New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
send keys in parallel #1266
send keys in parallel #1266
Conversation
e40d3e3
to
d7c7fc7
Compare
d7c7fc7
to
4affcfd
Compare
Co-Authored-By: Graham Christensen <graham@grahamc.com>
03f9601
to
dd8cd13
Compare
dd8cd13
to
37d00d3
Compare
|
||
nixops.parallel.run_tasks( | ||
# by default ssh allows 10 sessions per connection via MaxSessions setting | ||
nr_workers=8, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some day, somebody will send a PR making the 8 configurable for some weird edge case. Today is not that day :P
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
:D
This change appears to be effectively forkbombing my Mac. My network isn't very large, something like 10 machines, but I do have probably 5-10 keys per host. When I run a edit This is on macOS 10.15.4, btw. |
Nice. I'll revert for now, we can / should add a global limit on the number of keys being sent at a time. |
Huh, 10 connections with 100 sessions kills networking stack? What kind of Mac is this? |
iMac Pro, 64GiB, 10 cores, so no slouch. I'm as surprised as you are. But there were so many SSH processes running, my |
I've seen similar problems, actually. As far as I could tell it had to do with the thundering herd of connections. I wonder if we could pre-calculate how many keys need to be sent, and allocate a total max or something? I dunno, that gets complicated. |
Just tested Another possibility is this: I'm using |
After speaking with @grahamc on IRC about this, it sounds like which SSH key NixOps uses is not necessarily deterministic, and that it may use a personal SSH key? If so, anyone who's using a hardware device to manage their SSH private keys is going to have problems with this implementation, assuming I'm right about what was going on here. |
Fixes #671
not great not terrible but vewy fast