Char05 Ansible 最佳实践
Posted ZSR0401
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Char05 Ansible 最佳实践相关的知识,希望对你有一定的参考价值。
5.1 优化Ansible速度
Ansible的执行效率低于SaltStack : 原因,使用默认的SSH方式通信,效率低于SaltStack 的 zeromq消息队列
1 开启SSH 长连接
# ssh -V OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8, OpenSSL 1.0.1f 6 Jan 2014 # 需要大于5.6 # cat .ansible.cfg [defaults] host_key_checking = False module_name = shell remote_port = 22 remote_tmp = $HOME/.ansible/tmp record_host_keys= False sh_args= -o ControlMaster=auto -o ControlPersist-5d
# netstat | grep ssh tcp 0 0 172.17.150.51:34030 172.17.150.21:ssh ESTABLISHED tcp 0 0 172.17.150.51:52852 172.17.150.42:ssh ESTABLISHED tcp 0 0 172.17.150.51:41904 172.17.150.100:ssh ESTABLISHED tcp 0 0 172.17.150.51:53620 172.17.150.21:ssh ESTABLISHED tcp 0 0 172.17.150.51:53620 172.17.150.21:ssh ESTABLISHED unix 3 [ ] STREAM CONNECTED 21402633 /root/.ansible/cp/ansible-ssh-testslave5-22-jenkins.PaagQPMKpFYk0nXz
2 开启pipeling
也是OpenSSH的一个特性,优化了之前的将生成好的本地的Python脚本PUT到远端服务器,如果开启了pipelining = True ,这个过程降噪SSH 会话中执行,大大提供了效率
# piplinling= True 之前 <TestSlave5> ESTABLISH CONNECTION FOR USER: jenkins <TestSlave5> REMOTE_MODULE ping <TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280 && echo $HOME/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280‘ <TestSlave5> PUT /tmp/tmpj3c5YY TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280/ping <TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c ‘LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280/ >/dev/null 2>&1‘ TestSlave5 | success >> { "changed": false, "ping": "pong" } <TestSlave6> ESTABLISH CONNECTION FOR USER: jenkins <TestSlave6> REMOTE_MODULE ping <TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906 && echo $HOME/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906‘ <TestSlave6> PUT /tmp/tmpVvNM_K TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906/ping <TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c ‘LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906/ >/dev/null 2>&1‘ TestSlave6 | success >> { "changed": false, "ping": "pong" }
# piplinling = True 时 <TestSlave5> ESTABLISH CONNECTION FOR USER: jenkins <TestSlave5> REMOTE_MODULE ping <TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456 && echo $HOME/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456‘ <TestSlave5> PUT /tmp/tmp8BYUur TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456/ping <TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c ‘LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456/ >/dev/null 2>&1‘ TestSlave5 | success >> { "changed": false, "ping": "pong" } <TestSlave6> ESTABLISH CONNECTION FOR USER: jenkins <TestSlave6> REMOTE_MODULE ping <TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407 && echo $HOME/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407‘ <TestSlave6> PUT /tmp/tmpQrSPOP TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407/ping <TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c ‘LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407/ >/dev/null 2>&1‘ TestSlave6 | success >> { "changed": false, "ping": "pong" }
[defaults] host_key_checking = False module_name = shell remote_port = 22 remote_tmp = $HOME/.ansible/tmp record_host_keys= False sh_args= -o ControlMaster=auto -o ControlPersist-5d pipelinling = True
3 开启 accelerate 模式
与 Multiplexing 有点类似,都依赖与Ansible中控制机与远端机有一个长连接,但是accelerate 是使用python程序在远端机上运行一个守护进程,然后Ansible 会通过这个守护进程监听的端口进行通信 。 如果使用accelerate 则需要在控制机和远端机上都安装python-keyczar软件包,
在写 playbook时指定
4 设置facts缓存
playbook 的默认第一个task是GATHERING FACTS
gathering = smart
fact_caching_timeout = 86400
fact_caching = jsonfile
fact_caching_connection = /tmp/ansible_fact_cache
5.4 灰度发布与检测
以上是关于Char05 Ansible 最佳实践的主要内容,如果未能解决你的问题,请参考以下文章
《Ansible自动化运维:技术与最佳实践》图书已上架,欢迎大家阅读
Ansible最佳实践之 AWX 使用 Ansible 与 API 通信