[Swan-dev] disabling services - ssh?
Antony Antony
antony at phenome.org
Wed Aug 12 16:24:27 UTC 2020
On Wed, Aug 12, 2020 at 08:37:29AM -0400, Andrew Cagney wrote:
> I'm guessing neither of you use multiple groups of test domains, or if
in my case you are wrong! I have hinted in the previous e-mail how long it
takes to install with 23 groups. Yes I use multiple groups. I have one just
for fedora rawhide. That is where ssh to basedomain with keys forward is a
must.
and in some cases to get two consoles I have used kvmsh nic as ssh stepping
stone to east or road. One disadvantage here is kvsh can't forward ssh keys.
I notice you are forcing down your work flow on others and I am resisting!
Virsh serial is a poor replacement to ssh! And we have ssh why give it up.
A bit speed impromvent is not good reason.
In this thread I listed a few drwabacks of kvmsh yet you going ahead with
idea of disabling sshd by default. It is shocking!
> you do, there's always a group of domains called east, west, ...
> SSH only works for the original east, west, ... domains. Having it
> running in any other configuration is pointless - the host can't reach
> the test domain's interfaces.
I have played with putting each group into its own network namesapce to able
able to ssh to them. Also use kvmsh nic or north to ssh to east or road.
> I'll change things to disable SSH when no guest is accessible from the
> host. I'd also encourage you both to point new developers to use
no please do not disable ssh by default in this setup also. May be make it
optional!
> kvmsh and not ssh - its a pita to set up and doesn't work in more
> complex environments.
Notice what I said about namespaces. We are getting better at exploring
namespaces. One way to isolate groups of KVM guests is to start the qemu-kvm
in group different namespace. But that is not fully functional yet.
For the ideas to speed up kvm boot is boot kvm without BIOS or minimal
BIOS. I red the default one is bloated. And this may also allow us to start
more workers per group.
More information about the Swan-dev
mailing list