dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Blob Blame History Raw
From b7f31936e21b109b5446c48513619cd87974be54 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Tue, 31 Mar 2020 22:57:25 +0200
Subject: [PATCH 33/35] NSS: make memcache size configurable in megabytes

Memcache size was made configurable in megabytes and not in slots
to hide internal implementation from users.

Relates: https://github.com/SSSD/sssd/issues/5115

Reviewed-by: Sumit Bose <sbose@redhat.com>
---
 src/config/SSSDConfig/sssdoptions.py |  6 ++---
 src/man/sssd.conf.5.xml              | 33 +++++++++++++---------------
 src/responder/nss/nsssrv.c           | 20 +++++++++--------
 3 files changed, 29 insertions(+), 30 deletions(-)

diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py
index 16d85cfa3..f57ad4b41 100644
--- a/src/config/SSSDConfig/sssdoptions.py
+++ b/src/config/SSSDConfig/sssdoptions.py
@@ -72,9 +72,9 @@ class SSSDOptions(object):
         'shell_fallback': _('If a shell stored in central directory is allowed but not available, use this fallback'),
         'default_shell': _('Shell to use if the provider does not list one'),
         'memcache_timeout': _('How long will be in-memory cache records valid'),
-        'memcache_size_passwd': _('Number of slots in fast in-memory cache for passwd requests'),
-        'memcache_size_group': _('Number of slots in fast in-memory cache for group requests'),
-        'memcache_size_initgroups': _('Number of slots in fast in-memory cache for initgroups requests'),
+        'memcache_size_passwd': _('Size (in megabytes) of the data table allocated inside fast in-memory cache for passwd requests'),
+        'memcache_size_group': _('Size (in megabytes) of the data table allocated inside fast in-memory cache for group requests'),
+        'memcache_size_initgroups': _('Size (in megabytes) of the data table allocated inside fast in-memory cache for initgroups requests'),
         'homedir_substring': _('The value of this option will be used in the expansion of the override_homedir option '
                                'if the template contains the format string %H.'),
         'get_domains_timeout': _('Specifies time in seconds for which the list of subdomains will be considered '
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 9bc2e26e5..874a09c49 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -1076,7 +1076,7 @@ fallback_homedir = /home/%u
                     </listitem>
                 </varlistentry>
                 <varlistentry>
-                    <term>memcache_timeout (int)</term>
+                    <term>memcache_timeout (integer)</term>
                     <listitem>
                         <para>
                             Specifies time in seconds for which records
@@ -1104,14 +1104,13 @@ fallback_homedir = /home/%u
                     <term>memcache_size_passwd (integer)</term>
                     <listitem>
                         <para>
-                            Number of slots allocated inside fast in-memory
-                            cache for passwd requests. Note that one entry
-                            in fast in-memory cache can occupy more than one slot.
-                            Setting the size to 0 will disable the passwd in-memory
-                            cache.
+                            Size (in megabytes) of the data table allocated inside
+                            fast in-memory cache for passwd requests.
+                            Setting the size to 0 will disable the passwd
+                            in-memory cache.
                         </para>
                         <para>
-                            Default: 200000
+                            Default: 8
                         </para>
                         <para>
                             WARNING: Disabled or too small in-memory cache can
@@ -1130,14 +1129,13 @@ fallback_homedir = /home/%u
                     <term>memcache_size_group (integer)</term>
                     <listitem>
                         <para>
-                            Number of slots allocated inside fast in-memory
-                            cache for group requests. Note that one entry
-                            in fast in-memory cache can occupy more than one
-                            slot. Setting the size to 0 will disable the group
+                            Size (in megabytes) of the data table allocated inside
+                            fast in-memory cache for group requests.
+                            Setting the size to 0 will disable the group
                             in-memory cache.
                         </para>
                         <para>
-                            Default: 150000
+                            Default: 6
                         </para>
                         <para>
                             WARNING: Disabled or too small in-memory cache can
@@ -1156,14 +1154,13 @@ fallback_homedir = /home/%u
                     <term>memcache_size_initgroups (integer)</term>
                     <listitem>
                         <para>
-                            Number of slots allocated inside fast in-memory
-                            cache for initgroups requests. Note that one entry
-                            in fast in-memory cache can occupy more than one
-                            slot. Setting the size to 0 will disable the
-                            initgroups in-memory cache.
+                            Size (in megabytes) of the data table allocated inside
+                            fast in-memory cache for initgroups requests.
+                            Setting the size to 0 will disable the initgroups
+                            in-memory cache.
                         </para>
                         <para>
-                            Default: 250000
+                            Default: 10
                         </para>
                         <para>
                             WARNING: Disabled or too small in-memory cache can
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index 42a63d9bb..741e94aaa 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -34,6 +34,7 @@
 
 #include "util/util.h"
 #include "util/sss_ptr_hash.h"
+#include "util/mmap_cache.h"
 #include "responder/nss/nss_private.h"
 #include "responder/nss/nss_iface.h"
 #include "responder/nss/nsssrv_mmap_cache.h"
@@ -210,9 +211,10 @@ done:
 static int setup_memcaches(struct nss_ctx *nctx)
 {
     /* Default memcache sizes */
-    static const size_t SSS_MC_CACHE_PASSWD_SLOTS    = 200000;  /*  8mb */
-    static const size_t SSS_MC_CACHE_GROUP_SLOTS     = 150000;  /*  6mb */
-    static const size_t SSS_MC_CACHE_INITGROUP_SLOTS = 250000;  /* 10mb */
+    static const size_t SSS_MC_CACHE_SLOTS_PER_MB   = 1024*1024/MC_SLOT_SIZE;
+    static const size_t SSS_MC_CACHE_PASSWD_SIZE    =  8;
+    static const size_t SSS_MC_CACHE_GROUP_SIZE     =  6;
+    static const size_t SSS_MC_CACHE_INITGROUP_SIZE = 10;
 
     int ret;
     int memcache_timeout;
@@ -251,7 +253,7 @@ static int setup_memcaches(struct nss_ctx *nctx)
     ret = confdb_get_int(nctx->rctx->cdb,
                          CONFDB_NSS_CONF_ENTRY,
                          CONFDB_NSS_MEMCACHE_SIZE_PASSWD,
-                         SSS_MC_CACHE_PASSWD_SLOTS,
+                         SSS_MC_CACHE_PASSWD_SIZE,
                          &mc_size_passwd);
     if (ret != EOK) {
         DEBUG(SSSDBG_FATAL_FAILURE,
@@ -263,7 +265,7 @@ static int setup_memcaches(struct nss_ctx *nctx)
     ret = confdb_get_int(nctx->rctx->cdb,
                          CONFDB_NSS_CONF_ENTRY,
                          CONFDB_NSS_MEMCACHE_SIZE_GROUP,
-                         SSS_MC_CACHE_GROUP_SLOTS,
+                         SSS_MC_CACHE_GROUP_SIZE,
                          &mc_size_group);
     if (ret != EOK) {
         DEBUG(SSSDBG_FATAL_FAILURE,
@@ -275,7 +277,7 @@ static int setup_memcaches(struct nss_ctx *nctx)
     ret = confdb_get_int(nctx->rctx->cdb,
                          CONFDB_NSS_CONF_ENTRY,
                          CONFDB_NSS_MEMCACHE_SIZE_INITGROUPS,
-                         SSS_MC_CACHE_INITGROUP_SLOTS,
+                         SSS_MC_CACHE_INITGROUP_SIZE,
                          &mc_size_initgroups);
     if (ret != EOK) {
         DEBUG(SSSDBG_FATAL_FAILURE,
@@ -290,7 +292,7 @@ static int setup_memcaches(struct nss_ctx *nctx)
         ret = sss_mmap_cache_init(nctx, "passwd",
                                   nctx->mc_uid, nctx->mc_gid,
                                   SSS_MC_PASSWD,
-                                  mc_size_passwd,
+                                  mc_size_passwd * SSS_MC_CACHE_SLOTS_PER_MB,
                                   (time_t)memcache_timeout,
                                   &nctx->pwd_mc_ctx);
         if (ret) {
@@ -310,7 +312,7 @@ static int setup_memcaches(struct nss_ctx *nctx)
         ret = sss_mmap_cache_init(nctx, "group",
                                   nctx->mc_uid, nctx->mc_gid,
                                   SSS_MC_GROUP,
-                                  mc_size_group,
+                                  mc_size_group * SSS_MC_CACHE_SLOTS_PER_MB,
                                   (time_t)memcache_timeout,
                                   &nctx->grp_mc_ctx);
         if (ret) {
@@ -330,7 +332,7 @@ static int setup_memcaches(struct nss_ctx *nctx)
         ret = sss_mmap_cache_init(nctx, "initgroups",
                                   nctx->mc_uid, nctx->mc_gid,
                                   SSS_MC_INITGROUPS,
-                                  mc_size_initgroups,
+                                  mc_size_initgroups * SSS_MC_CACHE_SLOTS_PER_MB,
                                   (time_t)memcache_timeout,
                                   &nctx->initgr_mc_ctx);
         if (ret) {
-- 
2.21.3