Ansible automated operation and maintenance (2) -- location of ansible basic deployment and its configuration file

I configuration file

/etc/ansible/ansible.cfg # master configuration file

/etc/ansible/hosts # host list

/etc/ansible/roles # directory where roles are stored

1. Master profile

Ansible's configuration files can be placed in many different places, and the order of priority is as follows from high to low

ansible_config # environment variable

./ansible.cfg # ansible. In the current directory cfg

~/. ansible.cfg # current user's home directory ansible.cfg

/etc/ansible/ansible.cfg # system default configuration file

The default configuration file for Ansible is / etc / Ansible / Ansible cfg

[defaults]
#inventory = /etc/ansible/hosts # host list configuration file
#library = /usr/share/my_modules / # library file storage directory
#remote_ tmp = ~/. The ansible / tmp # temporary py command file is stored in the remote host directory
#local_tmp = ~/.ansible/tmp # local temporary command execution directory
#forks = 5 # default concurrency
#sudo_user = root # default sudo user
#ask_sudo_pass = True # whether to ask for ssh password every time ansible command is executed
#ask_pass = True
#transport = smart
#remote_port = 22
#module_lang = C
#module_set_locale = False # check the host of the corresponding server_ Key, it is recommended to cancel the comment on this line to automatically trust the target host for the first connection
#log_path = /var/log/ansible.log # log file. It is recommended to enable it
#module_name = command # default module, which can be modified to shell module

[privilege_escalation] # normal user authorization configuration
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False

2.ansible needs to know three points:

Executive Director: the host manifest file determines who to do it to (the name and location of the host manifest file are determined by the "inventory =" parameter in the currently effective ansible configuration file)
Screenwriter: what to do is decided by playbook
What actors do: ansible

2.1 list documents

Host manifest files (inventory, hosts) are usually used to define the authentication information of the host to be managed, such as ssh login user name, login password and key related information. A series of operations are realized by modifying the configuration file.
In / etc / ansible / ansible In CFG, the location of the manifest file can be changed by modifying the "inventory =" parameter

[root@localhost ~]# cd /etc/ansible/
[root@localhost ansible]# ls
ansible.cfg  hosts  roles
[root@localhost ansible]# vim ansible.cfg 
[root@localhost ansible]# touch inventory
[root@localhost ansible]# cat ansible.cfg 


[defaults]

# some basic default values...

#inventory      = /etc/ansible/hosts #Default path
inventory      = inventory #Path added first
#library        = /usr/share/my_modules/
#module_utils   = /usr/share/my_module_utils/
#remote_tmp     = ~/.ansible/tmp

# verification:
//Add managed host
[root@localhost ansible]# vim inventory
192.168.58.30
[webservers]
192.168.58.40

//Use the command to list all managed hosts in the default manifest file
[root@localhost ansible]# ansible all --list-hosts
  hosts (2):
    192.168.58.30
    192.168.58.40

II How to use help documents (modules)

1. View the trilogy

• 1.1 view the list of all modules

  #ansible-doc -l

[root@localhost ansible]# ansible-doc -l
a10_server                                                    Manage A10 Networks AX/SoftAX/Thunder/vT...
a10_server_axapi3                                             Manage A10 Networks AX/S                                         Manage A10 Networks AX/SoftAX/Thunder/vT...
a10_virtual_server                                            Manage A10 Networks AX/SoftAX/Thunder/vT...
aci_aaa_user 
slightly------

                                                                                                  Manage AAA users (aaa:User)             
aci_aaa_user_certificate       

• 1.2 view the help document of the specified module

  Ansible doc module name

[root@localhost ansible]# ansible-doc user
> USER    (/usr/lib/python3.6/site-packages/ansible/modules/system/user.py)

        Manage user accounts and user attributes. For Windows targets, use the
        [win_user] module instead.

  * This module is maintained by The Ansible Core Team
OPTIONS (= is mandatory):

- append
        If `yes', add the user to the groups specified in `groups'.
        If `no', user will only be added to the groups specified in `groups',
        removing them from all other groups.
        Mutually exclusive with `local'
        [Default: False]
        type: bool

- authorization
        Sets the authorization of the user.
        Does nothing when used with other platforms.
        Can set multiple authorizations using comma separation.
        To delete all authorizations, use `authorization='''.
        Currently supported on Illumos/Solaris.
        [Default: (null)]
        type: str
        version_added: 2.8

• 1.3 view the parameters that can be used by the module

  Ansible doc - S module name

[root@localhost ansible]# ansible-doc -s user
- name: Manage user accounts
  user:
      parameter//append:                # If `yes', add the user to the groups specified in `groups'. If `no', user
                               will only be added to the groups specified
                               in `groups', removing them from all other
                               groups. Mutually exclusive with `local'
      parameter//authorization:         # Sets the authorization of the user. Does nothing when used with other
                               platforms. Can set multiple authorizations
                               using comma separation. To delete all
                               authorizations, use `authorization='''.
                               Currently supported on Illumos/Solaris.
      comment:               # Optionally sets the description (aka `GECOS') of user account.
      create_home:           # Unless set to `no', a home directory will be made for the user when the
                               account is created or if the home directory
                               does not exist. Changed from `createhome' to
                               `create_home' in Ansible 2.5.
      parameter//expires: an expiration time for the user in epoch, it will be ignored on platforms that
                               do not support this. Currently supported on
                               GNU/Linux, FreeBSD, and DragonFlyBSD. Since
                               Ansible 2.6 you can remove the expiry time
                               specify a negative value. Currently
                               supported on GNU/Linux and FreeBSD.
      parameter//#force: usage method / / # this only effects ` state = absent ', it forces remove of the user and
                               associated directories on supported
                               platforms. The behavior is the same as
                               `userdel --force', check the man page for

matters needing attention:
1. Press q to exit the help document
2. Parameters on the left and usage methods on the right

3, Detailed explanation of Ansible tool parameters

Ansible is based on multi module management. Common ansible tool management modules include: command, shell, script, yum, copy, File, async, docker, cron and mysql_user,ping,sysctl,user,acl,add_host,easy_install, haproxy, etc.

The main parameters of Ansible automated batch management tool are as follows:

parameter	notes
-v,–verbose	Print detailed mode;
-i PATH,–inventory=PATH	Specify the host file path;
-f NUM,–forks=NUM	Specify the number of fork enabled synchronization processes, 5 by default;
-m NAME,–module-name=NAME	Specify the module name, and the default module is command;
-a MODULE_ARGS	Parameters or commands of module module;
-k,–ask-pass	Enter the password of the remote managed end;
–sudo	User execution based on sudo;
-K,–ask-sudo-pass	Prompt for sudo password to use with sudo;
-u USERNAME,–user=USERNAME	Specify the execution user of the mobile terminal;
-C,–check	The test execution process does not change the real content, which is equivalent to rehearsal;
-T TIMEOUT,	The timeout for executing commands is 10 seconds by default;
–version	View Ansible software version information.

1. Module practice

1.1Ansible ping

The most basic module of Ansible is the ping module, which is mainly used to judge whether the remote client is online. It is used to ping its own server. The return values are changed and ping.
Ansible ping server status

ansible -k all -m ping

[root@localhost ansible]# ansible all -m ping
192.168.58.30 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}

1.2Ansible command

Ansible command module is an ansible default module, which is mainly used to execute basic Linux commands, and can perform remote server command execution, task execution and other operations.
Command module usage details:

parameter	notes
Chdir	Before executing the command, switch to the directory;
Creates	When the file exists, this step is not performed;
Executable	Execute commands in shell environment instead;
Free_form	Scripts to be executed;
Removes	When the file does not exist, this step is not performed;
Warn	If in ansible There is an alarm in CFG. If False is set, this line will not be warned.

Common cases of Ansible command module enterprises are as follows:
(1) The Ansible command module remotely executes the date command, and the execution result is shown in the figure:

ansible -k -i /etc/ansible/inventory 192.168.58.30 -m command -a "date"

[root@localhost ansible]# ansible -k -i /etc/ansible/inventory 192.168.58.30 -m command -a "date"
SSH password: 
192.168.58.30 | CHANGED | rc=0 >>
2021 Thursday, July 15, 2016:26:31 CST
[root@localhost ansible]# 

(2) The Ansible command module remotely executes the ping command, and the execution result is shown in the figure:

[root@localhost ansible]# ansible -k 192.168.58.30 -m command -a "ping -c 1 www.baidu.com"

[root@localhost ansible]# ansible -k 192.168.58.30 -m command -a "ping -c 1 www.baidu.com"
SSH password: 
192.168.58.30 | CHANGED | rc=0 >>
PING www.a.shifen.com (182.61.200.7) 56(84) bytes of data.
64 bytes from localhost (182.61.200.7): icmp_seq=1 ttl=128 time=27.8 ms

--- www.a.shifen.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 27.834/27.834/27.834/0.000 ms
[root@localhost ansible]# 

(3) Ansible Hosts executes df -h remotely in regular mode, and the execution result is shown in the figure:

# Ansible command df -h command execution result
ansible -k 192.168.149.13* -m command -a "df -h"

[root@localhost ansible]# ansible -k 192.168.58.30 -m command -a "df -h"
SSH password: 
192.168.58.30 | CHANGED | rc=0 >>
file system               Capacity used available used% Mount point
devtmpfs               1.9G     0  1.9G    0% /dev
tmpfs                  1.9G     0  1.9G    0% /dev/shm
tmpfs                  1.9G   17M  1.9G    1% /run
tmpfs                  1.9G     0  1.9G    0% /sys/fs/cgroup
/dev/mapper/rhel-root   46G  2.3G   43G    5% /
/dev/nvme0n1p1        1014M  181M  834M   18% /boot
tmpfs                  376M     0  376M    0% /run/user/0

1.3Ansible user

The Ansible user module is mainly used for operating system user, group, permission, password and other operations. The user module is used in detail

parameter	notes
system	Normal user is created by default; if yes, system user is created;
append	Add a new group;
comment	Add description information;
createhome	Create home directory for users;
force	Used to delete a forced user;
group	Create user master group;
groups	Add users to groups or affiliated groups;
home	Specify the user's home directory;
name	Indicates the status, whether to create, remove, modify;
password	Specify the password of the user, here is the encryption password;
uid	Set user id;
state	User status. The default value is present, indicating a new user.

Common cases of Ansible user module enterprises are as follows:
(1) Ansible user module operation, name indicates the user name, uid, state indicates its status, and the execution results are shown in the figure:

ansible -k 192.168.58.30 -m user -a "name=xx uid=2434 stste=present"

[root@localhost ansible]# ansible 192.168.58.30 -m user -a 'name=xx uid=2434 state=present'
192.168.58.30 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "comment": "",
    "create_home": true,
    "group": 2434,
    "home": "/home/xx",
    "name": "xx",
    "shell": "/bin/bash",
    "state": "present",
    "system": false,
    "uid": 2434
}

Then, view it on the 192.168.58.30 host

root@localhost ~]# id xx
uid=2434(xx) gid=2434(xx) group=2434(xx)

(2) The Ansible user module operates. Name indicates the user name, and state=absent indicates deleting the user. The execution results are shown in the figure:

ansible 192.168.58.30 -m user -a 'name=xx uid=2434 state=absent'

192.168.58.30 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "force": false,
    "name": "xx",
    "remove": false,
    "state": "absent"
}

Then, view it on the 192.168.58.30 host

[root@localhost ~]# id xx
id: "xx": No such user