The branch, master has been updated
via 3703890... AD-Bench: A first go at an Active Directory benchmark.
from 3c3725a... s3-winbindd: libwbclient: implement secure channel
verification for specific domains in wbcCheckTrustCredentials().
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 37038905965631cbc8f10a2bfe719df0d2ad067e
Author: Kai Blin <[email protected]>
Date: Wed Oct 7 15:45:17 2009 +0200
AD-Bench: A first go at an Active Directory benchmark.
-----------------------------------------------------------------------
Summary of changes:
examples/ad-bench/README | 42 ++++++++++++
examples/ad-bench/ad-bench.sh | 38 +++++++++++
examples/ad-bench/settings.sh | 41 ++++++++++++
examples/ad-bench/test_utils.sh | 31 +++++++++
examples/ad-bench/time_group.sh | 125 +++++++++++++++++++++++++++++++++++
examples/ad-bench/time_join.sh | 85 ++++++++++++++++++++++++
examples/ad-bench/time_kinit.sh | 63 ++++++++++++++++++
examples/ad-bench/time_ldap.sh | 137 +++++++++++++++++++++++++++++++++++++++
examples/ad-bench/time_user.sh | 125 +++++++++++++++++++++++++++++++++++
examples/ad-bench/utils.sh | 116 +++++++++++++++++++++++++++++++++
10 files changed, 803 insertions(+), 0 deletions(-)
create mode 100644 examples/ad-bench/README
create mode 100755 examples/ad-bench/ad-bench.sh
create mode 100644 examples/ad-bench/settings.sh
create mode 100644 examples/ad-bench/test_utils.sh
create mode 100644 examples/ad-bench/time_group.sh
create mode 100644 examples/ad-bench/time_join.sh
create mode 100644 examples/ad-bench/time_kinit.sh
create mode 100644 examples/ad-bench/time_ldap.sh
create mode 100644 examples/ad-bench/time_user.sh
create mode 100644 examples/ad-bench/utils.sh
Changeset truncated at 500 lines:
diff --git a/examples/ad-bench/README b/examples/ad-bench/README
new file mode 100644
index 0000000..de6235f
--- /dev/null
+++ b/examples/ad-bench/README
@@ -0,0 +1,42 @@
+==========================
+Active Directory benchmark
+==========================
+
+Setup
+=====
+
+You need to modify settings.sh to point to the correct binaries for your
+platform. One thing you might want to do in order to be able to run the
+benchmark as a non-root user is to compile your own samba version with the
+--prefix configure option set to some location writeable by the user who will
be
+running the benchmark. You then need to point the NET variable to the correct
+location.
+
+Most likely, you will also want to put the realm to kdc hostname mappings into
+krb5.conf and the hostname to IP address mappings for the kdcs to test into the
+hosts file, so you actually benchmark the AD speed, not DNS lookup speed.
+
+Running the benchmarks
+======================
+
+Per default, the benchmark looks for a file called runs.txt in the directory
the
+benchmark is run from. (This is configurable in the settings.sh file)
+runs.txt contains the credentials and server names to connect to, one set of
+credentials/server per line. The format is as follows:
+
[email protected]%password:domain_controller_host_name
+
+License
+=======
+AD-Bench is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+AD-Bench is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with AD-Bench. If not, see <http://www.gnu.org/licenses/>.
diff --git a/examples/ad-bench/ad-bench.sh b/examples/ad-bench/ad-bench.sh
new file mode 100755
index 0000000..84bb770
--- /dev/null
+++ b/examples/ad-bench/ad-bench.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+# AD-Bench main program, runs all the benchmarks
+#
+# Copyright (C) 2009 Kai Blin <[email protected]>
+#
+# This file is part of AD-Bench, an Active Directory benchmark tool
+#
+# AD-Bench is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# AD-Bench is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with AD-Bench. If not, see <http://www.gnu.org/licenses/>.
+
+source `dirname $0`/utils.sh
+
+if [ ! -f $RUNS ]; then
+ echo "Error: please fill in $RUNS"
+ echo "Sambple entries are"
+ echo "[email protected]%password:domain_controller"
+ exit 1
+fi
+
+for run in `cat $RUNS`; do
+ echo "START RUN"
+ bash `dirname $0`/time_kinit.sh `echo $run|cut -d ":" -f 1`
+ bash `dirname $0`/time_join.sh `echo $run|cut -d ":" -f 1` `echo
$run|cut -d ":" -f 2`
+ bash `dirname $0`/time_user.sh `echo $run|cut -d ":" -f 1` `echo
$run|cut -d ":" -f 2`
+ bash `dirname $0`/time_group.sh `echo $run|cut -d ":" -f 1` `echo
$run|cut -d ":" -f 2`
+ bash `dirname $0`/time_ldap.sh `echo $run|cut -d ":" -f 1` `echo
$run|cut -d ":" -f 2`
+ echo "END RUN"
+done
diff --git a/examples/ad-bench/settings.sh b/examples/ad-bench/settings.sh
new file mode 100644
index 0000000..f01edc3
--- /dev/null
+++ b/examples/ad-bench/settings.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+# AD-Bench settings
+#
+# Copyright (C) 2009 Kai Blin <[email protected]>
+#
+# This file is part of AD-Bench, an Active Directory benchmark tool
+#
+# AD-Bench is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# AD-Bench is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with AD-Bench. If not, see <http://www.gnu.org/licenses/>.
+
+
+DATE=date
+BC=bc
+SED=sed
+DATE_FORMATSTR="+%s.%N"
+
+KINIT=kinit
+# MIT krb < 1.6
+KINIT_PARAM_OLD="--password-file=STDIN"
+# MIT krb >= 1.6
+KINIT_PARAM_NEW=""
+
+KDESTROY=kdestroy
+SEQ=seq
+
+NEW_KRB5CCNAME=/tmp/ad_test_ccname
+
+NET="${HOME}/samba/bin/net"
+CONFIG_FILE=`dirname $0`/smb.conf
+
+RUNS=`dirname $0`/runs.txt
diff --git a/examples/ad-bench/test_utils.sh b/examples/ad-bench/test_utils.sh
new file mode 100644
index 0000000..7f46b07
--- /dev/null
+++ b/examples/ad-bench/test_utils.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+# AD-Bench utility function tests
+#
+# Copyright (C) 2009 Kai Blin <[email protected]>
+#
+# This file is part of AD-Bench, an Active Directory benchmark tool
+#
+# AD-Bench is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# AD-Bench is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with AD-Bench. If not, see <http://www.gnu.org/licenses/>.
+
+
+source `dirname $0`/utils.sh
+
+INPUT="[email protected]%secret"
+echo "Principal for $INPUT is " $( get_principal $INPUT )
+echo "Password for $INPUT is " $( get_password $INPUT )
+echo "Realm for $INPUT is " $( get_realm $INPUT )
+echo "NT_DOM for $INPUT is " $( get_nt_dom $INPUT )
+
+
+echo "Padding 2: " $( pad_number 1 2 ) " 4: " $(pad_number 23 4)
diff --git a/examples/ad-bench/time_group.sh b/examples/ad-bench/time_group.sh
new file mode 100644
index 0000000..438376e
--- /dev/null
+++ b/examples/ad-bench/time_group.sh
@@ -0,0 +1,125 @@
+#!/bin/bash
+# AD-Bench group add/remove benchmark
+#
+# Copyright (C) 2009 Kai Blin <[email protected]>
+#
+# This file is part of AD-Bench, an Active Directory benchmark tool
+#
+# AD-Bench is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# AD-Bench is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with AD-Bench. If not, see <http://www.gnu.org/licenses/>.
+
+ITERATIONS=100
+
+source `dirname $0`/utils.sh
+
+PRINCIPAL=$(get_principal $1)
+PASSWORD=$(get_password $1)
+REALM=$(get_realm $1)
+NT_DOM=$(get_nt_dom $1)
+SERVER=$2
+
+add_group () {
+ GROUP=$1
+ ${NET} ads group add "${GROUP}" -k -s $CONFIG_FILE -S ${SERVER} >
/dev/null
+ RET=$?
+ if [ $RET -ne 0 ]; then
+ echo "${NET} ads group add returned error: $RET"
+ exit 1
+ fi
+}
+
+del_group () {
+ GROUP=$1
+ ${NET} ads group delete "${GROUP}" -k -s $CONFIG_FILE -S ${SERVER} >
/dev/null
+ RET=$?
+ if [ $RET -ne 0 ]; then
+ echo "${NET} returned error: $RET"
+ exit 1
+ fi
+}
+
+enum_group () {
+ ${NET} ads group -k -s $CONFIG_FILE -S $SERVER > /dev/null
+ RET=$?
+ if [ $RET -ne 0 ]; then
+ echo "${NET} returned error: $RET"
+ exit 1
+ fi
+}
+
+info_group () {
+ GROUP=$1
+ ${NET} ads group info "${GROUP}" -k -s $CONFIG_FILE -S ${SERVER} >
/dev/null
+ RET=$?
+ if [ $RET -ne 0 ]; then
+ echo "${NET} returned error: $RET"
+ exit 1
+ fi
+}
+
+set_up () {
+ set_krb_env
+ setup_kinit
+ call_kinit "${PRINCIPAL}" "${PASSWORD}"
+ write_configfile "${REALM}" "${NT_DOM}"
+}
+
+tear_down () {
+ ${KDESTROY}
+ restore_krb_env
+}
+
+set_up
+
+echo -e "\tGROUP $SERVER"
+
+START_TIME=$(start_timer)
+
+echo -en "\t"
+for i in $( ${SEQ} 1 $ITERATIONS ); do
+ GROUP=$( echo "ad_test_$(pad_number $i 3)" )
+ add_group $GROUP
+ echo -n "."
+done
+echo "done"
+
+enum_group
+
+# Requires winbind, which requires root perms to start. Skip this for now
+#echo -en "\t"
+#for i in $( ${SEQ} 1 $ITERATIONS ); do
+# GROUP=$( echo "ad_test_$(pad_number $i 3)" )
+# info_group $GROUP
+# echo -n "."
+#done
+#echo "done"
+
+echo -en "\t"
+for i in $( ${SEQ} 1 $ITERATIONS ); do
+ GROUP=$( echo "ad_test_$(pad_number $i 3)" )
+ del_group $GROUP
+ echo -n "."
+done
+echo "done"
+
+STOP_TIME=$(stop_timer)
+
+TOTAL_TIME=$( total_time $START_TIME $STOP_TIME )
+
+echo -e "\t\ttotal time:\t\t${TOTAL_TIME}s"
+
+LOGINS_PER_MINUTE=$(iterations_per_minute $START_TIME $STOP_TIME $ITERATIONS)
+
+echo -e "\t\titerations/min:\t\t$LOGINS_PER_MINUTE"
+
+tear_down
diff --git a/examples/ad-bench/time_join.sh b/examples/ad-bench/time_join.sh
new file mode 100644
index 0000000..e9c3873
--- /dev/null
+++ b/examples/ad-bench/time_join.sh
@@ -0,0 +1,85 @@
+#!/bin/bash
+# AD-Bench Machine join/part benchmark
+#
+# Copyright (C) 2009 Kai Blin <[email protected]>
+#
+# This file is part of AD-Bench, an Active Directory benchmark tool
+#
+# AD-Bench is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# AD-Bench is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with AD-Bench. If not, see <http://www.gnu.org/licenses/>.
+
+ITERATIONS=100
+
+source `dirname $0`/utils.sh
+
+PRINCIPAL=$(get_principal $1)
+PASSWORD=$(get_password $1)
+REALM=$(get_realm $1)
+NT_DOM=$(get_nt_dom $1)
+
+join_domain () {
+ SERVER=$1
+ ${NET} ads join -k -s $CONFIG_FILE -S ${SERVER} > /dev/null
+ RET=$?
+ if [ $RET -ne 0 ]; then
+ echo "${NET} returned error: $RET"
+ exit 1
+ fi
+}
+
+leave_domain () {
+ SERVER=$1
+ ${NET} ads leave -k -s $CONFIG_FILE -S ${SERVER} > /dev/null
+ if [ $RET -ne 0 ]; then
+ echo "${NET} returned error: $RET"
+ exit 1
+ fi
+}
+
+set_up () {
+ set_krb_env
+ setup_kinit
+ call_kinit "${PRINCIPAL}" "${PASSWORD}"
+ write_configfile "${REALM}" "${NT_DOM}"
+}
+
+tear_down () {
+ ${KDESTROY}
+ restore_krb_env
+}
+
+set_up
+
+echo -e "\tJOIN $2"
+
+START_TIME=$(start_timer)
+
+echo -en "\t"
+for i in $( ${SEQ} 1 $ITERATIONS ); do
+ join_domain $2
+ leave_domain $2
+ echo -n "."
+done
+echo "done"
+
+STOP_TIME=$(stop_timer)
+
+TOTAL_TIME=$( total_time $START_TIME $STOP_TIME )
+
+echo -e "\t\ttotal time:\t\t${TOTAL_TIME}s"
+
+LOGINS_PER_MINUTE=$(iterations_per_minute $START_TIME $STOP_TIME $ITERATIONS)
+
+echo -e "\t\titerations/min:\t\t$LOGINS_PER_MINUTE"
+
+tear_down
diff --git a/examples/ad-bench/time_kinit.sh b/examples/ad-bench/time_kinit.sh
new file mode 100644
index 0000000..76c4ff4
--- /dev/null
+++ b/examples/ad-bench/time_kinit.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+# AD-Bench Kerberos ticket benchmark
+#
+# Copyright (C) 2009 Kai Blin <[email protected]>
+#
+# This file is part of AD-Bench, an Active Directory benchmark tool.
+#
+# AD-Bench is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# AD-Bench is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with AD-Bench. If not, see <http://www.gnu.org/licenses/>.
+
+# Iterations are set per test, so more time-consuming tests can be run less
+# often
+ITERATIONS=100
+
+source `dirname $0`/utils.sh
+
+set_up () {
+ set_krb_env
+ setup_kinit
+}
+
+tear_down () {
+ restore_krb_env
+}
+
+set_up
+
+PRINCIPAL=$( get_principal $1)
+PASSWORD=$( get_password $1)
+
+echo -e "\tKINIT ${PRINCIPAL}"
+
+START_TIME=$( start_timer )
+
+echo -en "\t"
+for i in $(${SEQ} 1 $ITERATIONS); do
+ call_kinit "${PRINCIPAL}" "${PASSWORD}"
+ ${KDESTROY}
+ echo -n "."
+done
+echo "done"
+
+STOP_TIME=$( stop_timer )
+
+TOTAL_TIME=$( total_time $START_TIME $STOP_TIME )
+
+echo -e "\t\ttotal time:\t\t${TOTAL_TIME}s"
+
+LOGINS_PER_MINUTE=$(iterations_per_minute $START_TIME $STOP_TIME $ITERATIONS)
+
+echo -e "\t\titerations/min:\t\t$LOGINS_PER_MINUTE"
+
+tear_down
diff --git a/examples/ad-bench/time_ldap.sh b/examples/ad-bench/time_ldap.sh
new file mode 100644
index 0000000..586c568
--- /dev/null
+++ b/examples/ad-bench/time_ldap.sh
@@ -0,0 +1,137 @@
+#!/bin/bash
+
+ITERATIONS=100
+
+source `dirname $0`/utils.sh
+
+PRINCIPAL=$(get_principal $1)
+PASSWORD=$(get_password $1)
+REALM=$(get_realm $1)
+NT_DOM=$(get_nt_dom $1)
+SERVER=$2
+
+search_users () {
+ ${NET} ads search '(objectCategory=user)' sAMAccountName -k -s
$CONFIG_FILE -S ${SERVER} > /dev/null
+ RET=$?
+ if [ $RET -ne 0 ]; then
+ echo "${NET} returned error: $RET"
+ exit 1
+ fi
+}
+
+search_groups () {
+ ${NET} ads search '(objectCategory=group)' sAMAccountName -k -s
$CONFIG_FILE -S ${SERVER} > /dev/null
+ if [ $RET -ne 0 ]; then
+ echo "${NET} returned error: $RET"
+ exit 1
+ fi
--
Samba Shared Repository
