Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Critical
Fix Version/s: rhel-8.10.z
Affects Version/s: rhel-8.6.0, rhel-8.8.0
Component/s: libldb
Labels:
- MigratedToJIRA
- SAMBA-POST

Fixed in Build:
libldb-2.8.0-1.el8_10
Regression:
None
Severity:
Moderate

Pool Team:

sst_idm_sssd
Sub-System Group:

ssg_idm

Story Points:
1
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Git Pull Request:
https://gitlab.com/samba-team/samba/-/merge_requests/3616
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/137538
Test Coverage:

Manual

Release Note Type:
If docs needed, set a value

Experience:
Architecture:

Unspecified
Bugzilla Bug:
RHBZ: 2177191

PX Impact Score:
PX Priority Data:
PX Review Complete:
PX Scheduling Request:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Description of problem:
delays seen while sdap_sudo_refresh_done is running

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results:

Comparing the "sdap_sudo_full_refresh" that is triggered acutomatically after clearing the cache

Same config on 7 vs 8,
same action on both systems
same underlying h/w (according to the cst)

4sec vs 48sec for storing of 13K rules.

Obviously on 8 this adds 40+sec of delay in the 1st attempt. This is how we end up to this comparison

- RHEL7

(2022-08-18 15:30:59): [be[nxdi]] [_send] (0x0400): Issuing a full refresh of sudo rules
...
(2022-08-18 15:31:00): [be[nxdi]] [sdap_sudo_load_sudoers_send] (0x0400): About to fetch sudo rules
...
(2022-08-18 15:31:02): [be[nxdi]] [sdap_search_bases_ex_done] (0x0400): Receiving data from base [ou=Sudoers,ou=Global,o=Services]
(2022-08-18 15:31:02): [be[nxdi]] [sdap_sudo_load_sudoers_done] (0x0040): Received 13140 sudo rules
(2022-08-18 15:31:02): [be[nxdi]] [sdap_id_op_done] (0x4000): releasing operation connection
(2022-08-18 15:31:02): [be[nxdi]] [sdap_sudo_refresh_done] (0x0400): Received 13140 rules
(2022-08-18 15:31:02): [be[nxdi]] [sysdb_sudo_purge_all] (0x0400): Deleting all cached sudo rules
(2022-08-18 15:31:02): [be[nxdi]] [sysdb_sudo_store_rule] (0x0400): Adding sudo rule 1st_line_ls_du

...

(2022-08-18 15:31:03): [be[nxdi]] [sysdb_sudo_store_rule] (0x0400): Adding sudo rule oldpfx_zwg_quasar3
(2022-08-18 15:31:03): [be[nxdi]] [sdap_sudo_refresh_done] (0x0400): Sudoers is successfully stored in cache
(2022-08-18 15:31:03): [be[nxdi]] [sdap_sudo_set_usn] (0x0200): SUDO higher USN value: [20220818115430Z]
(2022-08-18 15:31:03): [be[nxdi]] [sdap_sudo_full_refresh_done] (0x0400): Successful full refresh of sudo rules

vs.

- RHEL8

sssd-debug_awvtest_2022-07-19.tar.gz

sosreport-awvtest-03255537-2022-07-13-hfqkrso.tar.xz

(2022-07-19 13:50:18): [be[nxdi]] [sdap_sudo_full_refresh_send] (0x0400): Issuing a full refresh of sudo rules
...
(2022-07-19 13:50:18): [be[nxdi]] [sdap_sudo_load_sudoers_send] (0x0400): About to fetch sudo rules
(2022-07-19 13:50:18): [be[nxdi]] [sdap_search_bases_ex_next_base] (0x0400): Issuing LDAP lookup with base [ou=Sudoers,ou=Global,o=Services]
(2022-07-19 13:50:18): [be[nxdi]] [sdap_print_server] (0x2000): Searching 92.120.74.0:636
...
(2022-07-19 13:50:19): [be[nxdi]] [sdap_search_bases_ex_done] (0x0400): Receiving data from base [ou=Sudoers,ou=Global,o=Services]
(2022-07-19 13:50:19): [be[nxdi]] [sdap_sudo_load_sudoers_done] (0x0200): Received 13080 sudo rules
(2022-07-19 13:50:19): [be[nxdi]] [sdap_id_op_done] (0x4000): releasing operation connection
(2022-07-19 13:50:19): [be[nxdi]] [sdap_sudo_refresh_done] (0x0400): Received 13080 rules
(2022-07-19 13:50:19): [be[nxdi]] [sysdb_sudo_purge_all] (0x0400): Deleting all cached sudo rules
(2022-07-19 13:50:19): [be[nxdi]] [sysdb_sudo_store_rule] (0x0400): Adding sudo rule 1st_line_ls_du

...

(2022-07-19 13:51:06): [be[nxdi]] [sysdb_sudo_store_rule] (0x0400): Adding sudo rule oldpfx_zwg_quasar3
(2022-07-19 13:51:06): [be[nxdi]] [sdap_sudo_refresh_done] (0x0400): Sudoers is successfully stored in cache
(2022-07-19 13:51:06): [be[nxdi]] [sdap_sudo_set_usn] (0x0200): SUDO higher USN value: [20220719112416Z]
(2022-07-19 13:51:06): [be[nxdi]] [sdap_sudo_full_refresh_done] (0x0400): Successful full refresh of sudo rules

Expected results:

Additional info:

this is based a comparison with RHEL7
tests to be shared

is related to

RHEL-49711 SYSDB: remove index on dataExpireTimestamp