首页 > 代码库 > Char05 Ansible 最佳实践
Char05 Ansible 最佳实践
5.1 优化Ansible速度
Ansible的执行效率低于SaltStack : 原因,使用默认的SSH方式通信,效率低于SaltStack 的 zeromq消息队列
1 开启SSH 长连接
# ssh -V OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8, OpenSSL 1.0.1f 6 Jan 2014 # 需要大于5.6 # cat .ansible.cfg [defaults] host_key_checking = False module_name = shell remote_port = 22 remote_tmp = $HOME/.ansible/tmp record_host_keys= False sh_args= -o ControlMaster=auto -o ControlPersist-5d
# netstat | grep ssh tcp 0 0 172.17.150.51:34030 172.17.150.21:ssh ESTABLISHED tcp 0 0 172.17.150.51:52852 172.17.150.42:ssh ESTABLISHED tcp 0 0 172.17.150.51:41904 172.17.150.100:ssh ESTABLISHED tcp 0 0 172.17.150.51:53620 172.17.150.21:ssh ESTABLISHED tcp 0 0 172.17.150.51:53620 172.17.150.21:ssh ESTABLISHED unix 3 [ ] STREAM CONNECTED 21402633 /root/.ansible/cp/ansible-ssh-testslave5-22-jenkins.PaagQPMKpFYk0nXz
2 开启pipeling
也是OpenSSH的一个特性,优化了之前的将生成好的本地的Python脚本PUT到远端服务器,如果开启了pipelining = True ,这个过程降噪SSH 会话中执行,大大提供了效率
# piplinling= True 之前 <TestSlave5> ESTABLISH CONNECTION FOR USER: jenkins <TestSlave5> REMOTE_MODULE ping <TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280 && echo $HOME/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280‘ <TestSlave5> PUT /tmp/tmpj3c5YY TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280/ping <TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c ‘LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280/ >/dev/null 2>&1‘ TestSlave5 | success >> { "changed": false, "ping": "pong" } <TestSlave6> ESTABLISH CONNECTION FOR USER: jenkins <TestSlave6> REMOTE_MODULE ping <TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906 && echo $HOME/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906‘ <TestSlave6> PUT /tmp/tmpVvNM_K TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906/ping <TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c ‘LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906/ >/dev/null 2>&1‘ TestSlave6 | success >> { "changed": false, "ping": "pong" }
# piplinling = True 时 <TestSlave5> ESTABLISH CONNECTION FOR USER: jenkins <TestSlave5> REMOTE_MODULE ping <TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456 && echo $HOME/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456‘ <TestSlave5> PUT /tmp/tmp8BYUur TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456/ping <TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c ‘LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456/ >/dev/null 2>&1‘ TestSlave5 | success >> { "changed": false, "ping": "pong" } <TestSlave6> ESTABLISH CONNECTION FOR USER: jenkins <TestSlave6> REMOTE_MODULE ping <TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407 && echo $HOME/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407‘ <TestSlave6> PUT /tmp/tmpQrSPOP TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407/ping <TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c ‘LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407/ >/dev/null 2>&1‘ TestSlave6 | success >> { "changed": false, "ping": "pong" }
[defaults] host_key_checking = False module_name = shell remote_port = 22 remote_tmp = $HOME/.ansible/tmp record_host_keys= False sh_args= -o ControlMaster=auto -o ControlPersist-5d pipelinling = True
3 开启 accelerate 模式
与 Multiplexing 有点类似,都依赖与Ansible中控制机与远端机有一个长连接,但是accelerate 是使用python程序在远端机上运行一个守护进程,然后Ansible 会通过这个守护进程监听的端口进行通信 。 如果使用accelerate 则需要在控制机和远端机上都安装python-keyczar软件包,
在写 playbook时指定
4 设置facts缓存
playbook 的默认第一个task是GATHERING FACTS
gathering = smart
fact_caching_timeout = 86400
fact_caching = jsonfile
fact_caching_connection = /tmp/ansible_fact_cache
5.4 灰度发布与检测
Char05 Ansible 最佳实践
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。