Re: [Freeipa-devel] [PATCH] 0015 Configure KDC to use multiple workers
On Mon, 22 Nov 2010 16:04:51 +0100 Jakub Hrozek wrote: > This could have been shortened to Ack :-) Pushed to master. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0015 Configure KDC to use multiple workers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/22/2010 03:12 PM, Jakub Hrozek wrote: >> In what case it can fail ? > For instance if the file was not present, if its SELinux label was > wrong..I just think it's good defensive behaviour. > > Although it is true that the scripts would catch the exception and print > a more meaingful error message than just an ugly traceback, which was > basically my point. So this might actually be fine. > >> > >>> >> 2) I think that we should log that we are about to modify a file >> > >> > We don't do that for any of the many files we modify, why should we ? > OK, If we don't do that already, it makes no sense to do it for this > single occurrence. FWIW, I was thinking that as an admin I would > probably like to see when config on my system changes - at least when > the log level is set to debug. > This could have been shortened to Ack :-) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzqhpMACgkQHsardTLnvCW7tgCgjmCvQZaLduhy77QU6BV8MmZU BQoAoIwxdJDEtDHwjmJ0vgPfo6OcIanw =n1X0 -END PGP SIGNATURE- ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0015 Configure KDC to use multiple workers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/22/2010 02:36 PM, Simo Sorce wrote: > On Mon, 22 Nov 2010 13:58:40 +0100 > Jakub Hrozek wrote: > >> On Mon, Nov 15, 2010 at 09:05:55PM -0500, Simo Sorce wrote: >>> >>> Add code to detect the number of CPUs available at install time. >>> If the kerberos version is >= 1.9 then the KDC supports multiple >>> workers. >>> If more than 1 CPU is available configure the KDC to start 1 worker >>> per CPU to aid in scalability. >>> >>> Addresses ticket #222 >>> >>> Simo. >> >> As I don't have Kerberos 1.9 (does not seem to be even in F15..) I >> only tested that the patch modifies the /etc/sysconfig/krb5kdc file. >> >> The code looks good and seems to work fine. I have two suggestions: >> >> 1) we should test if the open() calls succeed > > In what case it can fail ? For instance if the file was not present, if its SELinux label was wrong..I just think it's good defensive behaviour. Although it is true that the scripts would catch the exception and print a more meaingful error message than just an ugly traceback, which was basically my point. So this might actually be fine. > >> 2) I think that we should log that we are about to modify a file > > We don't do that for any of the many files we modify, why should we ? OK, If we don't do that already, it makes no sense to do it for this single occurrence. FWIW, I was thinking that as an admin I would probably like to see when config on my system changes - at least when the log level is set to debug. > >> A more general thought (although it's certainly not a task for 2.0), >> maybe we should consider using Augeas, either via its Python API or >> just calling augtool to modify config files. The benefits would be >> safer modifications (augeas knows the file structure) and most >> probably even cleaner code. > > This is a good idea, can you open an enhancement ticket ? > https://fedorahosted.org/freeipa/ticket/525 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzqekEACgkQHsardTLnvCV7bwCgy1QqjR7200M3ogBQkR0voZVk BnEAniLevMiMmFQZPTWc+aSySO2isBdB =Tnhc -END PGP SIGNATURE- ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0015 Configure KDC to use multiple workers
On Mon, 22 Nov 2010 13:58:40 +0100 Jakub Hrozek wrote: > On Mon, Nov 15, 2010 at 09:05:55PM -0500, Simo Sorce wrote: > > > > Add code to detect the number of CPUs available at install time. > > If the kerberos version is >= 1.9 then the KDC supports multiple > > workers. > > If more than 1 CPU is available configure the KDC to start 1 worker > > per CPU to aid in scalability. > > > > Addresses ticket #222 > > > > Simo. > > As I don't have Kerberos 1.9 (does not seem to be even in F15..) I > only tested that the patch modifies the /etc/sysconfig/krb5kdc file. > > The code looks good and seems to work fine. I have two suggestions: > > 1) we should test if the open() calls succeed In what case it can fail ? > 2) I think that we should log that we are about to modify a file We don't do that for any of the many files we modify, why should we ? > A more general thought (although it's certainly not a task for 2.0), > maybe we should consider using Augeas, either via its Python API or > just calling augtool to modify config files. The benefits would be > safer modifications (augeas knows the file structure) and most > probably even cleaner code. This is a good idea, can you open an enhancement ticket ? Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0015 Configure KDC to use multiple workers
On Mon, Nov 15, 2010 at 09:05:55PM -0500, Simo Sorce wrote: > > Add code to detect the number of CPUs available at install time. > If the kerberos version is >= 1.9 then the KDC supports multiple > workers. > If more than 1 CPU is available configure the KDC to start 1 worker per > CPU to aid in scalability. > > Addresses ticket #222 > > Simo. As I don't have Kerberos 1.9 (does not seem to be even in F15..) I only tested that the patch modifies the /etc/sysconfig/krb5kdc file. The code looks good and seems to work fine. I have two suggestions: 1) we should test if the open() calls succeed 2) I think that we should log that we are about to modify a file A more general thought (although it's certainly not a task for 2.0), maybe we should consider using Augeas, either via its Python API or just calling augtool to modify config files. The benefits would be safer modifications (augeas knows the file structure) and most probably even cleaner code. Jakub ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
