On Thu, Dec 16, 2010 at 02:30:10PM -0500, Stephen Gallagher wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 12/13/2010 08:15 AM, Sumit Bose wrote: > >> We discussed this issue on irc and agreed that there will be no direct > >> fix to close this window, but a paragraph in the man page explaining > >> that there might be a small chance that during the first > >> enum_cache_timeout seconds a enumeration request like 'getent passwd' > >> will return no results. > > > I opted to add a paragraph to the enumerate option instead, specifying > that during the first enumeration, requests for all users or groups may > return no results. > > New patch attached. Thanks for the review.
ACK to both bye, Sumit > > - -- > Stephen Gallagher > RHCE 804006346421761 > > Delivering value year after year. > Red Hat ranks #1 in value among software vendors. > http://www.redhat.com/promo/vendor/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk0KaMIACgkQeiVVYja6o6PMVgCgpQJbgIDiEokygq2GMsp4svcL > PKIAn07AV5yLt/7s4KR09ZZy0eOk7/vz > =YuTP > -----END PGP SIGNATURE----- > From 3153b6097ceef650294f54f368c82e1d6186760c Mon Sep 17 00:00:00 2001 > From: Stephen Gallagher <sgall...@redhat.com> > Date: Wed, 8 Dec 2010 15:47:29 -0500 > Subject: [PATCH] Start first enumeration immediately > > Previously, we would wait for ten seconds before starting an > enumeration. However, this meant that on the first startup (before > we had run our first enumeration) there was a ten-second window > where clients would immediately get back a response with no > entries instead of blocking until the enumeration completed. > > With this patch, SSSD will now run an enumeration immediately upon > startup. Further startups will retain the ten-second delay so as > not to slow down system bootups. > > https://fedorahosted.org/sssd/ticket/616 > --- > src/man/sssd.conf.5.xml | 5 +++++ > src/providers/ldap/ldap_common.c | 31 ++++++++++++++++++++++++++++--- > src/providers/ldap/ldap_id_enum.c | 14 ++++++++++++++ > 3 files changed, 47 insertions(+), 3 deletions(-) > > diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml > index > 2bba38050fe2653ea7b471d1522491340c4069ef..7392dd0931ab015a58520eea93f34d798758b441 > 100644 > --- a/src/man/sssd.conf.5.xml > +++ b/src/man/sssd.conf.5.xml > @@ -513,6 +513,11 @@ > processing. > </para> > <para> > + While the first enumeration is running, requests > + for the complete user or group lists may return > + no results until it completes. > + </para> > + <para> > Further, enabling enumeration may increase the > time > necessary to detect network disconnection, as > longer timeouts are required to ensure that > diff --git a/src/providers/ldap/ldap_common.c > b/src/providers/ldap/ldap_common.c > index > 9945b4b137f9b2659235e213ebe20c3509203e63..a38d5cc2081677962c07c6b621519b5c82d1a78d > 100644 > --- a/src/providers/ldap/ldap_common.c > +++ b/src/providers/ldap/ldap_common.c > @@ -415,12 +415,37 @@ int sdap_id_setup_tasks(struct sdap_id_ctx *ctx) > struct timeval tv; > int ret = EOK; > int delay; > + bool has_enumerated; > > /* set up enumeration task */ > if (ctx->be->domain->enumerate) { > - /* run the first one in a couple of seconds so that we have time to > - * finish initializations first*/ > - tv = tevent_timeval_current_ofs(10, 0); > + /* If this is the first startup, we need to kick off > + * an enumeration immediately, to close a window where > + * clients requesting get*ent information won't get an > + * immediate reply with no entries > + */ > + ret = sysdb_has_enumerated(ctx->be->sysdb, > + ctx->be->domain, > + &has_enumerated); > + if (ret != EOK) { > + return ret; > + } > + if (has_enumerated) { > + /* At least one enumeration has previously run, > + * so clients will get cached data. We will delay > + * starting to enumerate by 10s so we don't slow > + * down the startup process if this is happening > + * during system boot. > + */ > + tv = tevent_timeval_current_ofs(10, 0); > + } else { > + /* This is our first startup. Schedule the > + * enumeration to start immediately once we > + * enter the mainloop. > + */ > + tv = tevent_timeval_current(); > + } > + > ret = ldap_id_enumerate_set_timer(ctx, tv); > } else { > /* the enumeration task, runs the cleanup process by itself, > diff --git a/src/providers/ldap/ldap_id_enum.c > b/src/providers/ldap/ldap_id_enum.c > index > f2ac8c6a93b821eb89e8c22f8170bebad8d68950..8695f35502e916f0a9201de2b267db05276d1c64 > 100644 > --- a/src/providers/ldap/ldap_id_enum.c > +++ b/src/providers/ldap/ldap_id_enum.c > @@ -134,12 +134,26 @@ static void ldap_id_enumerate_reschedule(struct > tevent_req *req) > uint64_t err; > struct timeval tv; > int delay; > + errno_t ret; > > if (tevent_req_is_error(req, &tstate, &err)) { > /* On error schedule starting from now, not the last run */ > tv = tevent_timeval_current(); > } else { > tv = ctx->last_enum; > + > + /* Ok, we've completed an enumeration. Save this to the > + * sysdb so we can postpone starting up the enumeration > + * process on the next SSSD service restart (to avoid > + * slowing down system boot-up > + */ > + ret = sysdb_set_enumerated(ctx->be->sysdb, > + ctx->be->domain, > + true); > + if (ret != EOK) { > + DEBUG(1, ("Could not mark domain as having enumerated.\n")); > + /* This error is non-fatal, so continue */ > + } > } > talloc_zfree(req); > > -- > 1.7.3.3 > > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/sssd-devel _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
