[Freeipa-devel] [PATCH] 23 Optimize and dynamically verify group membership
JR Aquino
JR.Aquino at citrix.com
Sat Apr 9 06:44:02 UTC 2011
On Apr 7, 2011, at 7:08 PM, JR Aquino wrote:
>
> On Apr 7, 2011, at 4:04 PM, JR Aquino wrote:
>
>> On Apr 7, 2011, at 3:42 PM, JR Aquino wrote:
>>
>>> On Mar 31, 2011, at 2:16 PM, JR Aquino wrote:
>>>
>>>> On Mar 31, 2011, at 1:48 PM, Rob Crittenden wrote:
>>>>
>>>>> JR Aquino wrote:
>>>>>> The following patch Removes around 20 lines of code and provides a substantial increase in performance for FreeIPA member/memberof verification searches.
>>>>>>
>>>>>> The current code base blindly searches static containers for the possible presence of members.
>>>>>>
>>>>>> This patch provides a method for dynamically identifying the specific objects to verify memberships for.
>>>>>>
>>>>>> The attached patch addresses ticket:
>>>>>> https://fedorahosted.org/freeipa/ticket/1139
>>>>>>
>>>>>> <Without patch>
>>>>>>
>>>>>> ipa hostgroup-find
>>>>>>
>>>>>> ...
>>>>>>
>>>>>> -----------------------------
>>>>>> Number of entries returned 52
>>>>>> -----------------------------
>>>>>>
>>>>>> real 0m20.054s
>>>>>> user 0m0.934s
>>>>>> sys 0m0.050s
>>>>>>
>>>>>> <With Patch>
>>>>>> ipa find-hostgroup
>>>>>>
>>>>>> ...
>>>>>>
>>>>>> -----------------------------
>>>>>> Number of entries returned 52
>>>>>> -----------------------------
>>>>>>
>>>>>> real 0m15.064s
>>>>>> user 0m0.945s
>>>>>> sys 0m0.057s
>>>>>>
>>>>>>
>>>>>> ------------------------------
>>>>>> Number of entries returned 100
>>>>>> ------------------------------
>>>>>>
>>>>>> real 0m16.471s
>>>>>> user 0m0.814s
>>>>>> sys 0m0.040s
>>>>>>
>>>>>> <Without Patch>
>>>>>> ipa host-find
>>>>>>
>>>>>> ...
>>>>>>
>>>>>> ------------------------------
>>>>>> Number of entries returned 100
>>>>>> ------------------------------
>>>>>>
>>>>>> real 0m41.277s
>>>>>> user 0m0.806s
>>>>>> sys 0m0.060s
>>>>>>
>>>>>> <With Patch>
>>>>>> ipa host-find
>>>>>>
>>>>>> ...
>>>>>>
>>>>>> ------------------------------
>>>>>> Number of entries returned 100
>>>>>> ------------------------------
>>>>>>
>>>>>> real 0m16.385s
>>>>>> user 0m0.814s
>>>>>> sys 0m0.053s
>>>>>
>>>>> There is a typo in the first block, memeber.
>>>>>
>>>>> Wouldn't it be clearer to do a negative test to continue:
>>>>>
>>>>> if not 'member' in r[1]:
>>>>> continue
>>>>>
>>>>> rob
>>>>
>>>> You're right!
>>>>
>>>> Corrected patch attached.
>>>
>>> Self Nack
>>>
>>> After cli and webui testing, it turned out there was a previous try / except block that was reseting the results value back to []
>>>
>>> Corrected and reattaching new patch.
>>>
>>> Testing cli and webui checks out correctly. Speed AND accuracy are now addressed.
>>>
>>> It was also discovered during the course of testing that this patch addresses one of the causes for the bug thrown in: https://fedorahosted.org/freeipa/ticket/1133
>>>
>>> -JR
>>
>> NACK
>>
>> Looks like there may still need to be work with the indirect / direct functions.
>>
>> Will revisit next week.
>
> Ok I finally think I've got it.
>
> My for loop was in my try / except block. It has now been corrected.
>
> I've tested the searches for: users, groups, sudocmds, sudcmdgroups, sudorules, hosts, hostgroups, hbacrules, hbacsv, hbsvcgroups, and all return as expected.
>
> Please make sure that they return for you as well.
> Please let me know if there is anything else I have missed.
Final Patch attached due to relationship with ticket 1133:
Added Comments regarding Ticket 1133 / calculating indirect:
+ # If there is an exception here, it is due to a failure in referential integrity.
+ # All members should have corresponding memberOf entries.
Retested against all xmlrpc tests and passed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jraquino-0023-Optimize-and-dynamically-verify-group-membership.patch
Type: application/octet-stream
Size: 5833 bytes
Desc: freeipa-jraquino-0023-Optimize-and-dynamically-verify-group-membership.patch
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110409/1d928161/attachment.obj>
More information about the Freeipa-devel
mailing list