ansible is relatively simple. playbook is used to implement more complex tasks, while Roles is used to implement more complex tasks.

ansible uses modular development, which is equivalent to a collection of command parameters.

https://baike.baidu.com/item/%E4%BA%91%E6%9C%8D%E5%8A%A1/7843499?fr=aladdin See the above link for cloud service details

Cloud Computing is Distributed computing(Distributed Computing),Parallel computing(Parallel Computing),Utility computation(Utility Computing),Network storage(Network Storage Technologies),Virtualization(Virtualization),load balancing(Load Balance)Content distribution network (Content Delivery Network) and other traditions Computer and network technique The product of development integration.

In short, cloud services can put the software, hardware and data needed by enterprises on the network, and use different IT devices to connect with each other at any time and place, so as to achieve data access, computing and other purposes. At present, common cloud services include Public Cloud and Private Cloud [2].

Low cost of public cloud

Public cloud is the most basic service. Multiple customers can share the system resources of a service provider. They can enjoy professional IT services without any equipment and management personnel. This is undoubtedly a good way to reduce costs for ordinary entrepreneurs and small and medium-sized enterprises. Public cloud can also be divided into three categories, including Software-as-a-Service, SaaS (software as a service), Platform-as-a-Service, PaaS (platform as a service) and Infrastructure-as-a-Service, IaaS (infrastructure as a service).

Our usual Gmail, Hotmail and online photo albums are all SaaS, mainly based on a single network software; as for PaaS, IT provides application development and deployment platform in the form of service, and speeds up the user to write CRM (Customer Relationship Management), ERP (Enterprise Resource Planning) and other system functions, so the user must have rich IT knowledge.

iaaS (Infrastructure as a Service): Infrastructure as a Service (hardware only)

PaaS (platform as a service)

SaaS (Software as a Service): Software as a Service

Gray Publishing: a 100 production servers, 10 of which are gray servers. (based on the server, users, regions can) generally use the soft connection form to point a soft connection from the original version to the new version.

Common automatic operation and maintenance tools:

1. Ansible: Python, no need to deploy agents, small and medium-sized application environment
2. Saltstack: python, which generally requires agent (agent) deployment, with high execution efficiency
3. Puppet: powerful, complex configuration, suitable for large environment
4. Fabric: python
5. Cfengine:
6. func:

ansible's architecture:

One host controls multiple hosts

Host Inventory: host list. How can ansible know which hosts need to be managed? Then which hosts recorded in this file need to be controlled.

/etc/ansible/hosts: the file that stores the list of hosts, which can only be controlled by ansible after it is stored

If some daily small tasks can be implemented with some modules, but some routine tasks will be implemented with Playbook.

It also supports some additional plug-ins, such as log and mail. In order to associate or control with these remote hosts, a connection plug-in is needed. Currently, the plug-in is implemented based on SSH protocol.

Charged end: agent (QQ remote control), no agent (SSH service), agent performance is better than no agent.

ansible features:

1. Idempotency: the effect of executing a task once is the same as that of executing n times, and it will not cause accidents due to repeated execution (if you create a user with ansible for the first time, when you create a user with ansible for the second time, it will not execute at most, and will not generate errors)
2. Modules can be written in any programming language
3. Security, based on SSH protocol
4. Support for custom modules
5. The master cannot be windows

How ansible works:

The remote host can be managed by ansible. Users can tap commands, use Playbook in batch, use public / private cloud, or use CMDB (configuration management database)

ansible command execution source:

User: normal user, click command

CMDB: API call

PUBLIC/PRIVATE CLOUD: API call

​ Ansible PlayBook:

How ansible implements management:

AdHoc: Ansible command, which is suitable for temporary command use scenarios

Ansible PlayBook: mainly used for long-term planning, large project scenarios

Installation of ansible:

ansible related files:

The first time you join a new host, it is impossible to use ssh to link every time, so you can add a line to the configuration file:

host_key_checking = False

It is recommended to enable logging:

log_path

Ansible doc: display module help, equivalent to man command

Ansible doc - l: display available modules

ansible's command uses:

ansible	webservers	-m	command	-a	'ls /root'	-u	lxw	-k	-b	-K

-k: Verify with key

-b: sudo to profile User

-K: sudo user's password

Sudo user's method: visudo, open the option% wheel, and then modify the user's additional group to wheel, but if you don't want to enter the sudo password, modify the visudo file, and open the NOPASSWD option under the% wheel option. (echo export EDITOR=vim > >

key based verification:

SSH keygen generates a key pair, which is then transmitted to each host Using SSH copy ID

ssh-copy-id 192.168.15.138

*: general distribution all

:: or, all hosts (123) (126) (1236) in both groups

': &': relationship with, host (123) (126) (12) for both groups

‘ : ! ’ : non relationship, in the front group but no longer in the back group

Regular expressions are supported:

"~(web|db). * \ .baidu \ . com"

ansible's execution process:

1. Load your own configuration file, which defaults to / etc/ansible/ansible.cfg

2. Load the corresponding module file, such as command

3. The module or command generates the corresponding temporary. Py file through ansible, and transfers the file to the corresponding executing user $home /. Ansible / TMP / ansible TMP random number / XXX.py file of the remote server

4. Execute for file + x

5. Execute and return results

6. Delete temporary py file, sleep 0 exit

The color of whether ansible succeeds is defined in the ansible configuration file

Common modules of ansible:

View help document: ansible doc

command module: it is used by default and can be omitted.

chdir: first switch directories and execute commands, whether they exist or not

Create: do not execute command if file exists

Remove: if the file does not exist, do not execute the command

ansible	all	-a	'chdir=/etc/fs	cat	/etc/fstab'
ansible	all	-a	'chdir=/boot	ls'Equivalent to viewing boot Folder
ansible	all	-a	'creates=/etc/fs	cat	/etc/fstab'
ansible	all	-a	'removes=/etc/fs	cat	/etc/fstab'

Shell module: not the default module. Use - m shell and support some special symbols, such as pipe and $.

Change user password:

ansible	web	-m	shell	-a	'echo	123456|passwd	--stdin	lxw'

script module: you don't need to copy scripts to other hosts. You just need to write scripts on the ansible host, and then you can execute them on the specified host.

file module: a module specialized in managing files

Copy module: copy local files to remote

mode: permissions

Owner: owner

ansible	all	-m	copy	-a	'src=/root/ansible/selinux	dest=/etc/selinux/config	backup=yes'
ansible	all	-m	copy	-a	'content="hello\nworld\n"	dest=/data/f2'Write directly to the file

fetch: to pull files from the client to the server is the opposite of copy, but only a single file can be pulled. If the directory is selected, it must be packaged first.

ansible	all	-m	fetch	-a	'src=/var/logs/messages	dest=/data'

archive: package module unarchive: unpack module

File module: ansible doc file

ansible	all	-m	file	-a	'name/path/dest=/data/test	state=touch'---create a new file
ansible	all	-m	file	-a	'name/path/dest=/data/test	state=absent'---Delete files/Catalog
ansible	all	-m	file	-a	'name/path/dest=/data/dir1	state=directory'---Create directory
ansible	all	-m	file	-a	'src=/etc/fstab	dest/path/name=/data/fstab.link	state=link'---Create a soft connection

Cron: planning task module

ansible	all	-m	cron	-a	'minute=*	weekday=1,3,4	job="/usr/bin/wall	FBI	warning"	name=warningcron'---Create a scheduled task
ansible	all	-m	cron	-a	'disabled=true/yes	job="/usr/bin/wall	FBI	warning"	name=warningcron'---To log off a scheduled task, you must add name，If not, a new scheduled task default comment will be created, but name by null
					disabled=false/no---Re enable scheduled tasks
absible	all	-m	cron	-a	'job="/usr/bin/wall	FBI	warning"	name=warningcron	state=absent'

yum: yum module

ansible all - m yum - a 'name=vsftpd,memcached state=present/installd/lastest' --- install
										state=absent/removed ---- uninstall
										
First batch cp, and then use rpm to install.
You can also use disable GPG check = yes to skip the check.
Update'cache = yes is used to update the cache, but the installation package, EX: 'name=httpd update'cache = yes'

Service: service module

ansible	all	-m	service	-a	'name=vsftpd	state=started/restarted/reloaded/stopped	ensbled=yes/true'

setup: display the information of the controlled host

ansible	all	-m	setup	-a	'filter=ansible_*'--—filter Presentation filtering

User: manage user module

ansible	all	-m	user	-a	'name=nginx	shell=/sbin/nologin	system=yes	home=/home/nginx	groups=root	uid=8080	comment(describe)=nginx	service'
group It specifies the basic group, groups Is for the specified additional group

ansible	all	-m	user	-a	'name=nginx	state=absent	remove=yes(Delete home directory or not)'

Group: management group module

ansible	all	-m	user	-a	'name=nginx	system=yes	gid=8080	state=absent/present'	

ansible command:

Ansile Galaxy: you can automatically connect to galaxy.ansible.com to download the roles you want. First find and copy the roles you want, and then use ansible Galaxy install/remove rolesname on the virtual machine to download them

Answer vault: there is sensitive information in the playbook file. You can encrypt the playbook file

ansible-vault encrypt hello.yml -- after encryption, you cannot view the contents of the playbook file, and after encryption, you cannot run it. To run it, you must decrypt it first
 Ansible vault decrypt hello.yml ---- decrypt playbook file
 Ansible vault view hello.yml ---- view encrypted file content
 Ansible vault edit hello.tml ---- modify encrypted file
 Ansible vault rekey hello.yml ---- change password
 Ansible vault create hello2.yml --- create a new encrypted file

Ansible console: interactive control

You can use cd. When you execute a command, the module name is in front of you, and the corresponding command is in the back (ansible usage)

Ansible Playbook: (equivalent to script)

The main function of play is to disguise the implementation as a group of hosts and define the roles through the tasks in ansible. Fundamentally speaking, task is to call a module of ansible, organize multiple plays in a playbook, and let them perform according to the mechanism of event first arrangement

Syntax:

---	//It's just a habit. If you don't write, it's OK. It means you need to write playbook in it

- hosts:	webserver	//The next step is to perform operations on those hosts
  remote_user:	root	//Who is the next operation to be performed as
  
  tasks:	
	- name: hello	//It's just a description of what to do
	  command:	hostname	//Module name: Usage
	  
ansible-playbook	hello.yaml

Workflow:

YAML format:

1. It's a language, not ansible specific
2. In a single file, three consecutive files can be used to distinguish multiple files. In addition, three. Can be used to indicate the end of the file
3. The next line starts to write the content. It is generally recommended to write the function of the playbook.
4. Use comment code
5. Indent must be unified, not mixed with tab
6. Case sensitive, case sensitive K/V values
7. k/v can be written in the same line or in new line. For the same line, use: separate, v can also be a list
8. A complete code block needs at least one name and one task, and a name can only contain one task

YAML syntax:

List: all elements start with "-"

Directory: Dictionary

name: lxw
job: student
hobby: play
{name:lxw,job:student,hobby:play}

playbook core elements:

• Hosts: list of remote hosts executed
• tasks: task set
• Varniables: built-in variables or custom variables are invoked in playbook.
• Templates: templates, which can replace variables in template files and implement some simple and logical files
• handlers and notity are used together. Operations triggered by specific conditions are executed only when they are satisfied.
• tags: tag, which specifies the execution of a task, and is used to select and run some code in playbook. Ansible has idempotence, so it will skip the unchanged part, but some code tests that it does not have ansible playbook - t tagsname useradd.yml

---
- host: all
  remote_user: root
  
  tasks:
    - name: create new file
      file: name=/data/test state=touch
    - name: create new user
      user: name=ymy system=yes shell=/sbin/nologin
    - name: install package
      yum: name=httpd
    - name: copy html
      copy: src=/var/www/html/index.html dest=/var/www/html
    - name: start service
      service: name=httpd state=started enabled=yes
      sudo: yes
      sudo_user: lxw---Need authorization

Ansible playbook - C file.yml ---- check for errors

Let the error continue:

- name: error
  shell: /usr/bin/somecommand || /bin/true
//Or ignore error: true

--limit 192.168.15.101

One module corresponds to one content, and the same content is not allowed.

If the src in tasks is written as a relative path, it is relative to the current user's home directory

Use of Handlers and notify:

tasks: execute in order. If the service has been started and the modified configuration file is copied, the service will not restart, so the configuration file will not take effect, so you need to use handlers.

---
#Basic configuration file for httpd
- hosts: all
  remote_user: root
  
  tasks:
    - name: install httpd package
      yum: name=httpd
    - name: copy conf file
      copy: src=files/httpd.conf dest=/etc/httpd/conf backup=yes
      notify: restart service---Must and handlers Medium name Bring into correspondence with
    - name: start service
      service: name=httpd state=started enabled=yes
    
  handlers:
    - name: restart service
      service: name=httpd state=restarted
 ________________________________________________
      notify:
        - restart service
        - check nginx process
        
  handlers:
    - name: restart service
      service: name=httpd state=restarted enabled=yes
    - name: check nginx process
      shell: killall -0 nginx > /tmp/nginx.log

Tags: tags are used to call the contents of tags in the future

---
#Basic configuration file for httpd
- hosts: all
  remote_user: root
  
  tasks:
    - name: install httpd package
      yum: name=httpd
      tags: installhttpd
    - name: copy conf file
      copy: src=files/httpd.conf dest=/etc/httpd/conf backup=yes
      notify: restart service---Must and handlers Medium name Bring into correspondence with
    - name: start service
      service: name=httpd state=started enabled=yes
      tags: restartedhttpd
    
  handlers:
    - name: restart service
      service: name=httpd state=restarted

Ansible playbook httpd.yml - t installhttpd, restartatedhttpd httpd.yml ------ select a label to execute
 --Skip_tags two

Multiple actions can use the same label. Just name the label the same.

Variables in Playbook:

Different operations can be performed for different hosts.

Variable name: can only be composed of letters, numbers and underscores, and can only start with letters

Variable source:

1. All variables of the ansible setup facts remote host can be called

2. Defined in / etc/ansible/hosts (that is, it is valid for one host in the group or all hosts in the group)

   • Common variable: defined separately in the host group, with priority higher than the common variable
   • Common (Group) variables: define the same variable for all hosts in the host group

3. Specify variables from the command line with the highest priority

4. Defined in playbook

   • vars:
     • vars1: value1
     • vars2: value2

5. Defined in role

6. Defined in variable file (suffix. yml)

#Define variables directly on the command line
---
- hosts: all
  remote_user: root
  
  tasks:
    - name: install package
      yum: name={{ pkname }}
    - name: start service
      service: name={{ pkname }} state=started enable=yes

Ansible playbook - e 'pkname=vsftpd' app.yml ---- two variable assignments can be separated by commas

#You can define variables directly in playbook:
---
- hosts: all
  remote_user: root
  vars:
    - pkname1: httpd
    - pkname2: vsftpd
  tasks:
    - name: install package
      yum: name={{ pkname1 }}
    - name: start service
      service: name={{ pkname2 }} state=started enable=yes

#Defined in / etc/ansible/hosts
[web01]
192.168.15.100 http_port=81
192.168.15.101 http_port=82

[web01:vars]
name1=www.
name2=.com

---
- host: web01
  remote_user: root
  tasks:
    - name: set hostname
    hostname: name={{ name1 }}{{ http_port }}{{ name2 }}

#Defined in variable file
var1: httpd
var2: vsftpd

---
- host: all
  remote_user: root
  vars_files:
    - vars.yml
    
  tasks:
    - name: install package
      yum: name={{ var1 }}

Template template: can only be used on the playbook command line, can no longer be used in ansible (AD HOC), using Jinja2 syntax

Application scenario: when configuring a service, different machine hardware may lead to different configuration files of the service. The copy module cannot achieve this function, so it can only use the template template.

Templates file must exist in the templates directory, and the file name suffix is. j2, templates directory and. yml file level

---
- host: all
  remote_user: root
  
  tasks:
    - name: install package
      yum: name=nginx
    - name: copy template
      template: src=nginx.conf.j2 dest=/etc/nginx.conf backup=yes
      notify: restart service
    - name: start service
      service: name=nginx state=started enabled=yes
    
   handlers:
     - name: restart service
       service: name=nginx state=restarted
       
   tasks:
     - name: "shutdown RedHat"
       command: /sbin/shutdown -h now
       when: ansible_os_family=="RedHat"

Variables can use variables in the set up module

Iteration (loop):

---
- host: all
  remote_user: root

  tasks:
    - name: create some files
      file: name=/data/{{ item }} state=touch
      when: ansible_distribution_major_version == "7"
      with_items:
        - file1
        - file2
        - file3
    - name: install some packages
      yum: name={{ item }}
      with_items:
        - htop
        - sl
        - hping3
        #Fixed structure

#Users belong to their own groups
    - name: install some packages
      yum: name={{ item.name }} group={{ item.group }}
      with_items:
        - { name: 'user1', group: 'g1' }
        - { name: 'user2', group: 'g2' }
        - { name: 'user3', group: 'g3' }

for cycle:

---
- name: all
  remote_user: root
  vars:
    prots:
      - 81
      - 82
      - 83
  tasks:
    - name:copy conf
      template: src=for1.conf.j2 dest=/data/for1.conf
-----------------------
cat for1.conf.j2-->
{% for port in ports %}
server{
	listen {{ port }}
}
{% endfor %}

#Another way
---
- name: all
  remote_user: root
  vars:
    prots:
      - web1:
        port: 81
        name: www.baidu1.com
        rootdir: /data/web1
      - web2:
        port: 82
        name: www.baidu2.com
        rootdir: /data/web2
      - web3:
        port: 83
        name: www.baidu3.com
        rootdir: /data/web3
  tasks:
    - name:copy conf
      template: src=for1.conf.j2 dest=/data/for1.conf
-----------------------
cat for1.conf.j2-->
{% for pin ports %}
server{
	listen {{ p.port }}
	servername {{ p.name }}
	documentroot {{ p.rootdir }}
}
{% endfor %}

Iteration and judgment are used together:

{% for pin ports %}
server{
	listen {{ p.port }}
{% if p.name is defined %}
	servername {{ p.name }}
{% endif %}
	documentroot {{ p.rootdir }}
}
{% endfor %}

roles:

It is suitable for large tasks and has a clearer structure. Take apart all the things in the playbook. The variables are in one file. The templates are in one file. The files to be copied are in one file. The tasks are all taken apart and placed in one file. The idea is modularity and high code reusability.