0. Introduction: Why You Need a “Magic Tool” Instead of “Common Commands”
In the daily operations of many people, when faced with dozens or even hundreds of servers, a question often arises—Is there a way to make these machines move simultaneously as if they were listening to a conductor? Ansible is that conductor’s baton.
Its advantage lies in its lightweight nature; the managed machines do not require additional client installations. As long as they can SSH, they can be managed uniformly. You can think of it as a thick rope that ties together machines with different operating systems and roles. The operations personnel only need to pull one end to push configurations, deploy applications, and execute commands in bulk, without having to repeat the same actions over and over.
Below, I have selected some real business scenarios to give you a feel for its practical applications.
Once, we launched a new service that required creating a deploy user and configuring the shell on all servers. If you were to do this manually on each machine, it might take you until the evening. But with Ansible, you only need a simple YAML:
- hosts: all
become: yes
tasks:
- name: Create deploy user
user:
name: deploy
state: present
shell: /bin/bashExecution:
$ ansible-playbook -i hosts create_user.yamlIn seconds, all machines returned changed, and the task was completed.
Later, we encountered a need to standardize hostnames and wanted all web nodes to have a unified naming convention.
- hosts: webservers
become: yes
tasks:
- name: Set hostname
hostname:
name: web-{{ inventory_hostname }}No need to SSH into each machine to run hostnamectl; it will change automatically.
Deploying configuration files is another frequent operation, such as the unified configuration for nginx:
- hosts: webservers
become: yes
tasks:
- name: Deploy nginx config
copy:
src: ./nginx.conf
dest: /etc/nginx/nginx.conf
backup: yesWith one push, 100 machines instantly synchronize their versions.
Installing software doesn’t require searching for someone to execute it everywhere:
- hosts: all
become: yes
tasks:
- name: Install git
yum:
name: git
state: presentAfter execution, you can see which machines already had it and which just installed it.
Sometimes, you need to check disk usage:
- hosts: all
tasks:
- name: Check disk usage
shell: df -h
register: disk_info
- debug:
var: disk_info.stdout_linesThe results will be displayed in the terminal, allowing for direct comparison across nodes.
During database maintenance, restarting MySQL in bulk also becomes simple:
- hosts: dbservers
become: yes
tasks:
- name: Restart MySQL
service:
name: mysqld
state: restartedFor initializing new servers, installing and starting Docker:
- hosts: newservers
become: yes
tasks:
- name: Install docker
yum:
name: docker
state: present
- name: Enable and start docker
service:
name: docker
state: started
enabled: yesTo unify the operational environment, change the timezone to Shanghai time:
- hosts: all
become: yes
tasks:
- name: Set timezone
timezone:
name: Asia/ShanghaiSometimes, when releasing a project, you need to pull code directly from Git:
- hosts: webservers
tasks:
- name: Update code from git
git:
repo: 'https://github.com/example/project.git'
dest: /var/www/project
version: masterWhen troubleshooting online, quickly checking open ports is also very convenient:
- hosts: all
tasks:
- name: Check port 8080
shell: "netstat -tuln | grep 8080 || true"
register: port_check
- debug:
var: port_check.stdout_linesRegularly cleaning the /tmp directory:
- hosts: all
become: yes
tasks:
- name: Remove old tmp files
file:
path: /tmp/*
state: absentExecuting a full security update (use with caution):
- hosts: all
become: yes
tasks:
- name: Update all packages
yum:
name: '*'
state: latestThese are just twelve common use cases; in actual work, there can be many more combinations, such as monitoring process status, bulk modifying firewall policies, distributing SSL certificates, etc. The key is that once you configure its inventory, the speed and coverage of execution will quickly make you addicted.
If you still have dozens or hundreds of machines to maintain manually, consider spending half a day trying it out. Once you see a hundred servers returning execution results simultaneously, you will understand why so many people cannot live without Ansible.
Old Yang’s Time
Here, I would like to clarify that in daily life, everyone calls me Brother Bo, which has nothing to do with seniority; it’s just a nickname because I’m older. I call my younger colleagues born in the 2000s by their brother names, like Brother Zhang and Brother Li.
However, this title can feel a bit inappropriate when attending offline events, especially when the sponsors also call me that. For example, at a recent conference, a planning director from a certain group said, “Today we are happy! Let’s invite Brother Bo from the IT operations and maintenance technical circle to say a few words.” This atmosphere and this title don’t quite match in the internet industry!
Every time I encounter this situation, I want to respond: “Meeting you all is fate, thank you for your kindness, let’s not say anything more, it’s all in the wine. I drink, you all feel free!” So from now on, let’s call me Old Yang, which is both down-to-earth and low-key, and quite friendly; I think it’s good.
Operations and Maintenance X Files Series Articles:
From Alarm to CTO: The 11-Hour Life-and-Death Race of a P0 Incident
Old Yang’s AI Account