Linux uses controlpersist to enhance SSH connection speed

Background information:
Currently, the configuration management of the servers in the project has all migrated from puppet to Ansible, and the slow problem of SSH channels, which had previously been considered not to be troubling, is clearly exposed.
Because many times need to update hundreds of servers at the same time, there are many servers and Ansible host is not the same IDC room.
Accidentally found an article, referring to open SSH controlmaster and persistent socket connection, you can speed up the execution speed of ansible, do not need to experience ssh every time, a single server may save only about 1 seconds, And hundreds of servers can save about 1 minutes of time.

But to turn on this feature, the newer openssh must be installed, and most of our hosts are CentOS6.4 x86_64, the default version is too old and the official Yum Warehouse version is also very old.
Considering that this feature requires only the support of the client and does not need to be installed on each server, we download the latest OpenSSH source package and package it into RPM and install it directly onto the ansible operations master.

Server environment:

CentOS 6.4 x86_64 Minimal

1. Compile and generate OpenSSH RPM
1.1 Tools required to install the build

$ sudo yum-y groupinstall "Development Tools"
$ sudo yum-y install pam-devel rpm-build rpmdevtools zlib-devel krb5-devel tcp_wrappers tcp_wrappers-devel tcp_wrappers-l Ibs

1.2 Configure the RPM compilation environment

$ cd/home/dong.guo
$ mkdir Rpmbuild
$ CD Rpmbuild
$ MKDIR-PV {build,buildroot,rpms,sources,specs,srpms,tmp}

$ cd/home/dong.guo
$ vim. Rpmmacros

%_topdir/home/dong.guo/rpmbuild

%_tmppath/home/dong.guo/tmp

1.3 Upgrade OpenSSL to latest
$ sudo yum update OpenSSL

1.4 Compile OpenSSH RPM

1.4.1 Download Source Package
$ cd/home/dong.guo/rpmbuild/sources/
$ wget http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/openssh-6.6p1.tar.gz
$ wget HTTP://MIRROR.TEAM-CYMRU.ORG/PUB/OPENBSD/OPENSSH/PORTABLE/OPENSSH-6.6P1.TAR.GZ.ASC
$ OpenSSL dgst-sha1 openssh-6.6p1.tar.gz; Echo b850fd1af704942d9b3c2eff7ef6b3a59b6a6b6e

1.4.2 Config Spec file

$ cd/home/dong.guo/rpmbuild/specs
$ tar Xfz ... /sources/openssh-6.6p1.tar.gz Openssh-6.6p1/contrib/redhat/openssh.spec
$ mv Openssh-6.6p1/contrib/redhat/openssh.spec Openssh-6.6p1.spec
$ RM-RF OPENSSH-6.6P1
$ sudo chown 74:74 openssh-6.6p1.spec
$ sed-i-E "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" Openssh-6.6p1.spec
$ sed-i-E "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" Openssh-6.6p1.spec
$ sed-i-E "s/buildprereq/buildrequires/g" Openssh-6.6p1.spec

1.4.3 compile to generate rpm
$ cd/home/dong.guo/rpmbuild/specs
$ rpmbuild-ba Openssh-6.6p1.spec

1.4.4 View the generated rpm

$ cd/home/dong.guo/rpmbuild/rpms/x86_64
$ ls openssh-*

openssh-6.6p1-1.x86_64.rpm openssh-clients-6.6p1-1.x86_64.rpm openssh-debuginfo-6.6p1-1.x86_64.rpm openssh-server-6.6p1-1.x86_64.rpm

1.4.5 installation of the generated RPM

$ cd/home/dong.guo/rpmbuild/rpms/x86_64
$ sudo rpm-e openssh-askpass
$ sudo rpm-e openssh-ldap
$ sudo rpm-fvh openssh*6.6p1-1*rpm

Preparing ... ########################################### [100%]
1:openssh ########################################### [33%]
2:openssh-clients ########################################### [67%]
3:openssh-server Warning:/etc/ssh/sshd_config created as/etc/ssh/sshd_config.rpmnew ############################## ####### [100%]

1.4.6 View the installed rpm

$ sudo rpm-qa | grep OpenSSH
Openssh-clients-6.6p1-1.x86_64
Openssh-server-6.6p1-1.x86_64
Openssh-6.6p1-1.x86_64

2. Configure Controlmaster

$ cd/home/dong.guo
$ vim. Ssh/config

Host *
Compression Yes
Serveraliveinterval 60
Serveralivecountmax 5
Controlmaster Auto
Controlpath ~/.ssh/sockets/%r@%h-%p
Controlpersist 4h

3. Download CMC tool for managing sockets

$ cd ~
$ sudo yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
$ sudo yum install git
$ cd/home/dong.guo
$ mkdir Bin
$ git clone https://github.com/ClockworkNet/cmc.git
$ CP CMC/CMC bin/

4. Use and test
4.1 View the current sockets
$ cmc-l

No controlmaster connection sockets found.

4.2 Statistics The first time of execution
$ time SSH rainbow@ ' hostname-s '
Ec2-tokyo

Real 0m9.486s
User 0m0.017s
SYS 0m0.015s

Takes 9.5 seconds

4.3 View the current sockets
$ cmc-l

Master running (pid=32857, cmd=ssh:/home/dong.guo/.ssh/sockets/rainbow@-22 [MUX], start=19:19:05)
Socket:/home/dong.guo/.ssh/sockets/rainbow@-22

4.4 Count the execution time with socket

$ time SSH rainbow@ ' hostname-s '

Ec2-tokyo

Real 0m0.240s
User 0m0.004s
SYS 0m0.005s

Takes 0.24 seconds

4.5 Delete all current sockets

$ cmc-x
-Closing Controlmaster Connection
Exit request sent.

4.6 Statistics without socket in the case of execution time

Ec2-tokyo

Real 0m9.468s
User 0m0.016s
SYS 0m0.017s
It's still 9.5 seconds.

5. Conclusion
After the controlmaster is turned on, SSH saves the time to authenticate and create the connection after the sockets is established.
In the case of a network condition that is not particularly ideal, especially across the internet, the performance boost is significant, saving 9 seconds in the test above.
And even if used inside the LAN, each server saves about 1 seconds of time, while operating hundreds of servers, save time is also very considerable, very worthwhile to have.