standard-test-roles

Clone
Source Code
GIT

#404 add support for TEST_SSHD_USEDNS_NO
Merged 3 years ago by astepano. Opened 3 years ago by rmeggins.
rmeggins/standard-test-roles bootcmd-UseDNS-no  into  master

file modified
+7 
@@ -208,5 +208,12 @@ 
 

  If the number of hostaliases does not match the number of subjects, you will get
 

  an error.
 

  

+ ## TEST_SSHD_USEDNS_NO
 

+ 

+ Some EL7 systems have `sshd` configured with `UseDNS yes` by default.  This will
 

+ cause terrible performance with `ssh` and especially with Ansible.  You can use
 

+ `--sshd-usedns-no` or set `TEST_SSHD_USEDNS_NO=True` to configure the VM to use
 

+ `UseDNS no` instead.
 

+ 

  [1]: https://fedoraproject.org/wiki/CI/Metadata
 

  [2]: http://fmf.readthedocs.io/

file modified
+21 
@@ -65,6 +65,17 @@ 
 

  DEF_USER = "root"
 

  DEF_PASSWD = "foobar"
 

  DEF_HOST = "127.0.0.3"
 

+ # configure sshd to use UseDNS no to fix broken EL7 systems
 

+ BOOTCMD_SSHD_USEDNS_NO = """bootcmd:
 

+   - |
 

+     if grep -q '^UseDNS' /etc/ssh/sshd_config; then
 

+       sed 's/^UseDNS.*$/UseDNS no/' -i /etc/ssh/sshd_config
 

+     elif grep -q '^#UseDNS' /etc/ssh/sshd_config; then
 

+       sed 's/^#UseDNS.*$/UseDNS no/' -i /etc/ssh/sshd_config
 

+     else
 

+       echo "UseDNS no" >> /etc/ssh/sshd_config
 

+     fi
 

+ """
 

  USER_DATA = """#cloud-config
 

  users:
 

    - default
 
@@ -485,6 +496,8 @@ 
 

      userdata = os.path.join(directory, "user-data")
 

      with open(userdata, 'w') as f:
 

          f.write(USER_DATA)
 

+         if opts.sshd_usedns_no:
 

+             f.write(BOOTCMD_SSHD_USEDNS_NO)
 

      # Create our cloud init so we can log in
 

      cloudinit = os.path.join(directory, "cloud-init.iso")
 

      subprocess.check_call(["/usr/bin/genisoimage", "-input-charset", "utf-8",
 
@@ -654,6 +667,13 @@ 
 

      --use-basename, then you do not have to use --hostalias for every subject.
 

      """
 

  

+ 

+ def help_sshd_usedns_no():
 

+     return """On some EL7 systems, sshd uses 'UseDNS yes' by default.  This can
 

+     create a very bad performance problem with ssh and Ansible.  You can use
 

+     --sshd-usedns-no to configure the VM to use 'UseDNS no' instead."""
 

+ 

+ 

  def main():
 

      global logger
 

      global diagnose
 
@@ -683,6 +703,7 @@ 
 

      parser.add_argument('--host', help="Full path to qcow2 disk image")
 

      parser.add_argument("--use-basename", default=bool(distutils.util.strtobool(os.environ.get("TEST_USE_BASENAME", "False"))), action="store_true", help=help_hostalias())
 

      parser.add_argument("--hostalias", default=shlex.split(os.environ.get("TEST_HOSTALIASES", "")), action="append", help=help_hostalias())
 

+     parser.add_argument("--sshd-usedns-no", default=bool(distutils.util.strtobool(os.environ.get("TEST_SSHD_USEDNS_NO", "False"))), action="store_true", help=help_sshd_usedns_no())
 

      parser.add_argument("subjects", nargs="*", default=shlex.split(os.environ.get("TEST_SUBJECTS", "")))
 

      opts = parser.parse_args()
 

      # Send logs to common logfile for all default provisioners.

TEST_SSHD_USEDNS_NO

Some EL7 systems have sshd configured with UseDNS yes by default. This will
cause terrible performance with ssh and especially with Ansible. You can use
--sshd-usedns-no or set TEST_SSHD_USEDNS_NO=True to configure the VM to use
UseDNS no instead.

rebased onto 88a6872
3 years ago

lgtm

This fix works for me flawlessly. One question, shouldn't this be a default behavior for RHEL 7? Without adding TEST_SSHD_USEDNS_NO=True performance of rhel 7 VM is terrible.

This fix works for me flawlessly. One question, shouldn't this be a default behavior for RHEL 7? Without adding TEST_SSHD_USEDNS_NO=True performance of rhel 7 VM is terrible.

I think we need to add some sort of item to our config.json which will allow to specify environment variables for each image e.g.

    {
      "name": "rhel-7",
      ...
      "env": {
         "TEST_SSHD_USEDNS_NO": "True"
      }

we need something like this for el6 as well to set the ssh cipher parameters, which we definitely only want to set for el6:

    {
      "name": "rhel-6",
      ...
      "env": {
         "TEST_EXTRA_SSH_ARGS": "-o PubkeyAcceptedKeyTypes=+ssh-rsa"
      }

lgtm

@rmeggins please let me know when this PR can be merged.

@rmeggins please let me know when this PR can be merged.

It is ready to be merged

Commit 5bb8fc1 fixes this pull-request

Pull-Request has been merged by astepano
3 years ago

Pull-Request has been merged by astepano
3 years ago
Metadata
None
No Tags
Changes Summary 2
+7 -0
file changed
README.md
+21 -0
file changed
inventory/standard-inventory-qcow2
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.