[Freeipa-devel] [PATCH] 23 Optimize and dynamically verify group membership
JR Aquino
JR.Aquino at citrix.com
Fri Apr 8 02:08:56 UTC 2011
On Apr 7, 2011, at 4:04 PM, JR Aquino wrote:
> On Apr 7, 2011, at 3:42 PM, JR Aquino wrote:
>
>> On Mar 31, 2011, at 2:16 PM, JR Aquino wrote:
>>
>>> On Mar 31, 2011, at 1:48 PM, Rob Crittenden wrote:
>>>
>>>> JR Aquino wrote:
>>>>> The following patch Removes around 20 lines of code and provides a substantial increase in performance for FreeIPA member/memberof verification searches.
>>>>>
>>>>> The current code base blindly searches static containers for the possible presence of members.
>>>>>
>>>>> This patch provides a method for dynamically identifying the specific objects to verify memberships for.
>>>>>
>>>>> The attached patch addresses ticket:
>>>>> https://fedorahosted.org/freeipa/ticket/1139
>>>>>
>>>>> <Without patch>
>>>>>
>>>>> ipa hostgroup-find
>>>>>
>>>>> ...
>>>>>
>>>>> -----------------------------
>>>>> Number of entries returned 52
>>>>> -----------------------------
>>>>>
>>>>> real 0m20.054s
>>>>> user 0m0.934s
>>>>> sys 0m0.050s
>>>>>
>>>>> <With Patch>
>>>>> ipa find-hostgroup
>>>>>
>>>>> ...
>>>>>
>>>>> -----------------------------
>>>>> Number of entries returned 52
>>>>> -----------------------------
>>>>>
>>>>> real 0m15.064s
>>>>> user 0m0.945s
>>>>> sys 0m0.057s
>>>>>
>>>>>
>>>>> ------------------------------
>>>>> Number of entries returned 100
>>>>> ------------------------------
>>>>>
>>>>> real 0m16.471s
>>>>> user 0m0.814s
>>>>> sys 0m0.040s
>>>>>
>>>>> <Without Patch>
>>>>> ipa host-find
>>>>>
>>>>> ...
>>>>>
>>>>> ------------------------------
>>>>> Number of entries returned 100
>>>>> ------------------------------
>>>>>
>>>>> real 0m41.277s
>>>>> user 0m0.806s
>>>>> sys 0m0.060s
>>>>>
>>>>> <With Patch>
>>>>> ipa host-find
>>>>>
>>>>> ...
>>>>>
>>>>> ------------------------------
>>>>> Number of entries returned 100
>>>>> ------------------------------
>>>>>
>>>>> real 0m16.385s
>>>>> user 0m0.814s
>>>>> sys 0m0.053s
>>>>
>>>> There is a typo in the first block, memeber.
>>>>
>>>> Wouldn't it be clearer to do a negative test to continue:
>>>>
>>>> if not 'member' in r[1]:
>>>> continue
>>>>
>>>> rob
>>>
>>> You're right!
>>>
>>> Corrected patch attached.
>>
>> Self Nack
>>
>> After cli and webui testing, it turned out there was a previous try / except block that was reseting the results value back to []
>>
>> Corrected and reattaching new patch.
>>
>> Testing cli and webui checks out correctly. Speed AND accuracy are now addressed.
>>
>> It was also discovered during the course of testing that this patch addresses one of the causes for the bug thrown in: https://fedorahosted.org/freeipa/ticket/1133
>>
>> -JR
>
> NACK
>
> Looks like there may still need to be work with the indirect / direct functions.
>
> Will revisit next week.
Ok I finally think I've got it.
My for loop was in my try / except block. It has now been corrected.
I've tested the searches for: users, groups, sudocmds, sudcmdgroups, sudorules, hosts, hostgroups, hbacrules, hbacsv, hbsvcgroups, and all return as expected.
Please make sure that they return for you as well.
Please let me know if there is anything else I have missed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jraquino-0023-Optimize-and-dynamically-verify-group-membership.patch
Type: application/octet-stream
Size: 5575 bytes
Desc: freeipa-jraquino-0023-Optimize-and-dynamically-verify-group-membership.patch
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110408/2e2f5bdc/attachment.obj>
More information about the Freeipa-devel
mailing list