Char05 Ansible 最佳实践

Posted ZSR0401

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Char05 Ansible 最佳实践相关的知识,希望对你有一定的参考价值。

 

5.1 优化Ansible速度

  Ansible的执行效率低于SaltStack : 原因,使用默认的SSH方式通信,效率低于SaltStack 的 zeromq消息队列

  1 开启SSH 长连接

# ssh -V
OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8, OpenSSL 1.0.1f 6 Jan 2014 # 需要大于5.6

# cat .ansible.cfg
[defaults]
host_key_checking = False
module_name = shell
remote_port = 22
remote_tmp = $HOME/.ansible/tmp
record_host_keys= False
sh_args= -o ControlMaster=auto -o ControlPersist-5d

  

# netstat | grep ssh
tcp        0      0 172.17.150.51:34030     172.17.150.21:ssh       ESTABLISHED
tcp        0      0 172.17.150.51:52852     172.17.150.42:ssh       ESTABLISHED
tcp        0      0 172.17.150.51:41904     172.17.150.100:ssh      ESTABLISHED
tcp        0      0 172.17.150.51:53620     172.17.150.21:ssh       ESTABLISHED
tcp        0      0 172.17.150.51:53620     172.17.150.21:ssh       ESTABLISHED
unix  3      [ ]         STREAM     CONNECTED     21402633 /root/.ansible/cp/ansible-ssh-testslave5-22-jenkins.PaagQPMKpFYk0nXz

  

  2 开启pipeling 

   也是OpenSSH的一个特性,优化了之前的将生成好的本地的Python脚本PUT到远端服务器,如果开启了pipelining = True ,这个过程降噪SSH 会话中执行,大大提供了效率

# piplinling= True 之前

<TestSlave5> ESTABLISH CONNECTION FOR USER: jenkins
<TestSlave5> REMOTE_MODULE ping
<TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280 && echo $HOME/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280‘
<TestSlave5> PUT /tmp/tmpj3c5YY TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280/ping
<TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c ‘LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280/ >/dev/null 2>&1‘
TestSlave5 | success >> {
    "changed": false,
    "ping": "pong"
}

<TestSlave6> ESTABLISH CONNECTION FOR USER: jenkins
<TestSlave6> REMOTE_MODULE ping
<TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906 && echo $HOME/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906‘
<TestSlave6> PUT /tmp/tmpVvNM_K TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906/ping
<TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c ‘LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906/ >/dev/null 2>&1‘
TestSlave6 | success >> {
    "changed": false,
    "ping": "pong"
}

  

# piplinling = True 时 

<TestSlave5> ESTABLISH CONNECTION FOR USER: jenkins
<TestSlave5> REMOTE_MODULE ping
<TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456 && echo $HOME/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456‘
<TestSlave5> PUT /tmp/tmp8BYUur TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456/ping
<TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c ‘LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456/ >/dev/null 2>&1‘
TestSlave5 | success >> {
    "changed": false,
    "ping": "pong"
}

<TestSlave6> ESTABLISH CONNECTION FOR USER: jenkins
<TestSlave6> REMOTE_MODULE ping
<TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407 && echo $HOME/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407‘
<TestSlave6> PUT /tmp/tmpQrSPOP TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407/ping
<TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c ‘LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407/ >/dev/null 2>&1‘
TestSlave6 | success >> {
    "changed": false,
    "ping": "pong"
}

  

[defaults]
host_key_checking = False
module_name = shell
remote_port = 22
remote_tmp = $HOME/.ansible/tmp
record_host_keys= False
sh_args= -o ControlMaster=auto -o ControlPersist-5d
pipelinling = True

  3 开启 accelerate 模式

     与 Multiplexing 有点类似,都依赖与Ansible中控制机与远端机有一个长连接,但是accelerate 是使用python程序在远端机上运行一个守护进程,然后Ansible 会通过这个守护进程监听的端口进行通信 。 如果使用accelerate 则需要在控制机和远端机上都安装python-keyczar软件包,

     在写 playbook时指定

 

  4 设置facts缓存

    playbook 的默认第一个task是GATHERING FACTS 

 

    gathering = smart

    fact_caching_timeout = 86400

    fact_caching = jsonfile

    fact_caching_connection = /tmp/ansible_fact_cache

 

    

5.4 灰度发布与检测

 

 

 

  

 

 

     

以上是关于Char05 Ansible 最佳实践的主要内容,如果未能解决你的问题,请参考以下文章

Ansible — 示例与最佳实践

Ansible:维护 sudoer 列表的最佳实践

《Ansible自动化运维:技术与最佳实践》图书已上架,欢迎大家阅读

Ansible最佳实践之 AWX 使用 Ansible 与 API 通信

Ansible最佳实践之 AWX 使用 Ansible 与 API 通信

Ansible Roles和最佳实践