SSH reliability settings #317

ab77 · 2024-08-05T16:03:15Z

tl;dr docker-compose uses so many SSH connections (using DOCKER_HOST=ssh://...) that SSHd starts throttling it and breaking CI runs

Thank you for the hint:

   MaxStartups
           Specifies the maximum number of concurrent
           unauthenticated connections to the SSH daemon.
           Additional connections will be dropped until
           authentication succeeds or the LoginGraceTime expires for
           a connection.  The default is 10:30:100.

           Alternatively, random early drop can be enabled by
           specifying the three colon separated values
           start:rate:full (e.g. "10:30:60").  sshd(8) will refuse
           connection attempts with a probability of rate/100 (30%)
           if there are currently start (10) unauthenticated
           connections.  The probability increases linearly and all
           connection attempts are refused if the number of
           unauthenticated connections reaches full (60).

github-actions · 2024-08-05T16:06:18Z

Website deployed to CF Pages, 👀 preview link https://f03c5f25.open-balena.pages.dev

SSH connections keep breaking between Hetzner EU DCs and AWS us-east-1 for no particular reason. Suspect Hetzner local network saturation and/or a function of trans-atlantic routing/peering/time of day. Adding connection multiplexing and keepalive to test this theory. change-type: patch

ab77 · 2024-08-19T17:09:59Z

.github/workflows/tests.yml

@@ -839,6 +846,10 @@ jobs:
        aws ec2 wait instance-running --instance-ids "${instance_id}"
        with_backoff aws ec2 wait instance-status-ok --instance-ids "${instance_id}"

+        private_ip="$(aws ec2 describe-instances --instance-id "${instance_id}" \


we may want to use this in the future

ab77 · 2024-08-19T17:10:20Z

.github/workflows/tests.yml

+          # https://forums.docker.com/t/docker-compose-through-ssh-failing-and-referring-to-docker-example-com/115165/18
+          - path: /etc/ssh/sshd_config.d/00-cloud-init
+            content: |
+              MaxStartups 100:0:100


this is the actual fix

* enable SSHD multiplexing, KeepAlive and relax throttling Thank you for the hint: https://forums.docker.com/t/docker-compose-through-ssh-failing-and-referring-to-docker-example-com/115165/18?u=ab77 MaxStartups Specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be dropped until authentication succeeds or the LoginGraceTime expires for a connection. The default is 10:30:100. Alternatively, random early drop can be enabled by specifying the three colon separated values start:rate:full (e.g. "10:30:60"). sshd(8) will refuse connection attempts with a probability of rate/100 (30%) if there are currently start (10) unauthenticated connections. The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches full (60). change-type: patch

flowzone-app bot enabled auto-merge August 5, 2024 16:06

ab77 had a problem deploying to compose-private-pki August 5, 2024 16:06 — with GitHub Actions Failure

ab77 temporarily deployed to balena-public-pki August 5, 2024 16:06 — with GitHub Actions Inactive

ab77 had a problem deploying to compose-private-pki August 5, 2024 16:28 — with GitHub Actions Error

ab77 temporarily deployed to balena-public-pki August 5, 2024 16:28 — with GitHub Actions Inactive

ab77 temporarily deployed to compose-private-pki August 5, 2024 16:38 — with GitHub Actions Inactive

ab77 temporarily deployed to balena-public-pki August 5, 2024 16:38 — with GitHub Actions Inactive

ab77 requested a review from a team August 5, 2024 16:57

ab77 marked this pull request as draft August 5, 2024 17:25

auto-merge was automatically disabled August 5, 2024 17:25
Pull request was converted to draft

ab77 removed the request for review from a team August 5, 2024 17:25

ab77 had a problem deploying to compose-private-pki August 5, 2024 17:28 — with GitHub Actions Failure

ab77 temporarily deployed to balena-public-pki August 5, 2024 17:28 — with GitHub Actions Inactive

ab77 temporarily deployed to compose-private-pki August 5, 2024 20:46 — with GitHub Actions Inactive

ab77 temporarily deployed to balena-public-pki August 5, 2024 20:46 — with GitHub Actions Inactive

ab77 force-pushed the ab77/patch branch from 912bd57 to fbcabef Compare August 6, 2024 15:14

ab77 temporarily deployed to compose-private-pki August 6, 2024 15:18 — with GitHub Actions Inactive

ab77 temporarily deployed to balena-public-pki August 6, 2024 15:18 — with GitHub Actions Inactive

ab77 had a problem deploying to compose-private-pki August 7, 2024 03:23 — with GitHub Actions Error

ab77 had a problem deploying to balena-public-pki August 7, 2024 03:23 — with GitHub Actions Error

ab77 had a problem deploying to compose-private-pki August 7, 2024 03:30 — with GitHub Actions Error

ab77 had a problem deploying to balena-public-pki August 7, 2024 03:30 — with GitHub Actions Error

ab77 had a problem deploying to compose-private-pki August 7, 2024 03:41 — with GitHub Actions Failure

ab77 had a problem deploying to balena-public-pki August 7, 2024 03:41 — with GitHub Actions Failure

ab77 had a problem deploying to compose-private-pki August 9, 2024 21:35 — with GitHub Actions Error

ab77 had a problem deploying to balena-public-pki August 9, 2024 21:35 — with GitHub Actions Error

ab77 had a problem deploying to compose-private-pki August 12, 2024 15:06 — with GitHub Actions Error

ab77 had a problem deploying to balena-public-pki August 12, 2024 15:06 — with GitHub Actions Error

ab77 force-pushed the ab77/patch branch from 0142432 to 38afd8f Compare August 12, 2024 15:54

ab77 temporarily deployed to balena-public-pki August 19, 2024 16:34 — with GitHub Actions Inactive

ab77 requested a review from a team August 19, 2024 17:07

ab77 marked this pull request as ready for review August 19, 2024 17:07

ab77 added 14 commits August 19, 2024 10:07

pre-create control masters directory

e0a03ac

limit to test runners group

cc24c2e

experiment over ipsec vpn

80fe9bb

specify test runner group

94cc717

Update tests.yml

42b9edb

Update tests.yml

cff01bc

Update tests.yml

7b800de

Update tests.yml

12add96

try container runner

e518f94

Update tests.yml

afb1428

try GH runners for a laugh..

6361744

Docker Compose through SSH failing and referring to docker.example.com

8c7e939

Update tests.yml

977feac

ab77 force-pushed the ab77/patch branch from 3d637d9 to 977feac Compare August 19, 2024 17:07

ab77 commented Aug 19, 2024

View reviewed changes

flowzone-app bot enabled auto-merge August 19, 2024 17:11

ab77 temporarily deployed to compose-private-pki August 19, 2024 17:11 — with GitHub Actions Inactive

ab77 temporarily deployed to balena-public-pki August 19, 2024 17:11 — with GitHub Actions Inactive

ab77 temporarily deployed to compose-private-pki August 19, 2024 17:30 — with GitHub Actions Inactive

ab77 had a problem deploying to balena-public-pki August 19, 2024 17:30 — with GitHub Actions Error

klutchell approved these changes Aug 19, 2024

View reviewed changes

ab77 temporarily deployed to balena-public-pki August 19, 2024 18:04 — with GitHub Actions Inactive

flowzone-app bot merged commit 366249a into master Aug 19, 2024
50 checks passed

flowzone-app bot deleted the ab77/patch branch August 19, 2024 18:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SSH reliability settings #317

SSH reliability settings #317

ab77 commented Aug 5, 2024 •

edited

Loading

github-actions bot commented Aug 5, 2024 •

edited

Loading

ab77 Aug 19, 2024

ab77 Aug 19, 2024

SSH reliability settings #317

SSH reliability settings #317

Conversation

ab77 commented Aug 5, 2024 • edited Loading

github-actions bot commented Aug 5, 2024 • edited Loading

ab77 Aug 19, 2024

Choose a reason for hiding this comment

ab77 Aug 19, 2024

Choose a reason for hiding this comment

ab77 commented Aug 5, 2024 •

edited

Loading

github-actions bot commented Aug 5, 2024 •

edited

Loading