It's very complex. Personally, I would opt to use only pure ssh command line client if paramiko cannot cover our current needs. Additionally, it would be better to rely only on ssh_config for setting up connections because in future, you could have different settings for different hosts even. The only backend config options could perhaps be port, config_path, identity_file_path. And we could also avoid those connects and disconnects altogether and just have something like run method that captures output.

It's very complex.

Yup, sorry for that. OTOH, except for necessary bugs as in every PR :) -- it
does basically what it declares (plus it allows us to move from
run_expensive() to run() in some cases), so yes ...

Personally, I would opt to use only pure ssh command line client if paramiko
cannot cover our current needs.

... I could drop Paramiko and other parts. But because I'm not sure what
side-effects the commandline ssh client will have, I would rather keep the
paramiko option at least for some time period (so you especially fedora's copr
can go back without too much hassle). Btw. the Paramiko stuff is almost
unchanged from 4028fea, except for some additions -- so we should have
non-breaking path forward.

Additionally, it would be better to rely only on ssh_config for setting up
connections because in future, you could have different settings for different
hosts even.

Yes! Per builder config (or per set-of-builders config) would make sense. But
in case of we gone that direction -- shouldn't this be configured in
copr-be.conf anyways?

The only backend config options could perhaps be port, config_path,
identity_file_path.

No problem to iterate, though there might be requirement to have per-host port
configuration, too, similarly to identityfile.

It would sound a bit awkward to have per-builder ssh configuration stored
somewhere on backend, or what is your plan? Some config format proposal?

And we could also avoid those connects and disconnects altogether and just
have something like run method that captures output.

The point of having connect() and disconnect() is efficiency though.
There's delay after first connection, but the following commands are run
immediately. It is meant to be rather library code, originally developed at
http://github.com/praiskup/python-sshcmd (playground basically, but it could
mature in future).

So basically, I'll cut-out whatever part for copr purposes you request.

Perhaps I could connect() automatically after first _run_ssh_cmd()?

Not doing disconnect() explicitly causes that sshd needs to clean the
connections somehow automagically, which is not a problem I guess (sshd is
pretty robust), but how should I set ControlPersist which is now 7200?

It's very complex.

Yup, sorry for that. OTOH, except for necessary bugs as in every PR :) -- it
does basically what it declares (plus it allows us to move from
run_expensive() to run() in some cases), so yes ...

I don't know what run_expensive does from the name, which is not optimal.

Personally, I would opt to use only pure ssh command line client if paramiko
cannot cover our current needs.

... I could drop Paramiko and other parts. But because I'm not sure what
side-effects the commandline ssh client will have, I would rather keep the
paramiko option at least for some time period (so you especially fedora's copr
can go back without too much hassle). Btw. the Paramiko stuff is almost
unchanged from 4028fea, except for some additions -- so we should have
non-breaking path forward.

I think the ssh client will do job just as well.

Additionally, it would be better to rely only on ssh_config for setting up
connections because in future, you could have different settings for different
hosts even.

Yes! Per builder config (or per set-of-builders config) would make sense. But
in case of we gone that direction -- shouldn't this be configured in
copr-be.conf anyways?

I don't think so. We don't want to duplicate what already can be described in ssh_config.

The only backend config options could perhaps be port, config_path,
identity_file_path.

No problem to iterate, though there might be requirement to have per-host port
configuration, too, similarly to identityfile.

That's true. IdentityFile and Port can also be described in ssh_config. Cool!

It would sound a bit awkward to have per-builder ssh configuration stored
somewhere on backend, or what is your plan? Some config format proposal.

To store it in ~/copr/ssh_config ideally.

And we could also avoid those connects and disconnects altogether and just
have something like run method that captures output.

The point of having connect() and disconnect() is efficiency though.
There's delay after first connection, but the following commands are run
immediately. It is meant to be rather library code, originally developed at
http://github.com/praiskup/python-sshcmd (playground basically, but it could
mature in future).
So basically, I'll cut-out whatever part for copr purposes you request.
Perhaps I could connect() automatically after first _run_ssh_cmd()?

I think, ssh will take care of itself (to create and keep the socket after the first remote command is run). Just ControlMaster, ControlPath, and ControlPersist need to be set up in the ssh_config for a host group.

Not doing disconnect() explicitly causes that sshd needs to clean the
connections somehow automagically, which is not a problem I guess (sshd is
pretty robust), but how should I set ControlPersist which is now 7200?

I don't mind keeping the sockets around. We can also use ssh(1) “-O exit” but that's just an optimization.

I don't know what run_expensive does from the name, which is not optimal.

Proposal for rename?

I think the ssh client will do job just as well.

I hope so, ACK -> I'll drop the Paramiko part then.

To store it in ~/copr/ssh_config ideally.

There's now ~/copr directory, so I guess we can use the default .ssh/config.

I think, ssh will take care of itself (to create and keep the socket after
the first remote command is run). Just ControlMaster, ControlPath, and
ControlPersist need to be set up in the ssh_config for a host group.

Ah, I'll try that.

I don't mind keeping the sockets around. We can also use ssh(1) “-O exit”
but that's just an optimization.

Ok.

I updated the patch, please take another look.

• There's no ssh configuration now (uses /etc/ssh_config and ~/.ssh/config).
• Paramiko support dropped.
• kept the connect() and disconnect() methods .. I'm not sure how to proceed without
  it. What whould be the api and sequence of ssh client calls in step-by-step example?
• dunno how to rename the run_expensive call .. it is documented why it is expensive, but please advice

I updated the patch, please take another look.

There's no ssh configuration now (uses /etc/ssh_config and ~/.ssh/config).

Cool but I can still see some ssh_options, control paths, identifyFile, port etc. in the code. That should all be contained in the ssh_config file. The only thing that can kept be configurable is path to the ssh_config file.

Paramiko support dropped.

Great but the whole inheritance hiearchy now from Shell down to SSHConnectionRaw is not needed. Just one class implementing a run method should be enough. In fact, we only need the run method. I will let you decide how much you want to simplify but the more the better.

kept the connect() and disconnect() methods .. I'm not sure how to proceed without
it. What whould be the api and sequence of ssh client calls in step-by-step example?

Just a sequence of runs is not enough? ssh itself should keep the connection open for the subsequent runs according to man pages.

dunno how to rename the run_expensive call .. it is documented why it is expensive, but please advice

You can always capture the output. That means just run is good. Well...we can do this one later.

First two points are good points, but that would diverge from the original
python-sshcmd code too much, so I wouldn't be able to sync copr && and
that project. Because copr is not the only place I plan to use the
python-sshcmd... I can postpone this PR till I have it packaged separately
or we can probably drop this PR.

Just a sequence of runs is not enough? ssh itself should keep the
connection open for the subsequent runs according to man pages.

I wasn't able to find the proper set of options. IMO the first call needs
to setup the control channel (because the cli command is endless, even if
the cli command executed some remote command).

The last needs to terminate it. So some hint is needed :).

First two points are good points, but that would diverge from the original
python-sshcmd code too much, so I wouldn't be able to sync copr && and
that project. Because copr is not the only place I plan to use the
python-sshcmd... I can postpone this PR till I have it packaged separately
or we can probably drop this PR.

We might use python-sshcmd if it's simple enough. Now, however, I would like to pick the simplest solution available.

Just a sequence of runs is not enough? ssh itself should keep the
connection open for the subsequent runs according to man pages.

I wasn't able to find the proper set of options. IMO the first call needs
to setup the control channel (because the cli command is endless, even if
the cli command executed some remote command).
The last needs to terminate it. So some hint is needed :).

What about this then?

Host localhost
  Hostname localhost
  User=clime
  RequestTTY=auto
  ControlPath=/home/clime/%h_%p_%r
  ControlMaster=auto
  ControlPersist=7200

What about this then?
Host localhost
Hostname localhost
User=clime
RequestTTY=auto
ControlPath=/home/clime/%h_%p_%r
ControlMaster=auto
ControlPersist=7200

With this, I can do ssh localhost, the socket is created, and then I can do another ssh localhost already on that socket. At least if I understand it correctly.

Looks like it could work, thanks! Please take another look.

Nice, how did you test it?

Something like:

IdentityFile ~/.ssh/rhcopr-backend.priv
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
ServerAliveInterval 60

Host *
RequestTTY=force
ControlPath=/home/copr/ssh_socket_%h_%p_%r
ControlMaster=auto
ControlPersist=900

.. in ~/.ssh/config.

Sorry, I fixed several bugs and added this option:

[ssh]
builder_config=

So now alloc.yml (uses raw ssh in my case) can use a bit different (default)
ssh configuration than following MockRemote code. The tested configuration
is here:

[root@dev-coprbe backend]# cat /home/copr/.ssh/config
IdentityFile ~/.ssh/rhcopr-backend.priv
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
ServerAliveInterval 60
[root@dev-coprbe backend]# cat /home/copr/.ssh/builder_config 
Host *
IdentityFile ~/.ssh/rhcopr-backend.priv
RequestTTY=force
ControlPath=/home/copr/ssh_socket_%h_%p_%r
ControlMaster=auto
ControlPersist=900
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
ServerAliveInterval 60

I meant if you used the automated Regression test suite we have ready for backend or if you just tested it "by hand". "By hand" is alright in this case even though I recommend to have a look at those Regression tests at some point.

By hand unfortunately, but next week I'd be probably fine to have a look at automatic testing (more likely at least having a look at how to run them, so far I wasn't successful).

OK, anyway feel free to merge now.

After, chat with @clime, waiting a day more with merge. There is some ongoing parallel work which this merge could make harder. I'll re-base and merge later.

Uh, this became debugging nightmare TBH (don't ask me how much time I spent on this ...:) ). The major issue is that we do that many commands from builder, not being sure what is actually happening. So as a follow up to this PR, I really, really pretty please to re-consider to have done as much work as possible builder-side (pr#50).

@clime, can you please have a look? I've tested this, but there are some changes that need to be reviewed, namely expect package on builder, dropped a part of 7302518, some function return value rework).

Why remove this? If we get a job for which a worker is already running, we don't want to spawn another one. It should not normally happen but might so we handle that case like this.

Generally I like this. I need to play around with it for a while to find out if all that magic around running mockchain in background is needed (isn't </dev/null on mockchain command enough instead of that sigtrap?).

We discussed with Michal f2f, but to sum it up for the record:

Why remove this?

Because Worker kills VM and re-submits the job in frontend, which leads to brand new job request.. which build_dispatcher immediately and asynchronously handles by this removed code -> but there's a race that build_dispatcher still thinks that worker is still alive, so what only happens is that build is marked as running on frontend, and is never processed later.

The other answer is that frontend should never resubmit the same job again without explicit request from backend; unless there's some bug we need to chase.

Shouldn't we use (opts.build_user or "root") as the SSHConnection user? The same as for running other ssh commands. I don't thing we need to ping the remote machines as root.

Note that here it would be useful to log out stdout, stderr cause we get here also if e.g. /home/copr/.ssh/builder_config file is missing which might quite hard to debug otherwise.

Right, here it is typo.

Btw., while trying to minimize changes in api, I kept the as_root option in _run_ssh_cmd, but that's probably not needed and the whole _run_ssh_cmd could be dropped. IMO this doesn't belong to this PR, but I'm not against doing it too... PTAL.

Btw., while trying to minimize changes in api, I kept the as_root option in _run_ssh_cmd, but that's probably not needed and the whole _run_ssh_cmd could be dropped. IMO this doesn't belong to this PR, but I'm not against doing it too... PTAL.

Thank you but I think we can improve on this later. I have tested this pull request generally works. We can continue on it while it is in master already. Thank you for the great work!