Ansible

1. Ansible nima va qanday ishlaydi?

Ansible nima?

Ansible - bu ochiq manbali avtomatlashtirish vositasi bo'lib, IT infratuzilmasini boshqarish, dasturiy ta'minotni joylash (deployment) va konfiguratsiya boshqaruvi uchun ishlatiladi. U Red Hat kompaniyasi tomonidan ishlab chiqilgan va Python dasturlash tilida yozilgan.

Ansible ning asosiy xususiyatlari:

• Agentsiz (Agentless): Boshqariladigan serverlar ustida qo'shimcha dastur o'rnatish shart emas
• Deklarativ til: Siz nima kerakligini aytasiz, qanday qilishni emas
• Idempotent: Bir xil amaliyotni bir necha marta bajarishda natija o'zgarmaydi
• SSH orqali ulanish: Secure Shell protokoli orqali serverlarni boshqaradi
• YAML sintaksis: Odam o'qishi oson bo'lgan format

Ansible qanday ishlaydi?

Ansible "push" modelini ishlatadi:

1. Control Node (Boshqaruvchi tugun) dan buyruqlar yuboriladi
2. SSH orqali Managed Hosts (Boshqariladigan hostlar) ga ulanadi
3. Vaqtinchalik Python skriptlar hosil qilinadi va bajariladi
4. Natijalar qaytariladi va vaqtinchalik fayllar o'chiriladi

Control Node  ----SSH---->  Managed Host 1
    |         ----SSH---->  Managed Host 2  
    |         ----SSH---->  Managed Host 3
    |
   Playbook
   Inventory
   Modules

Ansible ning asosiy tushunchalari:

• Inventory: Boshqariladigan serverlar ro'yxati
• Playbook: Vazifalar ketma-ketligi (YAML formatda)
• Task: Bitta amal yoki vazifa
• Module: Muayyan vazifani bajaruvchi kod qismi
• Role: Qayta ishlatilishi mumkin bo'lgan playbook qismlari
• Handler: Hodisalar natijasida bajariladigan maxsus tasklar

2. Control Node va Managed Hosts

Control Node (Boshqaruvchi Tugun)

Control Node - bu Ansible o'rnatilgan va barcha boshqaruv amaliyotlari bajarilayotgan asosiy kompyuter.

Control Node talablari:

• Python 2.7 yoki Python 3.5+ versiyasi
• Linux, macOS yoki WSL (Windows Subsystem for Linux)
• SSH client
• Windows to'g'ridan-to'g'ri Control Node bo'la olmaydi

Control Node vazifalarim:

• Inventory fayllarini saqlash
• Playbook larni saqlash va bajarish
• Managed hostlar bilan aloqa o'rnatish
• Modullar va kutubxonalarni saqlash

Managed Hosts (Boshqariladigan Hostlar)

Managed Hosts - bu Ansible tomonidan boshqariladigan serverlar, kompyuterlar yoki tarmoq qurilmalari.

Managed Host talablari:

• SSH serveri (Linux/Unix uchun)
• Python 2.6+ yoki Python 3.5+ (ba'zi modullar uchun)
• PowerShell 3.0+ (Windows uchun)
• WinRM (Windows uchun)

Managed Host turlari:

• Linux serverlar
• Windows serverlar
• Tarmoq qurilmalari (router, switch)
• Cloud platformalar (AWS, Azure, GCP)
• Container platformalar (Docker, Kubernetes)

Aloqa protokollari:

SSH (Linux/Unix uchun):

ansible_connection: ssh
ansible_host: 192.168.1.10
ansible_user: admin
ansible_ssh_private_key_file: ~/.ssh/id_rsa

WinRM (Windows uchun):

ansible_connection: winrm
ansible_host: 192.168.1.20
ansible_user: Administrator
ansible_password: password123
ansible_winrm_transport: ntlm

Local (mahalliy uchun):

ansible_connection: local

3. O'rnatish va Inventory Asoslari

Ansible ni o'rnatish

Ubuntu/Debian da:

# System yangilash
sudo apt update

# Ansible o'rnatish
sudo apt install ansible -y

# Yoki pip orqali
pip3 install ansible

# Versiyani tekshirish
ansible --version

CentOS/RHEL da:

# EPEL repository qo'shish
sudo yum install epel-release -y

# Ansible o'rnatish
sudo yum install ansible -y

# Versiyani tekshirish
ansible --version

macOS da:

# Homebrew orqali
brew install ansible

# Yoki pip orqali
pip3 install ansible

Ansible konfiguratsiya fayli

Ansible konfiguratsiyasi ansible.cfg faylida saqlanadi. Qidiruv tartibi:

1. ANSIBLE_CONFIG environment o'zgaruvchisi
2. Joriy katalogdagi ansible.cfg
3. Home katalogdagi ~/.ansible.cfg
4. /etc/ansible/ansible.cfg

Asosiy konfiguratsiya:

[defaults]
inventory = ./hosts
remote_user = ansible
host_key_checking = False
gathering = smart
fact_caching = jsonfile
fact_caching_connection = /tmp/facts_cache
timeout = 30

[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
pipelining = True

Inventory Asoslari

Inventory - bu Ansible boshqaradigan barcha hostlarning ro'yxati.

INI formatdagi inventory:

Oddiy inventory (hosts fayli):

# Web serverlar
web1.example.com
web2.example.com
192.168.1.10

# Database serverlar  
[databases]
db1.example.com
db2.example.com

# Load balancer lar
[loadbalancers]
lb1.example.com ansible_host=192.168.1.5
lb2.example.com ansible_host=192.168.1.6

# Guruh o'zgaruvchilari
[webservers:vars]
http_port=80
max_clients=200

# Guruhlarni birlashtirish
[production:children]
webservers
databases
loadbalancers

YAML formatdagi inventory:

inventory.yml fayli:

all:
  hosts:
    web1.example.com:
    web2.example.com:
    192.168.1.10:
  children:
    webservers:
      hosts:
        web1.example.com:
          ansible_host: 192.168.1.11
          http_port: 80
        web2.example.com:
          ansible_host: 192.168.1.12
          http_port: 8080
      vars:
        max_clients: 200
    
    databases:
      hosts:
        db1.example.com:
        db2.example.com:
      vars:
        mysql_port: 3306
    
    loadbalancers:
      hosts:
        lb1.example.com:
          ansible_host: 192.168.1.5
        lb2.example.com:
          ansible_host: 192.168.1.6

Host o'zgaruvchilari:

[webservers]
web1.example.com ansible_host=192.168.1.11 ansible_user=admin
web2.example.com ansible_host=192.168.1.12 ansible_user=root ansible_port=2222
web3.example.com ansible_connection=local

Host o'zgaruvchilari faylda:

host_vars/web1.example.com.yml:

ansible_host: 192.168.1.11
ansible_user: admin
ansible_ssh_private_key_file: ~/.ssh/web1_key
http_port: 80
ssl_enabled: true

Guruh o'zgaruvchilari:

group_vars/webservers.yml:

http_port: 80
max_clients: 200
ssl_enabled: false
nginx_version: 1.18

group_vars/all.yml:

ntp_server: pool.ntp.org
timezone: Asia/Tashkent
ansible_user: ansible

Inventory ni tekshirish:

# Barcha hostlarni ko'rish
ansible-inventory --list

# Muayyan guruhni ko'rish
ansible-inventory --host web1.example.com

# Grafik formatda ko'rish
ansible-inventory --graph

# YAML formatda chiqarish
ansible-inventory --list -y

4. Ad-hoc Buyruqlar

Ad-hoc buyruqlar - bu Ansible ning eng oddiy va tez usuli bo'lib, playbook yozmasdan turib bitta vazifani bajarish uchun ishlatiladi.

Ad-hoc buyruqlarning sintaksisi:

ansible <pattern> -m <module> -a "<arguments>" [options]

Asosiy parametrlar:

• <pattern>: Qaysi hostlar (all, guruh nomi, host nomi)
• -m <module>: Ishlatilishi kerak bo'lgan modul
• -a "<arguments>": Modulga beriladigan argumentlar
• -i <inventory>: Inventory fayli
• -u <user>: Remote foydalanuvchi
• -k: SSH parolini so'rash
• -K: sudo parolini so'rash
• --become: sudo huquqlarini ishlatish

Asosiy modullar bilan misollar:

1. Ping moduli:

# Barcha hostlarni tekshirish
ansible all -m ping

# Muayyan guruhni tekshirish  
ansible webservers -m ping

# Bitta hostni tekshirish
ansible web1.example.com -m ping

2. Command moduli:

# Oddiy buyruq bajarish
ansible all -m command -a "uptime"

# Tizim ma'lumotlarini olish
ansible webservers -m command -a "df -h"

# Jarayonlarni ko'rish
ansible databases -m command -a "ps aux | grep mysql"

# Working directory belgilash
ansible all -m command -a "pwd" -a "chdir=/tmp"

3. Shell moduli:

# Shell buyruqlari (pipes, redirections)
ansible all -m shell -a "ps aux | grep nginx | wc -l"

# Environment o'zgaruvchilari bilan
ansible webservers -m shell -a "echo $HOME"

# Murakkab buyruqlar
ansible all -m shell -a "if [ -f /etc/passwd ]; then echo 'File exists'; fi"

4. Copy moduli:

# Fayl nusxalash
ansible webservers -m copy -a "src=/tmp/file.txt dest=/opt/file.txt"

# Matn yaratish
ansible all -m copy -a "content='Hello World' dest=/tmp/hello.txt"

# Ruxsatlar bilan nusxalash
ansible webservers -m copy -a "src=config.conf dest=/etc/nginx/nginx.conf owner=root group=root mode=0644" --become

5. File moduli:

# Fayl yaratish
ansible all -m file -a "path=/tmp/testfile state=touch"

# Katalog yaratish
ansible webservers -m file -a "path=/opt/myapp state=directory mode=0755" --become

# Fayl o'chirish
ansible all -m file -a "path=/tmp/oldfile state=absent"

# Symbolic link yaratish
ansible webservers -m file -a "src=/opt/myapp/current dest=/opt/myapp/latest state=link"

# Ruxsatlarni o'zgartirish
ansible all -m file -a "path=/tmp/script.sh mode=0755"

6. Service moduli:

# Service ni ishga tushirish
ansible webservers -m service -a "name=nginx state=started" --become

# Service ni to'xtatish
ansible webservers -m service -a "name=apache2 state=stopped" --become

# Service ni qayta ishga tushirish
ansible databases -m service -a "name=mysql state=restarted" --become

# Service ni avtomatik ishga tushirishni yoqish
ansible all -m service -a "name=sshd state=started enabled=yes" --become

7. Package moduli (apt/yum):

# Paket o'rnatish (Ubuntu/Debian)
ansible webservers -m apt -a "name=nginx state=present" --become

# Paket o'rnatish (CentOS/RHEL)
ansible webservers -m yum -a "name=httpd state=present" --become

# Paket yangilash
ansible all -m apt -a "name=openssh-server state=latest" --become

# Paket o'chirish
ansible webservers -m apt -a "name=apache2 state=absent" --become

# Bir nechta paket o'rnatish
ansible all -m apt -a "name=git,curl,wget state=present" --become

8. User moduli:

# Foydalanuvchi yaratish
ansible all -m user -a "name=testuser state=present" --become

# Parol bilan foydalanuvchi yaratish
ansible all -m user -a "name=appuser password='$6$encrypted_password' state=present" --become

# Foydalanuvchini guruhga qo'shish
ansible webservers -m user -a "name=nginx group=www-data groups=ssl-cert append=yes" --become

# Foydalanuvchini o'chirish
ansible all -m user -a "name=olduser state=absent remove=yes" --become

9. Mount moduli:

# Disk mount qilish
ansible all -m mount -a "src=/dev/sdb1 path=/data fstype=ext4 state=mounted" --become

# Mount ni unmount qilish
ansible databases -m mount -a "path=/backup state=unmounted" --become

10. Cron moduli:

# Cron job yaratish
ansible all -m cron -a "name='backup script' minute=0 hour=2 job='/opt/backup.sh'" --become

# Cron job o'chirish
ansible all -m cron -a "name='old backup' state=absent" --become

Setup moduli - system faktlarini yig'ish:

# Barcha system ma'lumotlarini olish
ansible all -m setup

# Ma'lum faktlarni filterlash
ansible all -m setup -a "filter=ansible_os_family"

# Network ma'lumotlari
ansible webservers -m setup -a "filter=ansible_default_ipv4"

# Hardware ma'lumotlari
ansible all -m setup -a "filter=ansible_processor*"

# Memory ma'lumotlari
ansible databases -m setup -a "filter=ansible_memory_mb"

Qo'shimcha parametrlar:

# Parallel bajarish (default: 5)
ansible all -m ping -f 10

# Timeout belgilash
ansible all -m command -a "sleep 30" -T 60

# Ma'lum hostlarni chiqarib tashlash
ansible all -m ping --limit "!web3.example.com"

# Faqat ma'lum hostlarda bajarish
ansible all -m command -a "hostname" --limit "web*"

# Dry-run rejimi (check mode)
ansible webservers -m apt -a "name=nginx state=present" --check --become

# Verbose output
ansible all -m setup -v
ansible all -m ping -vv
ansible all -m command -a "hostname" -vvv

Xatoliklarni boshqarish:

# Xatolikda to'xtamaslik
ansible all -m command -a "false" -i

# Ma'lum miqdordagi xatolikda to'xtash
ansible all -m ping --max-fail-percentage=25

Maslahatlar:

1. Xavfsizlik: Muhim buyruqlarni avval --check rejimida sinab ko'ring
2. Performance: Ko'p hostlar uchun -f parametrini oshiring
3. Logging: --verbose rejimlarini debugging uchun ishlating
4. Inventory: Host naqshlarini to'g'ri ishlating (wildcards: *, [])
5. Authentication: SSH kalitlarini parollardan afzal ko'ring

Ad-hoc buyruqlar tez va oddiy vazifalar uchun juda foydali, lekin murakkab va qayta ishlatilishi kerak bo'lgan vazifalar uchun playbook yozish yaxshiroq yondashuv hisoblanadi.