Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1434384 - RPC client should use HTTP persistent connection
RPC client should use HTTP persistent connection
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.4
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: IPA Maintainers
Nikhil Dehadrai
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-03-21 08:13 EDT by Petr Vobornik
Modified: 2017-08-01 05:46 EDT (History)
7 users (show)

See Also:
Fixed In Version: ipa-4.5.0-3.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-01 05:46:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Console Output (38.04 KB, text/plain)
2017-06-05 06:48 EDT, Nikhil Dehadrai
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2304 normal SHIPPED_LIVE ipa bug fix and enhancement update 2017-08-01 08:41:35 EDT

  None (edit)
Description Petr Vobornik 2017-03-21 08:13:42 EDT
Cloned from upstream: https://pagure.io/freeipa/issue/6641

The RPC client library for XML-RPC and JSON-RPC calls does not support "Connection: keep-alive" to benefit from persistent TCP connection. Every RPC call creates a new TCP connection and therefore triggers a TLS handshake. A persistent TCP connection improves performance and reduces both overhead and latency. Even for a local and idling server, keep-alive can reduce round-trip time by 20% or more.
Comment 2 Petr Vobornik 2017-03-21 08:23:08 EDT
Upstream ticket:
https://pagure.io/freeipa/issue/6641
Comment 3 Petr Vobornik 2017-03-21 08:23:38 EDT
master:
    7beb6d1cad7e2200208cb14be6c823a89abf0dc3 Use connection keep-alive
    b2bdd2e1a912573ae4a3e8e5f40831a800d972f7 Add debug logging for keep-alive
    7f567286f6b89f3e981af02913e833d3e8ed5064 Increase Apache HTTPD's default keep alive timeout

ipa-4-5:
    25cf4a2e76ff976fe15029f9da7e4e3555f203d4 Use connection keep-alive
    f78439439c3c2ef6491fd5275de9d40b4b40a9b7 Add debug logging for keep-alive
    4b426fbfa2dc83f1f43abbc2b9396bd9f1b07f74 Increase Apache HTTPD's default keep alive timeout
Comment 4 Petr Vobornik 2017-03-21 08:24:52 EDT
A performance enhancement which speeds up all CLI usages but it is wanted mainly for Custodia Vault use cases which internally uses a lot of connections from client.
Comment 8 Rob Crittenden 2017-03-28 13:36:57 EDT
I'd think this would demonstrate it: ipa --debug -vvv vault-add test --password=Secret.123

Three v's will show the HTTP headers and the --debug will show the added debug messages in the patchset. You'd want to look for "HTTP connection keep-alive" in particular.

This may end up being too verbose for its own good but it's where I'd start.
Comment 12 Nikhil Dehadrai 2017-06-05 06:46:50 EDT
IPA-server-version:

Tested this bug with following observations:

Verified that on executing "vault-add" command, a persistent TCP connection "HTTP Connection Keep-alive" task is observed.

# echo Secret123 | ipa-kra-install
# ipa --debug -vvv vault-add test2 --password=Secret.123

Refer attached log.

Thus on the basis of observations inside the log, marking the status of bug to "VERIFIED".
Comment 13 Nikhil Dehadrai 2017-06-05 06:48 EDT
Created attachment 1285014 [details]
Console Output

Console Output
Comment 14 errata-xmlrpc 2017-08-01 05:46:16 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304

Note You need to log in before you can comment on or make changes to this bug.