• Char05 Ansible 最佳实践

    5.1 优化Ansible速度

      Ansible的执行效率低于SaltStack : 原因,使用默认的SSH方式通信,效率低于SaltStack 的 zeromq消息队列

      1 开启SSH 长连接

    # ssh -V
OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8, OpenSSL 1.0.1f 6 Jan 2014 # 需要大于5.6

# cat .ansible.cfg
[defaults]
host_key_checking = False
module_name = shell
remote_port = 22
remote_tmp = $HOME/.ansible/tmp
record_host_keys= False
sh_args= -o ControlMaster=auto -o ControlPersist-5d

      

    # netstat | grep ssh
tcp        0      0 172.17.150.51:34030     172.17.150.21:ssh       ESTABLISHED
tcp        0      0 172.17.150.51:52852     172.17.150.42:ssh       ESTABLISHED
tcp        0      0 172.17.150.51:41904     172.17.150.100:ssh      ESTABLISHED
tcp        0      0 172.17.150.51:53620     172.17.150.21:ssh       ESTABLISHED
tcp        0      0 172.17.150.51:53620     172.17.150.21:ssh       ESTABLISHED
unix  3      [ ]         STREAM     CONNECTED     21402633 /root/.ansible/cp/ansible-ssh-testslave5-22-jenkins.PaagQPMKpFYk0nXz

      

      2 开启pipeling 

       也是OpenSSH的一个特性,优化了之前的将生成好的本地的Python脚本PUT到远端服务器,如果开启了pipelining = True ,这个过程降噪SSH 会话中执行,大大提供了效率

    # piplinling= True 之前

<TestSlave5> ESTABLISH CONNECTION FOR USER: jenkins
<TestSlave5> REMOTE_MODULE ping
<TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280 && echo $HOME/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280'
<TestSlave5> PUT /tmp/tmpj3c5YY TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280/ping
<TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280/ >/dev/null 2>&1'
TestSlave5 | success >> {
    "changed": false,
    "ping": "pong"
}

<TestSlave6> ESTABLISH CONNECTION FOR USER: jenkins
<TestSlave6> REMOTE_MODULE ping
<TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906 && echo $HOME/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906'
<TestSlave6> PUT /tmp/tmpVvNM_K TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906/ping
<TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906/ >/dev/null 2>&1'
TestSlave6 | success >> {
    "changed": false,
    "ping": "pong"
}

      

    # piplinling = True 时 

<TestSlave5> ESTABLISH CONNECTION FOR USER: jenkins
<TestSlave5> REMOTE_MODULE ping
<TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456 && echo $HOME/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456'
<TestSlave5> PUT /tmp/tmp8BYUur TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456/ping
<TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456/ >/dev/null 2>&1'
TestSlave5 | success >> {
    "changed": false,
    "ping": "pong"
}

<TestSlave6> ESTABLISH CONNECTION FOR USER: jenkins
<TestSlave6> REMOTE_MODULE ping
<TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407 && echo $HOME/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407'
<TestSlave6> PUT /tmp/tmpQrSPOP TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407/ping
<TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407/ >/dev/null 2>&1'
TestSlave6 | success >> {
    "changed": false,
    "ping": "pong"
}

      

    [defaults]
host_key_checking = False
module_name = shell
remote_port = 22
remote_tmp = $HOME/.ansible/tmp
record_host_keys= False
sh_args= -o ControlMaster=auto -o ControlPersist-5d
pipelinling = True

      3 开启 accelerate 模式

         与 Multiplexing 有点类似,都依赖与Ansible中控制机与远端机有一个长连接,但是accelerate 是使用python程序在远端机上运行一个守护进程,然后Ansible 会通过这个守护进程监听的端口进行通信 。 如果使用accelerate 则需要在控制机和远端机上都安装python-keyczar软件包,

         在写 playbook时指定

      4 设置facts缓存

        playbook 的默认第一个task是GATHERING FACTS 

        gathering = smart

        fact_caching_timeout = 86400

        fact_caching = jsonfile

        fact_caching_connection = /tmp/ansible_fact_cache

        

    5.4 灰度发布与检测

    5.4.1 语法检测

    5.4.2 灰度发布

    5.4.3 是否达到预想

    5.5 同意管理

    5.6 使用ansible-shell 交互命令行

    目前ansible-shell只支持Ad-Hoc 命令不支持playbook

      

         
  • 相关阅读:
    记录一次使用npm包管理器的过程
    Markdown---锚点
    Tomcat应用部署
    记录项目中使用SoapUI进行webservice接口测试
    python--使用logging库自定义日志输出
    python--configparser库处理配置文件
    python--excel操作插件openpyxl
    python--使用pycharm调试代码
    【云剪贴板】你不要点开啊!!!!
    【每天一个爆零小技巧】个人用的程序小技巧及其他_自用
  • 原文地址:https://www.cnblogs.com/zsr0401/p/6294076.html
Copyright © 2020-2023  润新知