Minimize ssh connections number

92 views
Skip to first unread message

Alexey Wasilyev

unread,
Oct 18, 2014, 11:50:22 AM10/18/14
to ansible...@googlegroups.com
Hello, everybody!

I use ansible for everyday production servers maintenance. 
During run, ansible makes a lot of ssh connections to every server, every connection is logged and according to internal policy I have to write a note to the security journal about every ssh connection.
So, is there any way to minimize number of ssh connections? Say, lets ansible connect to ssh, do all recipes and disconnect instead of doing separate connections for every recipe?

I try to use accelerate=True mode, but it is buggy. Regularly i got "Failed to connect to xx.xx.xx.xx:5099" during ansible run, and i need to manully kill ansible-accelerate daemon to recover node.

Any ideas?

Mark Phillips

unread,
Oct 19, 2014, 2:09:11 PM10/19/14
to ansible...@googlegroups.com
What version of Ansible are you using Alexey? Look at 'pipelining', that's probably what you're after. I think it needs a fairly recent ssh version too though.

Michael DeHaan

unread,
Oct 20, 2014, 4:59:10 PM10/20/14
to ansible...@googlegroups.com
ControlPersist is the way to reduce the number of connections.

Also don't delegate_to a bunch to the same host.

See 

Ansible Performance Tuning (for Fun and Profit)


On Sun, Oct 19, 2014 at 2:09 PM, Mark Phillips <ma...@probably.co.uk> wrote:
What version of Ansible are you using Alexey? Look at 'pipelining', that's probably what you're after. I think it needs a fairly recent ssh version too though.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7b5fc8c8-0a2c-45bb-8c28-d0b091db616d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Alexey Wasilyev

unread,
Oct 22, 2014, 1:46:40 AM10/22/14
to ansible...@googlegroups.com
1.7.2, from os x and ubuntu as control node, centos 6.5 as target. pipelining enabled.
and there are a lot of login records in the target machine /var/log/secure during every ansible run.

Michael DeHaan

unread,
Oct 22, 2014, 2:02:10 PM10/22/14
to ansible...@googlegroups.com
pipelining alone won't do anything without Control Persist, but I'd check to make sure you weren't using paramiko as the default SSH args do use CP.



--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/79960934-735f-41c9-9997-939afec0145a%40googlegroups.com.

Alexey Wasilyev

unread,
Oct 22, 2014, 2:13:07 PM10/22/14
to ansible...@googlegroups.com
I know. Just doublecheck it, ansible run ssh with CP option.
Reply all
Reply to author
Forward
0 new messages