diff options
author | Fabiano Fidêncio <fidencio@redhat.com> | 2016-11-22 15:02:33 +0100 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2017-01-23 18:46:37 +0100 |
commit | 151a6de4793e0045a7085d4d72b975947662e566 (patch) | |
tree | 5082d9cb1c9b40ca9148672865c59fefa36cad75 /src/config | |
parent | 32c76642250b3ba3b173d0576c0d00b0190320a9 (diff) | |
download | sssd-151a6de4793e0045a7085d4d72b975947662e566.tar.gz sssd-151a6de4793e0045a7085d4d72b975947662e566.tar.xz sssd-151a6de4793e0045a7085d4d72b975947662e566.zip |
RESPONDER: Shutdown {dbus,socket}-activated responders in case they're idle
This commit introduces a new option for the responders called
responder_idle_timeout, which specifies the number of seconds that the
responder process can be up without being used. The default value is
300 seconds (5 minutes) and can be configured per responder, being 60
seconds the minimum acceptable value.
Is important to note that setting "responder_idle_timeout = 0" disables
the responder timeout, which makes sense for the responders that always
will be running.
The shutdown timeout is activated per responder in case the responder
has been {dbus,socket}-activated. In case of any commnunication with the
responder the timeout is reset thereby ensuring we won't shutdown a
responder that is not idle.
Setting the responder's last request time is done slightly differently
for socket-activated and dbus-activated responders. In both cases it's
updated in any internal communication in sbus_message_handler(), but
for the socket-activated responders it's also updated when the
responder's socket is used.
Currently it works properly with all responders but the secrets one,
which has a different logic and must be treated separately in case some
change is required there.
Is worth to mention that this commit does not affect the responders
explicitly configured in the "services" line of sssd.conf.
Related:
https://fedorahosted.org/sssd/ticket/3245
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src/config')
-rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 1 | ||||
-rwxr-xr-x | src/config/SSSDConfigTest.py | 1 | ||||
-rw-r--r-- | src/config/cfg_rules.ini | 7 | ||||
-rw-r--r-- | src/config/etc/sssd.api.conf | 1 |
4 files changed, 10 insertions, 0 deletions
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index be09e8fbc..8c23fd271 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -50,6 +50,7 @@ option_strings = { 'reconnection_retries' : _('Number of times to attempt connection to Data Providers'), 'fd_limit' : _('The number of file descriptors that may be opened by this responder'), 'client_idle_timeout' : _('Idle time before automatic disconnection of a client'), + 'responder_idle_timeout' : _('Idle time before automatic shutdown of the responder'), # [sssd] 'services' : _('SSSD Services to start'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 4850073fa..0da5d63a1 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -308,6 +308,7 @@ class SSSDConfigTestSSSDService(unittest.TestCase): 'reconnection_retries', 'fd_limit', 'client_idle_timeout', + 'responder_idle_timeout', 'description', 'certificate_verification', 'override_space', diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index ec44bffdf..51981c3d0 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -57,6 +57,7 @@ option = reconnection_retries option = fd_limit option = client_idle_timeout option = description +option = responder_idle_timeout # Name service option = user_attributes @@ -94,6 +95,7 @@ option = reconnection_retries option = fd_limit option = client_idle_timeout option = description +option = responder_idle_timeout # Authentication service option = offline_credentials_expiration @@ -127,6 +129,7 @@ option = reconnection_retries option = fd_limit option = client_idle_timeout option = description +option = responder_idle_timeout # sudo service option = sudo_timed @@ -147,6 +150,7 @@ option = reconnection_retries option = fd_limit option = client_idle_timeout option = description +option = responder_idle_timeout # autofs service option = autofs_negative_timeout @@ -166,6 +170,7 @@ option = reconnection_retries option = fd_limit option = client_idle_timeout option = description +option = responder_idle_timeout # ssh service option = ssh_hash_known_hosts @@ -187,6 +192,7 @@ option = reconnection_retries option = fd_limit option = client_idle_timeout option = description +option = responder_idle_timeout # PAC responder option = allowed_uids @@ -207,6 +213,7 @@ option = reconnection_retries option = fd_limit option = client_idle_timeout option = description +option = responder_idle_timeout # InfoPipe responder option = allowed_uids diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index d59122896..56540066f 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -13,6 +13,7 @@ command = str, None, false reconnection_retries = int, None, false fd_limit = int, None, false client_idle_timeout = int, None, false +responder_idle_timeout = int, None, false description = str, None, false [sssd] |