-
Bug
-
Resolution: Done-Errata
-
Critical
-
rhel-8.6.0, rhel-8.8.0
-
libldb-2.8.0-1.el8_10
-
None
-
Moderate
-
rhel-sst-idm-sssd
-
ssg_idm
-
1
-
False
-
-
None
-
None
-
Pass
-
Manual
-
If docs needed, set a value
-
-
Unspecified
-
None
Description of problem:
delays seen while sdap_sudo_refresh_done is running
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
Comparing the "sdap_sudo_full_refresh" that is triggered acutomatically after clearing the cache
- Same config on 7 vs 8,
- same action on both systems
- same underlying h/w (according to the cst)
4sec vs 48sec for storing of 13K rules.
Obviously on 8 this adds 40+sec of delay in the 1st attempt. This is how we end up to this comparison
-
- RHEL7
(2022-08-18 15:30:59): [be[nxdi]] [_send] (0x0400): Issuing a full refresh of sudo rules
...
(2022-08-18 15:31:00): [be[nxdi]] [sdap_sudo_load_sudoers_send] (0x0400): About to fetch sudo rules
...
(2022-08-18 15:31:02): [be[nxdi]] [sdap_search_bases_ex_done] (0x0400): Receiving data from base [ou=Sudoers,ou=Global,o=Services]
(2022-08-18 15:31:02): [be[nxdi]] [sdap_sudo_load_sudoers_done] (0x0040): Received 13140 sudo rules
(2022-08-18 15:31:02): [be[nxdi]] [sdap_id_op_done] (0x4000): releasing operation connection
(2022-08-18 15:31:02): [be[nxdi]] [sdap_sudo_refresh_done] (0x0400): Received 13140 rules
(2022-08-18 15:31:02): [be[nxdi]] [sysdb_sudo_purge_all] (0x0400): Deleting all cached sudo rules
(2022-08-18 15:31:02): [be[nxdi]] [sysdb_sudo_store_rule] (0x0400): Adding sudo rule 1st_line_ls_du
...
(2022-08-18 15:31:03): [be[nxdi]] [sysdb_sudo_store_rule] (0x0400): Adding sudo rule oldpfx_zwg_quasar3
(2022-08-18 15:31:03): [be[nxdi]] [sdap_sudo_refresh_done] (0x0400): Sudoers is successfully stored in cache
(2022-08-18 15:31:03): [be[nxdi]] [sdap_sudo_set_usn] (0x0200): SUDO higher USN value: [20220818115430Z]
(2022-08-18 15:31:03): [be[nxdi]] [sdap_sudo_full_refresh_done] (0x0400): Successful full refresh of sudo rules
vs.
-
- RHEL8
- sssd-debug_awvtest_2022-07-19.tar.gz
- sosreport-awvtest-03255537-2022-07-13-hfqkrso.tar.xz
(2022-07-19 13:50:18): [be[nxdi]] [sdap_sudo_full_refresh_send] (0x0400): Issuing a full refresh of sudo rules
...
(2022-07-19 13:50:18): [be[nxdi]] [sdap_sudo_load_sudoers_send] (0x0400): About to fetch sudo rules
(2022-07-19 13:50:18): [be[nxdi]] [sdap_search_bases_ex_next_base] (0x0400): Issuing LDAP lookup with base [ou=Sudoers,ou=Global,o=Services]
(2022-07-19 13:50:18): [be[nxdi]] [sdap_print_server] (0x2000): Searching 92.120.74.0:636
...
(2022-07-19 13:50:19): [be[nxdi]] [sdap_search_bases_ex_done] (0x0400): Receiving data from base [ou=Sudoers,ou=Global,o=Services]
(2022-07-19 13:50:19): [be[nxdi]] [sdap_sudo_load_sudoers_done] (0x0200): Received 13080 sudo rules
(2022-07-19 13:50:19): [be[nxdi]] [sdap_id_op_done] (0x4000): releasing operation connection
(2022-07-19 13:50:19): [be[nxdi]] [sdap_sudo_refresh_done] (0x0400): Received 13080 rules
(2022-07-19 13:50:19): [be[nxdi]] [sysdb_sudo_purge_all] (0x0400): Deleting all cached sudo rules
(2022-07-19 13:50:19): [be[nxdi]] [sysdb_sudo_store_rule] (0x0400): Adding sudo rule 1st_line_ls_du
...
(2022-07-19 13:51:06): [be[nxdi]] [sysdb_sudo_store_rule] (0x0400): Adding sudo rule oldpfx_zwg_quasar3
(2022-07-19 13:51:06): [be[nxdi]] [sdap_sudo_refresh_done] (0x0400): Sudoers is successfully stored in cache
(2022-07-19 13:51:06): [be[nxdi]] [sdap_sudo_set_usn] (0x0200): SUDO higher USN value: [20220719112416Z]
(2022-07-19 13:51:06): [be[nxdi]] [sdap_sudo_full_refresh_done] (0x0400): Successful full refresh of sudo rules
Expected results:
Additional info:
this is based a comparison with RHEL7
tests to be shared
- is related to
-
-
- Closed
-
- external trackers
- links to
-
RHBA-2024:137538
libldb update
