Fatal编程技术网
  • ansible/
  • 使用ansible设置的用户花费的时间太长

使用ansible设置的用户花费的时间太长

ansible

使用ansible设置的用户花费的时间太长,ansible,ansible-playbook,ansible-2.x,Ansible,Ansible Playbook,Ansible 2.x,我的playbook为用户提供远程主机: --- - hosts: webserver remote_user: myuser sudo: yes tasks: - name: Add ssh Users authorized_key: user='ubuntu' key="{{ lookup('file', './keys/{{item}}.pub') }}" with_items: - user1 - user2

我的playbook为用户提供远程主机:

---
- hosts: webserver
  remote_user: myuser
  sudo: yes
  tasks:
    - name: Add ssh Users
      authorized_key: user='ubuntu' key="{{ lookup('file', './keys/{{item}}.pub') }}"
      with_items:
        - user1
        - user2
        - user3
        - user4
        - user5
        - user6
        - user7
        - user8
        - user9
        - user10
        - user11
        - user12
这个单一任务需要110秒,速度非常慢

$ ansible-playbook -i ./inventory setup_ssh.yaml -vvv
Using /vagrant/ansible.cfg as config file
1 plays in setup_ssh.yaml

...

PLAY RECAP *********************************************************************
XXX.XXX.XXX.XXX              : ok=2    changed=0    unreachable=0    failed=0

Wednesday 27 July 2016  07:38:39 +0000 (0:01:50.486)       0:02:00.054 ********
===============================================================================
TASK: ssh_keys : Add ssh Users ---------------------------------------- 110.49s
TASK: setup ------------------------------------------------------------- 9.49s
退房

我试着启用管道,但没用

我使用的是ansible 2.0.0.2 这是我的ansible.cfg:

[defaults]
hostfile = inventory
host_key_checking = false
roles_path = ./roles
private_key_file = ~/.ssh/id_rsa
deprecation_warnings=False
remote_user = ubuntu
callback_whitelist = profile_tasks
pipelining = true

[ssh_connection]
ssh_args=-o ForwardAgent=yes
通过指定:

ssh_args=-o ForwardAgent=yes
您已替换ansible的默认值:

ssh_args = -o ControlMaster=auto -o ControlPersist=60s
因此禁用了ssh连接重用。将此选项添加到配置中,然后重试

如果时间增益不够,您可能希望首先在本地连接所有.pub文件,然后使用多行字符串作为键参数执行一次
authorized\u key
模块–此模块可以处理它。

通过指定:

ssh_args=-o ForwardAgent=yes
您已替换ansible的默认值:

ssh_args = -o ControlMaster=auto -o ControlPersist=60s
因此禁用了ssh连接重用。将此选项添加到配置中,然后重试

如果时间不够,您可能希望首先在本地连接所有.pub文件,然后使用多行字符串作为关键参数执行一次
authorized_key
模块–此模块可以处理此问题。

每个用户在每次重新连接到服务器时都会执行原始问题中的
authorized_key
任务。在这种情况下,每次连接大约需要7秒钟。
首先,我试着把跑步时间缩短到48秒。我很好奇这个结果是否可以改进。
我使用生成所有ssh密钥的模板成功解决了问题:


---
- hosts: webserver
  remote_user: myuser
  sudo: yes
  vars:
    ssh_users: ['user1','user2','user3','user4','user5','user6','user7','user8','user9','user10','user11','user12']
  tasks:
  - name: Add ssh Users
    template:
      dest=/home/myuser/.ssh/authorized_keys
      src=templates/authorized_keys
      owner=myuser
      group=myuser
      mode=600


模板文件如下所示:


{% for user in ssh_users %}
{{ lookup('file', './keys/'+user+'.pub') }}
{% endfor %}


以下是我的最终ansible配置:


[defaults]
hostfile = inventory
host_key_checking = false
roles_path = ./roles
private_key_file = ~/.ssh/id_rsa
deprecation_warnings=False
remote_user = ubuntu
callback_whitelist = profile_tasks
pipelining = true

[ssh_connection]
ssh_args=-o ForwardAgent=yes  -o ControlMaster=auto -o ControlPersist=60s


现在看起来快多了


$ ansible-playbook -i ./inventory setup_ssh.yaml -vv
Using /vagrant/ansible.cfg as config file
1 plays in setup_backend_test.yaml

PLAY [Configure common packages] ***********************************************

TASK [setup] *******************************************************************
Wednesday 27 July 2016  14:23:48 +0000 (0:00:00.063)       0:00:00.063 ********
ok: [XXX.XXX.XXX.XXX]

TASK [ssh_keys : Add ssh Users] ************************************************
Wednesday 27 July 2016  14:23:54 +0000 (0:00:06.025)       0:00:06.088 ********
changed: [XXX.XXX.XXX.XXX] => {"changed": true, "checksum": "3df874356f41d3dc5592441a86060d2796b4a714", "dest": "/home/myuser/.ssh/authorized_keys", "gid": 1000, "group": "myuser", "md5sum": "4c7d6c58a618a9fbd5e5ed3b29a3e7d3", "mode": "0600", "owner": "myuser", "size": 5357, "src": "/home/myuser/.ansible/tmp/ansible-tmp-1469629434.59-30865046320342/source", "state": "file", "uid": 1000}

PLAY RECAP *********************************************************************
XXX.XXX.XXX.XXX              : ok=2    changed=1    unreachable=0    failed=0

Wednesday 27 July 2016  14:24:02 +0000 (0:00:07.855)       0:00:13.944 ********
===============================================================================
TASK: ssh_keys : Add ssh Users ------------------------------------------ 7.85s
TASK: setup ------------------------------------------------------------- 6.03s



authorized_key
为每个用户执行原始问题中的任务,并在每次重新连接到服务器时执行该任务。在这种情况下,每次连接大约需要7秒钟。
首先,我试着把跑步时间缩短到48秒。我很好奇这个结果是否可以改进。
我使用生成所有ssh密钥的模板成功解决了问题:


---
- hosts: webserver
  remote_user: myuser
  sudo: yes
  vars:
    ssh_users: ['user1','user2','user3','user4','user5','user6','user7','user8','user9','user10','user11','user12']
  tasks:
  - name: Add ssh Users
    template:
      dest=/home/myuser/.ssh/authorized_keys
      src=templates/authorized_keys
      owner=myuser
      group=myuser
      mode=600


模板文件如下所示:


{% for user in ssh_users %}
{{ lookup('file', './keys/'+user+'.pub') }}
{% endfor %}


以下是我的最终ansible配置:


[defaults]
hostfile = inventory
host_key_checking = false
roles_path = ./roles
private_key_file = ~/.ssh/id_rsa
deprecation_warnings=False
remote_user = ubuntu
callback_whitelist = profile_tasks
pipelining = true

[ssh_connection]
ssh_args=-o ForwardAgent=yes  -o ControlMaster=auto -o ControlPersist=60s


现在看起来快多了


$ ansible-playbook -i ./inventory setup_ssh.yaml -vv
Using /vagrant/ansible.cfg as config file
1 plays in setup_backend_test.yaml

PLAY [Configure common packages] ***********************************************

TASK [setup] *******************************************************************
Wednesday 27 July 2016  14:23:48 +0000 (0:00:00.063)       0:00:00.063 ********
ok: [XXX.XXX.XXX.XXX]

TASK [ssh_keys : Add ssh Users] ************************************************
Wednesday 27 July 2016  14:23:54 +0000 (0:00:06.025)       0:00:06.088 ********
changed: [XXX.XXX.XXX.XXX] => {"changed": true, "checksum": "3df874356f41d3dc5592441a86060d2796b4a714", "dest": "/home/myuser/.ssh/authorized_keys", "gid": 1000, "group": "myuser", "md5sum": "4c7d6c58a618a9fbd5e5ed3b29a3e7d3", "mode": "0600", "owner": "myuser", "size": 5357, "src": "/home/myuser/.ansible/tmp/ansible-tmp-1469629434.59-30865046320342/source", "state": "file", "uid": 1000}

PLAY RECAP *********************************************************************
XXX.XXX.XXX.XXX              : ok=2    changed=1    unreachable=0    failed=0

Wednesday 27 July 2016  14:24:02 +0000 (0:00:07.855)       0:00:13.944 ********
===============================================================================
TASK: ssh_keys : Add ssh Users ------------------------------------------ 7.85s
TASK: setup ------------------------------------------------------------- 6.03s



我使用了你的建议,现在ssh配置看起来是这样的:
ssh\u args=-o ForwardAgent=yes-o ControlMaster=auto-o ControlPersist=60s
,现在ssh配置看起来是这样的:
ssh\u args=-o ForwardAgent=yes-o ControlMaster=auto-o ControlPersist=60s
根据您的第二个建议,我不能使用单个文件,因为我对不同的用户集使用了不止一个环境。模板有点不同——它可能会通过其他方式覆盖添加到授权密钥中的密钥。但无论如何,这是另一种摆脱with_项的方法,它可以显著加快速度。模板有点不同——它可能会通过其他方式覆盖添加到授权_项的键。但无论如何,这是另一种摆脱with_项目的方法,它使事情变得更快。