domenkozar
commented
7 years ago We could just list all keys and scp would upload them in one go
Open mbrgm opened 7 years ago
domenkozar
commented
7 years ago We could just list all keys and scp would upload them in one go
mbrgm
commented
7 years ago With 8f4a67ca591f9d127344bca3ecd752d3d97a716d in place, we would now have to use one scp per destDir, as scp accepts multiple input files, but only one target path.
@domenkozar What do you think about the following idea (which is heavily inspired by how saltstack runs remote commands)?
destDirs. Content can be base64 encoded to avoid escaping issues or allow binary content.scp that script to the target.
moretea
commented
7 years ago NixOps uses an SSH master socket. It might be sufficient to do something like this (pseudocode)
for secret in secrets:
handle = master_ssh.exec_shell("cat > /secrets/file")
handle.stdin.write(secret)With 7 keys and being in asia this is quite painful :) Will give it a try.
domenkozar
commented
5 years ago Don't think we should further reinvent paramiko, need to resurrect https://github.com/NixOS/nixops/pull/124
grahamc
commented
4 years ago We were spawning way too many SSH connections at once, and reverted in #1269.
domenkozar
commented
4 years ago Not 100% the issue are connections, I could imagine a session is a process so he was seeing 100 session processes with 10 connections. Needs investigation but should be easy to reproduce.
Motivation
When there are multiple
deployment.keys, a separatescpupload is done for every single key file. This takes a lot of time and could probably be faster.Idea
Maybe the keys could be uploaded all at once -- either using recursive
scp -ron the whole keys directory or by some other means.