ways to speed up overhead of "lxc exec" on remote containers
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxd (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
When running autopkgtests in remote containers (necessary for moving armhf autopkgtesting into the cloud) there is quite a noticeable overhead. Running lxc exec with a no-op locally takes almost no time:
ubuntu@
root
real 0m0.076s
user 0m0.010s
sys 0m0.000s
But running this from a remote instance consistently has some 2.5 to 3.5 s overhead:
ubuntu@
ubuntu@
DBUG[01-
to https:/
DBUG[01-
root
DBUG[01-
DBUG[01-
DBUG[01-
DBUG[01-
real 0m3.463s
user 0m0.177s
sys 0m0.021s
ubuntu@
[...]
| armhf2 | https:/
[...]
I suppose this is due to the overhead of https://, establishing a new connection every time etc. openssh has some "connection sharing" feature which avoids the overhead of the initial negotiation and authentication. This is rather complex, so maybe not something that we have in LXD, but are there some tweaks to speed this up? E. g. switching off SSL, or switching off authentication (I trust these boxes, and they are firewalled rather tightly).
Thanks!
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: lxd 0.27-0ubuntu2
ProcVersionSign
Uname: Linux 4.3.0-7-generic x86_64
ApportVersion: 2.19.3-0ubuntu3
Architecture: amd64
CurrentDesktop: Unity
Date: Tue Jan 26 16:08:48 2016
EcryptfsInUse: Yes
SourcePackage: lxd
UpgradeStatus: No upgrade log present (probably fresh install)
On Tue, Jan 26, 2016 at 03:16:22PM -0000, Martin Pitt wrote: lxd-armhf2: ~$ time lxc exec x1 whoami lxd-controller: ~$ lxc launch armhf2: cloud/xenial/ armhf armhf2:x1 lxd-controller: ~$ time lxc exec --debug armhf2:x1 whoami </dev/null 26|15:08: 20] Posting {"command" :["whoami" ],"environment" :{"HOME" :"/root" ,"TERM" :"screen" ,"USER" :"root" },"interactive" :false, "wait-for- websocket" :true} /10.43. 42.59:8443/ 1.0/containers/ x1/exec 26|15:08: 21] Raw response: {"type" :"async" ,"status" :"OK"," status_ code":100, "operation" :"/1.0/ operations/ d183dcc6- 5e94-43eb- 9df8-35c963e8f2 be","resources" :null," metadata" :{"fds" :{"0":" c10a5a34c84bfe8 6bdd4bc35c6a943 49874b880ffb62a 5709d01f15b97d9 2410"," 1":"fa77b9e2909 863bb07247bf726 223e46d8bf36228 4bd1cf74221e23c ccc94885" ,"2":"58337bcca 5403e942a1f77f6 acd899b6db9ab98 0ad8bfbef1cfea9 470d52eae1" ,"control" :"0d55d71f9f8eb ad1b8538f1c6538 f86d1b973c1b368 a1805af5b471baa 9bc5b8" }}} 26|15:08: 23] Got error getting next reader websocket: close 1000 , &{%!s(*os.file=&{1 /dev/stdout <nil>})} 26|15:08: 23] Got error getting next reader websocket: close 1000 , &{%!s(*os.file=&{2 /dev/stderr <nil>})} 26|15:08: 23] 1.0/operations/ d183dcc6- 5e94-43eb- 9df8-35c963e8f2 be/wait 26|15:08: 24] Raw response: {"type" :"sync" ,"status" :"Success" ,"status_ code":200, "metadata" :{"created_ at":"2016- 01-26T15: 08:21.388232Z" ,"updated_ at":"2016- 01-26T15: 08:23.814687Z" ,"status" :"Success" ,"status_ code":200, "resources" :null," metadata" :{"return" :0},"may_ cancel" :false} } lxd-controller: ~$ lxc remote list /10.43. 42.59:8443 | NO |
> Public bug reported:
>
> When running autopkgtests in remote containers (necessary for moving
> armhf autopkgtesting into the cloud) there is quite a noticeable
> overhead. Running lxc exec with a no-op locally takes almost no time:
>
> ubuntu@
> root
>
> real 0m0.076s
> user 0m0.010s
> sys 0m0.000s
>
> But running this from a remote instance consistently has some 2.5 to 3.5
> s overhead:
>
> ubuntu@
> ubuntu@
> DBUG[01-
> to https:/
> DBUG[01-
>
> root
> DBUG[01-
> DBUG[01-
> DBUG[01-
> DBUG[01-
>
> real 0m3.463s
> user 0m0.177s
> sys 0m0.021s
>
> ubuntu@
> [...]
> | armhf2 | https:/
> [...]
>
> I suppose this is due to the overhead of https://, establishing a new
> connection every time etc. openssh has some "connection sharing" feature
> which avoids the overhead of the initial negotiation and authentication.
> This is rather complex, so maybe not something that we have in LXD, but
> are there some tweaks to speed this up? E. g. switching off SSL, or
> switching off authentication (I trust these boxes, and they are
> firewalled rather tightly).
How about forwarding with socat? untested:
socat TCP-LISTEN: 8443,fork UNIX-CLIENT: /var/lib/ lxd/unix. socket
and on the other host:
socat UNIX-CONNECT: /tmp/unix. socket TCP:10.0.0.1:8443 # or whatever your IP is
then,
LXD_DIR=/tmp lxc list