Bug 2192969

Summary:	Better handling of the command line and web UI cert search and/or list features
Product:	Red Hat Enterprise Linux 9	Reporter:	Rob Crittenden <rcritten>
Component:	ipa	Assignee:	Rob Crittenden <rcritten>
Status:	VERIFIED ---	QA Contact:	Mohammad Rizwan <myusuf>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	9.2	CC:	ademir.ladeira, amayberr, amore, arajendr, bugzilla-pkiqe, cilmar, ckelley, frenaud, ipa-qe, msauton, negativo17, rcritten, rjeffman, sumenon, tscherf
Target Milestone:	rc	Keywords:	FutureFeature, Triaged
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	ipa-4.10.2-2.el9	Doc Type:	Enhancement
Doc Text:		Story Points:	---
Clone Of:	2164349	Environment:
Last Closed:		Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	2164349, 1959057
Bug Blocks:	2164347

Comment 6 Florence Blanc-Renaud 2023-06-20 11:34:25 UTC

Moving back to POST as a different fix was provided.

The initial fix was relying on python-OpenSSL which is not available in RHEL 9.
The new fix removes this dependency and uses a different approach to improve the perfs.

master:
https://pagure.io/freeipa/c/2a605c5d07906e157e79458724be098aab28cc7c
https://pagure.io/freeipa/c/8a250201494fa0864c81ba0bb2d16a485cdd2533
https://pagure.io/freeipa/c/fa3a69f91fcb4e15714f78a6eee4944bb8ca5e1b

ipa-4-10:
https://pagure.io/freeipa/c/276138087158c6b2ea76b43c754084144e543c0b
https://pagure.io/freeipa/c/d83a4b0babdc7beb124d3748b5815ce309739eb7
https://pagure.io/freeipa/c/d9aa75459d650e5282a160a3eef09ed175dc5b51

ipa-4-9:
https://pagure.io/freeipa/c/9fe30f21c987bdccf80ef5f6d645fdc59b393bdb
https://pagure.io/freeipa/c/3b1dbcdba2994bf57908f530913998e9ab888e4c
https://pagure.io/freeipa/c/d00fd3398c32beb2c3e72f4878c87f9d2c0e833d

Comment 10 Mohammad Rizwan 2023-07-05 10:39:46 UTC

version:
ipa-server-4.10.2-2.el9.x86_64

Steps:
1. install ipa-server
2. generate 4000 certificate
3. $ time ipa cert-find



time take on old version:

[root@master ~]# time ipa cert-find
ipa: WARNING: Search result has been truncated: Configured size limit exceeded
------------------------
100 certificates matched
------------------------
[..]

real	0m16.550s
user	0m0.526s
sys	0m0.051s



time taken on latest version:

[root@master ~]# time ipa cert-find
------------------------
100 certificates matched
------------------------
[..]
------------------------------
Number of entries returned 100
------------------------------

real	0m2.708s
user	0m0.577s
sys	0m0.057s


when ipa cert-find without sizelimit
/var/log/httpd/access_log

xx.xx.xx.xx - - [05/Jul/2023:06:30:17 -0400] "POST /ca/rest/certs/search?size=100 HTTP/1.1" 200 55091
xx.xx.xx.xx - admin [05/Jul/2023:06:30:17 -0400] "POST /ipa/session/json HTTP/1.1" 200 2001

--sizelimit=5
xx.xx.xx.xx - - [05/Jul/2023:06:34:42 -0400] "POST /ca/rest/certs/search?size=5 HTTP/1.1" 200 2903
xx.xx.xx.xx - admin [05/Jul/2023:06:34:42 -0400] "POST /ipa/session/json HTTP/1.1" 200 407


--sizelimit=abc
[root@master ~]# ipa cert-find --sizelimit=abc
ipa: ERROR: invalid 'sizelimit': must be an integer
[root@master ~]# ipa cert-find --sizelimit=-1
ipa: ERROR: invalid 'sizelimit': must be at least 0
[root@master ~]#

--sizelimit=120

xx.xx.xx.xx - - [05/Jul/2023:06:36:14 -0400] "POST /ca/rest/certs/search?size=120 HTTP/1.1" 200 66082
xx.xx.xx.xx - admin [05/Jul/2023:06:36:14 -0400] "POST /ipa/session/json HTTP/1.1" 200 2326

[root@master ~]# ipa cert-find --sizelimit=120
------------------------
120 certificates matched
------------------------
[..]




There is significant difference between time taken on old and new version, hence marking the bug as verified.