Add code to detect the number of CPUs available at install time.
If the kerberos version is >= 1.9 then the KDC supports multiple
workers.
If more than 1 CPU is available configure the KDC to start 1 worker per
CPU to aid in scalability.

Addresses ticket #222

Simo.
>From 5b581777e8864970a30a290984ddecd84a5e1f8d Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Mon, 15 Nov 2010 17:06:32 -0500
Subject: [PATCH 2/2] Configure KDC to use multiple workers

Only if more than one CPU is available
Only if supported by the installed krb5kdc
---
 ipaserver/install/krbinstance.py |   34 ++++++++++++++++++++++++++++++++++
 1 files changed, 34 insertions(+), 0 deletions(-)

diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 7454739e16c30972fb0cb90ed0673d6f7def43d6..e0d040dce1e89bc64e97caeb72d7c2e52ba3bfd4 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -46,6 +46,7 @@ import struct
 
 import certs
 import httpinstance
+from distutils import version
 
 KRBMKEY_DENY_ACI = '(targetattr = "krbMKey")(version 3.0; acl "No external access"; deny (read,write,search,compare) userdn != "ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";;)'
 
@@ -363,6 +364,39 @@ class KrbInstance(service.Service):
             except ipautil.CalledProcessError, e:
                 print "Failed to populate the realm structure in kerberos", e
 
+        MIN_KRB5KDC_WITH_WORKERS = "1.9"
+        cpus = os.sysconf('SC_NPROCESSORS_ONLN')
+        workers = False
+        (stdout, stderr, rc) = ipautil.run(['/usr/bin/klist', '-V'], raiseonerr=False)
+        if rc == 0:
+            verstr = stdout.split()[-1]
+            ver = version.LooseVersion(verstr)
+            min = version.LooseVersion(MIN_KRB5KDC_WITH_WORKERS)
+            if ver >= min:
+                workers = True
+        if workers and cpus > 1:
+            #read in memory, find KRB5KDC_ARGS, check/change it, then overwrite file
+            self.fstore.backup_file("/etc/sysconfig/krb5kdc")
+
+            need_w = True
+            fd = open("/etc/sysconfig/krb5kdc", "r")
+            lines = fd.readlines()
+            fd.close()
+            for line in lines:
+                sline = line.strip()
+                if not sline.startswith('KRB5KDC_ARGS'):
+                    continue
+                sline = sline.replace('"', '')
+                if sline.find("-w") != -1:
+                    need_w = False
+
+            if need_w:
+                fd = open("/etc/sysconfig/krb5kdc", "w")
+                for line in lines:
+                    fd.write(line)
+                fd.write('KRB5KDC_ARGS="${KRB5KDC_ARGS} -w %s"\n' % str(cpus))
+                fd.close()
+
     def __write_stash_from_ds(self):
         try:
             entry = self.conn.getEntry("cn=%s, cn=kerberos, %s" % (self.realm, self.suffix), ldap.SCOPE_SUBTREE)
-- 
1.7.3.2

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to