[MediaWiki-commits] [Gerrit] 2014.7.5 jessie, backport patches for singleton SAuth class - change (operations...salt)

ArielGlenn (Code Review) Thu, 17 Dec 2015 05:16:51 -0800

ArielGlenn has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/259674


Change subject: 2014.7.5 jessie, backport patches for singleton SAuth class
......................................................................

2014.7.5 jessie, backport patches for singleton SAuth class

This permits the minion to cache the its authentication information
instead of needing to reauthenticate on each command received.
Authentication is quite expensive, using public keys and all.

See the patch header for the list of specific upstream commits.

The 2015.8 salt series has these patches already.

Change-Id: I7f3b1ef1232da4059a499e958c613d9dd58d00b8
---
M debian/patches/series
A debian/patches/singleton_sauth_WMF.patch
2 files changed, 74 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/debs/salt 
refs/changes/74/259674/1

diff --git a/debian/patches/series b/debian/patches/series
index 469243b..2f6a5f9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@
 batch_returns_bad_dict_WMF.patch
 event_reading_returns_prematurely_WMF.patch
 ping_minions_without_data_cache_WMF.patch
+singleton_sauth_WMF.patch
diff --git a/debian/patches/singleton_sauth_WMF.patch 
b/debian/patches/singleton_sauth_WMF.patch
new file mode 100644
index 0000000..44b486d
--- /dev/null
+++ b/debian/patches/singleton_sauth_WMF.patch
@@ -0,0 +1,73 @@
+Description: Backport of patches for singleton SAuth class
+  This is a combination of three upstream commits:
+  20fcfbc6b3f0dcdd9a09ca520a18e65dd8b0a950
+    Refactor SAuth() to return singletons for each master/minion pair.
+  18bc50e6dcce5410c3d2c6a549e043ee59891ee9
+    Rework to expose __authenticate()
+  a1dd24b5ea7e09fb3198ea2a83a71de167e52d92
+    Remove clear() method
+Author: Ariel T. Glenn <[email protected]>
+Forwarded: no
+--- a/salt/minion.py
++++ b/salt/minion.py
+@@ -883,19 +883,7 @@
+         try:
+             data = self.crypticle.loads(load)
+         except AuthenticationError:
+-            # decryption of the payload failed, try to re-auth but wait
+-            # random seconds if set in config with random_reauth_delay
+-            if 'random_reauth_delay' in self.opts:
+-                reauth_delay = randint(0, 
float(self.opts['random_reauth_delay']))
+-                # This mitigates the issue wherein a long-running job might 
not return
+-                # on a master key rotation. However, new commands issued 
during the re-auth
+-                # splay period will still fail to return.
+-                if not salt.utils.minion.running(self.opts):
+-                    log.debug('Waiting {0} seconds to 
re-authenticate'.format(reauth_delay))
+-                    time.sleep(reauth_delay)
+-                else:
+-                    log.warning('Ignoring re-auth delay because jobs are 
running')
+-
++            # decryption of the payload failed, try to re-auth
+             self.authenticate()
+             data = self.crypticle.loads(load)
+ 
+@@ -1367,7 +1355,8 @@
+                 self.opts['master_ip']
+             )
+         )
+-        auth = salt.crypt.Auth(self.opts)
++        auth = salt.crypt.SAuth(self.opts)
++        auth.authenticate()
+         self.tok = auth.gen_token('salt')
+         acceptance_wait_time = self.opts['acceptance_wait_time']
+         acceptance_wait_time_max = self.opts['acceptance_wait_time_max']
+--- a/salt/transport/__init__.py
++++ b/salt/transport/__init__.py
+@@ -229,15 +229,13 @@
+         self.crypt = kwargs.get('crypt', 'aes')
+ 
+         self.serial = salt.payload.Serial(opts)
+-        if self.crypt != 'clear':
+-            if 'auth' in kwargs:
+-                self.auth = kwargs['auth']
+-            else:
+-                self.auth = salt.crypt.SAuth(opts)
+         if 'master_uri' in kwargs:
+             self.master_uri = kwargs['master_uri']
+         else:
+             self.master_uri = opts['master_uri']
++        if self.crypt != 'clear':
++            # we don't need to worry about auth as a kwarg, since its a 
singleton
++            self.auth = salt.crypt.SAuth(self.opts)
+ 
+     def crypted_transfer_decode_dictentry(self, load, dictkey=None, tries=3, 
timeout=60):
+         ret = self.sreq.send('aes', self.auth.crypticle.dumps(load), tries, 
timeout)
+@@ -269,7 +267,7 @@
+         try:
+             return _do_transfer()
+         except salt.crypt.AuthenticationError:
+-            self.auth = salt.crypt.SAuth(self.opts)
++            self.auth.authenticate()
+             return _do_transfer()
+ 
+     def _uncrypted_transfer(self, load, tries=3, timeout=60):

-- 
To view, visit https://gerrit.wikimedia.org/r/259674
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I7f3b1ef1232da4059a499e958c613d9dd58d00b8
Gerrit-PatchSet: 1
Gerrit-Project: operations/debs/salt
Gerrit-Branch: jessie
Gerrit-Owner: ArielGlenn <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] 2014.7.5 jessie, backport patches for singleton SAuth class - change (operations...salt)

Reply via email to