Hi list,
When using ansible with kerberos for thousands of targets, there is a
serious ccache performance issue.
Using file ccache (DIR:)
- from a cold ccache, running simple script on servers is fast, at 500-700
hosts/min with 2 or 4 concurrent ansible instance. But things change when
ccache has
On 5/13/19 3:22 AM, Wang Jian wrote:
> When using ansible with kerberos for thousands of targets, there is a
> serious ccache performance issue.
Agreed.
> Using file ccache (DIR:)
> - from a cold ccache, running simple script on servers is fast, at 500-700
> hosts/min with 2 or 4 concurrent ansib
We have a workaround, although it wasn’t intended for this purpose.
In https://github.com/clhedrick/kerberos, look at krenew-wrapper. It builds a
sharable library intended to be loaded with LD_PRELOAD. It wraps
krb5_init_context with code that renews and copies the TGT into a memory cache,
and
That’s
exec /bin/ssh “$@"
On May 13, 2019, at 4:50 PM, Charles Hedrick
mailto:hedr...@rutgers.edu>> wrote:
exec /bin/sh “$@"
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
another workaround:
Put your credential cache in /tmp.
instead of ssh call a script that does this:
cp $KRB5CCNAME /tmp/krb5cc_$$
export KRB5CCNAME=/tmp/krb5cc_$$
ssh “$@“
rm /tmp/krb5cc_$$
That is, copy the cache into a different /tmp file for each time you do the ssh.
On May 13, 2019, at 5
