Deploy uses a large number of SSH connections

Question

Deploy uses a large number of SSH connections

tilsammans opened this issue 11 years ago · comments

Just tried to deploy using Capistrano 3. First of all it's a very sweet release, I am so happy this has finally come out. Well done!!

The new style is using a large number of separate SSH connections which were being flagged as potentially abusive by my server's firewall. I am using the standard ufw limit setting for SSH:

ufw will deny connections if an IP address has attempted to initiate 6 or more connections in the last 30 seconds

which is definitely the case. When I remove the limit, Capistrano goes through.

I would really like to keep the limit in the firewall and somehow reduce/queue the number of connections Capistrano is using. Is there a way?

Lee Hambley · Answer 1 · Thu Dec 05 2013 21:26:55 GMT+0800 (China Standard Time)

Actually this issue belongs to sshkit the backend driver that Capistrano uses to connect to all the servers. The reason we don't maintain a connection is for the sake of code simplicity, and the difficulty in identifying reliably a single target server.

That said, in the net-ssh backend driver, you could easily add some trivial memoization. The connections are opened here https://github.com/capistrano/sshkit/blob/master/lib/sshkit/backends/netssh.rb#L167.

The instance of backend is a new instance for every call to on(). Probably a level above (somewhere between dsl.rb and one of the coordinators/runners) you would have to memoize the call to produce the backend. I would imagine that https://github.com/capistrano/sshkit/blob/master/lib/sshkit/runners/abstract.rb#L18 is the place to do it.

I'd be concerned with handling reconnects, incase the connection failed, I'm not sure how that should work (or even, how much the runners, and coordiantors should know about the backends) Probably it would be sufficient to memoize in https://github.com/capistrano/sshkit/blob/master/lib/sshkit/runners/abstract.rb#L18 and have the netssh backend handle reconnecting if it needed to.

I'd take a patch if you can try it (master has one failing test relating to newlines) - I've pushed a proof of concept to the following branch: https://github.com/capistrano/sshkit/tree/memoize-backend

You can use that in your Gemfile with

gem "sskit", github: 'capistrano/sshkit', ref: 'memoize-backend'

I've asked @seanhandley if he would mind taking an active role in curing this weirdness. (it is weird, right!)

Lee Hambley · Answer 2 · Thu Dec 05 2013 21:27:55 GMT+0800 (China Standard Time)

Closing this issue here, if someone wants to pick that up at SSHKit, let's take the discussion there where it belongs!

Joost Baaij · Answer 3 · Thu Dec 05 2013 21:29:29 GMT+0800 (China Standard Time)

Actually this issue belongs to sshkit

Oops, did not realise I was in the documentation repo.

Lee Hambley · Answer 4 · Thu Dec 05 2013 21:30:39 GMT+0800 (China Standard Time)

no sweat :) try my SSHKit stuff, and if it works, or doesn't work, whatever - open up an issue there, and mention me and @seanhandley