[distcc] Proposed Enhancements/Changes

KELEMEN Peter Peter.Kelemen at cern.ch
Fri Jul 25 13:39:34 GMT 2008 

* Fergus Henderson (fergus at google.com) [20080725 09:16]:

> It would be great to quantify that.  How much slower is SSH
> than unautenticated distcc?  And how much slowdown would be
> acceptable for you?

We haven't measured that yet.  But we expect something like what
Martin said.

> - the need for the right .ssh config files (distcc could be
> modified to create them automatically if you don't have them)

This implies local storage for the users' .ssh files on
each distcc node... something we would like to avoid.  The
administration of these files will soon become nightmarish as the
number of nodes/users grows.

> Hmm, yes.  But most medium or large sites are using LDAP or NIS
> or something like that so that you don't have have to specify
> that on each host.

“Most.” :-)  For historical reasons we're still in the /etc/passwd
era and it is outside of our (the distcc effort team) control.

> I guess you're using Kerberos for that.  Without knowing much
> of the details of that, I'm wondering why you couldn't use
> Kerberos authentication for logins, but you can use it for
> distcc authentication.

In fact we're using Kerberos for authentication.  However,
authorization is /etc/passwd and /etc/pam.d/ . (I.e. entries
have to exist locally.)  For obvious reasons, not all users are
allowed everywhere.

> I'm just pushing back a bit here because if the only real reason
> to not use ssh mode for this is performance, then I'd like to
> quantify the performance differences.

Understood and agreed.  In theory, ssh access as a common user
account would be feasible, but it would make our job much harder
later for accounting purposes.

> What do you mean by "build platform" in the context?

Our users are building for various target platforms.  For example,
RHEL4 is a target platform.  In reality, a “platform” means
a certain combination of kernel/glibc/gcc which we aggressively
try to keep down to the minimum (by luring users into a locked-in
combo, say, by providing excess capacity for that platform).

> How would a distccd server determine which build platforms it
> supports?

We're not sure yet, hence the dialog.  Ideally, the clients are
zeroconf, so, for example, we would like to prevent RHEL4 clients
submitting jobs to RHEL5 servers without the user having to
specify anything.

Peter

-- 
    .+'''+.         .+'''+.         .+'''+.         .+'''+.         .+''
 Kelemen Péter     /       \       /       \     Peter.Kelemen at cern.ch
.+'         `+...+'         `+...+'         `+...+'         `+...+'

More information about the distcc mailing list