You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Marko Käning <mk...@mch.osram.de> on 2008/07/28 16:39:50 UTC
svn+ssh <-> svnserve <= speed concerns
Hi,
I just wondered whether using svnserve might be slower than svn+ssh...
Am I wrong?
(Unfortunately I can't test this myself yet, since I am still unable to
get svnserve up and running as expected, see thread "SVN+SSH tunneling
problem".)
Regards,
Marko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn+ssh <-> svnserve <= speed concerns
Posted by Christian Michallek <ch...@e-tecture.com>.
keep in mind, that the windows svn client is horribly slow compared to
the linux client, so if your using svnserve with windows clients, this
can slow you down even more.
greetings
christian
Am Montag, den 28.07.2008, 18:39 +0200 schrieb Marko Käning:
> Hi,
>
> I just wondered whether using svnserve might be slower than svn+ssh...
>
> Am I wrong?
>
> (Unfortunately I can't test this myself yet, since I am still unable to
> get svnserve up and running as expected, see thread "SVN+SSH tunneling
> problem".)
>
> Regards,
> Marko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn+ssh <-> svnserve <= speed concerns
Posted by Alan Barrett <ap...@cequrux.com>.
On Tue, 29 Jul 2008, Ryan Schmidt wrote:
>> But still I have the impression, that operations run quite slow.
>
> It probably has less to do with starting and stopping svnserve all
> the time, and more to do with the cost of starting up one or more ssh
> connections for each svn command.
Yes, that's very likely. Many people use ssh connection sharing to
mitigate this problem. If you use openssh, see the documentation for
the the ControlMaster and ControlPath configuration options.
--apb (Alan Barrett)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn+ssh <-> svnserve <= speed concerns
Posted by Marko Käning <mk...@mch.osram.de>.
Thanks John for your valuable input (concerning thread safety, speed,
authentication, encryption)! That verified that my setup is not totally
insane. :)
I just tested the speed issue and came out with the expected result. By
defining the tunnel with the specific svn user I'm no faster. :)
So it looks like I'll simply stick with my existing ssh infrastructure
since I need it for other still existing CVS repos anyway.
Will check out apache at some stage, I guess. I avoided this up to now due
to the simplicity with my few users here.
Regards,
Marko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn+ssh <-> svnserve <= speed concerns
Posted by John Peacock <jo...@havurah-software.org>.
Marko Käning wrote:
> What I in fact only gain is ISOLATION of my repos from direct access due
> to many ssh users on a file-basis. Instead only svnserve accesses the
> repos.
Correct, except that last bit is also true of running svnserve as a
server. In both the Apache server and svnserve (as server) cases, the
repository is accessed by a single account. You can also accomplish
that using the svn+ssh with a shared authorized_keys file, but you don't
have to do it that way.
> Still there can be many users accessing the repos at a time, but that will
> spawn also many svnserve processes which will handle the access to the
> repos in a much safer way.
All multiprocess repository access is handled in a safe manner, whether
you are using Apache, svnserve, local (i.e. file://) access or in fact
all of the above. Don't get distracted by this point; Subversion was
written to be multi-process (e.g. threadsafe) from the very beginning.
What you really need to focus on is:
1) How many users will be accessing the repository total?
2) How many users will be accessing the repository at a single time?
3) How much infrastructure do you want to maintain to handle both
authentication and authorization?
There isn't One True Answer(TM) to these questions. With a small group
of slowly changing users who have complete access to the entire
repository, svn+ssh:// is a perfectly acceptable solution. However, a
large number of users, with a high turnover rate, who each need rights
to only a small portion of the total repository, svn+ssh:// will not
work for you and Apache would be much easier to manage. Only you can
make those determinations...
John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn+ssh <-> svnserve <= speed concerns
Posted by Marko Käning <mk...@mch.osram.de>.
Well, so what you say is that by using a single user with an appropriately
set up authorized_keys file I do not get a speed-up.
What I in fact only gain is ISOLATION of my repos from direct access due
to many ssh users on a file-basis. Instead only svnserve accesses the
repos.
Still there can be many users accessing the repos at a time, but that will
spawn also many svnserve processes which will handle the access to the
repos in a much safer way.
Did I get this right, eventually?
I guess I am a little dumb... :(
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn+ssh <-> svnserve <= speed concerns
Posted by Ulf Seltmann <se...@digitalzone.de>.
John Peacock schrieb:
> It all depends on what you want. If you want high performance *and*
> high security, you should probably be using Apache with SSL certificates
> (client and server).
I don't agree with that. I used apache2+ssl+httpauth, which is nearly
the same except for the certificates. i experienced a poor performance
in all svn-actions especially in merging where it took over 45minutes,
where svn+ssh (what i use now) takes fewer than a minute. The
server-usage decreased too. So my advice for performance and security is
undisputable svn+ssh
ciao
Ulf
[1]http://subversion.tigris.org/servlets/ReadMsg?listName=users&msgNo=80302
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn+ssh <-> svnserve <= speed concerns
Posted by John Peacock <jo...@havurah-software.org>.
Marko Käning wrote:
> Well, so this slow-down is still present, even if I use svnserve? Of
> course... I do use svn+ssh...
As I said, when you use svn+ssh, you are not running svnserve as a server
process, but rather once per connection. This mode of operation is actually
much more like using file:// protocol, just remotely.
> So, the only way to make it significantly faster is actually to avoid ssh
> at all. Is that what you want to say?
It depends on what you are trying to really accomplish:
In terms of performance, svnserve (as a server) has lower overhead (because the
protocol is simpler) but Apache/DAV using serf on the client can be faster
overall (because it is more efficient in the reuse of connections).
On the other hand, svnserve has very little in the way of support for fancy
authentication, whereas in Apache the skies the limit.
In terms of security, svn+ssh is probably most secure, since the traffic is
encrypted and you can (as you have already done) require the use of client
certificates to access the repo which is additionally owned by a single user.
On the other hand, if what you are most concerned with is over-the-wire
security, you can accomplish the same thing with https:// and client certificates.
It all depends on what you want. If you want high performance *and* high
security, you should probably be using Apache with SSL certificates (client and
server).
John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn+ssh <-> svnserve <= speed concerns
Posted by Marko Käning <mk...@mch.osram.de>.
> >Guess that's because svnserve dies after every operation.
> >
> >I think I need to run svnserve continuously...
>
> It probably has less to do with starting and stopping svnserve all the time,
> and more to do with the cost of starting up one or more ssh connections for
> each svn command.
Well, so this slow-down is still present, even if I use svnserve? Of
course... I do use svn+ssh...
So, the only way to make it significantly faster is actually to avoid ssh
at all. Is that what you want to say?
Anyway, having John's comment in mind I might be already somewhat faster
using svnserve now. Perhaps I'll work out a test case one day to proove
this.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn+ssh <-> svnserve <= speed concerns
Posted by Ryan Schmidt <su...@ryandesign.com>.
On Jul 29, 2008, at 04:19, Marko Käning wrote:
>> I'll try the one-liner now...
>>
>> I guess that's exactly where my error lies... :)
>
> Thanks again!!! That was it!
>
> Well, another important point was that there must not be any spaces in
> between the commas sperating the options at the beginning of the line.
>
> But still I have the impression, that operations run quite slow.
>
> Guess that's because svnserve dies after every operation.
>
> I think I need to run svnserve continuously...
It probably has less to do with starting and stopping svnserve all
the time, and more to do with the cost of starting up one or more ssh
connections for each svn command.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn+ssh <-> svnserve <= speed concerns
Posted by Marko Käning <mk...@mch.osram.de>.
Hi John,
> I'll try the one-liner now...
>
> I guess that's exactly where my error lies... :)
Thanks again!!! That was it!
Well, another important point was that there must not be any spaces in
between the commas sperating the options at the beginning of the line.
But still I have the impression, that operations run quite slow.
Guess that's because svnserve dies after every operation.
I think I need to run svnserve continuously...
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn+ssh <-> svnserve <= speed concerns
Posted by Marko Käning <mk...@mch.osram.de>.
> I would be *extremely* surprised if svnserve were not /significantly/ faster
> because for every transaction under svn+ssh, you have to:
Oh, I see. Thanks for this info!
> Did you put all of the authorized_keys stuff on a *single line* as you were
> told to? I use this feature all the time and have no problems whatsoever...
No, because following some example I used "\"'s to break that long line
up into smaller pieces...
I'll try the one-liner now...
I guess that's exactly where my error lies... :)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn+ssh <-> svnserve <= speed concerns
Posted by John Peacock <jo...@havurah-software.org>.
Marko Käning wrote:
> I just wondered whether using svnserve might be slower than svn+ssh...
I would be *extremely* surprised if svnserve were not /significantly/
faster because for every transaction under svn+ssh, you have to:
1) open up an ssh connection
2) spawn a one-time svnserve connection on the remote box
3) shutdown the ssh connection (actually kill it to be precise)
It's worse than that, though, since certain svn actions require multiple
connections, which multiplies those three steps rapidly.
In addition, it is a known bug that svn doesn't reuse existing ssh
sessions (which ssh2 supports through multiple channels), so even that
minor improvement is unavailable...
> (Unfortunately I can't test this myself yet, since I am still unable to
> get svnserve up and running as expected, see thread "SVN+SSH tunneling
> problem".)
Did you put all of the authorized_keys stuff on a *single line* as you
were told to? I use this feature all the time and have no problems
whatsoever...
John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org