Ansible Basics of Task Center

• Fundamentals and Advanced articles based mainly in order to AnsibleAPI secondary development mission center do mat shop, not to use official documents, may be omitted, if deficiencies are welcome Paizhuan correct me, thank you.
• The secondary development task center based on AnsibleAPI has been developed and has been put into production. The detailed design ideas and specific architecture will be shared with you in the follow-up, so stay tuned.
• In order to facilitate most students to better understand the advanced functions and features of Ansible, this article is just to guide you to learn Ansible step by step and systematically, and to give full play to the advanced functions and features of Ansible.

Introduction to ansible:

Anasible is an automated maintenance tool developed based on the Python2-Paramiko module, which implements functions such as batch system configuration, deployment, and operation. Ansible works based on modules and does not have the function of batch deployment. If you want to realize batch automatic deployment, it is a collection of various modules of Ansible itself.

O&M tools that can compete with Ansible (pupet, cfengine, chef, func, fabric, saltstack)

• Ansible history

  • ansible Author: Michael DeHaan and he is also the Cobbler and Func.
  • 2012-03-09 Released version 0.0.1.
  • 2015-10-17 Acquired Red Hat
  • GitHub

• ansible features

  • Python development
  • Modularization: call specific modules (such as Paramiko, PyYAML, jinja2, etc.) to complete specific tasks.
  • Custom module
  • Simple deployment
  • Support scheduling tasks (PlayBook)
  • Equivalence: Repeated execution of a task is equivalent to only one execution, and the same command will not be executed multiple times.
  • Support multi-language writing modules
  • YAML format orchestrates tasks and supports rich data structures.

Ansible architecture and execution process

ansible main components:

• Users: manages Ansible Playbook and Ansible Engine.
• Ansible playbook: Ansible engine interacts with CMDB.
• Public or Private cloud: facilitates the interaction between all modules and APIs and the cloud.
• Inventory: Ansible executes the list of hosts. The default read configuration is /etc/ansible/hosts.
• API: provides an API interface for end-to-end interaction.
• Modules: Ansible's function modules for executing commands, generally built-in Ansible modules, but third-party modules can also be customized.
• Plugins: used to supplement the functions of the module, and you can write plug-ins by yourself.

Ansible installation

# Centos
yum -y install ansible

# Ubuntu
apt install -y ansible

# 源码安装
git clone https://github.com/ansible/ansible 

# 使用 pip 命令安装
pip install ansible

Ansible configuration instructions:

/etc/ansible/ansible.cfg main configuration file, configure the working characteristics of ansible

/etc/ansible/hosts host list list.

/etc/ansible/roles/ The directory for storing (roles) roles.

/usr/local/bin/ansible binary executable file, ansible main program.

/usr/local/bin/ansilbe-doc configuration document, module function viewing tool.

/usr/local/bin/ansible-galaxy used to upload/download the roles module to the official platform.

/usr/local/bin/ansible-playbook Automated tasks and scripting tools /usr/bin/ansible-pull A tool for remote execution of commands.

/usr/local/bin/ansible-vault file (such as: playbook file) encryption tool.

/usr/local/bin/ansible-console Interface-based user interaction execution tool.

/etc/ansible/hosts

Create SSH key

ssh-keygen -t rsa -C "deniss.wang"

Copy the public key to other servers

ssh-copy-id -i ubuntu@ubuntu20-bj01

hosts

[codo-cluster]
demo.opendevops.cn ansible_ssh_user=root
www.opendevops.cn ansible_ssh_user=root
[k3s-cluster]
ubuntu20-bj01 ansible_user=ubuntu
ubuntu20-bj02 ansible_user=ubuntu
ubuntu20-bj03 ansible_user=ubuntu
ubuntu20-sh04 ansible_user=ubuntu

-m specifies the module execution. Such as: ping, yum, copy, file, etc., the module ping test is used here.

-k uses a password method, and the default is to log in using SSH-KEY.

Basic example:

# ansible 通过 单主机进行操作 ( -k 为用户密码方式, 默认为 ssh-key )
ansible 10.0.8.2 -m ping -k

# ansible 通过 ':' 组合进行操作
ansible "10.0.8.2:10.0.8.3" -m ping -k

# ansible 通过 通配符加主机 进行操作
ansible 10.0.8.* -m ping -k

# ansible 通过 hosts 组名称 进行操作
ansible codo -m ping -k

# ansible 通过 ':' 组合组进行操作
ansible 'codo-cluster:k3s-cluster' -m ping -k

# ansible 通过 通配符 进行操作
ansible '*-cluster' -m ping -k

# ansible 通过 ':&' 逻辑与 (两个组中都包含的主机)
ansible 'codo-cluster:&k3s-cluster' -m ping -k

# ansible 通过 ':!' 逻辑非 (codo-cluster 但不在 k3s-cluster的主机)
ansible 'codo-cluster:!k3s-cluster' -m ping -k

# ansible 也支持多逻辑的组合
ansible 'webservers:dbserver:&appserver:!ftpservers' -m ping -k

# ansible 也支持正则表达式
ansible '~(codo|k3s)-cluster' -m ping -k

# ansible 通过 all 对 hosts 清单下所有主机进行操作
ansible all -m ping -k

# ansible 通过 通配符 对 hosts 清单下所有主机进行操作
ansible '*' -m ping -k

Results of the:

# ansible k3s -m 'ping'                                                                                     
ubuntu20-bj03 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
ubuntu20-bj02 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
ubuntu20-bj01 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
ubuntu20-sh04 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}

/etc/ansible/ansible.cfg

# defaults 为默认配置
[defaults]

# 主机清单的路径, 默认为如下
# inventory = /etc/ansible/hosts

# 模块存放的路径 
# library = /usr/share/my_modules/

# utils 模块存放路径
# module_utils = /usr/share/my_module_utils/

# 远程主机脚本临时存放目录
# remote_tmp = ~/.ansible/tmp

# 管理节点脚本临时存放目录 
# local_tmp = ~/.ansible/tmp

# 插件的配置文件路径
# plugin_filters_cfg = /etc/ansible/plugin_filters.yml

# 执行并发数
# forks = 5

# 异步任务查询间隔 单位秒
# poll_interval  = 15

# sudo 指定用户
# sudo_user = root

# 运行 ansible 是否提示输入sudo密码
# ask_sudo_pass = True

# 运行 ansible 是否提示输入密码 同 -k
# ask_pass = True

# 远程传输模式
# transport = smart

# SSH 默认端口
# remote_port = 22

# 模块运行默认语言环境
# module_lang = C

# roles 存放路径
# roles_path = /etc/ansible/roles

# 不检查 /root/.ssh/known_hosts 文件 建议取消
# host_key_checking = False

# ansible 操作日志路径 建议打开
# log_path = /var/log/ansible.log

Ansible execution process

1. load configuration file /etc/ansible/ansible.cfg
2. Load module configuration file
3. Generate the corresponding temporary py file from the called module or PlayBook through Ansible, and transfer the temporary file to the $HOME/.ansible/tmp/ansible-tmp-2123/xxxxxxx.py > file in the execution user directory of the remote server.
4. Add executable permissions to the generated files.
5. Execute the generated file and return the corresponding result.

6. Delete the generated file and exit.

   Execution return status:

   • Green: The execution is successful, and there is no change operation. Such as ping module
   • Yellow: The execution is successful and the operation of the host has been updated. Such as executing the shell module to execute the ifconfig command.
   • Red: The result is returned if the execution fails. Such as FAILED, UNREACHABLE status.

Ansible-Doc

Display help information

Use parameters:

-l --list shows available modules

-s --snippet displays the playbook stage of the specified module

Demo

# Demo
ansible-doc -l
# ...略过
ansible-doc ping
# 模块ping显示文档
ansible-doc -s ping

Ansible

ansible <host-pattern> [-m module_name] [-a args]

• host-pattern : host ip, host name, host group.
• module_name : The name of the module. The default is -m command .
• args : The parameters of the module, you need to add -a to specify the parameters of the module. Such as: `ansible all -a'hostname'
• -v、-vv、-vvv : Display detailed command output log, the more v, the more detailed. Such as: ansible all -m ping -vvv
• --list : Display the list of hosts. Such as: ansible all --list
• -k / --ask-pass : Prompt to enter the ssh connection password, the default is ssh-key authentication. Such as: ansible all -m ping -k
• -K / --ask-become-pass : Prompt to enter the sudo password.
• -C / --check : Check the command operation, it will not be executed. Such as: ansible all -m ping -C
• -T / --timeout : The timeout period for executing the command, the default is 10s. Such as: ansible all -m ping -T=2
• -u / --user : The user who performs remote operations. For example: ansible all -m ping -u=root
• -b / --become : Replace the old version sudo switch.

Ansible common modules

As of 2021-10-12, there are 6006 ansible modules. It's not that powerful! Life is short, I use Python!

command module

Execute commands on the remote host, support conditional judgment. Ansible default module, you can ignore the -m parameter and operate directly.

Note: command module does not support $VARNAME < > | ; & and other symbols.

Demo

# 停止docker服务

ansible k3s-cluster -m command -a 'systemctl stop docker'

# 查看所有docker镜像

ansible k3s-cluster -a 'docker ps -a'

# 如果 /opt/ansible 不存在 就不执行 df -h 操作, 如果 /opt/ansible 存在, 就执行 df -h 操作.

ansible k3s-cluster -a 'removes=/mnt/ansible df -h'


# 如果 /opt/ansible 不存在 就执行 df -h 操作, 如果存在 /opt/ansible 就不执行 df -h 操作.

ansible k3s-cluster -a 'creates=/mnt/ansible df -h'

# 切换目录, 等同于 cd /mtn && ls -lt 操作

ansible k3s-cluster -a 'chdir=/mnt ls -lt'

shell module

shell module: The shell module supports all operations of command, and also supports symbol operations such as $VARNAME < > | ; &

Demo:

# 查看docker进程
ansible k3s-cluster -m shell -a 'ps -ef|grep docker'

scripts module

script module: Execute script. You only need to call the script file stored in the ansible host to execute the script on the selected host.

Demo

# shell
cat /tmp/deniss.sh                                                                                                                               
#!/bin/bash
echo "测试 shell"
ansible k3s-cluster -m script -a '/tmp/deniss.sh'

# python
cat /tmp/deniss.py
#!/usr/bin/python
import sys

print ('Deniss_Wang' )
print (sys.version)
ansible k3s-cluster -m script -a '/tmp/deniss.py'

# 其他脚本也是可以的，只需要配置好环境语言解释即可。 

copy module

copy module: Copy the ansible host file to the target host.

Demo

# src="" 宿主机路径 dest="" 目标主机路径 backup=yes 如果目标主机文件存在, 会备份, 再覆盖.
ansible k3s-cluster -m copy -a ‘src=/tmp/deniss.py dest=/tmp/deniss.py backup=yes

# mode="" 修改权限， owner="" 修改用户， group="" 修改用户组
ansible k3s-cluster -m copy -a 'src=/root/deniss.py dest=/root/deniss.py mode=0644 owner=deniss group=deniss'

# content="" 将内容写入到目标文件中
ansible k3s-cluster -m copy -a 'content="hello\nworld\n" dest=/tmp/deniss.txt'

Fetch module

fetch module: Download the file of the target remote host to the local, and the successful download will be stored in the directory with IP/NAME, including the overall path of the original file.

Note: Only a single file can be downloaded, and directories are not supported. If you want to download the full path, you can download it after compression.

Demo

# src="" 目标远程主机的文件路径 dest="" 本地目录
ansible k3s-cluster -m fetch -a 'src=/var/log/syslog dest=/tmp/'

file module

file module: Operate the files of the remote target host. Such as: touch , absent etc.

Demo

# mode="" 修改权限 owner="" 修改用户 group="" 修改用户组 recurse=yes 递归授权
ansible k3s-cluster -m file -a 'name=/tmp/deniss.txt owner=ubuntu group=ubuntu mode=0755 recurse=yes'

# dest、name、path: 指定远程主机的文件路径，state: 文件操作类型,默认为 absent，touch: 创建空文件. 
ansible k3s-cluster -m file -a 'name=/tmp/deniss.txt state=touch'

# directory: 创建文件夹， absent: 递归删除文件夹/文件，link: 创建软连接.
ansible k3s-cluster -m file -a 'src=/tmp/deniss.txt dest=/tmp/deniss.link state=link'

Cron module

cron module: add timed tasks to the remote host

• day : Represents the day. Support (1-31, , /2) writing
• hour : Represents the hour. Support (0-23, , /2) writing
• minute : Represents minutes. Support (0-59, , /2) writing
• month : Represents the month. Support (1-12, , /2)
• weekday : Represents the week. Support (0-6, Sunday-Saturday, *) notation
• job : Indicates the content of the scheduled task.
• name : Indicates the name of the scheduled task. The same scheduled task name will be overwritten.

Demo

# day: 表示 天. 支持 ( 1-31, *, */2 ) 写法
# hour: 表示 小时. 支持 ( 0-23, *, */2 ) 写法
# minute: 表示 分钟. 支持 ( 0-59, *, */2 ) 写法
# month: 表示 月. 支持 ( 1-12, *, */2 ) 写法
# weekday: 表示 星期. 支持 ( 0-6, Sunday-Saturday, * )写法
# job: 表示 计划任务的内容.
# name: 表示 计划任务名称. 相同的计划任务名称会覆盖.
ansible k3s-cluster -m cron -a 'weekday=1-5 job="echodate>> /tmp/1.txt" name=echocron'

# disabled= (true/false、yes/no)注释掉计划任务 关闭、启动计划任务 必须指定job和name.
ansible k3s-cluster -m cron -a 'disabled=true job="echodate>> /root/1.txt" name=echocron'

# state=absent 删除计划任务。
ansible k3s-cluster -m cron -a 'name=echocron state=absent'

Yum module

yum module: use yum to operate the software package, such as installation, query, uninstallation, etc.

Demo

# name: 软件包的名称, 或者rpm包, 远程服务器必须存在 rpm 包. 安装多个软件使用 , 号隔开. 如 name=nginx,php,mysql

# state="present/installed/absent/removed"
# present、installed: 安装软件.
# absent、removed: 卸载/删除软件.
# update_cache=yes: 更新 yum 缓存后 在安装软件 disable_gpg_check=yes: 禁用 gpg 检查.
ansible k3s-cluster -m yum -a 'name=mysql state=present'
ansible k3s-cluster -m yum -a 'name=/tmp/nginx-xx.x.x-x.x.x86_64.rpm'
ansible k3s-cluster -m yum -a 'name=nginx update_cache=yes disable_gpg_check=yes'

# list="updates/installed/available/repos" 指定获取状态
# 状态释义: installed: 已安装的软件 updates: 可以升级的软件 available: 可以安装的软件 repos: yum 源
ansible k3s-cluster -m yum -a 'list=installed'

Service module

service : Software service management module. Start, close, restart and other operations.

# name=""，安装名字 
# state="started/stopped/restarted/reloaded" 启动、停止、重启、重载
# enable="yes/no、true/false" 设置是否开机自启
ansible k3s-cluster -m service -a 'name=nginx state=started enabled=yes'

User module

user : Module for managing system users

Demo

# name"" 用户名
# shell="" 指定用户的shell类型
# system="yes/no" 指定是否为 系统用户
# home="" 指定用户额外的home目录, 默认/home/user .
# groups="" 用户额外的 groups 组.
# uid="" 指定用户的UID.
# comment="" 用户描述
ansible k3s-cluster -m user -a 'name=deniss shell=/sbin/nologin system=yes home=/tmp/deniss groups=root uid=777 comment="deniss user"'
# state="present/absent" 
# present: 创建用户 (默认为present) absent: 删除用户
ansible k3s-cluster -m user -a 'name=deniss state=absent remove=yes'
ansible k3s-cluster -m user -a 'name=nginx state=absent remove=yes'

Group module

group : A module for managing system user groups.

Demo

# name"" 用户名
# system="yes/no" 指定是否为 系统用户
# home="" 指定用户额外的home目录, 默认/home/user .
# gid="" 指定GID.
# state="present/absent" 
# present: 创建用户组 (默认为present) absent: 删除用户组
# 创建
ansible all -m group -a 'name=deniss system=yes gid=777'
# 删除
ansible all -m group -a 'name=deniss state=absent'

ansible-galaxy

Official website https://galaxy.ansible.com/

ansible-galaxy tool is used to download the corresponding roles

# list 查看本地的 roles 角色。
ansible-galaxy list geerlingguy.nginx

# install 下载 roles 角色存放到$HOME/.ansible/roles/目录下。
ansible-galaxy install geerlingguy.nginx

# remove 删除已下载的 roles 角色，也可以在存放目录总删除。
ansible-galaxy remove geerlingguy.nginx

Attached are some screenshots of the task center that have been developed, welcome to take a picture!

On the road of reforming automated operation and maintenance based on DevOps ideas, we have been forging ahead and have never stopped.

road is obstructive and long, and the line is approaching, and the line does not stop, and the future can be expected.

Welcome to search k8stech follow the official account, and regularly update articles on operation and maintenance development, SRE, cloud native, etc.