    skill: Elite

((there must be a space after the colon)

give an example:

ansible-playbook /tmp/sshd.yaml

cat /tmp/sshd.yaml
---
#Take the creation of host ssh mutual trust as an example
- hosts: myhost  //Operating host
  remote_user: test //User executing tesk
  facts: false  //Turn off system variables
  tasks:
    - name: create rsa
      shell: yes y |ssh-keygen -b 2048 -t rsa -f /home/test/.ssh/id_rsa -q -N ""
    - name: Non secret authentication
      authorized_key: user=test key="{{ lookup('file', '/root/.ssh/id_rsa.pub') }}" state=present exclusive=yes
    - name: upload id_rsa.pub
      fetch: src=/home/test/.ssh/id_rsa.pub  dest=/data/roles/sshd/files/{{inventory_hostname}}
    - name: clean authorized_key.templates
      shell: "echo >/data/roles/sshd/templates/authorized_keys.templates"
      delegate_to: localhost
      when: "'nexus' in group_names"
    - name: create authorized_key
      shell: "grep -r '.*' /data/roles/sshd/files/ |grep 10-242-23 |cut -d ':' -f2 |grep -v shell >> /data/roles/sshd/templates/authorized_keys.templates"
      delegate_to: localhost
      when: "'nexus' in group_names"
    - name: upload authorized_key
      template: src=authorized_keys.templates  dest=/home/test/.ssh/authorized_keys owner=test group=test mode=0700

Previous: Linux advanced security authentication module PAM (IX)

Tags: Operation & Maintenance Docker git

Posted by alsaffar on Sat, 14 May 2022 00:14:16 +0300