Set keepalive interval for paramiko SSHClient
If the ssh server has set the option ClientAliveInterval, it will
send an 'empty' packet to a client and closes the connection if
the client is not responding.
Looks like paramiko ignores such keepalive packages from server.
But paramiko has an option similar to ServerAliveInterval, which
allows to send an 'empty' package from the client to the server,
so the server will never reach it's own timeout
for ClientAliveInterval, and the connection won't be closed.
- export SSH_SERVER_ALIVE_INTERVAL=60 # 60 is default, 0 to disable
- remove workarounds for ClientAliveInterval. If the platform set
this value to 300 for all nodes, the same timeouts may
happen inside the platform between different components
and should be catched by the tests in that case.
Change-Id: I552cb7fdca59b51a3fc0e9e7d2cff7f28cb444dc
diff --git a/tcp_tests/managers/underlay_ssh_manager.py b/tcp_tests/managers/underlay_ssh_manager.py
index 5f919ce..44c8830 100644
--- a/tcp_tests/managers/underlay_ssh_manager.py
+++ b/tcp_tests/managers/underlay_ssh_manager.py
@@ -23,6 +23,7 @@
import yaml
from tcp_tests import logger
+from tcp_tests import settings
from tcp_tests.helpers import ext
from tcp_tests.helpers import utils
@@ -255,10 +256,14 @@
keys=[rsakey.RSAKey(file_obj=StringIO.StringIO(key))
for key in ssh_data['keys']])
- return ssh_client.SSHClient(
+ client = ssh_client.SSHClient(
host=ssh_data['host'],
port=ssh_data['port'] or 22,
auth=ssh_auth)
+ client._ssh.get_transport().set_keepalive(
+ settings.SSH_SERVER_ALIVE_INTERVAL)
+
+ return client
def local(self):
"""Get Subprocess instance for local operations like:
diff --git a/tcp_tests/settings.py b/tcp_tests/settings.py
index 24c6c0b..33ab68c 100644
--- a/tcp_tests/settings.py
+++ b/tcp_tests/settings.py
@@ -41,6 +41,15 @@
SSH_NODE_CREDENTIALS = {"login": SSH_LOGIN,
"password": SSH_PASSWORD}
+# http://docs.paramiko.org/en/2.4/api/transport.html\
+# #paramiko.transport.Transport.set_keepalive
+# If this is set, after interval seconds without sending any data over the
+# connection, a "keepalive" packet will be sent (and ignored by the remote
+# host). Similar to ServerAliveInterval for ssh_config.
+# '0' to disable keepalives.
+SSH_SERVER_ALIVE_INTERVAL = int(
+ os.environ.get('SSH_SERVER_ALIVE_INTERVAL', 60))
+
# public_iface = IFACES[0]
# private_iface = IFACES[1]
IFACES = [
diff --git a/tcp_tests/templates/shared-salt.yaml b/tcp_tests/templates/shared-salt.yaml
index 330906d..dedc832 100644
--- a/tcp_tests/templates/shared-salt.yaml
+++ b/tcp_tests/templates/shared-salt.yaml
@@ -707,7 +707,7 @@
-C 'I@salt:master' state.sls openssh &&
salt --hard-crash --state-output=mixed --state-verbose=False
-C 'I@salt:master' cmd.run "sed -i 's/PasswordAuthentication no/PasswordAuthentication
- yes/' /etc/ssh/sshd_config && sed -i 's/ClientAliveInterval 300/ClientAliveInterval 18000/' /etc/ssh/sshd_config && service ssh reload"
+ yes/' /etc/ssh/sshd_config && service ssh reload"
node_name: {{ HOSTNAME_CFG01 }}
retry: {count: 3, delay: 5}
skip_fail: false
@@ -880,7 +880,7 @@
cmd: salt --hard-crash --state-output=mixed --state-verbose=False -C 'I@linux:system and not cfg01*' state.sls openssh &&
salt --hard-crash --state-output=mixed --state-verbose=False
-C 'I@linux:system and not cfg01*' cmd.run "sed -i 's/PasswordAuthentication no/PasswordAuthentication
- yes/' /etc/ssh/sshd_config && sed -i 's/ClientAliveInterval 300/ClientAliveInterval 18000/' /etc/ssh/sshd_config && service ssh reload"
+ yes/' /etc/ssh/sshd_config && service ssh reload"
node_name: {{ HOSTNAME_CFG01 }}
retry: {count: 1, delay: 5}
skip_fail: false