SSSD cache update performance improvement
Previously, the System Security Services Daemon (SSSD) always updated all cached entries after the cache validity timeout passed. This consumed unnecessarily resources on the client and the server, for entries that have not been changed. SSSD has been enhanced and now checks if the cached entry requires an update. The time stamp values are increased for unchanged entries and stored in the new SSSD database `/var/lib/sss/db/timestamps_$domain.ldb`. This enhancement improves the performance for entries that rarely change on the server side, such as groups.
Description of problem:
At the moment, the SSSD performance, especially with the default settings is not great and users have to resort to workarounds like ignore_group_members or mounting the cache to tmpfs.
The purpose of this bugzilla is to track improvements we can do to make sure less data is transferred over network and the cache writes are handled better.
Other related bugzillas might be filed later for e.g. PAC responder improvements.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. run "id aduser" for an AD user who is a member of hundreds of large groups
id takes 10+ seconds
id should be faster
Patches pushed upstream:
Hi Marc, I wonder if the upstream design page:
would give some idea?
Verified the bug on SSSD Version: sssd-1.14.0-30.el7.x86_64
This feature has been tested thoroughly and a detailed Test plan sent to DEV for review. The main sysdb cache and timestamp cache features of this RFE are functional and working fine.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.