使用这些Ansible playbook,简化和加强复杂IT环境中的自动化流程。
在复杂的IT环境中,即使是最小的任务也可能永远存在。庞大的系统很难开发,部署和维护。业务需求只会增加复杂性,IT团队会在管理,可用性和成本方面遇到困难。
如何解决这种复杂性并满足当今的业务需求?毫无疑问,Ansible可以改进你当前的流程,迁移应用程序以实现更好的优化,并为整个组织的DevOps实践提供单一语言。
更重要的是,你可以通过Ansible playbooks声明配置,它们可以协调任何手动定制流程的步骤,即使不同的步骤必须在特定工单之间来回跳转。他们可以同步或异步启动任务。
虽然可以运行/usr/bin/ansible程序来执行临时任务,但是Playbook更有可能保留在源代码管理中并用于推出配置或确保远程系统的配置符合规范。由于Ansible playbooks是配置,部署和编排语言,因此可以描述希望远程系统实施的策略或一般IT流程中的一系列步骤。
以下是四个Ansible playbook,你应该尝试进一步自定义和配置自动化的工作方式。
管理Kubernetes对象
当你对Kubernetes对象执行CRUD操作时,Ansible playbooks使你能够通过OpenShift Python客户端快速轻松地访问所有Kubernetes API。以下playbook片段向你展示如何创建特定的Kubernetes命名空间和服务对象:
- name: Create a k8s namespace k8s: name: mynamespace api_version: v1 kind: Namespace state: present - name: Create a Service object from an inline definition k8s: state: present definition: apiVersion: v1 kind: Service metadata: name: web namespace: mynamespace labels: app: galaxy service: web spec: selector: app: galaxy service: web ports: - protocol: TCP targetPort: 8000 name: port-8000-tcp port: 8000 - name: Create a Service object by reading the definition from a file k8s: state: present src: /mynamespace/service.yml # Passing the object definition from a file - name: Create a Deployment by reading the definition from a local file k8s: state: present src: /mynamespace/deployment.yml
减轻像Meltdown和Spectre这样的重要安全问题
在1月的第一周,宣布了两个漏洞:Meltdown和Spectre。两者都涉及硬件或地球上每个计算设备的核心:处理器。虽然Meltdown和Spectre没有完全缓解,但以下playbook片段显示了如何轻松部署Windows补丁:
- name: Patch Windows systems against Meltdown and Spectre
hosts: "{{ target_hosts | default('all') }}"
vars:
reboot_after_update: no
registry_keys:
- path: HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
name: FeatureSettingsOverride
data: 0
type: dword
- path: HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
name: FeatureSettingsOverrideMask
data: 3
type: dword
# https://support.microsoft.com/en-us/help/4072699
- path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat
name: cadca5fe-87d3-4b96-b7fb-a231484277cc
type: dword
data: '0x00000000'
tasks:
- name: Install security updates
win_updates:
category_names:
- SecurityUpdates
notify: reboot windows system
- name: Enable kernel protections
win_regedit:
path: "{{ item.path }}"
name: "{{ item.name }}"
data: "{{ item.data }}"
type: "{{ item.type }}"
with_items: "{{ registry_keys }}"
handlers:
- name: reboot windows system
win_reboot:
shutdown_timeout: 3600
reboot_timeout: 3600
when: reboot_after_update
相应的Linux的playbook链接如下:
https://github.com/ansible/ansible-lockdown/blob/master/meltdown-spectre-linux.yml
将CI/CD流程与Jenkins集成
Jenkins是实现CI/CD的着名工具。Shell脚本通常用于配置环境或在流水线中部署应用程序。虽然这可行,但从长远来看,维护和重用脚本很麻烦。以下Playbook代码段显示了如何使用Jenkins流水线在持续集成/持续交付(CI/CD)过程中配置基础结构。
--- - name: Deploy Jenkins CI hosts: jenkins_server remote_user: vagrant become: yes roles: - geerlingguy.repo-epel - geerlingguy.jenkins - geerlingguy.git - tecris.maven - geerlingguy.ansible - name: Deploy Nexus Server hosts: nexus_server remote_user: vagrant become: yes roles: - geerlingguy.java - savoirfairelinux.nexus3-oss - name: Deploy Sonar Server hosts: sonar_server remote_user: vagrant become: yes roles: - wtanaka.unzip - zanini.sonar - name: On Premises CentOS hosts: app_server remote_user: vagrant become: yes roles: - jenkins-keys-config
使用Istio启动服务网格
借助云平台,开发人员必须使用微服务来构建可移植性。同时,运维正在管理极其庞大的混合和多云部署。与Istio的服务网格允许你通过专用基础设施(如Envoy边车容器)连接,保护,控制和观察服务,而不是开发人员。以下playbook片段显示如何在你的计算机上本地安装Istio:
--- # Whether the cluster is an Openshift (ocp) or upstream Kubernetes (k8s) cluster cluster_flavour: ocp istio: # Install istio with or without istio-auth module auth: false # A set of add-ons to install, for example kiali addon: [] # The names of the samples that should be installed as well. # The available samples are in the istio_simple_samples variable # In addition to the values in istio_simple_samples, 'bookinfo' can also be specified samples: [] # Whether or not to open apps in the browser open_apps: false # Whether to delete resources that might exist from previous Istio installations delete_resources: false
结论
可以在ansible-examples存储库中找到可以说明这些技术的全套手册。
希望Ansible playbook的这些提示和片段提供了一些有趣的方法来扩展你的自动化之旅。
本文暂时没有评论,来添加一个吧(●'◡'●)