On 09/09/2009 07:50 AM, Sumit Bose wrote: > On Tue, Sep 08, 2009 at 08:32:55PM -0400, Stephen Gallagher wrote: >> I have refactored nsssrv_cmd.c and created a new patch for the >> EntryCacheNoWaitRefreshTimeout. >> >> I have created a new function, check_cache() which is a common entry >> point for getpwnam, getpwuid, getgrnam and getgrgid to examine whether >> the cache is still valid. >> >> Addressing other points from the review inline below. >> >> >> On 08/17/2009 11:19 AM, Sumit Bose wrote: >>> On Fri, Aug 14, 2009 at 03:46:54PM -0400, Stephen Gallagher wrote: >>>> This timeout specifies the lifetime of a cache entry before it is >>>> updated out-of-band. When this timeout is hit, the request will >>>> still complete from cache, but the SSSD will also go and update >>>> the cached entry in the background to extend the life of the >>>> cache entry and reduce the wait time of a future request. >>>> >>>> Support for the EnumCacheNoWaitRefreshTimeout is still forthcoming, but >>>> I wanted to get a formal review on this portion. >>> >>> >>> NACK. I think this patch indicates that nsssrv_cmd.c needs some >>> refactoring, please do this before adding more code. >>> >> >> Done. >> > > Works for me, but can you add a man page entry for > EnumCacheNoWaitRefreshTimeout ? > > bye, > Sumit > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/sssd-devel
Whoops, forgot to add those to the commit. New patch 0002 attached (patch 0001 unaffected) -- Stephen Gallagher RHCE 804006346421761 Looking to carve out IT costs? www.redhat.com/carveoutcosts/
From f9eece15b906ad857ef0ba0f668a06a7552ac379 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Tue, 8 Sep 2009 20:18:12 -0400
Subject: [PATCH 2/2] Add support for the EntryCacheNoWaitRefreshTimeout
This timeout specifies the lifetime of a cache entry before it is
updated out-of-band. When this timeout is hit, the request will
still complete from cache, but the SSSD will also go and update
the cached entry in the background to extend the life of the
cache entry and reduce the wait time of a future request.
---
server/examples/sssd.conf | 9 +++++++++
server/man/sssd.conf.5.xml | 13 +++++++++++++
server/responder/nss/nsssrv.c | 16 ++++++++++++++++
server/responder/nss/nsssrv.h | 4 +++-
server/responder/nss/nsssrv_cmd.c | 35 ++++++++++++++++++++++++++++++++++-
5 files changed, 75 insertions(+), 2 deletions(-)
diff --git a/server/examples/sssd.conf b/server/examples/sssd.conf
index 90e0c8d..b47ab9d 100644
--- a/server/examples/sssd.conf
+++ b/server/examples/sssd.conf
@@ -13,6 +13,15 @@ description = NSS Responder Configuration
filterGroups = root
filterUsers = root
+# The EntryCacheTimeout indicates the number of seconds to retain before
+# an entry in cache is considered stale and must block to refresh.
+# The EntryCacheNoWaitRefreshTimeout indicates the number of seconds to
+# wait before updating the cache out-of-band. (NSS requests will still
+# be returned from cache until the full EntryCacheTimeout). Setting this
+# value to 0 turns this feature off (default)
+; EntryCacheTimeout = 600
+; EntryCacheNoWaitRefreshTimeout = 300
+
[services/dp]
description = Data Provider Configuration
diff --git a/server/man/sssd.conf.5.xml b/server/man/sssd.conf.5.xml
index f4cb87a..fe2262d 100644
--- a/server/man/sssd.conf.5.xml
+++ b/server/man/sssd.conf.5.xml
@@ -331,6 +331,19 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term>EntryCacheNoWaitRefreshTimeout (integer)</term>
+ <listitem>
+ <para>
+ How long should nss_sss return cached entries
before
+ initiating an out-of-band cache refresh (0 disables
+ this feature)
+ </para>
+ <para>
+ Default: 0
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term>EntryNegativeTimeout (integer)</term>
<listitem>
<para>
diff --git a/server/responder/nss/nsssrv.c b/server/responder/nss/nsssrv.c
index ad80438..3920189 100644
--- a/server/responder/nss/nsssrv.c
+++ b/server/responder/nss/nsssrv.c
@@ -107,6 +107,22 @@ static int nss_get_config(struct nss_ctx *nctx,
&nctx->filter_users_in_groups);
if (ret != EOK) goto done;
+
+ ret = confdb_get_int(cdb, nctx, NSS_SRV_CONFIG,
+ "EntryCacheNoWaitRefreshTimeout", 0,
+ &nctx->cache_refresh_timeout);
+ if (ret != EOK) goto done;
+ if (nctx->cache_refresh_timeout >= nctx->cache_timeout) {
+ DEBUG(0,("Configuration error: EntryCacheNoWaitRefreshTimeout exceeds"
+ "EntryCacheTimeout. Disabling feature.\n"));
+ nctx->cache_refresh_timeout = 0;
+ }
+ if (nctx->cache_refresh_timeout < 0) {
+ DEBUG(0,("Configuration error: EntryCacheNoWaitRefreshTimeout is"
+ "invalid. Disabling feature.\n"));
+ nctx->cache_refresh_timeout = 0;
+ }
+
ret = confdb_get_string_as_list(cdb, tmpctx, NSS_SRV_CONFIG,
"filterUsers", &filter_list);
if (ret == ENOENT) filter_list = NULL;
diff --git a/server/responder/nss/nsssrv.h b/server/responder/nss/nsssrv.h
index c5a7bb3..a5adbaf 100644
--- a/server/responder/nss/nsssrv.h
+++ b/server/responder/nss/nsssrv.h
@@ -46,10 +46,12 @@ struct getent_ctx;
struct nss_ctx {
struct resp_ctx *rctx;
- int cache_timeout;
int neg_timeout;
struct nss_nc_ctx *ncache;
+ int cache_timeout;
+ int cache_refresh_timeout;
+
int enum_cache_timeout;
time_t last_user_enum;
time_t last_group_enum;
diff --git a/server/responder/nss/nsssrv_cmd.c
b/server/responder/nss/nsssrv_cmd.c
index da53e09..9407f40 100644
--- a/server/responder/nss/nsssrv_cmd.c
+++ b/server/responder/nss/nsssrv_cmd.c
@@ -278,26 +278,50 @@ static errno_t check_cache(struct nss_dom_ctx *dctx,
{
errno_t ret;
int timeout;
+ int refresh_timeout;
time_t now;
uint64_t lastUpdate;
struct nss_cmd_ctx *cmdctx = dctx->cmdctx;
struct cli_ctx *cctx = cmdctx->cctx;
bool call_provider = false;
+ sss_dp_callback_t cb = NULL;
if (dctx->check_provider) {
switch (res->count) {
case 0:
+ /* This is a cache miss. We need to get the updated user
+ * information before returning it.
+ */
call_provider = true;
+ cb = callback;
break;
case 1:
timeout = nctx->cache_timeout;
+ refresh_timeout = nctx->cache_refresh_timeout;
now = time(NULL);
lastUpdate = ldb_msg_find_attr_as_uint64(res->msgs[0],
SYSDB_LAST_UPDATE, 0);
if (lastUpdate + timeout < now) {
+ /* This is a cache miss. We need to get the updated user
+ * information before returning it.
+ */
call_provider = true;
+ cb = callback;
+ }
+ else if (refresh_timeout && (lastUpdate + refresh_timeout < now)) {
+ /* We're past the the cache refresh timeout
+ * We'll return the value from the cache, but we'll also
+ * queue the cache entry for update out-of-band.
+ */
+ call_provider = true;
+ cb = NULL;
+ }
+ else {
+ /* Cache is still valid. Just return it. */
+ call_provider = false;
+ cb = NULL;
}
break;
@@ -340,7 +364,16 @@ static errno_t check_cache(struct nss_dom_ctx *dctx,
/* Tell the calling function to return so the dp callback
* can resolve
*/
- return EAGAIN;
+ if (cb) {
+ return EAGAIN;
+ }
+
+ /* No callback required
+ * This was an out-of-band update. We'll return EOK
+ * so the calling function can return the cached entry
+ * immediately.
+ */
+ DEBUG(3, ("Updating cache out-of-band\n"));
}
return EOK;
--
1.6.2.5
signature.asc
Description: OpenPGP digital signature
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
