# HG changeset patch # User Thomas Gazagnaire <[email protected]> CA-36294: Fix performance issues when credentials are given using the pool secret.
Previously, to check whether the received pool-secret was valid or not, RBAC was trying to do a proper login using Session.slave_login and check whether that call succeed or not; This makes DB calls on slave to pass from around 2ms (before RBAC changes) to around 10ms (now). When doing a VM.start, slaves are doing hundreds of DB access, so VM.start were becoming very slow (up to 5 times slower!). This patch simply compare the pool secret given in the request with the one stored inside xapi memory which improve greatly the performance of slaves' calls. Issue found with Jonathan Davies' great help. Signed-off-by: Thomas Gazagnaire <[email protected]> diff -r d062b05c7867 ocaml/xapi/xapi_http.ml --- a/ocaml/xapi/xapi_http.ml Tue Jan 19 15:17:14 2010 +0000 +++ b/ocaml/xapi/xapi_http.ml Wed Jan 20 19:09:56 2010 +0000 @@ -125,13 +125,10 @@ else if List.mem_assoc "pool_secret" all then begin - let session_id = try - Client.Session.slave_login inet_rpc (Helpers.get_localhost ()) (List.assoc "pool_secret" all) - with _ -> raise (Http.Unauthorised realm) - in - Pervasiveext.finally - (fun ()-> rbac_check session_id) - (fun ()->(try Client.Session.logout inet_rpc session_id with _ -> ())) + if List.assoc "pool_secret" all = !Xapi_globs.pool_secret then + fn () + else + raise (Http.Unauthorised realm) end else begin
# HG changeset patch # User Thomas Gazagnaire <[email protected]> CA-36294: Fix performance issues when credentials are given using the pool secret. Previously, to check whether the received pool-secret was valid or not, RBAC was trying to do a proper login using Session.slave_login and check whether that call succeed or not; This makes DB calls on slave to pass from around 2ms (before RBAC changes) to around 10ms (now). When doing a VM.start, slaves are doing hundreds of DB access, so VM.start were becoming very slow (up to 5 times slower!). This patch simply compare the pool secret given in the request with the one stored inside xapi memory which improve greatly the performance of slaves' calls. Issue found with Jonathan Davies' great help. Signed-off-by: Thomas Gazagnaire <[email protected]> diff -r d062b05c7867 ocaml/xapi/xapi_http.ml --- a/ocaml/xapi/xapi_http.ml Tue Jan 19 15:17:14 2010 +0000 +++ b/ocaml/xapi/xapi_http.ml Wed Jan 20 19:09:56 2010 +0000 @@ -125,13 +125,10 @@ else if List.mem_assoc "pool_secret" all then begin - let session_id = try - Client.Session.slave_login inet_rpc (Helpers.get_localhost ()) (List.assoc "pool_secret" all) - with _ -> raise (Http.Unauthorised realm) - in - Pervasiveext.finally - (fun ()-> rbac_check session_id) - (fun ()->(try Client.Session.logout inet_rpc session_id with _ -> ())) + if List.assoc "pool_secret" all = !Xapi_globs.pool_secret then + fn () + else + raise (Http.Unauthorised realm) end else begin
_______________________________________________ xen-api mailing list [email protected] http://lists.xensource.com/mailman/listinfo/xen-api
