Blame SOURCES/0018-Issue-50791-Healthcheck-should-look-for-notes-A-F-in.patch

a26cad
From a6a52365df26edd4f6b0028056395d943344d787 Mon Sep 17 00:00:00 2001
a26cad
From: Mark Reynolds <mreynolds@redhat.com>
a26cad
Date: Thu, 11 Jun 2020 15:30:28 -0400
a26cad
Subject: [PATCH] Issue 50791 - Healthcheck should look for notes=A/F in access
a26cad
 log
a26cad
a26cad
Description:  Add checks for notes=A (fully unindexed search) and
a26cad
              notes=F (Unknown attribute in search filter) in the
a26cad
              current access log.
a26cad
a26cad
relates: https://pagure.io/389-ds-base/issue/50791
a26cad
a26cad
Reviewed by: firstyear(Thanks!)
a26cad
---
a26cad
 src/lib389/lib389/cli_ctl/health.py |  4 +-
a26cad
 src/lib389/lib389/dirsrv_log.py     | 72 +++++++++++++++++++++++++++--
a26cad
 src/lib389/lib389/lint.py           | 26 ++++++++++-
a26cad
 3 files changed, 96 insertions(+), 6 deletions(-)
a26cad
a26cad
diff --git a/src/lib389/lib389/cli_ctl/health.py b/src/lib389/lib389/cli_ctl/health.py
a26cad
index 6333a753a..89484a11b 100644
a26cad
--- a/src/lib389/lib389/cli_ctl/health.py
a26cad
+++ b/src/lib389/lib389/cli_ctl/health.py
a26cad
@@ -1,5 +1,5 @@
a26cad
 # --- BEGIN COPYRIGHT BLOCK ---
a26cad
-# Copyright (C) 2019 Red Hat, Inc.
a26cad
+# Copyright (C) 2020 Red Hat, Inc.
a26cad
 # All rights reserved.
a26cad
 #
a26cad
 # License: GPL (version 3 or any later version).
a26cad
@@ -18,6 +18,7 @@ from lib389.monitor import MonitorDiskSpace
a26cad
 from lib389.replica import Replica, Changelog5
a26cad
 from lib389.nss_ssl import NssSsl
a26cad
 from lib389.dseldif import FSChecks, DSEldif
a26cad
+from lib389.dirsrv_log import DirsrvAccessLog
a26cad
 from lib389 import lint
a26cad
 from lib389 import plugins
a26cad
 from lib389._constants import DSRC_HOME
a26cad
@@ -37,6 +38,7 @@ CHECK_OBJECTS = [
a26cad
     Changelog5,
a26cad
     DSEldif,
a26cad
     NssSsl,
a26cad
+    DirsrvAccessLog,
a26cad
 ]
a26cad
 
a26cad
 
a26cad
diff --git a/src/lib389/lib389/dirsrv_log.py b/src/lib389/lib389/dirsrv_log.py
a26cad
index baac2a3c9..7bed4bb17 100644
a26cad
--- a/src/lib389/lib389/dirsrv_log.py
a26cad
+++ b/src/lib389/lib389/dirsrv_log.py
a26cad
@@ -1,5 +1,5 @@
a26cad
 # --- BEGIN COPYRIGHT BLOCK ---
a26cad
-# Copyright (C) 2016 Red Hat, Inc.
a26cad
+# Copyright (C) 2020 Red Hat, Inc.
a26cad
 # All rights reserved.
a26cad
 #
a26cad
 # License: GPL (version 3 or any later version).
a26cad
@@ -9,12 +9,17 @@
a26cad
 """Helpers for managing the directory server internal logs.
a26cad
 """
a26cad
 
a26cad
+import copy
a26cad
 import re
a26cad
 import gzip
a26cad
 from dateutil.parser import parse as dt_parse
a26cad
 from glob import glob
a26cad
 from lib389.utils import ensure_bytes
a26cad
-
a26cad
+from lib389._mapped_object_lint import DSLint
a26cad
+from lib389.lint import (
a26cad
+    DSLOGNOTES0001,  # Unindexed search
a26cad
+    DSLOGNOTES0002,  # Unknown attr in search filter
a26cad
+)
a26cad
 
a26cad
 # Because many of these settings can change live, we need to check for certain
a26cad
 # attributes all the time.
a26cad
@@ -35,7 +40,7 @@ MONTH_LOOKUP = {
a26cad
 }
a26cad
 
a26cad
 
a26cad
-class DirsrvLog(object):
a26cad
+class DirsrvLog(DSLint):
a26cad
     """Class of functions to working with the various DIrectory Server logs
a26cad
     """
a26cad
     def __init__(self, dirsrv):
a26cad
@@ -189,6 +194,67 @@ class DirsrvAccessLog(DirsrvLog):
a26cad
         self.full_regexs = [self.prog_m1, self.prog_con, self.prog_discon]
a26cad
         self.result_regexs = [self.prog_notes, self.prog_repl,
a26cad
                               self.prog_result]
a26cad
+    @classmethod
a26cad
+    def lint_uid(cls):
a26cad
+        return 'logs'
a26cad
+
a26cad
+    def _log_get_search_stats(self, conn, op):
a26cad
+        lines = self.match(f".* conn={conn} op={op} SRCH base=.*")
a26cad
+        if len(lines) != 1:
a26cad
+            return None
a26cad
+
a26cad
+        quoted_vals = re.findall('"([^"]*)"', lines[0])
a26cad
+        return {
a26cad
+            'base': quoted_vals[0],
a26cad
+            'filter': quoted_vals[1],
a26cad
+            'timestamp': re.findall('\[(.*)\]', lines[0])[0],
a26cad
+            'scope': lines[0].split(' scope=', 1)[1].split(' ',1)[0]
a26cad
+        }
a26cad
+
a26cad
+    def _lint_notes(self):
a26cad
+        """
a26cad
+        Check for notes=A (fully unindexed searches), and
a26cad
+        notes=F (unknown attribute in filter)
a26cad
+        """
a26cad
+        for pattern, lint_report in [(".* notes=A", DSLOGNOTES0001), (".* notes=F", DSLOGNOTES0002)]:
a26cad
+            lines = self.match(pattern)
a26cad
+            if len(lines) > 0:
a26cad
+                count = 0
a26cad
+                searches = []
a26cad
+                for line in lines:
a26cad
+                    if ' RESULT err=' in line:
a26cad
+                        # Looks like a valid notes=A/F
a26cad
+                        conn = line.split(' conn=', 1)[1].split(' ',1)[0]
a26cad
+                        op = line.split(' op=', 1)[1].split(' ',1)[0]
a26cad
+                        etime = line.split(' etime=', 1)[1].split(' ',1)[0]
a26cad
+                        stats = self._log_get_search_stats(conn, op)
a26cad
+                        if stats is not None:
a26cad
+                            timestamp = stats['timestamp']
a26cad
+                            base = stats['base']
a26cad
+                            scope = stats['scope']
a26cad
+                            srch_filter = stats['filter']
a26cad
+                            count += 1
a26cad
+                            if lint_report == DSLOGNOTES0001:
a26cad
+                                searches.append(f'\n  [{count}] Unindexed Search\n'
a26cad
+                                                f'      - date:    {timestamp}\n'
a26cad
+                                                f'      - conn/op: {conn}/{op}\n'
a26cad
+                                                f'      - base:    {base}\n'
a26cad
+                                                f'      - scope:   {scope}\n'
a26cad
+                                                f'      - filter:  {srch_filter}\n'
a26cad
+                                                f'      - etime:   {etime}\n')
a26cad
+                            else:
a26cad
+                                searches.append(f'\n  [{count}] Invalid Attribute in Filter\n'
a26cad
+                                                f'      - date:    {timestamp}\n'
a26cad
+                                                f'      - conn/op: {conn}/{op}\n'
a26cad
+                                                f'      - filter:  {srch_filter}\n')
a26cad
+                if len(searches) > 0:
a26cad
+                    report = copy.deepcopy(lint_report)
a26cad
+                    report['items'].append(self._get_log_path())
a26cad
+                    report['detail'] = report['detail'].replace('NUMBER', str(count))
a26cad
+                    for srch in searches:
a26cad
+                        report['detail'] += srch
a26cad
+                    yield report
a26cad
+
a26cad
 
a26cad
     def _get_log_path(self):
a26cad
         """Return the current log file location"""
a26cad
diff --git a/src/lib389/lib389/lint.py b/src/lib389/lib389/lint.py
a26cad
index a103feec7..4b1700b92 100644
a26cad
--- a/src/lib389/lib389/lint.py
a26cad
+++ b/src/lib389/lib389/lint.py
a26cad
@@ -1,5 +1,5 @@
a26cad
 # --- BEGIN COPYRIGHT BLOCK ---
a26cad
-# Copyright (C) 2019 Red Hat, Inc.
a26cad
+# Copyright (C) 2020 Red Hat, Inc.
a26cad
 # All rights reserved.
a26cad
 #
a26cad
 # License: GPL (version 3 or any later version).
a26cad
@@ -253,7 +253,7 @@ can use the CLI tool "dsconf" to resolve the conflict.  Here is an example:
a26cad
 
a26cad
     Remove conflict entry and keep only the original/counterpart entry:
a26cad
 
a26cad
-        # dsconf slapd-YOUR_INSTANCE  repl-conflict remove <DN of conflict entry>
a26cad
+        # dsconf slapd-YOUR_INSTANCE  repl-conflict delete <DN of conflict entry>
a26cad
 
a26cad
     Replace the original/counterpart entry with the conflict entry:
a26cad
 
a26cad
@@ -418,3 +418,25 @@ until the time issues have been resolved:
a26cad
 Also look at https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/managing_replication-troubleshooting_replication_related_problems
a26cad
 and find the paragraph "Too much time skew"."""
a26cad
 }
a26cad
+
a26cad
+DSLOGNOTES0001 = {
a26cad
+    'dsle': 'DSLOGNOTES0001',
a26cad
+    'severity': 'Medium',
a26cad
+    'description': 'Unindexed Search',
a26cad
+    'items': ['Performance'],
a26cad
+    'detail': """Found NUMBER fully unindexed searches in the current access log.
a26cad
+Unindexed searches can cause high CPU and slow down the entire server's performance.\n""",
a26cad
+    'fix': """Examine the searches that are unindexed, and either properly index the attributes
a26cad
+in the filter, increase the nsslapd-idlistscanlimit, or stop using that filter."""
a26cad
+}
a26cad
+
a26cad
+DSLOGNOTES0002 = {
a26cad
+    'dsle': 'DSLOGNOTES0002',
a26cad
+    'severity': 'Medium',
a26cad
+    'description': 'Unknown Attribute In Filter',
a26cad
+    'items': ['Possible Performance Impact'],
a26cad
+    'detail': """Found NUMBER searches in the current access log that are using an
a26cad
+unknown attribute in the search filter.\n""",
a26cad
+    'fix': """Stop using this these unknown attributes in the filter, or add the schema
a26cad
+to the server and make sure it's properly indexed."""
a26cad
+}
a26cad
-- 
a26cad
2.26.2
a26cad