10. Optimize the running time of ansible-playbook
The default playbook is to collect client facts. Generally, if you do not use facts in your configuration, you can turn it off to reduce the running time.
When there is no optimization
[root@puppet ansible]# cat --- - hosts: vpn remote_user: test # gather_facts: False tasks: - name: echo hi shell: echo "hi" [root@puppet ansible]# time ansible-playbook -u test --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regarding timing vulnerabilities when used with pycrypto. If possible, you should update it (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [echo hi] *************************************************************** changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0 real 0m8.396s user 0m0.796s sys 0m0.158s [root@puppet ansible]# time ansible-playbook -u test --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regarding timing vulnerabilities when used with pycrypto. If possible, you should update it (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [echo hi] *************************************************************** changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0 real 0m3.309s user 0m0.724s sys 0m0.108s [root@puppet ansible]# time ansible-playbook -u test --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regarding timing vulnerabilities when used with pycrypto. If possible, you should update it (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [echo hi] *************************************************************** changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0 real 0m3.409s user 0m0.716s sys 0m0.099s
You can see the first 8s, the last 2 times are all 3s
The following is the optimization (factor not used)
[root@puppet ansible]# cat --- - hosts: vpn remote_user: test gather_facts: False tasks: - name: echo hi shell: echo "hi" [root@puppet ansible]# time ansible-playbook -u test --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regarding timing vulnerabilities when used with pycrypto. If possible, you should update it (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** TASK: [echo hi] *************************************************************** changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=1 changed=1 unreachable=0 failed=0 real 0m2.758s user 0m0.585s sys 0m0.096s [root@puppet ansible]# time ansible-playbook -u test --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regarding timing vulnerabilities when used with pycrypto. If possible, you should update it (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** TASK: [echo hi] *************************************************************** changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=1 changed=1 unreachable=0 failed=0 real 0m2.359s user 0m0.565s sys 0m0.077s
Running time is 2s
11. Custom module
The default module is placed in /usr/share/ansible
Create a directory hostname in this directory, and then put the following file in this directory
15:03:26 # cat /usr/share/ansible/hostname/hostname
#!/bin/bash
#This script is modify system hostname
set -e
# This is potentially dangerous
source ${1}
OLDHOSTNAME="$(hostname)"
CHANGED="False"
if [ ! -z "$hostname" -a "${hostname}x" != "${OLDHOSTNAME}x" ];
then
hostname $hostname
OLDHOSTNAME="$hostname"
CHANGED="True"
fi
echo "hostname=${OLDHOSTNAME} changed=${CHANGED}"
exit 0
Check out the current hostname of vpn
15:03:29 # ansible vpn -m shell -a "hostname" -u test --private-key=denglei -k SSH password: 172.17.0.10 | success | rc=0 >> ip-10-10-32-34
Then write the playbook
15:04:14 # cat /etc/ansible/ - name: Test the hostname file hosts: vpn tasks: - name: Set the hostname hostname: hostname=ip-10-10-32-34
Run this module
15:04:37 # ansible-playbook -u test --private-key=denglei -M /usr/share/ansible/hostname -k SSH password: PLAY [Test the hostname file] ************************************************* GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [Set the hostname] ****************************************************** ok: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=0 unreachable=0 failed=0
Then change the host name
16:20:00 # cat - name: Test the hostname file hosts: vpn tasks: - name: Set the hostname hostname: hostname=ip-10-10-32-34-test
Run on the playbook
16:26:46 # ansible-playbook -u test --private-key=denglei -M /usr/share/ansible/hostname -k -K -s SSH password: sudo password [defaults to SSH password]: PLAY [Test the hostname file] ************************************************* GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [Set the hostname] ****************************************************** changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0 root@ip-10-10-10-10:/etc/ansible 16:26:55 # ansible vpn -m shell -a "hostname" -u test --private-key=denglei -k SSH password: 172.17.0.10 | success | rc=0 >> ip-10-10-32-34-test
12. Playbook extension var
Extended var is to write variables in the yml of the playbook, and to formulate variables to execute them during execution, which greatly provides a reuse rate.
Here's a test
[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k SSH password: 172.17.0.10 | success | rc=0 >> total 96 -rw-r--r-- 1 root root 41692 May 21 13:02 config -rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh -rwxr-xr-x 1 root root 7 Jun 13 19:33 server -rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test -rw-rw-r-- 1 test test 7 Jun 18 01:44 test-server-1 -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2 -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3 -rw-r--r-- 1 root root 82 Jun 12 18:21 -rw-r--r-- 1 root root 290 Jun 12 18:21 -rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh -rw------- 1 root root 727 Jun 10 18:21 yum_save_tx -rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log -rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
You can see that there is a test-server-1 file
Check out the playbook file content
[root@puppet ansible]# cat delete_vars.yml
---
- hosts: {{host}}
remote_user: {{user}}
gather_facts: {{gather}}
tasks:
- name: if system is centos,then rm /tmp/test-server-1
shell: rm -rf /tmp/test-server-1
when: ansible_os_family == "RedHat"
Before executing, check whether there is any problem with the syntax, use --synctax-check
[root@puppet ansible]# ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=False" -k --syntax-check
[WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (ie. yum update gmp).
ERROR: Syntax Error while loading YAML script, delete_vars.yml
Note: The error may actually appear before this position: line 2, column 11
---
- hosts: {{host}}
^
This one looks easy to fix. YAML thought it was looking for the start of a
hash/dictionary and was confused to see a second "{". Most likely this was
meant to be an ansible template evaluation instead, so we have to give the
parser a small hint that we wanted a string instead. The solution here is to
just quote the entire value.
For instance, if the original line was:
app_path: {{ base_path }}/foo
It should be written as:
app_path: "{{ base_path }}/foo"
We could be wrong, but this one looks like it might be an issue with
missing quotes. Always quote template expression brackets when they
start a value. For instance:
with_items:
- {{ foo }}
Should be written as:
with_items:
- "{{ foo }}"
This one looks easy to fix. YAML thought it was looking for the start of a
hash/dictionary and was confused to see a second "{". Most likely this was
meant to be an ansible template evaluation instead, so we have to give the
parser a small hint that we wanted a string instead. The solution here is to
just quote the entire value.
For instance, if the original line was:
app_path: {{ base_path }}/foo
It should be written as:
app_path: "{{ base_path }}/foo"
You can see that there is a problem
The solution is to add "" or '' before and after the var variable
[root@puppet ansible]# cat delete_vars.yml
---
- hosts: "{{host}}"
remote_user: "{{user}}"
gather_facts: "{{gather}}"
tasks:
- name: if system is centos,then rm /tmp/test-server-1
shell: rm -rf /tmp/test-server-1
when: ansible_os_family == "RedHat"
Then check again
[root@puppet ansible]# ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=False" -k --syntax-check [WARNING]: The version of gmp you have installed has a known issue regarding timing vulnerabilities when used with pycrypto. If possible, you should update it (ie. yum update gmp). playbook: delete_vars.yml
No problem, run it
[root@puppet ansible]# ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=False" -k
[WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (ie. yum update gmp).
SSH password:
PLAY [vpn] ********************************************************************
TASK: [if system is centos,then rm /tmp/test-server-1] ************************
fatal: [172.17.0.10] => error while evaluating conditional: ansible_os_family == "RedHat"
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/root/delete_vars.retry
172.17.0.10 : ok=0 changed=0 unreachable=1 failed=0
The reason is that I have made a decision in yml to obtain fact information and determine that if it is a redhat series system, the specified number I am running does not collect facts. The following is the specified number of collection facts
[root@puppet ansible]# ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=True" -k [WARNING]: The version of gmp you have installed has a known issue regarding timing vulnerabilities when used with pycrypto. If possible, you should update it (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [if system is centos,then rm /tmp/test-server-1] ************************ changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0
You can see that the run is successful
[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k SSH password: 172.17.0.10 | success | rc=0 >> total 92 -rw-r--r-- 1 root root 41692 May 21 13:02 config -rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh -rwxr-xr-x 1 root root 7 Jun 13 19:33 server -rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2 -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3 -rw-r--r-- 1 root root 82 Jun 12 18:21 -rw-r--r-- 1 root root 290 Jun 12 18:21 -rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh -rw------- 1 root root 727 Jun 10 18:21 yum_save_tx -rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log -rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
File deleted
13、tags
Use tags to enable the playbook to run programs selectively
Check out the client situation
[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k SSH password: 172.17.0.10 | success | rc=0 >> total 92 -rw-r--r-- 1 root root 41692 May 21 13:02 config -rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh -rwxr-xr-x 1 root root 7 Jun 13 19:33 server -rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2 -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3 -rw-r--r-- 1 root root 82 Jun 12 18:21 -rw-r--r-- 1 root root 290 Jun 12 18:21 -rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh -rw------- 1 root root 727 Jun 10 18:21 yum_save_tx -rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log -rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
YML file with tag
[root@puppet ansible]# cat delete_vars_tags.yml
---
- hosts: "{{host}}"
remote_user: "{{user}}"
gather_facts: "{{gather}}"
tasks:
- name: if system is centos,then rm /tmp/test-server-1
shell: rm -rf /tmp/test-server-1
when: ansible_os_family == "RedHat"
tags: server-1
- name: if system is centos,then rm /tmp/test-server-2
shell: rm -rf /tmp/test-server-2
when: ansible_os_family == "RedHat"
tags: server-2
Do some error detection
[root@puppet ansible]# ansible-playbook delete_vars_tags.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=True" --tags server-2 -k --syntax-check [WARNING]: The version of gmp you have installed has a known issue regarding timing vulnerabilities when used with pycrypto. If possible, you should update it (ie. yum update gmp). playbook: delete_vars_tags.yml
No problem running
[root@puppet ansible]# ansible-playbook delete_vars_tags.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=True" --tags server-2 -k [WARNING]: The version of gmp you have installed has a known issue regarding timing vulnerabilities when used with pycrypto. If possible, you should update it (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [if system is centos,then rm /tmp/test-server-2] ************************ changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0
Check the client's file status
[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k SSH password: 172.17.0.10 | success | rc=0 >> total 88 -rw-r--r-- 1 root root 41692 May 21 13:02 config -rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh -rwxr-xr-x 1 root root 7 Jun 13 19:33 server -rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3 -rw-r--r-- 1 root root 82 Jun 12 18:21 -rw-r--r-- 1 root root 290 Jun 12 18:21 -rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh -rw------- 1 root root 727 Jun 10 18:21 yum_save_tx -rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log -rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
From the above test, we can see that if the playbook uses a tag and specifies a tag in the run, then only the information of this tag is allowed during runtime
The following is the case where the test runs without tags
Create a file first
[root@puppet ansible]# cat
---
- hosts: vpn
remote_user: test
tasks:
- name: copy local server to client /tmp/server-test
template: src=/tmp/server dest=/tmp/test-{{item}}
with_items:
- server-1
- server-2
- server-3
[root@puppet ansible]# ansible-playbook --private-key=/root/denglei -k
[WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (ie. yum update gmp).
SSH password:
PLAY [vpn] ********************************************************************
GATHERING FACTS ***************************************************************
ok: [172.17.0.10]
TASK: [copy local server to client /tmp/server-test] **************************
changed: [172.17.0.10] => (item=server-1)
changed: [172.17.0.10] => (item=server-2)
ok: [172.17.0.10] => (item=server-3)
PLAY RECAP ********************************************************************
172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0
[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
SSH password:
172.17.0.10 | success | rc=0 >>
total 96
-rw-r--r-- 1 root root 41692 May 21 13:02 config
-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh
-rwxr-xr-x 1 root root 7 Jun 13 19:33 server
-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test
-rw-rw-r-- 1 test test 7 Jun 19 19:02 test-server-1
-rw-rw-r-- 1 test test 7 Jun 19 19:02 test-server-2
-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3
-rw-r--r-- 1 root root 82 Jun 12 18:21
-rw-r--r-- 1 root root 290 Jun 12 18:21
-rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh
-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx
-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
Then run without specifying the tag
[root@puppet ansible]# ansible-playbook delete_vars_tags.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=True" -k [WARNING]: The version of gmp you have installed has a known issue regarding timing vulnerabilities when used with pycrypto. If possible, you should update it (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [if system is centos,then rm /tmp/test-server-1] ************************ changed: [172.17.0.10] TASK: [if system is centos,then rm /tmp/test-server-2] ************************ changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=3 changed=2 unreachable=0 failed=0 [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k SSH password: 172.17.0.10 | success | rc=0 >> total 88 -rw-r--r-- 1 root root 41692 May 21 13:02 config -rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh -rwxr-xr-x 1 root root 7 Jun 13 19:33 server -rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test -rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3 -rw-r--r-- 1 root root 82 Jun 12 18:21 -rw-r--r-- 1 root root 290 Jun 12 18:21 -rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh -rw------- 1 root root 727 Jun 10 18:21 yum_save_tx -rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log -rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
You can see that if you don’t know the tag, then when you run it, it will all run.
FAQ:
1. Error: ansible requires a json module, none found!
SSH password:
172.17.0.4 | FAILED >> {
"failed": true,
"msg": "Error: ansible requires a json module, none found!",
"parsed": false
}
The reason is that the python version is too low. You either upgrade python or install python-simplejson. The following is the official statement.
On the managed nodes, you only need Python 2.4 or later, but if you are running less than Python 2.5 on the remotes, you will also need:
After the installation is complete, check it
SSH password:
172.17.0.4 | success >> {
"changed": false,
"ping": "pong"
}
2. The default ansible is validated using key. If you use ansible to log in to the server with a password, you should either modify the ask_pass of the configuration file. = True to uncomment, or add -k when running the command. This means -k, --ask-pass ask for SSH password
3. If the client is not in know_hosts, an error will be reported.
paramiko: The authenticity of host '172.17.0.5' can't be established. The ssh-rsa key fingerprint is 397c139fd4b0d763fcffaee346a4bf6b. Are you sure you want to continue connecting (yes/no)?
If you want to solve this problem, you need to modify #host_key_checking = False to uncomment
4. If it appears
[root@puppet ansible]# ansible zabbix -m shell -a "echo $TERM" -u denglei --private-key=/root/denglei 172.17.0.2 | FAILED => FAILED: not a valid DSA private key file 172.17.0.4 | FAILED => FAILED: not a valid DSA private key file
You need to add parameters at the end -k
[root@puppet ansible]# ansible zabbix -m shell -a "echo $TERM" -u denglei --private-key=/root/denglei -k SSH password: 172.17.0.2 | success | rc=0 >> xterm 172.17.0.4 | success | rc=0 >> xterm