[Freeipa-devel] [freeipa PR#5164][opened] Speed up DS related installer steps

tiran via FreeIPA-devel Tue, 29 Sep 2020 03:38:48 -0700

   URL: https://github.com/freeipa/freeipa/pull/5164
Author: tiran
 Title: #5164: Speed up DS related installer steps
Action: opened


PR body:
"""
## Remove root-autobind configuration
    
The new lib389-based installer configured 389-DS with LDAPI support and
autobind for root.

cn=root-autobind,cn=config entry is no longer needed.

## Skip offline dse.ldif patching by default
    
The installer now stop and patches dse.ldif only when the option
--dirsrv-config-file is used. LDBM nsslapd-db-locks are increased in a
new step. This speeds up installer by 4 or more seconds on a fast system.

## Remove magic sleep from create_index_task
    
11 years ago 5ad91a0781 added a magic sleep to work around a rare deadlock
bug in memberOf plugin. Thierry is not aware of any outstanding issues
with memberOf plugin that could lead to a deadlock.

Total speedup: ~10s
Related: https://pagure.io/freeipa/issue/8521
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5164/head:pr5164
git checkout pr5164

From 8d8595dbb584522ab9444961783b34c19cc58d1b Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Mon, 21 Sep 2020 12:52:36 +0200
Subject: [PATCH 1/3] Remove root-autobind configuration

The new lib389-based installer configured 389-DS with LDAPI support and
autobind for root.

cn=root-autobind,cn=config entry is no longer needed.

Related: https://pagure.io/freeipa/issue/8521
Signed-off-by: Christian Heimes <chei...@redhat.com>
---
 install/share/Makefile.am        |  1 -
 install/share/root-autobind.ldif | 19 -------------------
 install/updates/10-config.update |  4 ++++
 ipaserver/install/dsinstance.py  | 14 ++------------
 4 files changed, 6 insertions(+), 32 deletions(-)
 delete mode 100644 install/share/root-autobind.ldif

diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 1c1cd25db2..684da8ddec 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -80,7 +80,6 @@ dist_app_DATA =				\
 	uuid.ldif		\
 	modrdn-krbprinc.ldif		\
 	entryusn.ldif			\
-	root-autobind.ldif		\
 	pw-logging-conf.ldif	\
 	sudobind.ldif			\
 	automember.ldif			\
diff --git a/install/share/root-autobind.ldif b/install/share/root-autobind.ldif
deleted file mode 100644
index ecce11511d..0000000000
--- a/install/share/root-autobind.ldif
+++ /dev/null
@@ -1,19 +0,0 @@
-# root-autobind, config
-dn: cn=root-autobind,cn=config
-changetype: add
-objectClass: extensibleObject
-objectClass: top
-cn: root-autobind
-uidNumber: 0
-gidNumber: 0
-
-dn: cn=config
-changetype: modify
-replace: nsslapd-ldapiautobind
-nsslapd-ldapiautobind: on
-
-dn: cn=config
-changetype: modify
-replace: nsslapd-ldapimaptoentries
-nsslapd-ldapimaptoentries: on
-
diff --git a/install/updates/10-config.update b/install/updates/10-config.update
index dec42c0254..8e930ee365 100644
--- a/install/updates/10-config.update
+++ b/install/updates/10-config.update
@@ -73,3 +73,7 @@ only:nsslapd-ioblocktimeout:10000
 # on LDAP bind, see https://pagure.io/freeipa/issue/8315
 dn: cn=config
 only: nsslapd-enable-upgrade-hash:off
+
+# lib389 configures 389-DS for root-autobind. Then entry is no longer needed.
+dn: cn=root-autobind,cn=config
+deleteentry: cn=root-autobind,cn=config
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 915a7473f5..2453bc2436 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -224,7 +224,6 @@ def __init__(self, realm_name=None, domain_name=None, fstore=None,
     def __common_setup(self):
 
         self.step("creating directory server instance", self.__create_instance)
-        self.step("configure autobind for root", self.__root_autobind)
         self.step("tune ldbm plugin", self.__tune_ldbm)
         self.step("stopping directory server", self.__stop_instance)
         self.step("updating configuration in dse.ldif", self.__update_dse_ldif)
@@ -566,17 +565,16 @@ def __create_instance(self):
         inst.local_simple_allocate(
             serverid=self.serverid,
             ldapuri=ipaldap.get_ldap_uri(realm=self.realm, protocol='ldapi'),
-            password=self.dm_password
         )
 
         # local_simple_allocate() configures LDAPI but doesn't set up the
         # DirSrv object to use LDAPI. Modify the DirSrv() object to use
-        # LDAPI with password bind. autobind is not available, yet.
+        # LDAPI with with autobind.
         inst.ldapi_enabled = 'on'
+        inst.ldapi_autobind = 'on'
         inst.ldapi_socket = paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % (
             self.serverid
         )
-        inst.ldapi_autobind = 'off'
 
         # This actually opens the conn and binds.
         inst.open()
@@ -1247,14 +1245,6 @@ def add_ca_cert(self, cacert_fname, cacert_name=''):
 
         return status
 
-    def __root_autobind(self):
-        self._ldap_mod(
-            "root-autobind.ldif",
-            ldap_uri=ipaldap.get_ldap_uri(realm=self.realm, protocol='ldapi'),
-            # must simple bind until auto bind is configured
-            dm_password=self.dm_password
-        )
-
     def __add_sudo_binduser(self):
         self._ldap_mod("sudobind.ldif", self.sub_dict)
 

From 7870d576702cc2af30b94ab46ecf338d6cec1872 Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Mon, 21 Sep 2020 16:25:53 +0200
Subject: [PATCH 2/3] Remove magic sleep from create_index_task

11 years ago 5ad91a0781 added a magic sleep to work around a rare deadlock
bug in memberOf plugin. Thierry is not aware of any outstanding issues
with memberOf plugin that could lead to a deadlock.

Related: https://pagure.io/freeipa/issue/8521
Signed-off-by: Christian Heimes <chei...@redhat.com>
---
 ipaserver/install/ldapupdate.py | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index 87c74a053d..15c0ccb508 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -511,10 +511,6 @@ def emit_plugin_update(update):
 
     def create_index_task(self, *attributes):
         """Create a task to update an index for attributes"""
-
-        # Sleep a bit to ensure previous operations are complete
-        time.sleep(5)
-
         cn_uuid = uuid.uuid1()
         # cn_uuid.time is in nanoseconds, but other users of LDAPUpdate expect
         # seconds in 'TIME' so scale the value down

From ab2234c3dc444be2a9444881bfdb3ba432f61e39 Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Thu, 24 Sep 2020 15:11:09 +0200
Subject: [PATCH 3/3] Skip offline dse.ldif patching by default

The installer now stop and patches dse.ldif only when the option
--dirsrv-config-file is used. LDBM nsslapd-db-locks are increased in a
new step.

This speeds up installer by 4 or more seconds on a fast system.

Related: https://pagure.io/freeipa/issue/8521
Signed-off-by: Christian Heimes <chei...@redhat.com>
---
 ipaserver/install/dsinstance.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 2453bc2436..dcd72bfb88 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -225,9 +225,12 @@ def __common_setup(self):
 
         self.step("creating directory server instance", self.__create_instance)
         self.step("tune ldbm plugin", self.__tune_ldbm)
-        self.step("stopping directory server", self.__stop_instance)
-        self.step("updating configuration in dse.ldif", self.__update_dse_ldif)
-        self.step("starting directory server", self.__start_instance)
+        if self.config_ldif is not None:
+            self.step("stopping directory server", self.__stop_instance)
+            self.step(
+                "updating configuration in dse.ldif", self.__update_dse_ldif
+            )
+            self.step("starting directory server", self.__start_instance)
         self.step("adding default schema", self.__add_default_schemas)
         self.step("enabling memberof plugin", self.__add_memberof_module)
         self.step("enabling winsync plugin", self.__add_winsync_module)
@@ -663,7 +666,8 @@ def stop(self, instance_name="", capture_output=True):
         )
 
     def restart(self, instance_name="", capture_output=True, wait=True):
-        api.Backend.ldap2.disconnect()
+        if api.Backend.ldap2.isconnected():
+            api.Backend.ldap2.disconnect()
         try:
             super(DsInstance, self).restart(
                 instance_name, capture_output=capture_output, wait=wait

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#5164][opened] Speed up DS related installer steps

Reply via email to