Bug 953088
| Summary: | OpenSSH adding ControlPersist patch to enable full usage of SSH control options | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Toshaan Bharvani <toshaan> | ||||||
| Component: | openssh | Assignee: | Petr Lautrbach <plautrba> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Stanislav Zidek <szidek> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 6.4 | CC: | ahatfiel, cervajs, chenders, chorn, daniel, ederevea, ggillies, idhaoui, jkeating, kevin, mdshaikh, mgrigull, mkasik, plautrba, pvrabec, richard.schick, robk, sashaikh, szidek, tim.gollschewsky, tmz | ||||||
| Target Milestone: | rc | Keywords: | Patch | ||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | openssh-5.3p1-100.el6 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2014-10-14 07:38:56 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 994246, 1056252, 1070830 | ||||||||
| Attachments: |
|
||||||||
|
Description
Toshaan Bharvani
2013-04-17 10:35:11 UTC
Created attachment 736790 [details]
Patch file for RPM package as found on the Red Hat rhel6 ftp
*** Bug 953087 has been marked as a duplicate of this bug. *** Thank you for taking the time to enter a bug report with us. We appreciate the feedback and look to use reports such as this to guide our efforts at improving our products. That being said, this bug tracking system is not a mechanism for requesting support, and we are not able to guarantee the timeliness or suitability of a resolution.
If this issue is critical or in any way time sensitive, please raise a ticket through your regular Red Hat support channels to make certain it receives the proper attention and prioritization to assure a timely resolution.
For information on how to contact the Red Hat production support team, please visit:
https://www.redhat.com/support/process/production/#howto
This is not a critical issue, I already have applied the patch for myself, however given that Red Hat backported ControlMaster and ControlPath, it seemed to me necessary to also include ControlPersist, otherwise if your master connection goes all of your slaves also go This would be extremely helpful to us at Rackspace too. @Jesse Keating Maybe test and use my package, till Red Hat decides to patch it Take a look at http://yum.vantosh.com/ , it is in the testing repo. This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux. ControlPersist support is required for Ansible "accelerated" mode (new in Ansible 1.3). http://www.ansibleworks.com/docs/playbooks_acceleration.html Would be great if this could be considered for RHEL6.5. Ansibles accelerated mode does not require ControlPersist that I know of. ;) It does need python-keyczar installed on each node, but thats it. My apologies, Kevin you are absolutely correct. CP is not required for Ansible's new accelerated mode. As of release 6.5 this patch has been included. Thank you for mentioning this in the Changelog and you're welcome And for the Ansible users, not ControlPersist is not required, but it does speed up to process. And remember to adjust your ~/.ansible.cfg for more options when using ssh (In reply to Toshaan Bharvani from comment #12) > As of release 6.5 this patch has been included. > Thank you for mentioning this in the Changelog and you're welcome Apparently my last comment is wrong, sorry but my own rpm builder did patch it again, so the official Red Hat openssh client still does NOT support Control Persist Every party interested in getting this into RHEL, please - open a case with Red Hat support, i.e. customer portal or via your TAM - state the reasoning behind the request. This is the proper way to get focus on requests, and to get an overview here to properly prioritize. What if we're using a downstream distro, such as CentOS, and aren't direct customers of RH; how can we help prioritize updating OpenSSH? (In reply to cove_s from comment #18) > What if we're using a downstream distro, such as CentOS, and aren't direct > customers of RH; how can we help prioritize updating OpenSSH? Offering a tested patch and offering QA (so verifying that a patch we looked at works) are also of help. Created attachment 907685 [details]
backport ControlPersist option
This patch backports ControlPersist option with few other upstream fixes. I've done some sanity testing but if you are able to test that it works for you as expected, it would be great.
What version of the source/package is the patch against? I can't get it to apply cleanly off hand on openssh-5.3p1-94.el6.src.rpm Any chance for a scratch build or src.rpm? ;) I'm sorry. It's based on a development sources with several other patches applied (like backported ecdsa and so). You can try this scratch build http://koji.fedoraproject.org/koji/taskinfo?taskID=7038939 Just tested the scratch build here. Seems to work fine... takes an ansible playbook that takes about 4.5minutes with paramiko down to about 1min with ssh/controlpersist. :) Ansible was the use case for me as well. I built from the source rpm on CentOS 6.5 and in testing with ansible the results are wonderful. Actions that took 20 seconds when ansible fell back to paramiko now take under a second. :) I haven't used ControlPersist directly so I don't know if there are any bugs with things like cleaning up the ControlMaster sockets or anything like that. If not, this would be fantastic to have rolled into official RHEL packages at some point. Thanks Petr, and Toshaan for getting the ball rolling on this! There is a problem that with ControlPersist option with timeout specified, it is actually ignored (listens for connections indefinitely). Also there is one other issue - without setting ControlPersist, the socket file is not removed after the connection ends. According to Petr Lauterbach, these issues are connected and will be fixed shortly. There was doubled muxserver_listen() in ssh.c and I've also backported code fixing race between bind and listen on unix a socket. Cool. Any chance you could fire off another scratch build for testing? :) Any chance this can be pushed as a RHEL6 update sometime this century? Seconded for a push to RHEL6, this drastically affects performance for ansible users. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2014-1552.html |