On Fri, Jun 09, 2006 at 09:57:24AM -0500, Anthony Liguori wrote:
> On Fri, 09 Jun 2006 09:54:44 +0100, Anil Madhavapeddy wrote:
>
> > On Fri, Jun 09, 2006 at 04:41:48AM -0400, Daniel Veillard wrote:
> >>
> >> SSH authentication is really expensive especially when you compare to
> >> other cost in the XML-RPC. I would really like some persistency
> >> of the connection if possible, especially for operations like monitoring,
> >> it's okay to reopen from time to time, but without reuse it would just not
> >> work.
> >
> > Yes, but the right place to do it is not in Xend. The auth caching
> > can be set up outside of Xend much more robustly depending on your
> > version of OpenSSH. If done in Xend, then it definitely needs to
> > use the wildcard support in ControlPath to avoid the authentication
> > race condition, and an OpenSSH version check.
>
> I think Daniel is suggesting that we use HTTP Keep-Alive which I also
> think is a really good idea. I think this will come in handy regardless
> of whether we use SSH.
Activating Keep-Alive would be a really good idea in any case,
local or remote, direct auth or tunnelling ! IIRC the main question
was about activating it at the Python level, that's something we
discussed on IRC but never formally I guess :-)
> This makes my patch a lot nicer though. I just would make sure the
> client uses Keep-Alive and then you get the same 1-time auth without
> any of the SSH trickery.
Is that just client side ?
> I'm investigating this right now. I seem to recall the HTTP server in
> python providing support for Keep-Alive...
Okay, maybe I'm off base :-)
> >
> > As Ian says, stunnel/SSL is probably easier from the client's point
> > of view (although I do like the easier SSH key management this patch
> > allows).
>
> There doesn't have to be one solution. The only real code that's needed
> here is xm serve which is not more than 100 lines. The client code is
> more of an example. I see no reason why we couldn't support all of these
> protocols (httpu, http, https, ssh).
Agreed, those are layered features, they should not have to conflict.
Daniel
--
Daniel Veillard | Red Hat http://redhat.com/
veillard@xxxxxxxxxx | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home