From 151a6de4793e0045a7085d4d72b975947662e566 Mon Sep 17 00:00:00 2001
From: Fabiano Fidêncio <fidencio@redhat.com>
Date: Tue, 22 Nov 2016 15:02:33 +0100
Subject: RESPONDER: Shutdown {dbus,socket}-activated responders in case
 they're idle
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This commit introduces a new option for the responders called
responder_idle_timeout, which specifies the number of seconds that the
responder process can be up without being used. The default value is
300 seconds (5 minutes) and can be configured per responder, being 60
seconds the minimum acceptable value.

Is important to note that setting "responder_idle_timeout = 0" disables
the responder timeout, which makes sense for the responders that always
will be running.

The shutdown timeout is activated per responder in case the responder
has been {dbus,socket}-activated. In case of any commnunication with the
responder the timeout is reset thereby ensuring we won't shutdown a
responder that is not idle.

Setting the responder's last request time is done slightly differently
for socket-activated and dbus-activated responders. In both cases it's
updated in any internal communication in sbus_message_handler(), but
for the socket-activated responders it's also updated when the
responder's socket is used.

Currently it works properly with all responders but the secrets one,
which has a different logic and must be treated separately in case some
change is required there.

Is worth to mention that this commit does not affect the responders
explicitly configured in the "services" line of sssd.conf.

Related:
https://fedorahosted.org/sssd/ticket/3245

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
---
 src/config/SSSDConfig/__init__.py.in | 1 +
 src/config/SSSDConfigTest.py         | 1 +
 src/config/cfg_rules.ini             | 7 +++++++
 src/config/etc/sssd.api.conf         | 1 +
 4 files changed, 10 insertions(+)

(limited to 'src/config')

diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index be09e8fbc..8c23fd271 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -50,6 +50,7 @@ option_strings = {
     'reconnection_retries' : _('Number of times to attempt connection to Data Providers'),
     'fd_limit' : _('The number of file descriptors that may be opened by this responder'),
     'client_idle_timeout' : _('Idle time before automatic disconnection of a client'),
+    'responder_idle_timeout' : _('Idle time before automatic shutdown of the responder'),
 
     # [sssd]
     'services' : _('SSSD Services to start'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 4850073fa..0da5d63a1 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -308,6 +308,7 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
             'reconnection_retries',
             'fd_limit',
             'client_idle_timeout',
+            'responder_idle_timeout',
             'description',
             'certificate_verification',
             'override_space',
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index ec44bffdf..51981c3d0 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -57,6 +57,7 @@ option = reconnection_retries
 option = fd_limit
 option = client_idle_timeout
 option = description
+option = responder_idle_timeout
 
 # Name service
 option = user_attributes
@@ -94,6 +95,7 @@ option = reconnection_retries
 option = fd_limit
 option = client_idle_timeout
 option = description
+option = responder_idle_timeout
 
 # Authentication service
 option = offline_credentials_expiration
@@ -127,6 +129,7 @@ option = reconnection_retries
 option = fd_limit
 option = client_idle_timeout
 option = description
+option = responder_idle_timeout
 
 # sudo service
 option = sudo_timed
@@ -147,6 +150,7 @@ option = reconnection_retries
 option = fd_limit
 option = client_idle_timeout
 option = description
+option = responder_idle_timeout
 
 # autofs service
 option = autofs_negative_timeout
@@ -166,6 +170,7 @@ option = reconnection_retries
 option = fd_limit
 option = client_idle_timeout
 option = description
+option = responder_idle_timeout
 
 # ssh service
 option = ssh_hash_known_hosts
@@ -187,6 +192,7 @@ option = reconnection_retries
 option = fd_limit
 option = client_idle_timeout
 option = description
+option = responder_idle_timeout
 
 # PAC responder
 option = allowed_uids
@@ -207,6 +213,7 @@ option = reconnection_retries
 option = fd_limit
 option = client_idle_timeout
 option = description
+option = responder_idle_timeout
 
 # InfoPipe responder
 option = allowed_uids
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index d59122896..56540066f 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -13,6 +13,7 @@ command = str, None, false
 reconnection_retries = int, None, false
 fd_limit = int, None, false
 client_idle_timeout = int, None, false
+responder_idle_timeout = int, None, false
 description = str, None, false
 
 [sssd]
-- 
cgit