Issue #21337 has been updated by Charlie Sharpsteen. Category set to reports Status changed from Re-opened to Closed Assignee changed from Roger Kennedy to Charlie Sharpsteen Keywords set to safe_yaml performance
This is a side-effect of the security work done to fix [CVE-2013-3567](http://puppetlabs.com/security/cve/cve-2013-3567/) whereby specially constructed YAML payloads could be used to execute arbitrary code on the Puppet master. Unfortunately, the safe_yaml library we are using to lock out remote code execution comes with a heavy performance penalty that is showing up when the master is processing YAML reports. We are approaching this problem by shifting the preferred report format to JSON. The work required to accomplish this has been completed as part of #21427 and should be released in Puppet 3.3.0. ---------------------------------------- Bug #21337: Security fix using safe_yaml caused a drastic performance hit in 2.7.22 (and probably others) https://projects.puppetlabs.com/issues/21337#change-95090 * Author: Andrew Gaffney * Status: Closed * Priority: Normal * Assignee: Charlie Sharpsteen * Category: reports * Target version: * Affected Puppet version: 3.2.2 * Keywords: safe_yaml performance * Branch: ---------------------------------------- I've been testing out 2.7.22 as an update to 2.7.19 due to CVE-2013-3567. With nothing else changed other than the version, performance goes right down the crapper. I downgraded to 2.7.21 and performance returned to normal. Here is a test puppet run with 'time' and '--summarize' against a 2.7.22 master and then a 2.7.19 master. <pre> 2.7.22 ====== notice: Finished catalog run in 114.74 seconds Changes: Total: 3 Events: Success: 3 Total: 3 Resources: Out of sync: 3 Changed: 3 Total: 3079 Skipped: 6 Time: Resources: 0.00 Filebucket: 0.00 Group: 0.00 Yumrepo: 0.01 Cron: 0.02 User: 0.07 Package: 0.71 Exec: 10.27 Config retrieval: 108.95 Last run: 1371671599 Total: 185.09 Service: 3.57 File: 61.47 Version: Config: 1371671173 Puppet: 2.7.19 real 6m2.831s user 1m37.205s sys 0m15.160s 2.7.19 ====== notice: Finished catalog run in 77.05 seconds Changes: Total: 3 Events: Success: 3 Total: 3 Resources: Out of sync: 3 Changed: 3 Total: 3079 Skipped: 6 Time: Resources: 0.00 Filebucket: 0.00 Group: 0.01 Yumrepo: 0.01 Cron: 0.02 User: 0.07 Package: 0.38 Last run: 1371671871 File: 23.13 Service: 3.89 Config retrieval: 52.85 Exec: 9.73 Total: 90.09 Version: Config: 1371671735 Puppet: 2.7.19 real 3m6.728s user 1m39.787s sys 0m16.342s </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
