Bug 1974236

Summary: RFE automatique disable of virtual attribute checking
Product: Red Hat Enterprise Linux 8 Reporter: thierry bordaz <tbordaz>
Component: 389-ds-baseAssignee: thierry bordaz <tbordaz>
Status: CLOSED ERRATA QA Contact: RHDS QE <ds-qe-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.3CC: aadhikar, ldap-maint, sgouvern
Target Milestone: betaKeywords: FutureFeature, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: sync-to-jira
Fixed In Version: 389-ds-1.4-8060020211118202403.ce3e8c9c Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-10 13:43:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description thierry bordaz 2021-06-21 07:29:57 UTC 
Description of problem:
During a SRCH, lookup for virtual attribute providers is done during evaluating a filter (against a candidate entry) and also for each returned attribute. The lookup of the virtual attribute hashtable is protected with a rwlock that creates contention, even if it is almost always free (in read). In addition the hashtable lookup is costly even if the search attribute is not present in the hashtable.

This was already detected to be an expensive component and a config attribute 'nsslapd-ignore-virtual-attrs' allows to skip virtual attribute lookup (see #511).

This attribute is 'off' by default, so most of the deployments, even if they do not use virtual attributes, are paying the cost of virtual attribute

Describe the solution you'd like
A first possibility is to set 'nsslapd-ignore-virtual-attrs: on' when there is no virtual attributes.
389-ds server defines virtual attributes with 'cos' and 'role' plugins. If there is cos/role definitions and if there is no custom plugin, then set 'nsslapd-ignore-virtual-attrs: on'.
This should be detected at startup and also requires cos/role plugin to enable the flag if a new definition comes in.

A second possibility is too have healthcheck, detecting the same (no cos/role definitions and no custom plugin)

A third possibility is to set 'nsslapd-ignore-virtual-attrs: on' by default and turn it on when a virtual attribute is inserted (other than 'dummyAttr').

Version-Release number of selected component (if applicable):
all

How reproducible:


Steps to Reproduce:
TBD

Actual results:
By default vattr are lookup

Expected results:
By default vattr should not be lookup


Additional info:
Comment 2 thierry bordaz 2021-09-06 15:21:02 UTC 
Third option is not possible. The third option is to initialize ignore-vattr=True and set it on the fly to 'False" if a vattr is registered. The problem is that role plugin is enabled by default and registers 'nsrole'. So by default ignore-vattr would always be return to 'False.
Comment 5 thierry bordaz 2021-09-30 14:01:37 UTC 
Fix pushed upstream => POST
Comment 18 Akshay Adhikari 2021-12-20 15:55:15 UTC 
============================================================================ test session starts ================================================================
platform linux -- Python 3.6.8, pytest-6.2.5, py-1.11.0, pluggy-1.0.0 -- /usr/bin/python3.6
cachedir: .pytest_cache
metadata: {'Python': '3.6.8', 'Platform': 'Linux-4.18.0-355.el8.x86_64-x86_64-with-redhat-8.6-Ootpa', 'Packages': {'pytest': '6.2.5', 'py': '1.11.0', 'pluggy': '1.0.0'}, 'Plugins': {'metadata': '1.11.0', 'html': '3.1.1', 'ignore-flaky': '2.0.0'}}
389-ds-base: 1.4.3.28-3.module+el8.6.0+13706+e2f14737
nss: 3.67.0-7.el8_5
nspr: 4.32.0-1.el8_4
openldap: 2.4.46-18.el8
cyrus-sasl: not installed
FIPS: disabled
rootdir: /workspace/ds/dirsrvtests, configfile: pytest.ini
plugins: metadata-1.11.0, html-3.1.1, ignore-flaky-2.0.0
collected 1788 items / 1782 deselected / 1 skipped / 5 selected                                                                                                             

dirsrvtests/tests/suites/config/config_test.py::test_ignore_virtual_attrs PASSED                                                                                      [ 16%]
dirsrvtests/tests/suites/config/config_test.py::test_ignore_virtual_attrs_after_restart PASSED                                                                        [ 33%]
dirsrvtests/tests/suites/cos/cos_test.py::test_vattr_on_cos_definition PASSED                                                                                         [ 50%]
dirsrvtests/tests/suites/roles/basic_test.py::test_vattr_on_filtered_role PASSED                                                                                      [ 66%]
dirsrvtests/tests/suites/roles/basic_test.py::test_vattr_on_filtered_role_restart PASSED                                                                              [ 83%]
dirsrvtests/tests/suites/roles/basic_test.py::test_vattr_on_managed_role PASSED                                                                                       [100%]

================================================== 6 passed, 1 skipped, 1782 deselected, 218 warnings in 61.85s (0:01:01) =======================================

Marking as Verified: Tested.
Comment 19 Akshay Adhikari 2022-02-21 08:45:35 UTC 
As per this: https://www.port389.org/docs/389ds/design/vattr-automatic-toggle.html#tests


1) When nsslapd-ignore-virtual-attrs is set to off

      Recent       Recent       Recent       Recent      Overall      Overall
Searches/Sec   Avg Dur ms Entries/Srch   Errors/Sec Searches/Sec   Avg Dur ms
------------ ------------ ------------ ------------ ------------ ------------
   13551.453        1.101       21.000        0.000    13551.449        1.101
   13939.461        1.073       21.000        0.000    13745.459        1.087
   13909.260        1.076       21.000        0.000    13800.055        1.083
   13833.368        1.076       21.000        0.000    13808.383        1.081
   13832.600        1.086       21.000        0.000    13813.227        1.082
   13692.930        1.092       21.000        0.000    13793.179        1.084
   13674.087        1.096       21.000        0.000    13776.165        1.086
   13921.984        1.074       21.000        0.000    13794.390        1.084
   13903.031        1.077       21.000        0.000    13806.463        1.083
   13986.178        1.070       21.000        0.000    13824.433        1.082


2) When nsslapd-ignore-virtual-attrs is set to on

      Recent       Recent       Recent       Recent      Overall      Overall
Searches/Sec   Avg Dur ms Entries/Srch   Errors/Sec Searches/Sec   Avg Dur ms
------------ ------------ ------------ ------------ ------------ ------------
   15144.844        0.984       21.000        0.000    15144.840        0.984
   15491.661        0.966       21.000        0.000    15318.251        0.975
   15368.008        0.972       21.000        0.000    15334.836        0.974
   15464.274        0.968       21.000        0.000    15367.195        0.973
   15420.639        0.969       21.000        0.000    15377.883        0.972
   15124.477        0.989       21.000        0.000    15335.651        0.975
   15198.751        0.985       21.000        0.000    15316.091        0.976
   15397.821        0.967       21.000        0.000    15326.307        0.975
   15299.498        0.980       21.000        0.000    15323.329        0.976
   15323.937        0.973       21.000        0.000    15323.389        0.975
Comment 21 errata-xmlrpc 2022-05-10 13:43:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (389-ds:1.4 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:1815