SE Can't Code

A Tokyo based Software Engineer. Not System Engineer :(

Tips, Ansible Performance Tuning.

I often use Ansible for configuration management because Chef that is the most famous provisioning tool is a little complex and we can write ansible by Python. Ansible is a simple, we can control automatically IT workflow on systems without installing any management agents on them. But, I've been thinking about this performance for a while and an SSH-based system can more faster than it. There are some tips to make sure Ansible is fast. If you spend some time to develop with Ansible, you can know Ansible is good provisioning tool.

Optimize your package installations

When you try to install some package using yum, you should use Mirror repository on local with reposync that make it easily to make Mirror repository. And with_items is a useful and make it a huge optimization as many of you packages.

Know your forks

Number of Ansible's task in parallel is decided by folks. By default, the forks parameter is a very conservative 5. This number is not so much, so you can increase this parameter 50 or even 500. When using a large number of forks, any local action steps can folk a Python interpreter on your local machine and you should set these into separate plays. And you can write configuration of folks in below place:

  • ANSIBLE_CONFIG(environment variable)
  • ansible.cfg(current directory)
  • .ansible.cfg(home directory)
  • /etc/ansible/ansible.cfg

One case where you may actually need less forks is if you are doing rolling updates (which ansible makes very easy), and thereby not talking to all of your systems at once.

OpenSSH connection tips

By default, a connection is ControlPersist on a native OpenSSH. ControlPersist allows for keeping ansible connection open subject to a configurable timeout. Socket file of ControlPersist is written on file system, but if host name is long, you should modify config of socket using control_path because there is a constraint of length of file path on Linux.
If you probably want to adjust the control persist timeout, you can keep ansible connection open setting timeout value on ssh_args. 30 minutes is a good value. Note that ControlPersist may consume about a megabyte of memory per connection to hold things open.

Paramiko connection tips

If you use an Enterprise Linux 6 or earlier host, Ansible will detect that our OpenSSH is probably not new enough and use paramiko that is a client of pure-python's SSH. At paramiko, it reconnects each of host between actions. To eliminate this, using pipelining is better.

Pull mode

You shouldn't need ansible in pull mode if following most of the above steps, but the ansible-pull utility can be used, which executes ansible with reading regularly file on git repository. Using ansible-pull, it enable you to scale basically infinitely with bandwidth to your source control server because it is not Push architecture but Pull architecture. But you will cannot gather log, so what you may use AnsibleTower is good.


Ansible is good provisioning tool. I like ansible than other tools because it easy than Chef and Puppet. In development, we often face optimizing of tuning of configuration, Ansible can solve various these problems. There are some knowledge of ansible for tuning on general document of ansible. So if you spend a lot of time in tuning and waiting update to perform, you may read these document.