Char05 Ansible 最佳实践

5.1 优化Ansible速度

  Ansible的执行效率低于SaltStack ： 原因，使用默认的SSH方式通信，效率低于SaltStack 的 zeromq消息队列

　　1 开启SSH 长连接

# ssh -V
OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8, OpenSSL 1.0.1f 6 Jan 2014 # 需要大于5.6

# cat .ansible.cfg
[defaults]
host_key_checking = False
module_name = shell
remote_port = 22
remote_tmp = $HOME/.ansible/tmp
record_host_keys= False
sh_args= -o ControlMaster=auto -o ControlPersist-5d

　　

# netstat | grep ssh
tcp        0      0 172.17.150.51:34030     172.17.150.21:ssh       ESTABLISHED
tcp        0      0 172.17.150.51:52852     172.17.150.42:ssh       ESTABLISHED
tcp        0      0 172.17.150.51:41904     172.17.150.100:ssh      ESTABLISHED
tcp        0      0 172.17.150.51:53620     172.17.150.21:ssh       ESTABLISHED
tcp        0      0 172.17.150.51:53620     172.17.150.21:ssh       ESTABLISHED
unix  3      [ ]         STREAM     CONNECTED     21402633 /root/.ansible/cp/ansible-ssh-testslave5-22-jenkins.PaagQPMKpFYk0nXz

　　

　　2 开启pipeling 

　　　也是OpenSSH的一个特性,优化了之前的将生成好的本地的Python脚本PUT到远端服务器，如果开启了pipelining = True ,这个过程降噪SSH 会话中执行，大大提供了效率

# piplinling= True 之前

<TestSlave5> ESTABLISH CONNECTION FOR USER: jenkins
<TestSlave5> REMOTE_MODULE ping
<TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280 && echo $HOME/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280'
<TestSlave5> PUT /tmp/tmpj3c5YY TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280/ping
<TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-280957036779280/ >/dev/null 2>&1'
TestSlave5 | success >> {
    "changed": false,
    "ping": "pong"
}

<TestSlave6> ESTABLISH CONNECTION FOR USER: jenkins
<TestSlave6> REMOTE_MODULE ping
<TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906 && echo $HOME/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906'
<TestSlave6> PUT /tmp/tmpVvNM_K TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906/ping
<TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645825.18-266544730254906/ >/dev/null 2>&1'
TestSlave6 | success >> {
    "changed": false,
    "ping": "pong"
}

　　

# piplinling = True 时 

<TestSlave5> ESTABLISH CONNECTION FOR USER: jenkins
<TestSlave5> REMOTE_MODULE ping
<TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456 && echo $HOME/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456'
<TestSlave5> PUT /tmp/tmp8BYUur TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456/ping
<TestSlave5> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave5 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-70490925643456/ >/dev/null 2>&1'
TestSlave5 | success >> {
    "changed": false,
    "ping": "pong"
}

<TestSlave6> ESTABLISH CONNECTION FOR USER: jenkins
<TestSlave6> REMOTE_MODULE ping
<TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407 && echo $HOME/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407'
<TestSlave6> PUT /tmp/tmpQrSPOP TO /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407/ping
<TestSlave6> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=jenkins -o ConnectTimeout=10 TestSlave6 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407/ping; rm -rf /home/jenkins/.ansible/tmp/ansible-tmp-1484645805.57-26177483349407/ >/dev/null 2>&1'
TestSlave6 | success >> {
    "changed": false,
    "ping": "pong"
}

　　

[defaults]
host_key_checking = False
module_name = shell
remote_port = 22
remote_tmp = $HOME/.ansible/tmp
record_host_keys= False
sh_args= -o ControlMaster=auto -o ControlPersist-5d
pipelinling = True

　　3 开启 accelerate 模式

 　　　　与 Multiplexing 有点类似，都依赖与Ansible中控制机与远端机有一个长连接，但是accelerate 是使用python程序在远端机上运行一个守护进程，然后Ansible 会通过这个守护进程监听的端口进行通信 。 如果使用accelerate 则需要在控制机和远端机上都安装python-keyczar软件包，

 　　　　在写 playbook时指定

　　4　设置facts缓存

　　　　playbook 的默认第一个task是GATHERING FACTS 

　　　　gathering = smart

　　　　fact_caching_timeout = 86400

　　　　fact_caching = jsonfile

　　　　fact_caching_connection = /tmp/ansible_fact_cache

　　　　

5.4 灰度发布与检测

5.4.1 语法检测

5.4.2 灰度发布

5.4.3 是否达到预想

5.5 同意管理

5.6 使用ansible-shell 交互命令行

目前ansible-shell只支持Ad-Hoc 命令不支持playbook