diff options
author | Petr Cech <pcech@redhat.com> | 2016-08-24 14:41:09 +0200 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-09-13 16:22:26 +0200 |
commit | aef0171e0bdc9a683958d69c7ee984fb10cd5de7 (patch) | |
tree | fc6560ea19e4d1f5a4701c667f98c3691f3fbd25 | |
parent | 6c335dee38da943796710b5e336472a10cf641f2 (diff) | |
download | sssd-aef0171e0bdc9a683958d69c7ee984fb10cd5de7.tar.gz sssd-aef0171e0bdc9a683958d69c7ee984fb10cd5de7.tar.xz sssd-aef0171e0bdc9a683958d69c7ee984fb10cd5de7.zip |
PROXY: Adding proxy_max_children option
The new option 'proxy_max_children' is applicable
in domain section. Default value is 10.
Resolves:
https://fedorahosted.org/sssd/ticket/3153
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-rw-r--r-- | src/confdb/confdb.h | 1 | ||||
-rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 3 | ||||
-rw-r--r-- | src/config/cfg_rules.ini | 1 | ||||
-rw-r--r-- | src/config/etc/sssd.api.d/sssd-proxy.conf | 1 | ||||
-rw-r--r-- | src/man/sssd.conf.5.xml | 16 | ||||
-rw-r--r-- | src/providers/proxy/proxy_init.c | 22 |
6 files changed, 42 insertions, 2 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 2d6509001..36a2f21a0 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -219,6 +219,7 @@ #define CONFDB_PROXY_LIBNAME "proxy_lib_name" #define CONFDB_PROXY_PAM_TARGET "proxy_pam_target" #define CONFDB_PROXY_FAST_ALIAS "proxy_fast_alias" +#define CONFDB_PROXY_MAX_CHILDREN "proxy_max_children" /* Secrets Service */ #define CONFDB_SEC_CONF_ENTRY "config/secrets" diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 2027028f7..0acb751e2 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -429,6 +429,9 @@ option_strings = { 'default_shell' : _('Default shell, /bin/bash'), 'base_directory' : _('Base for home directories'), + # [provider/proxy] + 'proxy_max_children' : _('The number of preforked proxy children.'), + # [provider/proxy/id] 'proxy_lib_name' : _('The name of the NSS library to use'), 'proxy_fast_alias' : _('Whether to look up canonical group name from cache if possible'), diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 93c10e2b7..01be0c6e6 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -305,6 +305,7 @@ option = base_directory option = proxy_lib_name option = proxy_fast_alias option = proxy_pam_target +option = proxy_max_children # simple access provider specific options option = simple_allow_users diff --git a/src/config/etc/sssd.api.d/sssd-proxy.conf b/src/config/etc/sssd.api.d/sssd-proxy.conf index 89a6503f9..09bf82aff 100644 --- a/src/config/etc/sssd.api.d/sssd-proxy.conf +++ b/src/config/etc/sssd.api.d/sssd-proxy.conf @@ -1,4 +1,5 @@ [provider/proxy] +proxy_max_children = int, None, false [provider/proxy/id] proxy_lib_name = str, None, true diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 6f231b8ab..8b862eb0c 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -2482,6 +2482,22 @@ subdomain_inherit = ldap_purge_cache_timeout </listitem> </varlistentry> + <varlistentry> + <term>proxy_max_children (integer)</term> + <listitem> + <para> + This option specifies the number of pre-forked + proxy children. It is useful for high-load SSSD + environments where sssd may run out of available + child slots, which would cause some issues due to + the requests being queued. + </para> + <para> + Default: 10 + </para> + </listitem> + </varlistentry> + </variablelist> </para> diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c index 1edf4fd64..2241dafb8 100644 --- a/src/providers/proxy/proxy_init.c +++ b/src/providers/proxy/proxy_init.c @@ -29,6 +29,8 @@ #define NSS_FN_NAME "_nss_%s_%s" +#define OPT_MAX_CHILDREN_DEFAULT 10 + #define ERROR_INITGR "The '%s' library does not provides the " \ "_nss_XXX_initgroups_dyn function!\n" \ "initgroups will be slow as it will require " \ @@ -220,6 +222,7 @@ static errno_t proxy_init_auth_ctx(TALLOC_CTX *mem_ctx, struct proxy_auth_ctx *auth_ctx; errno_t ret; int hret; + int max_children; auth_ctx = talloc_zero(mem_ctx, struct proxy_auth_ctx); if (auth_ctx == NULL) { @@ -241,8 +244,23 @@ static errno_t proxy_init_auth_ctx(TALLOC_CTX *mem_ctx, } /* Set up request hash table */ - /* FIXME: get max_children from configuration file */ - auth_ctx->max_children = 10; + ret = confdb_get_int(be_ctx->cdb, be_ctx->conf_path, + CONFDB_PROXY_MAX_CHILDREN, + OPT_MAX_CHILDREN_DEFAULT, + &max_children); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Unable to read confdb [%d]: %s\n", ret, sss_strerror(ret)); + goto done; + } + + if (max_children < 1) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Option " CONFDB_PROXY_MAX_CHILDREN " must be higher then 0\n"); + ret = EINVAL; + goto done; + } + auth_ctx->max_children = max_children; hret = hash_create(auth_ctx->max_children * 2, &auth_ctx->request_table, NULL, NULL); |