Plugins » Ansible

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1910412

Adjust ssh_args value inside /etc/foreman-proxy/ansible.cfg file to have ansible required default values in Foreman.

1. Proposed title of this feature request

Extend the ssh_args inside /etc/foreman-proxy/ansible.cfg file to have ansible required default values in Foreman

2. What is the nature and description of the request?

Change in modification of ssh_args in /etc/foreman-proxy/ansible.cfg file for Satellite and Capsules by default.

Current value,
ssh_args = -o ProxyCommand=none

Expected value,
ssh_args = -o ProxyCommand=none -C -o ControlMaster=auto -o ControlPersist=60s

3. Why does the user need this? (List the business requirements here)

By default when ansible initiates a connection for SSH, It uses "-C -o ControlMaster=auto -o ControlPersist=60s" . Example.
~
_{SSH: EXEC sshpass -d10 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User="root"' -o ConnectTimeout=30 -o ControlPath=/home/ansible/.ansible/cp/6caadfc83e client.example.com '/bin/sh -c '"'"'rm -f -r /tmp/ansible-root/ansible-tmp-1608743901.39-10561-116398582883036/ > /dev/null 2>&1 && sleep 0'"'"''}
~

But the same thing does not happens with satellite as we have "-o ProxyCommand=none" hardcoded in ansible.cfg file.
~
_{SSH: EXEC ssh -vvv -o ProxyCommand=none -o StrictHostKeyChecking=no -o Port=22 -o 'IdentityFile="/usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 client.example.com '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''}
~

As per user's testing, after making changes in ssh_args, We could see on the clients that the SSH socket was being reused which vastly increased performance (and decreased the run time of the playbooks). The playbook that was taking 16 mins to run now took about 4 - 8 mins.

For my own testing, I saw that for the task which earlier ansible was taking 31 second, now it took around 21 seconds to finish. So this is a improvement that should be considered.

4. How would the user like to achieve this? (List the functional requirements here)

We can easily achieve the same via following command :
satellite-installer --foreman-proxy-plugin-ansible-ssh-args "-o ProxyCommand=none -C -o ControlMaster=auto -o ControlPersist=60s"

but the requirement here is to have that option by default present in /etc/foreman-proxy/ansible.cfg file. Since this is really an imporvement , many user's might not be even aware of this fact and still working slower playbook\role execution.

Even in default ansible.cfg also we could see that ansible suggest using the same.
~~

1. cat /etc/ansible/ansible.cfg | grep ssh_args
   #ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
   ~~

5. For each functional requirement listed, specify how Red Hat and the user can test to confirm the requirement is successfully implemented.

A) Deploy satellite or upgrade existing one.

B) Check the /etc/ansible/ansible.cfg file for ssh_args parameter.

6. Is there already an existing RFE upstream or in Red Hat Bugzilla?
No.

7. Does the user have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?

As soon as possible

8. Is the sales team involved in this request and do they have any additional input?
No.

9. List any affected packages or components.

- /etc/foreman-proxy/ansible.cfg
- tfm-rubygem-smart_proxy_ansible

10. Would the user be able to assist in testing this functionality if implemented?
Yes

11. Additional information:

This RFE should be considered in favor of performance improvement of ansible based jobs unless we already had considered the same in past and had some complexities around the same.