Ansible detailed explanation (17) - Ansible performance tuning

Enterprise 2022-03-23 14:07:39 views: null

Today, I will continue to introduce you to the relevant knowledge of Linux operation and maintenance. The main content of this article is the performance tuning of Ansible.

1. Detailed Ansible Tuning

Compared with other automated configuration tools, an outstanding feature of Ansible is that it controls downstream devices based on SSH links. The outstanding advantage of this is convenience, and downstream devices do not need to install client software. But this inevitably brings a problem, that is, the execution speed of Ansible is slower. And, with the increase of Ansible control devices, the execution speed of Ansible will be slower and slower.
Regarding the execution speed of Ansible, although it is Ansible's flaw, we can still partially optimize it to speed up the execution speed of Ansible as much as possible. There are two ways to optimize Ansible. One is to optimize the SSH link to make the SSH transmission speed faster.
Another is shown in the following figure:
insert image description here
every time Ansible Playbook is executed, it will collect information from downstream devices, which usually takes a long time. Therefore, we can consider using Redis to cache this information to speed up the collection of information. If the business environment allows, we can also directly control the Ansible device to skip this step.

2. Ansible SSH link tuning

(1) SSH close key detection

By default, when logging in to a remote device with SSH, the device will check the public key of the remote host and record the public key in the ~/.ssh/known_hosts file. When the host is accessed next time, OpenSSH will check the public key . If the public keys are different, OpenSSH will issue a warning, and if the public keys are the same, OpenSSH will prompt for a password.
SSH checks the host public key according to the StrictHostKeyChecking variable. The check level of StrictHostKeyChecking includes: no (do not check), ask (whether to check to ask), yes (check every time), False (close check).
We can add the following code under the defaults module in the Ansible configuration file:

host_key_checking = False

Once added, the configuration file looks like this:
insert image description here
This way, Ansible can turn off key detection.

(2) OpenSSH link optimization

When using the OpenSSH service, by default, the server will perform reverse DNS resolution based on the IP address of the client to obtain the host name of the client, and then perform DNS query again to obtain the IP address according to the obtained host name, and compare the two IP addresses. Is it the same. This can improve security to a certain extent, but it will waste time, so we can speed up the SSH link by turning off this feature.
To close this special new, you need to enter the /etc/ssh/sshd_config directory, find the parameter of UseDNS, and modify it to no. The modified configuration file is as follows:
insert image description here
After that, restart the SSHD service to take effect.

(3) SSH pipelining link acceleration

SSH pipelining is another way to speed up the execution of Ansible. In Ansible's settings, the pipelining function of SSH is disabled by default, which is to be compatible with different sudo configurations, mainly the requireretty option. So, if we don't need to use the sudo option in Ansible's control, this option can be turned off to speed up the SSH connection.
If you want to turn off this item, you can open the Ansible configuration file /etc/ansible/ansbile.cfg and change pipelining = False to True. The modified configuration file is as follows:
insert image description here

3. Ansible Facts tuning

(1) Close Gather Facts

To reduce the time Ansible spends collecting client information, our first thought was to simply remove this option. To remove this step, we can add a line to the playbook file:

gather_facts: no

The added Playbook file is as follows:
insert image description here
In this way, when we execute the Playbook, we will not perform the gather_facts step again, and the result is as follows:
insert image description here

(2) Store Facts information in the Redis cache

In addition to removing this step, we can also consider writing client information into memory to speed up information query. I have compiled the content of this part separately, please refer to the following:
Ansible Detailed Explanation (16) - It
is not easy for Ansible to cooperate with Redis to be original, please indicate the source: https://blog.csdn.net/weixin_40228200

Guess you like

Origin blog.csdn.net/weixin_40228200/article/details/123603649
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com