Yadda Ake Gudanar da Nutattun Sarrafa Sahihi da Umurnin wucin gadi - Sashe na 3
A cikin kasidodi biyu da suka gabata na wannan Kafa Node Mai Amfani Mai Sauƙi. A wannan bangare na 3, zamu nuna yadda zaku iya saita Ansungiyoyin sarrafawa masu sauki don gudanar da umarnin ad-hoc akan rundunonin nesa.
Saita Tabbatar da kalmar sirri ta SSH mara izini zuwa Nodes mai Sarrafawa
A matsayin sake bayani kan maudu'inmu na karshe, sarrafa runduna mai nisa tare da Ansible yana buƙatar kafa ingantaccen SSH mara inganci tsakanin kumburin sarrafa Ansible da rundunonin gudanarwa. Wannan ya haɗa da ƙirƙirar maɓallan maɓalli (Maɓallan maɓallan SSH na Jama'a da masu zaman kansu) a kan kumburin Ansible Control da kwafin mabuɗin Jama'a ga duk rundunonin da ke nesa. Wannan zai zama mahimmin ci gaba gaba kuma zai sa aikinku ya zama da sauƙi.
Sanya Haɓakar gata akan Nodes da Aka Sarrafa
Lokacin da aka shiga azaman mai amfani na yau da kullun, ƙila a buƙaci ku aiwatar da wasu ayyuka a kan nodes masu sarrafawa waɗanda ke buƙatar ɗaukakar dama ko tushen gata. Waɗannan ɗawainiyar sun haɗa da gudanar da kunshin, ƙara sabbin masu amfani & ƙungiyoyi, da gyare-gyaren tsarin daidaitawa don faɗi kawai amma kaɗan. Don cimma wannan, kuna buƙatar kiran wasu umarnin a cikin littafin waƙa don gudanar da ayyuka azaman babban mai amfani a kan rundunonin nesa.
Ansible yana baka damar 'zama' wani mai amfani a kan kumburin sarrafawa daban da wanda aka shiga yanzu. Dokar ta zama: ee umarnin yana ɗaukaka gatan ku kuma yana ba ku damar aiwatar da ayyukan da ke buƙatar gata irin su girkawa da sabunta abubuwan fakiti da sake kunna tsarin.
Yi la'akari da littafin wasan httpd.yml wanda ya girka kuma ya fara Apache webserver kamar yadda aka nuna:
---
- name: install and start Apache webserver
hosts: webservers
tasks:
- name: install httpd
yum: name=httpd state=latest
become: yes
- name: check httpd status
service: name=httpd state=started
The ya zama: ee umarnin yana ba ku damar aiwatar da umarni azaman tushen mai amfani akan mai masaukin nesa.
Wani umarnin da zaku iya amfani dashi don zama wani mai amfani shine di_user. Wannan yana ba ku damar sauyawa zuwa mai amfani da sudo a kan mahaɗan nesa yayin shiga kuma ba mai amfani da kuka shiga ba.
Misali, don gudanar da umarni azaman mai amfani da tecmint akan m amfani da umarnin kamar yadda aka nuna.
- name: Run a command as the apache user command: somecommand become: yes become_user: tecmint
Wannan umarnin zai shawo kan hanyar da aka saita a cikin fayil na ansible.cfg wanda yawanci aka saita shi zuwa sudo.
Ana amfani da waɗannan a wasa ko matakin aiki, misali lokacin da kake buƙatar canzawa zuwa mai amfani lokacin da aka saita harsashi zuwa nologin.
Misali,
- name: Run a command as nobody command: somecommand become: true become_method: su become_user: nobody become_flags: '-s /bin/sh'
Zaɓuɓɓukan layin umarni a Haɓakar gata
Bari muyi la'akari da wasu zaɓuɓɓukan layin umarni waɗanda zaku iya amfani dasu don haɓaka gatan ku yayin aiwatar da umarni:
-
-sk-zama-pass,-K- Wannan ya sa ka sami kalmar sirri na mai amfani da sudo akan tsarin nesa da kake ƙoƙarin haɗawa.
$ ansible-playbook myplaybook.yml --ask-become-pass
-
- zama,-b- Wannan yana baka damar gudanar da aikin azaman tushen mai amfani ba tare da neman kalmar shiga ba.
$ ansible-playbook myplaybook.yml --become
-
--become-user = BECOME_USER- Yana ba ka damar gudanar da ayyuka azaman wani mai amfani.
$ ansible-playbook myplaybook.yml --become-user=tecmint
Tabbatar da Kanfigareshan Aiki ta amfani da Umarni mai sauki na Ad-Hoc
Wani lokaci, kuna iya yin ayyuka masu sauri da sauƙi a kan runduna mai nisa ko sabobin a Ansible ba tare da dole sai kun ƙirƙiri littafin wasa ba. A wannan yanayin, kuna buƙatar gudanar da umarnin ad-hoc.
Umarnin wucin gadi ad-hoc umarni ne na layi daya wanda yake taimaka maka aiwatar da ayyuka masu sauki cikin sauki amma ingantacce ba tare da buƙatar ƙirƙirar littattafan wasa ba. Irin waɗannan ayyukan sun haɗa da yin kwafin fayiloli tsakanin runduna, sake kunna sabar, ƙarawa & cire masu amfani da girka fakiti ɗaya.
A cikin wannan darasin, muna bincika aikace-aikace daban-daban na umarnin Ansible Ad-Hoc. Za mu yi amfani da fayil ɗin kaya a ƙasa don zanga-zanga.
[webservers] 173.82.115.165 [database_servers] 173.82.202.239
Amfani mafi mahimmanci na umarnin Ansible-Adhoc shine ping mai masaukin ko ƙungiyar rukuni.
# ansible -m ping all
A cikin umarnin da ke sama, ma'aunin -m shine zaɓi na koyaushe. Ping shine umarnin adhoc kuma sashin na biyu duk yana wakiltar duk rundunoni a cikin fayil ɗin kaya. Ana nuna fitowar umarnin a ƙasa:
Zuwa ping, wani rukuni na runduna, maye gurbin sigar ‘duka’ da sunan rukuni. A cikin misalin da ke ƙasa, muna gwada haɗin kai tare da runduna a ƙarƙashin rukunin masu saiti.
# ansible -m ping webservers
Allyari, za ku iya amfani da sifar -a don tantance umarnin Linux na yau da kullun a cikin alamun ambato biyu. Misali, don bincika lokacin aiki na tsarin nesa, gudu:
# ansible -a "uptime" all
Don bincika amfani da faifai na runduna mai nisa gudu.
# ansible -a "df -Th" all
Akwai daruruwan ɗaruruwan kayayyaki waɗanda zaku iya amfani dasu tare da umarnin Adhoc. Don duba duk jerin kayayyaki tare da bayanansu, gudanar da umarnin a ƙasa.
# ansible-doc -l
Don duba cikakken bayani game da wani tsarin, gudanar da umarnin.
# ansible-doc module_name
Misali, don neman ƙarin bayani game da tsarin yum module:
# ansible-doc yum
Za'a iya amfani da umarnin adhoc mai sauki don shigarwa da cire abubuwan fakiti ta amfani da yum da manajan kunshin da suka dace.
Don shigar da sabar yanar gizo ta Apache akan rundunar CentOS 7 a ƙarƙashin rukunin masu sa ido a cikin fayil ɗin kayan aiki suna gudanar da umarnin:
# ansible webservers -m yum -a "name=httpd state=present"
Don tabbatar da sanyawar sabar yanar gizo ta Apache, shiga cikin kwastomomin da ke nesa sannan gudanar.
# rpm -qa | grep httpd
Don cire Apache, sauƙaƙe canza yanayin daga yanzu zuwa babu.
# ansible webservers -m yum -a "name=httpd state=absent"
Sake, don tabbatar da cirewar httpd run.
# rpm -qa | grep httpd
Kamar yadda aka lura, an tsarkake fakitin sabar gidan yanar gizo na Apache.
Lokacin ƙirƙirar masu amfani, ƙirar ‘mai amfani’ ta zo da sauki. Don ƙirƙirar sabon james mai amfani tare da kalmar sirri redhat akan tsarin abokin ciniki database_server, ba da umarnin.
# ansible database_server -m user -a "name=james password=redhat"
Don tabbatar da ƙirƙirar sabon mai amfani, gudanar da umarnin:
# ansible database_servers -a "id james"
Don cire mai amfani, gudanar da umarnin:
# ansible database_servers -m user -a "name=james state=absent"
Idan kuna gudana Ansible azaman mai amfani na yau da kullun, Ansible yana samar da haɓaka gata a cikin rundunonin nesa ta amfani da zaɓi - zama don samun gatan tushen da -k don faɗakar da kalmar sirri.
Misali, don tafiyar da umarnin Ansible adhoc 'netstat -pnltu' tare da babban dama - -ka zama da zabin -K don tunkudewa kalmar sirri ta mai amfani ta bi umarnin. .
$ ansible webservers -m shell -a 'netstat -pnltu' --become -K
Don zama wani mai amfani banda tushen, yi amfani da sifar - zama-mai amfani .
Misali don gudanar da 'df -Th' a matsayin mai amfani da tecmint a kan rundunonin da ke nesa da kuma hanzarta don gudanar kalmar sirri:
$ ansible all -m shell -a 'df -Th' --become-user tecmint -K
Gaskiya tana nufin cikakken bayani game da tsarin. Wannan ya haɗa da bayani game da adireshin IP, tsarin tsarin, ƙwaƙwalwa, da CPU don ambata kaɗan.
Don dawo da bayanai game da rundunonin nesa, gudanar da umurnin:
$ ansible all -m setup
Ansible yana amfani da kwafin koyaushe don kwafin fayiloli daga amintaccen iko zuwa rundunonin nesa masu yawa.
Da ke ƙasa misalin aikin kwafi:
# ansible webservers -m copy -a "src=/var/log/secure dest=/tmp/"
Umurnin ya kwafin/var/log/amintaccen fayil ɗin a cikin kumburin Ansible Control zuwa rundunonin da ke nesa a cikin rukunin masu saiti a cikin/tmp.
Kuna iya amfani da kundin fayil ɗin don canza izini da ikon mallaka na fayil.
# ansible webservers -m file -a "dest=/tmp/secure mode=600"
Allyari, za ku iya ɗaura wa maigidan da mahawara ƙungiya kamar yadda aka nuna:
# ansible webservers -m file -a "dest=/tmp/secure mode=600 owner=tecmint group=tecmint"
Hakanan zaka iya ƙirƙirar kundayen adireshi, ta irin wannan hanya zuwa mkdir -p kamar yadda aka nuna.
$ ansible webservers -m file -a "dest=/path/to/directory mode=755 owner=tecmint group=tecmint state=directory"
Misali,
$ ansible webservers -m file -a "dest=/home/tecmint/data mode=755 owner=tecmint group=tecmint state=directory"
A cikin wannan labarin, muna ba da haske game da yadda zaku iya saita nodes masu sarrafawa don gudanar da Sauƙi-ad-hoc umarni don sarrafa rundunonin nesa. Muna fatan kun same shi da amfani. Ba shi harbi kuma bari mu san yadda abin ya kasance.