[CentOS-devel] Feedback needed: ideas for the Vagrant images

Laurentiu Pancescu lpancescu at gmail.com
Mon Jul 11 12:50:39 UTC 2016


Hello Nico,

many thanks for your detailed feedback.

On 09/07/16 16:38, Nico Kadel-Garcia wrote:
> On Thu, Jul 7, 2016 at 8:53 AM, Laurentiu Pancescu <lpancescu at gmail.com> wrote:
>> III. "UseDNS no" in sshd_config: this would make connections via ssh faster
>
> this is an old feature, and the "fix" is incomplete. What you really
> want is "-u0" for sshd set in /etc/sysconfig/sshd.

I assume only the first connection would be affected by the reverse DNS 
delay, since it would probably be cached afterwards?  Based on this 
assumption, and since Vagrant connects to the VM each time it boots, I 
performed some measurements with "time vagrant up" (from a powered-off 
state, after "vagrant halt").  Here are the stats from 10 measurements 
for each configuration, "UseDNS no" in both cases, but default 
parameters for sshd, and with -u0 enabled:

               mean       variance       median
default       76.7526    8.44587        75.4725
with -u0      75.3307    0.353426       75.3235

The values are in seconds.  The big variance in the default case is due 
to two outliers, 84.559s and 78.41s.  The boot time is more predictable 
with -u0, and we seem to save about 150ms from the boot time.

>> IV. disable requiretty in /etc/sudoers

I am aware of the security trade-off.  As Ken wrote, Ansible apparently 
doesn't need requiretty to be disabled any more, although their 
documentation hasn't been updated yet to reflect this.  I'm going to 
leave requiretty as it is, enabled by default.

>> V. set GRUB_TIMEOUT to 1 or 0
> For vagrant images, I can see this. For any system where a developer
> might need to control grub and select a kernel to roll back to, or
> switch to single user mode, I'd see it as making the grub selections
> unavailable.
> But for Vagrant images? Yeah, makes sense.
>

At least with the VirtualBox provider, you can have a visible VM by 
setting v.gui=true in the Vagrantfile.  I reduced the grub timeout to 1, 
instead of 0, to allow for manual intervention if necessary, when 
debugging boot problems.

Best regards,
Laurențiu


More information about the CentOS-devel mailing list