The “ssh_alt” connection type as implemented by Jerome Wagner greatly reduces the amount of operations performed over connections by not transferring modules as files for many cases. It’s pretty impressive.
It can currently be tested on the development branch with “connection: ssh_alt” in a play, or “-c ssh_alt”.
I would like this to become the default in Ansible devel, to be released as the default in 1.5, in the next week or two.
As such, if everyone using the SSH transport (aka anyone not running from RHEL/CentOS/EPEL
and still using paramiko), as they normally use Ansible, this will be greatly appreciated.
I just recently merged in some tweaks to sudo password detection.
If we can get it past encountering any problems, we’ll remove the old ssh.py and replace ssh_alt.py as ssh.py, and there will be no more connection named “ssh_alt”.
On a related SSH performance note, in a past project I found that Cryptlib’s SSH performance had significantly better IO rates than the OpenSSH client. I never tracked down why that was the case, but as I recall it was something like 30-50% faster. https://www.cs.auckland.ac.nz/~pgut001/cryptlib/
I’ve not heard of anything using that one (cryptlib). The mid 90’s web page also scares me a lot
There would be other variables in play too though, SSH is a lot happier with Control Persist enabled in many cases – which is not the default behavior if just invoking SSH in the basic way (we use CP by default).
I’ve been doing a lot of research on why I couldn’t get ssh forwarding to work with Ansible.
I think I’ve found a bug (in ssh) regarding how it performs authentication, the behavior varies depending on how you express the command line arguments.
Is anyone else observing this behavior and do we have any documentation more reliable than Stack Overflow, such as an upstream bug report or mailing list thread to reference?
I hesitate making such changes based on observed stack overflow posts, and suspect there’s a tradeoff to switching, but that’s me just wanting to show extra caution on my part.
(It’s also not ssh_alt specific so it shouldn’t block forward progress on this front)
That was a stack overflow post I created, I’ve been trying to figure out for the last 3 weeks why I couldn’t check out a project (R/W) from github using Ansible.
Finally, I started taking Vagrant apart to figure out how it’s ssh behaviour differed from Ansible’s, that was where I got to.
Give it a go yourself, I don’t know why it is, but it’s the observable behaviour using the default SSH provided with OSX Mavericks.
I am having problems using rsync with Ansible and Vagrant, I don’t know if it is the problem that Bryan is encountering, but it seems to be due to ssh.
I have opened a stack overflow post about it here:
My problem was specifically with SSH Agent authentication failing to propagate to SSH invoked by Ansible on the remote host. I didn’t want to deploy SSH keys onto virtual machines, just delegate credentials from the client.
Would need to see your playbook so we could have something to repro with – there is a lot of fuzzy logic in synchronize that can be difficult but if sudo was on I’d feel it chose correctly.
So you are saying this is a feature rather than a bug?
That’s fine but it nice be a good idea to have it documented somewhere … because I am guessing it is common to run scripts as root … this script is doing it because it needs to set up users?
Now I have another problem - I am generating some supervisor files from templates - but my services (roles) have dependencies on other services. So because the template uses the variable name instead of it picking “theServiceThatServiceADependsOn” and “ServiceA” as the names it picks “ServiceA” and “ServiceA” both times. I am guessing this is to do with variable scoping - that the var name in the dependent service is getting overridden?
What’s the easiest way around this? Is there some way to pass in variables when I call my template, just like a function call in a conventional language? I wondered whether I can just have a vars block in my action, but I checked out a load of Ansible scripts from github, so I can search them to find solutions to my problems, but I can’t see anyone else doing that?
Also I need to trigger supervisorctl in several different roles - we decided restarting supervisor was a bad idea because it will restart existing running services so I am doing this:
name: myservice | Get supervisor to re-read configs
action: command supervisorctl reread
name: myservice | Get supervisor to restart service
action: command supervisorctl restart {{ name }}
Is there any way I can specify this in one place? A role ought to be able to do it but I need to pass an argument in (name) - it is a function effectively?
