使用ansible设置的用户花费的时间太长
我的playbook为用户提供远程主机:使用ansible设置的用户花费的时间太长,ansible,ansible-playbook,ansible-2.x,Ansible,Ansible Playbook,Ansible 2.x,我的playbook为用户提供远程主机: --- - hosts: webserver remote_user: myuser sudo: yes tasks: - name: Add ssh Users authorized_key: user='ubuntu' key="{{ lookup('file', './keys/{{item}}.pub') }}" with_items: - user1 - user2
---
- hosts: webserver
remote_user: myuser
sudo: yes
tasks:
- name: Add ssh Users
authorized_key: user='ubuntu' key="{{ lookup('file', './keys/{{item}}.pub') }}"
with_items:
- user1
- user2
- user3
- user4
- user5
- user6
- user7
- user8
- user9
- user10
- user11
- user12
这个单一任务需要110秒,速度非常慢
$ ansible-playbook -i ./inventory setup_ssh.yaml -vvv
Using /vagrant/ansible.cfg as config file
1 plays in setup_ssh.yaml
...
PLAY RECAP *********************************************************************
XXX.XXX.XXX.XXX : ok=2 changed=0 unreachable=0 failed=0
Wednesday 27 July 2016 07:38:39 +0000 (0:01:50.486) 0:02:00.054 ********
===============================================================================
TASK: ssh_keys : Add ssh Users ---------------------------------------- 110.49s
TASK: setup ------------------------------------------------------------- 9.49s
退房
我试着启用管道,但没用
我使用的是ansible 2.0.0.2
这是我的ansible.cfg:
[defaults]
hostfile = inventory
host_key_checking = false
roles_path = ./roles
private_key_file = ~/.ssh/id_rsa
deprecation_warnings=False
remote_user = ubuntu
callback_whitelist = profile_tasks
pipelining = true
[ssh_connection]
ssh_args=-o ForwardAgent=yes
通过指定:
ssh_args=-o ForwardAgent=yes
您已替换ansible的默认值:
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
因此禁用了ssh连接重用。将此选项添加到配置中,然后重试
如果时间增益不够,您可能希望首先在本地连接所有.pub文件,然后使用多行字符串作为键参数执行一次authorized\u key
模块–此模块可以处理它。通过指定:
ssh_args=-o ForwardAgent=yes
您已替换ansible的默认值:
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
因此禁用了ssh连接重用。将此选项添加到配置中,然后重试
如果时间不够,您可能希望首先在本地连接所有.pub文件,然后使用多行字符串作为关键参数执行一次
authorized_key
模块–此模块可以处理此问题。每个用户在每次重新连接到服务器时都会执行原始问题中的authorized_key
任务。在这种情况下,每次连接大约需要7秒钟。
首先,我试着把跑步时间缩短到48秒。我很好奇这个结果是否可以改进。
我使用生成所有ssh密钥的模板成功解决了问题:
---
- hosts: webserver
remote_user: myuser
sudo: yes
vars:
ssh_users: ['user1','user2','user3','user4','user5','user6','user7','user8','user9','user10','user11','user12']
tasks:
- name: Add ssh Users
template:
dest=/home/myuser/.ssh/authorized_keys
src=templates/authorized_keys
owner=myuser
group=myuser
mode=600
模板文件如下所示:
{% for user in ssh_users %}
{{ lookup('file', './keys/'+user+'.pub') }}
{% endfor %}
以下是我的最终ansible配置:
[defaults]
hostfile = inventory
host_key_checking = false
roles_path = ./roles
private_key_file = ~/.ssh/id_rsa
deprecation_warnings=False
remote_user = ubuntu
callback_whitelist = profile_tasks
pipelining = true
[ssh_connection]
ssh_args=-o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s
现在看起来快多了
$ ansible-playbook -i ./inventory setup_ssh.yaml -vv
Using /vagrant/ansible.cfg as config file
1 plays in setup_backend_test.yaml
PLAY [Configure common packages] ***********************************************
TASK [setup] *******************************************************************
Wednesday 27 July 2016 14:23:48 +0000 (0:00:00.063) 0:00:00.063 ********
ok: [XXX.XXX.XXX.XXX]
TASK [ssh_keys : Add ssh Users] ************************************************
Wednesday 27 July 2016 14:23:54 +0000 (0:00:06.025) 0:00:06.088 ********
changed: [XXX.XXX.XXX.XXX] => {"changed": true, "checksum": "3df874356f41d3dc5592441a86060d2796b4a714", "dest": "/home/myuser/.ssh/authorized_keys", "gid": 1000, "group": "myuser", "md5sum": "4c7d6c58a618a9fbd5e5ed3b29a3e7d3", "mode": "0600", "owner": "myuser", "size": 5357, "src": "/home/myuser/.ansible/tmp/ansible-tmp-1469629434.59-30865046320342/source", "state": "file", "uid": 1000}
PLAY RECAP *********************************************************************
XXX.XXX.XXX.XXX : ok=2 changed=1 unreachable=0 failed=0
Wednesday 27 July 2016 14:24:02 +0000 (0:00:07.855) 0:00:13.944 ********
===============================================================================
TASK: ssh_keys : Add ssh Users ------------------------------------------ 7.85s
TASK: setup ------------------------------------------------------------- 6.03s
authorized_key
为每个用户执行原始问题中的任务,并在每次重新连接到服务器时执行该任务。在这种情况下,每次连接大约需要7秒钟。
首先,我试着把跑步时间缩短到48秒。我很好奇这个结果是否可以改进。
我使用生成所有ssh密钥的模板成功解决了问题:
---
- hosts: webserver
remote_user: myuser
sudo: yes
vars:
ssh_users: ['user1','user2','user3','user4','user5','user6','user7','user8','user9','user10','user11','user12']
tasks:
- name: Add ssh Users
template:
dest=/home/myuser/.ssh/authorized_keys
src=templates/authorized_keys
owner=myuser
group=myuser
mode=600
模板文件如下所示:
{% for user in ssh_users %}
{{ lookup('file', './keys/'+user+'.pub') }}
{% endfor %}
以下是我的最终ansible配置:
[defaults]
hostfile = inventory
host_key_checking = false
roles_path = ./roles
private_key_file = ~/.ssh/id_rsa
deprecation_warnings=False
remote_user = ubuntu
callback_whitelist = profile_tasks
pipelining = true
[ssh_connection]
ssh_args=-o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s
现在看起来快多了
$ ansible-playbook -i ./inventory setup_ssh.yaml -vv
Using /vagrant/ansible.cfg as config file
1 plays in setup_backend_test.yaml
PLAY [Configure common packages] ***********************************************
TASK [setup] *******************************************************************
Wednesday 27 July 2016 14:23:48 +0000 (0:00:00.063) 0:00:00.063 ********
ok: [XXX.XXX.XXX.XXX]
TASK [ssh_keys : Add ssh Users] ************************************************
Wednesday 27 July 2016 14:23:54 +0000 (0:00:06.025) 0:00:06.088 ********
changed: [XXX.XXX.XXX.XXX] => {"changed": true, "checksum": "3df874356f41d3dc5592441a86060d2796b4a714", "dest": "/home/myuser/.ssh/authorized_keys", "gid": 1000, "group": "myuser", "md5sum": "4c7d6c58a618a9fbd5e5ed3b29a3e7d3", "mode": "0600", "owner": "myuser", "size": 5357, "src": "/home/myuser/.ansible/tmp/ansible-tmp-1469629434.59-30865046320342/source", "state": "file", "uid": 1000}
PLAY RECAP *********************************************************************
XXX.XXX.XXX.XXX : ok=2 changed=1 unreachable=0 failed=0
Wednesday 27 July 2016 14:24:02 +0000 (0:00:07.855) 0:00:13.944 ********
===============================================================================
TASK: ssh_keys : Add ssh Users ------------------------------------------ 7.85s
TASK: setup ------------------------------------------------------------- 6.03s
我使用了你的建议,现在ssh配置看起来是这样的:ssh\u args=-o ForwardAgent=yes-o ControlMaster=auto-o ControlPersist=60s
,现在ssh配置看起来是这样的:ssh\u args=-o ForwardAgent=yes-o ControlMaster=auto-o ControlPersist=60s
根据您的第二个建议,我不能使用单个文件,因为我对不同的用户集使用了不止一个环境。模板有点不同——它可能会通过其他方式覆盖添加到授权密钥中的密钥。但无论如何,这是另一种摆脱with_项的方法,它可以显著加快速度。模板有点不同——它可能会通过其他方式覆盖添加到授权_项的键。但无论如何,这是另一种摆脱with_项目的方法,它使事情变得更快。