[Swan-dev] disabling services - ssh?

[Antony Antony]

On Wed, Aug 12, 2020 at 08:37:29AM -0400, Andrew Cagney wrote:
> I'm guessing neither of you use multiple groups of test domains, or if

in my case you are wrong! I have hinted in the previous e-mail how long it 
takes to install with 23 groups. Yes I use multiple groups.  I have one just 
for fedora rawhide. That is where ssh to basedomain with keys forward is a 
must.

and in some cases to get two consoles I have used kvmsh nic as ssh stepping 
stone to east or road. One disadvantage here is kvsh can't forward ssh keys.

I notice you are forcing down your work flow on others and I am resisting!  
Virsh serial is a poor replacement to ssh! And we have ssh why give it up.
A bit speed impromvent is not good reason.

In this thread I listed a few drwabacks of kvmsh yet you going ahead with 
idea of disabling sshd by default. It is shocking! 

> you do, there's always a group of domains called east, west, ...
> SSH only works for the original east, west, ... domains.  Having it
> running in any other configuration is pointless - the host can't reach
> the test domain's interfaces.

I have played with putting each group into its own network namesapce to able 
able to ssh to them. Also use kvmsh nic or north to ssh to east or road.

> I'll change things to disable SSH when no guest is accessible from the
> host.  I'd also encourage you both to point new developers to use

no please do not disable ssh by default in this setup also. May be make it 
optional!

> kvmsh and not ssh - its a pita to set up and doesn't work in more
> complex environments. 

Notice what I said about namespaces. We are getting better at exploring 
namespaces. One way to isolate groups of KVM guests is to start the qemu-kvm 
in group different namespace. But that is not fully functional yet. 

For the ideas to  speed up kvm boot is boot kvm without BIOS or minimal 
BIOS.  I red the default one is bloated. And this may also allow us to start 
more workers per group.