From a1129fb651ff15017d74a9f03a4b9cc9c18c37e5 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Thu, 19 Oct 2017 09:05:25 -0400 Subject: [PATCH] Improve control-host CPU performance When running from a central host, where multiple other playbooks may also be executing, CPU time quickly becomes the scaleability bottleneck. * Reduce the vars compression level at the cost of network utilization. This assumes the number of vars being transfered back/forth remains reasonably low, where there wouldn't be much advantage from higher compression anyway. Another enhancement ``ControlPersist`` (for ssh) is apt to fall back to opening new connections (slow) for every request under some conditions. This happens if the socket filename is too large (108 characters, including path) - a kernel limitation. Unfortunately, in cloud environments, auto-assigned VM hostnames tend to be rather large to avoid clashes. Worse, in a CI environment, the default home-directory path also tends to be lengthy for the same reason. * Address this by sticking persistent-connection, background socket files in '/tmp/cri-o' (avoid %d). Also remove the username (%r) designation, since this will almost always be the same user anyway. The tradeoff here is clashes between jobs against the same host (unlikely) and weakened security on the control host (less important for CI jobs). Signed-off-by: Chris Evich --- contrib/test/integration/ansible.cfg | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/contrib/test/integration/ansible.cfg b/contrib/test/integration/ansible.cfg index 92a13a5f..33adb106 100644 --- a/contrib/test/integration/ansible.cfg +++ b/contrib/test/integration/ansible.cfg @@ -57,11 +57,6 @@ gather_subset = network #host_key_checking = False host_key_checking = False -# change the default callback -#stdout_callback = skippy -# enable additional callbacks -#callback_whitelist = timer, mail - # Determine whether includes in tasks and handlers are "static" by # default. As of 2.0, includes are dynamic by default. Setting these # values to True will make includes behave more like they did in the @@ -165,7 +160,6 @@ deprecation_warnings = False # instead of shelling out to the git command. command_warnings = False - # set plugin path directories here, separate with colons #action_plugins = /usr/share/ansible/plugins/action #callback_plugins = /usr/share/ansible/plugins/callback @@ -219,7 +213,6 @@ nocolor = 0 # When a playbook fails by default a .retry file will be created in ~/ # You can disable this feature by setting retry_files_enabled to False # and you can change the location of the files by setting retry_files_save_path - #retry_files_enabled = False retry_files_enabled = False @@ -248,6 +241,7 @@ no_target_syslog = True # worker processes. At the default of 0, no compression # is used. This value must be an integer from 0 to 9. #var_compression_level = 9 +var_compression_level = 3 # controls what compression method is used for new-style ansible modules when # they are sent to the remote system. The compression types depend on having @@ -298,6 +292,15 @@ ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/de # Example: # control_path = %(directory)s/%%h-%%r #control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r +# Using ssh's ControlPersist feature is desireable because of wide +# compatibility and not needing to mess with /etc/sudoers +# for pipelining (see below). Unfortunately, in cloud environments, +# auto-assigned VM hostnames tend to be rather longs. Worse, in a CI +# context, the default home-directory path may also be lengthy. Fix +# this to a short name, so Ansible doesn't fall back to opening new +# connections for every task. +control_path = /tmp/crio-%%n-%%p + # Enabling pipelining reduces the number of SSH operations required to # execute a module on the remote server. This can result in a significant @@ -308,7 +311,6 @@ ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/de # sudoers configurations that have requiretty (the default on many distros). # #pipelining = False -pipelining=True # if True, make ansible use scp if the connection type is ssh # (default is sftp)