用户配置 ansible 花费的时间太长

Users provisioning with ansible takes too long

我有将用户提供给远程主机的剧本:

---
- hosts: webserver
  remote_user: myuser
  sudo: yes
  tasks:
    - name: Add ssh Users
      authorized_key: user='ubuntu' key="{{ lookup('file', './keys/{{item}}.pub') }}"
      with_items:
        - user1
        - user2
        - user3
        - user4
        - user5
        - user6
        - user7
        - user8
        - user9
        - user10
        - user11
        - user12

这个单一任务需要 110 秒,这非常慢。

$ ansible-playbook -i ./inventory setup_ssh.yaml -vvv
Using /vagrant/ansible.cfg as config file
1 plays in setup_ssh.yaml

...

PLAY RECAP *********************************************************************
XXX.XXX.XXX.XXX              : ok=2    changed=0    unreachable=0    failed=0

Wednesday 27 July 2016  07:38:39 +0000 (0:01:50.486)       0:02:00.054 ********
===============================================================================
TASK: ssh_keys : Add ssh Users ---------------------------------------- 110.49s
TASK: setup ------------------------------------------------------------- 9.49s

查看 full log

我尝试启用流水线,但没有帮助。

我正在使用 ansible 2.0.0.2 这是我的 ansible.cfg:

[defaults]
hostfile = inventory
host_key_checking = false
roles_path = ./roles
private_key_file = ~/.ssh/id_rsa
deprecation_warnings=False
remote_user = ubuntu
callback_whitelist = profile_tasks
pipelining = true

[ssh_connection]
ssh_args=-o ForwardAgent=yes

通过指定:

ssh_args=-o ForwardAgent=yes

您已经替换了 ansible 的默认值:

ssh_args = -o ControlMaster=auto -o ControlPersist=60s

因此禁用了 ssh 连接重用。将此选项添加到您的配置中,然后重试。

如果时间增益不够,您可能需要先在本地连接所有 .pub 文件,然后以多行字符串作为关键参数执行一次 authorized_key 模块 – 此模块可以处理它。

authorized_key 为每个用户执行原始问题中的任务,并且每次重新连接到服务器。在这种情况下,每个连接大约需要 7 秒。 首先,我尝试 并将时间减少到 运行 48 秒。我很好奇是否可以改善结果。 我使用生成所有 ssh 密钥的模板成功解决了我的问题:

---
- hosts: webserver
  remote_user: myuser
  sudo: yes
  vars:
    ssh_users: ['user1','user2','user3','user4','user5','user6','user7','user8','user9','user10','user11','user12']
  tasks:
  - name: Add ssh Users
    template:
      dest=/home/myuser/.ssh/authorized_keys
      src=templates/authorized_keys
      owner=myuser
      group=myuser
      mode=600

模板文件如下所示:

{% for user in ssh_users %}
{{ lookup('file', './keys/'+user+'.pub') }}
{% endfor %}

这是我最终的 ansible 配置:

[defaults]
hostfile = inventory
host_key_checking = false
roles_path = ./roles
private_key_file = ~/.ssh/id_rsa
deprecation_warnings=False
remote_user = ubuntu
callback_whitelist = profile_tasks
pipelining = true

[ssh_connection]
ssh_args=-o ForwardAgent=yes  -o ControlMaster=auto -o ControlPersist=60s

现在看起来快多了。

$ ansible-playbook -i ./inventory setup_ssh.yaml -vv
Using /vagrant/ansible.cfg as config file
1 plays in setup_backend_test.yaml

PLAY [Configure common packages] ***********************************************

TASK [setup] *******************************************************************
Wednesday 27 July 2016  14:23:48 +0000 (0:00:00.063)       0:00:00.063 ********
ok: [XXX.XXX.XXX.XXX]

TASK [ssh_keys : Add ssh Users] ************************************************
Wednesday 27 July 2016  14:23:54 +0000 (0:00:06.025)       0:00:06.088 ********
changed: [XXX.XXX.XXX.XXX] => {"changed": true, "checksum": "3df874356f41d3dc5592441a86060d2796b4a714", "dest": "/home/myuser/.ssh/authorized_keys", "gid": 1000, "group": "myuser", "md5sum": "4c7d6c58a618a9fbd5e5ed3b29a3e7d3", "mode": "0600", "owner": "myuser", "size": 5357, "src": "/home/myuser/.ansible/tmp/ansible-tmp-1469629434.59-30865046320342/source", "state": "file", "uid": 1000}

PLAY RECAP *********************************************************************
XXX.XXX.XXX.XXX              : ok=2    changed=1    unreachable=0    failed=0

Wednesday 27 July 2016  14:24:02 +0000 (0:00:07.855)       0:00:13.944 ********
===============================================================================
TASK: ssh_keys : Add ssh Users ------------------------------------------ 7.85s
TASK: setup ------------------------------------------------------------- 6.03s