zaki work log

作業ログやら生活ログやらなんやら

ansible-playbook実行時のタスク毎の実行時間を表示する

2021.08.22追記 (ansible 2.11)
現在この設定は callbacks_enabled に指定するようになっている。

[defaults]
callbacks_enabled = profile_tasks

callback_whitelistも引き続き使えるけど警告される。

$ ansible-playbook -i inventory.ini playbook.yml 
[DEPRECATION WARNING]: [defaults]callback_whitelist option, normalizing names to new 
standard, use callback_enabled instead. This feature will be removed from ansible-core in
 version 2.15. Deprecation warnings can be disabled by setting deprecation_warnings=False
 in ansible.cfg.

タスクごとの実行時刻と統計を表示するcallback_whitelist = profile_tasksを試す。
元ネタはOpenShiftのデプロイ用Ansibleのansible.cfgから。

こんな感じ

f:id:zaki-hmkc:20191016072853p:plain

環境

[zaki@okd-manager ~]$ cat /etc/redhat-release 
CentOS Linux release 7.7.1908 (Core)
[zaki@okd-manager ~]$ 
[zaki@okd-manager ~]$ ansible --version
ansible 2.8.5
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/zaki/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
[zaki@okd-manager ~]$ 
[zaki@okd-manager ~]$ ansible-config dump --only-changed
[zaki@okd-manager ~]$ 
[zaki@okd-manager ~]$ cd ansible/initialize/
[zaki@okd-manager initialize]$ 
[zaki@okd-manager initialize]$ ls -l
合計 12
-rw-rw-r--. 1 zaki zaki  72 10月 16 07:19 ansible.cfg
-rw-rw-r--. 1 zaki zaki 162 10月 16 06:58 inventory.ini
-rw-r--r--. 1 zaki zaki 436 10月 16 07:18 playbook.yml
[zaki@okd-manager initialize]$ 

ansible-config dump --only-changedは、きんぎょのアイコンでも有名なよこちさん情報です。
(今週、Ansible実践ガイド第3版出ますよー)

tekunabe.hatenablog.jp

inventory.ini

[all]
okd-master.esxi.localhost ansible_host=192.168.0.71
okd-node01.esxi.localhost ansible_host=192.168.0.75
okd-node02.esxi.localhost ansible_host=192.168.0.76

ansible.cfg

[defaults]
host_key_checking = False
callback_whitelist = profile_tasks

callback_whitelist = profile_tasksを追加する

playbook.yml

---
- hosts: localhost
  tasks:
    - name: create .ssh
      file:
        path: "/home/zaki/.ssh"
        state: directory
        mode: 0700

    - name: generate ssh keypair
      openssh_keypair:
        path: "/home/zaki/.ssh/id_rsa"

- hosts: all
  tasks:
    - name: put authorized keys to remote host
      authorized_key:
        key: "{{ lookup('file', '/home/zaki/.ssh/id_rsa.pub') }}"
        user: zaki

プレイブックの中身は以下の通り

  • ローカルでsshの鍵作成(ディレクトリがなければ作る)
  • リモートへ公開鍵配布

これを「ssh鍵設定手順書.xlsx」なんて作ると表紙作って更新履歴シート作って手順書のシートつくって「手順」と「期待する結果」を書いたり大変だけど、YAMLならこんなにシンプル!!

要はOSインストール直後に最初に実行するプレイブック。

ちなみにopenssh_keypairはAnsible 2.8から使えるモジュール。2.6とかそれ以前の環境だとshellssh-keygenするしかないかな?

実行

初期状態

[zaki@okd-manager initialize]$ ls -al ~
合計 20
drwx------.  6 zaki zaki  151 10月 16 06:57 .
drwxr-xr-x.  3 root root   18 10月 16 05:58 ..
drwx------.  3 zaki zaki   17 10月 16 06:52 .ansible
-rw-------.  1 zaki zaki  267 10月 16 06:50 .bash_history
-rw-r--r--.  1 zaki zaki   18  4月 11  2018 .bash_logout
-rw-r--r--.  1 zaki zaki  193  4月 11  2018 .bash_profile
-rw-r--r--.  1 zaki zaki  231  4月 11  2018 .bashrc
drwxrw----.  3 zaki zaki   19 10月 16 06:54 .pki
drwxrwxr-x.  3 zaki zaki   24 10月 16 06:57 ansible
drwxrwxr-x. 14 zaki zaki 4096 10月 16 06:55 openshift-ansible
[zaki@okd-manager initialize]$ 

~/.ssh は無い。
当然Ansibleのpingモジュールも(鍵認証では)使えない。

[zaki@okd-manager initialize]$ ansible all -i inventory.ini -m ping
okd-master.esxi.localhost | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.0.71' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", 
    "unreachable": true
}
okd-node02.esxi.localhost | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.0.76' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", 
    "unreachable": true
}
okd-node01.esxi.localhost | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.0.75' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", 
    "unreachable": true
}
[zaki@okd-manager initialize]$

実行
(鍵設定前なので-kオプションを付けてパスワード認証する)

[zaki@okd-manager initialize]$ ansible-playbook -i inventory.ini playbook.yml -k
SSH password:

PLAY [localhost] ***************************************************************
TASK [Gathering Facts] *********************************************************
Wednesday 16 October 2019  07:19:59 +0900 (0:00:00.031)       0:00:00.031 *****
ok: [localhost]

TASK [create .ssh] *************************************************************
Wednesday 16 October 2019  07:19:59 +0900 (0:00:00.545)       0:00:00.577 *****
ok: [localhost]

TASK [generate ssh keypair] ****************************************************
Wednesday 16 October 2019  07:19:59 +0900 (0:00:00.230)       0:00:00.807 *****
changed: [localhost]

PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
Wednesday 16 October 2019  07:20:00 +0900 (0:00:00.334)       0:00:01.141 *****
ok: [okd-master.esxi.localhost]
ok: [okd-node01.esxi.localhost]
ok: [okd-node02.esxi.localhost]

TASK [put authorized keys to remote host] **************************************
Wednesday 16 October 2019  07:20:01 +0900 (0:00:01.068)       0:00:02.209 *****
changed: [okd-node02.esxi.localhost]
changed: [okd-node01.esxi.localhost]
changed: [okd-master.esxi.localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
okd-master.esxi.localhost  : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
okd-node01.esxi.localhost  : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
okd-node02.esxi.localhost  : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Wednesday 16 October 2019  07:20:01 +0900 (0:00:00.573)       0:00:02.783 *****
===============================================================================
Gathering Facts --------------------------------------------------------- 1.07s
put authorized keys to remote host -------------------------------------- 0.57s
Gathering Facts --------------------------------------------------------- 0.55s
generate ssh keypair ---------------------------------------------------- 0.33s
create .ssh ------------------------------------------------------------- 0.23s
[zaki@okd-manager initialize]$

確認

[zaki@okd-manager initialize]$ ansible all -i inventory.ini -m ping
okd-master.esxi.localhost | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
okd-node01.esxi.localhost | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
okd-node02.esxi.localhost | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

-k無しで鍵認証で接続できました(公開鍵設定が正しく行われた)