On Fri, Feb 03, 2017 at 07:29:07PM +0000, cmc wrote:> Looking on our firewall, it will timeout inactive connections after 15 > minutes of inactivity.Yes, this will likely break virt-p2v.> I'm guessing there is no keepalive in the control connections.The default for ssh is to use TCP keepalives. However those are very infrequent (once every 2 hours IIRC), so it won't prevent a firewall with such a short timeout from breaking virt-p2v. Easiest thing here would be to fix the firewall. 15 minutes is a very short timeout. Doesn't that cause all kinds of problems for regular SSH usage? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows. http://people.redhat.com/~rjones/virt-df/
On Sat, 4 Feb 2017 10:15:57 +0000 "Richard W.M. Jones" <rjones@redhat.com> wrote:> On Fri, Feb 03, 2017 at 07:29:07PM +0000, cmc wrote: > > Looking on our firewall, it will timeout inactive connections after 15 > > minutes of inactivity. > > Yes, this will likely break virt-p2v. > > > I'm guessing there is no keepalive in the control connections. > > The default for ssh is to use TCP keepalives. However those are very > infrequent (once every 2 hours IIRC), so it won't prevent a firewall > with such a short timeout from breaking virt-p2v. > > Easiest thing here would be to fix the firewall. 15 minutes is a very > short timeout. Doesn't that cause all kinds of problems for regular > SSH usage?SSH client has option ServerAliveInterval (in seconds) that instructs SSH to send, after period of inactivity, a message through control connection and request a response from server. The default is 0, i.e. no such messages are sent. The intent is mostly to detect early when connection was dropped, but it should also help you with your firewall. Hope this helps, Tomas> > Rich. > > -- > Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones > Read my programming and virtualization blog: http://rwmj.wordpress.com > virt-df lists disk usage of guests without needing to install any > software inside the virtual machine. Supports Linux and Windows. > http://people.redhat.com/~rjones/virt-df/ > > _______________________________________________ > Libguestfs mailing list > Libguestfs@redhat.com > https://www.redhat.com/mailman/listinfo/libguestfs-- Tomáš Golembiovský <tgolembi@redhat.com>
On Sat, Feb 04, 2017 at 02:10:30PM +0100, Tomáš Golembiovský wrote:> On Sat, 4 Feb 2017 10:15:57 +0000 > "Richard W.M. Jones" <rjones@redhat.com> wrote: > > > On Fri, Feb 03, 2017 at 07:29:07PM +0000, cmc wrote: > > > Looking on our firewall, it will timeout inactive connections after 15 > > > minutes of inactivity. > > > > Yes, this will likely break virt-p2v. > > > > > I'm guessing there is no keepalive in the control connections. > > > > The default for ssh is to use TCP keepalives. However those are very > > infrequent (once every 2 hours IIRC), so it won't prevent a firewall > > with such a short timeout from breaking virt-p2v. > > > > Easiest thing here would be to fix the firewall. 15 minutes is a very > > short timeout. Doesn't that cause all kinds of problems for regular > > SSH usage? > > SSH client has option ServerAliveInterval (in seconds) that instructs > SSH to send, after period of inactivity, a message through control > connection and request a response from server. The default is 0, i.e. no > such messages are sent. The intent is mostly to detect early when > connection was dropped, but it should also help you with your firewall. > > Hope this helps,Indeed that does help with most things (except for shell-level timeouts). I'll post a patch in a bit. Thanks, Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 100 libraries supported. http://fedoraproject.org/wiki/MinGW