Bug 1425154

Summary: Rebase python-idna to >= 2.1 for freeipa performance issue
Product: Red Hat Enterprise Linux 7 Reporter: Paul Wouters <pwouters>
Component: python-idnaAssignee: Nathaniel McCallum <npmccallum>
Status: CLOSED ERRATA QA Contact: Abhijeet Kasurde <akasurde>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: akasurde, alex.gaynor, amoralej, cheimes, dpal, enewland, mkosek
Target Milestone: rcKeywords: Rebase
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 18:37:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Paul Wouters 2017-02-20 16:47:58 UTC 
Description of problem:

As per Christian Heimes <cheimes>:

while I was investigating performance issues in FreeIPA, I noticed that
both F25 and RHEL come with an older version of python-idna. That
version has a serious performance issue. It takes round about 100ms to
import the idna package. Import increases RAM consumption of the process
(RSS) by about 20 MB.

https://github.com/pyca/cryptography/issues/3409#issuecomment-281095501

It affects IPA framework, IPA command line, Custodia, and any other
application that import python-cryptography. Right now we are wasting 60
MB (2x20 MB for IPA WSGI processes, 1x20 MB for Custodia). For FreeIPA
4.5 I'm planning to bump up the WSGI daemon processes from 2 to 5.

Is it still possible to request a RHEL rebase of python-idna?

Christian
Comment 3 Abhijeet Kasurde 2017-05-25 12:07:06 UTC 
Verified using IPA and Python-idna version ::

# rpm -qa ipa-server python-idna
ipa-server-4.5.0-13.el7.x86_64
python-idna-2.4-1.el7.noarch

Marking BZ as verified.
Comment 4 errata-xmlrpc 2017-08-01 18:37:37 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1996
Comment 5 Christian Heimes 2017-08-10 14:07:26 UTC 
*** Bug 1455078 has been marked as a duplicate of this bug. ***