1. Proposed title of this feature request
Extend the ssh_args inside /etc/foreman-proxy/ansible.cfg file to have ansible required default values in Satellite 6
2. What is the nature and description of the request?
Change in modification of ssh_args in /etc/foreman-proxy/ansible.cfg file for Satellite and Capsules by default.
ssh_args = -o ProxyCommand=none
ssh_args = -o ProxyCommand=none -C -o ControlMaster=auto -o ControlPersist=60s
3. Why does the customer need this? (List the business requirements here)
By default when ansible initiates a connection for SSH, It uses "-C -o ControlMaster=auto -o ControlPersist=60s" . Example.
SSH: EXEC sshpass -d10 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User="root"' -o ConnectTimeout=30 -o ControlPath=/home/ansible/.ansible/cp/6caadfc83e client.example.com '/bin/sh -c '"'"'rm -f -r /tmp/ansible-root/ansible-tmp-1608743901.39-10561-116398582883036/ > /dev/null 2>&1 && sleep 0'"'"''
But the same thing does not happens with satellite as we have "-o ProxyCommand=none" hardcoded in ansible.cfg file.
SSH: EXEC ssh -vvv -o ProxyCommand=none -o StrictHostKeyChecking=no -o Port=22 -o 'IdentityFile="/usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 client.example.com '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
As per customer's testing, after making changes in ssh_args, We could see on the clients that the SSH socket was being reused which vastly increased performance (and decreased the run time of the playbooks). The playbook that was taking 16 mins to run now took about 4 - 8 mins.
For my own testing, I saw that for the task which earlier ansible was taking 31 second, now it took around 21 seconds to finish. So this is a improvement that should be considered.
4. How would the customer like to achieve this? (List the functional requirements here)
We can easily achieve the same via following command :
satellite-installer --foreman-proxy-plugin-ansible-ssh-args "-o ProxyCommand=none -C -o ControlMaster=auto -o ControlPersist=60s"
but the requirement here is to have that option by default present in /etc/foreman-proxy/ansible.cfg file. Since this is really an imporvement , many customer's might not be even aware of this fact and still working slower playbook\role execution.
Even in default ansible.cfg also we could see that ansible suggest using the same.
# cat /etc/ansible/ansible.cfg | grep ssh_args
#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
5. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
A) Deploy satellite or upgrade existing one.
B) Check the /etc/ansible/ansible.cfg file for ssh_args parameter.
6. Is there already an existing RFE upstream or in Red Hat Bugzilla?
7. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?
As soon as possible
8. Is the sales team involved in this request and do they have any additional input?
9. List any affected packages or components.
10. Would the customer be able to assist in testing this functionality if implemented?
11. Additional information:
This RFE should be considered in favor of performance improvement of ansible based jobs unless we already had considered the same in past and had some complexities around the same.
Created redmine issue https://projects.theforeman.org/issues/31552 from this bug
Hmm after checking, this is the default for The fresh Satellite install.
But upgrade would not update to this value automatically. I've opened a ticket for that.
You are right.
* For new Satellite 6.8 installation the default value is the expected value.
* For Satellite 6.7 or older that is not applicable. They will still have the old value only.
* For satellite's being upgraded from 6.7 to 6.8, they will also still have the old value.
Upstream bug assigned to email@example.com
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/31553 has been resolved.