PROXY: Adding proxy_max_children option

The new option 'proxy_max_children' is applicable in domain section. Default value is 10. Resolves: https://fedorahosted.org/sssd/ticket/3153 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
author: Petr Cech <pcech@redhat.com> 2016-08-24 14:41:09 +0200
committer: Lukas Slebodnik <lslebodn@redhat.com> 2016-09-13 16:22:26 +0200
commit: aef0171e0bdc9a683958d69c7ee984fb10cd5de7 (patch)
tree: fc6560ea19e4d1f5a4701c667f98c3691f3fbd25
parent: 6c335dee38da943796710b5e336472a10cf641f2 (diff)
download: sssd-aef0171e0bdc9a683958d69c7ee984fb10cd5de7.tar.gz
sssd-aef0171e0bdc9a683958d69c7ee984fb10cd5de7.tar.xz
sssd-aef0171e0bdc9a683958d69c7ee984fb10cd5de7.zip
6 files changed, 42 insertions, 2 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 2d6509001..36a2f21a0 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -219,6 +219,7 @@
 #define CONFDB_PROXY_LIBNAME "proxy_lib_name"
 #define CONFDB_PROXY_PAM_TARGET "proxy_pam_target"
 #define CONFDB_PROXY_FAST_ALIAS "proxy_fast_alias"
+#define CONFDB_PROXY_MAX_CHILDREN "proxy_max_children"
 
 /* Secrets Service */
 #define CONFDB_SEC_CONF_ENTRY "config/secrets"
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 2027028f7..0acb751e2 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -429,6 +429,9 @@ option_strings = {
     'default_shell' : _('Default shell, /bin/bash'),
     'base_directory' : _('Base for home directories'),
 
+    # [provider/proxy]
+    'proxy_max_children' : _('The number of preforked proxy children.'),
+
     # [provider/proxy/id]
     'proxy_lib_name' : _('The name of the NSS library to use'),
     'proxy_fast_alias' : _('Whether to look up canonical group name from cache if possible'),
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 93c10e2b7..01be0c6e6 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -305,6 +305,7 @@ option = base_directory
 option = proxy_lib_name
 option = proxy_fast_alias
 option = proxy_pam_target
+option = proxy_max_children
 
 # simple access provider specific options
 option = simple_allow_users
diff --git a/src/config/etc/sssd.api.d/sssd-proxy.conf b/src/config/etc/sssd.api.d/sssd-proxy.conf
index 89a6503f9..09bf82aff 100644
--- a/src/config/etc/sssd.api.d/sssd-proxy.conf
+++ b/src/config/etc/sssd.api.d/sssd-proxy.conf
@@ -1,4 +1,5 @@
 [provider/proxy]
+proxy_max_children = int, None, false
 
 [provider/proxy/id]
 proxy_lib_name = str, None, true
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 6f231b8ab..8b862eb0c 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -2482,6 +2482,22 @@ subdomain_inherit = ldap_purge_cache_timeout
                     </listitem>
                 </varlistentry>
 
+                <varlistentry>
+                    <term>proxy_max_children (integer)</term>
+                    <listitem>
+                        <para>
+                            This option specifies the number of pre-forked
+                            proxy children. It is useful for high-load SSSD
+                            environments where sssd may run out of available
+                            child slots, which would cause some issues due to
+                            the requests being queued.
+                        </para>
+                        <para>
+                            Default: 10
+                        </para>
+                    </listitem>
+                </varlistentry>
+
             </variablelist>
         </para>
 
diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c
index 1edf4fd64..2241dafb8 100644
--- a/src/providers/proxy/proxy_init.c
+++ b/src/providers/proxy/proxy_init.c
@@ -29,6 +29,8 @@
 
 #define NSS_FN_NAME "_nss_%s_%s"
 
+#define OPT_MAX_CHILDREN_DEFAULT 10
+
 #define ERROR_INITGR "The '%s' library does not provides the " \
                          "_nss_XXX_initgroups_dyn function!\n" \
                          "initgroups will be slow as it will require " \
@@ -220,6 +222,7 @@ static errno_t proxy_init_auth_ctx(TALLOC_CTX *mem_ctx,
     struct proxy_auth_ctx *auth_ctx;
     errno_t ret;
     int hret;
+    int max_children;
 
     auth_ctx = talloc_zero(mem_ctx, struct proxy_auth_ctx);
     if (auth_ctx == NULL) {
@@ -241,8 +244,23 @@ static errno_t proxy_init_auth_ctx(TALLOC_CTX *mem_ctx,
     }
 
     /* Set up request hash table */
-    /* FIXME: get max_children from configuration file */
-    auth_ctx->max_children = 10;
+    ret = confdb_get_int(be_ctx->cdb, be_ctx->conf_path,
+                         CONFDB_PROXY_MAX_CHILDREN,
+                         OPT_MAX_CHILDREN_DEFAULT,
+                         &max_children);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "Unable to read confdb [%d]: %s\n", ret, sss_strerror(ret));
+        goto done;
+    }
+
+    if (max_children < 1) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "Option " CONFDB_PROXY_MAX_CHILDREN " must be higher then 0\n");
+        ret = EINVAL;
+        goto done;
+    }
+    auth_ctx->max_children = max_children;
 
     hret = hash_create(auth_ctx->max_children * 2, &auth_ctx->request_table,
                        NULL, NULL);
author	Petr Cech <pcech@redhat.com>	2016-08-24 14:41:09 +0200
committer	Lukas Slebodnik <lslebodn@redhat.com>	2016-09-13 16:22:26 +0200
commit	aef0171e0bdc9a683958d69c7ee984fb10cd5de7 (patch)
tree	fc6560ea19e4d1f5a4701c667f98c3691f3fbd25
parent	6c335dee38da943796710b5e336472a10cf641f2 (diff)
download	sssd-aef0171e0bdc9a683958d69c7ee984fb10cd5de7.tar.gz sssd-aef0171e0bdc9a683958d69c7ee984fb10cd5de7.tar.xz sssd-aef0171e0bdc9a683958d69c7ee984fb10cd5de7.zip