[
https://issues.apache.org/jira/browse/BROOKLYN-361?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15748928#comment-15748928
]
Alex Heneveld commented on BROOKLYN-361:
----------------------------------------
Could we configure SSH so that the first connection waits 15s for a response
and if it times out it tries again with a longer (2m) timeout?
Reason is that IRL I've encountered two issues:
1) some servers accept socket connection on startup, before SSH is actually
ready to handle, and wait indefinitely; a shorter timeout of for the first
attempt will catch these
2) some servers esp when they can't reverse-DNS-lookup IP's, block for 1m+
trying to do so before proceeding to authorise connections
Both are external misconfigurations but they happen often enough and we can be
robust in the face of them.
> Brooklyn will block on initial ssh attempt indefinitely
> -------------------------------------------------------
>
> Key: BROOKLYN-361
> URL: https://issues.apache.org/jira/browse/BROOKLYN-361
> Project: Brooklyn
> Issue Type: Bug
> Reporter: Svetoslav Neykov
>
> Had a case where the initial ssh attempt would hang at
> {noformat}
> Opening ssh connection
> Task[ssh: initializing on-box base dir ./brooklyn-managed-processes]@PYxsD6KS
> Submitted by SoftlyPresent[value=Task[pre-start]@yQTQ08Py]
> In progress (RUNNABLE)
> At: net.schmizz.sshj.transport.TransportImpl.init(TransportImpl.java:158)
> net.schmizz.sshj.SSHClient.onConnect(SSHClient.java:671)
> net.schmizz.sshj.SocketClient.connect(SocketClient.java:71)
> net.schmizz.sshj.SocketClient.connect(SocketClient.java:77)
>
> org.apache.brooklyn.util.core.internal.ssh.sshj.SshjClientConnection.create(SshjClientConnection.java:188)
>
> org.apache.brooklyn.util.core.internal.ssh.sshj.SshjClientConnection.create(SshjClientConnection.java:41)
>
> org.apache.brooklyn.util.core.internal.ssh.sshj.SshjTool.acquire(SshjTool.java:630)
>
> org.apache.brooklyn.util.core.internal.ssh.sshj.SshjTool.acquire(SshjTool.java:616)
>
> org.apache.brooklyn.util.core.internal.ssh.sshj.SshjTool.connect(SshjTool.java:205)
>
> org.apache.brooklyn.location.ssh.SshMachineLocation.connectSsh(SshMachineLocation.java:697)
>
> org.apache.brooklyn.location.ssh.SshMachineLocation$10.get(SshMachineLocation.java:402)
>
> org.apache.brooklyn.location.ssh.SshMachineLocation$10.get(SshMachineLocation.java:400)
> org.apache.brooklyn.util.pool.BasicPool.leaseObject(BasicPool.java:134)
> org.apache.brooklyn.util.pool.BasicPool.exec(BasicPool.java:143)
>
> org.apache.brooklyn.location.ssh.SshMachineLocation.execSsh(SshMachineLocation.java:612)
>
> org.apache.brooklyn.location.ssh.SshMachineLocation$13.execWithTool(SshMachineLocation.java:791)
>
> org.apache.brooklyn.util.core.task.system.internal.ExecWithLoggingHelpers.execWithLogging(ExecWithLoggingHelpers.java:164)
>
> org.apache.brooklyn.util.core.task.system.internal.ExecWithLoggingHelpers.execScript(ExecWithLoggingHelpers.java:80)
>
> org.apache.brooklyn.location.ssh.SshMachineLocation.execScript(SshMachineLocation.java:775)
>
> org.apache.brooklyn.util.core.task.ssh.internal.AbstractSshExecTaskFactory$1.run(AbstractSshExecTaskFactory.java:52)
>
> org.apache.brooklyn.util.core.task.system.ProcessTaskWrapper$ProcessTaskInternalJob.call(ProcessTaskWrapper.java:99)
>
> org.apache.brooklyn.util.core.task.BasicExecutionManager$SubmissionCallable.call(BasicExecutionManager.java:519)
> {noformat}
> The reason in this case is that the connection goes through a proxy and it
> will accept a connection and keep it open indefinitely if there's no upstream
> host to forward to.
> Another case of the same problem at
> https://github.com/brooklyncentral/brooklyn/issues/878.
> Should time out if ssh handshake doesn't complete in a reasonable time.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
