Description of problem:
Adding the ControlPersist option to enable ControlMaster to shutdown without losing all sessions, as currently implemented in OpenSSH version
Version-Release number of selected component (if applicable):
- Rebuild rpm with patch it seems to work on all my systems
Steps to Reproduce:
1. rebuild openssh rpm with patch
2. install new rpm
3. add ControlPersist option to ssh config
- ControlPersist works
- ControlPersist works
- patch to rpm added in attachment
Created attachment 736790 [details]
Patch file for RPM package as found on the Red Hat rhel6 ftp
*** Bug 953087 has been marked as a duplicate of this bug. ***
Thank you for taking the time to enter a bug report with us. We appreciate the feedback and look to use reports such as this to guide our efforts at improving our products. That being said, this bug tracking system is not a mechanism for requesting support, and we are not able to guarantee the timeliness or suitability of a resolution.
If this issue is critical or in any way time sensitive, please raise a ticket through your regular Red Hat support channels to make certain it receives the proper attention and prioritization to assure a timely resolution.
For information on how to contact the Red Hat production support team, please visit:
This is not a critical issue, I already have applied the patch for myself, however given that Red Hat backported ControlMaster and ControlPath, it seemed to me necessary to also include ControlPersist, otherwise if your master connection goes all of your slaves also go
This would be extremely helpful to us at Rackspace too.
Maybe test and use my package, till Red Hat decides to patch it
Take a look at http://yum.vantosh.com/ , it is in the testing repo.
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
ControlPersist support is required for Ansible "accelerated" mode (new in Ansible 1.3).
Would be great if this could be considered for RHEL6.5.
Ansibles accelerated mode does not require ControlPersist that I know of. ;)
It does need python-keyczar installed on each node, but thats it.
My apologies, Kevin you are absolutely correct. CP is not required for Ansible's new accelerated mode.
As of release 6.5 this patch has been included.
Thank you for mentioning this in the Changelog and you're welcome
And for the Ansible users, not ControlPersist is not required, but it does speed up to process. And remember to adjust your ~/.ansible.cfg for more options when using ssh
(In reply to Toshaan Bharvani from comment #12)
> As of release 6.5 this patch has been included.
> Thank you for mentioning this in the Changelog and you're welcome
Apparently my last comment is wrong, sorry but my own rpm builder did patch it again, so the official Red Hat openssh client still does NOT support Control Persist
Every party interested in getting this into RHEL, please
- open a case with Red Hat support, i.e. customer portal or via your TAM
- state the reasoning behind the request.
This is the proper way to get focus on requests, and to get an overview here to properly prioritize.
What if we're using a downstream distro, such as CentOS, and aren't direct customers of RH; how can we help prioritize updating OpenSSH?
(In reply to cove_s from comment #18)
> What if we're using a downstream distro, such as CentOS, and aren't direct
> customers of RH; how can we help prioritize updating OpenSSH?
Offering a tested patch and offering QA (so verifying that a patch we looked at works) are also of help.
Created attachment 907685 [details]
backport ControlPersist option
This patch backports ControlPersist option with few other upstream fixes. I've done some sanity testing but if you are able to test that it works for you as expected, it would be great.
What version of the source/package is the patch against?
I can't get it to apply cleanly off hand on openssh-5.3p1-94.el6.src.rpm
Any chance for a scratch build or src.rpm? ;)
I'm sorry. It's based on a development sources with several other patches applied (like backported ecdsa and so). You can try this scratch build http://koji.fedoraproject.org/koji/taskinfo?taskID=7038939
Just tested the scratch build here. Seems to work fine... takes an ansible playbook that takes about 4.5minutes with paramiko down to about 1min with ssh/controlpersist. :)
Ansible was the use case for me as well. I built from the source rpm on CentOS 6.5 and in testing with ansible the results are wonderful. Actions that took 20 seconds when ansible fell back to paramiko now take under a second. :)
I haven't used ControlPersist directly so I don't know if there are any bugs with things like cleaning up the ControlMaster sockets or anything like that. If not, this would be fantastic to have rolled into official RHEL packages at some point.
Thanks Petr, and Toshaan for getting the ball rolling on this!
There is a problem that with ControlPersist option with timeout specified, it is actually ignored (listens for connections indefinitely).
Also there is one other issue - without setting ControlPersist, the socket file is not removed after the connection ends.
According to Petr Lauterbach, these issues are connected and will be fixed shortly.
There was doubled muxserver_listen() in ssh.c and I've also backported code fixing race between bind and listen on unix a socket.
Cool. Any chance you could fire off another scratch build for testing? :)
Here you are http://koji.fedoraproject.org/koji/taskinfo?taskID=7098603
Any chance this can be pushed as a RHEL6 update sometime this century?
Seconded for a push to RHEL6, this drastically affects performance for ansible users.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.