Bug 1434384 - RPC client should use HTTP persistent connection
Summary: RPC client should use HTTP persistent connection
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.4
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Nikhil Dehadrai
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-03-21 12:13 UTC by Petr Vobornik
Modified: 2017-08-01 09:46 UTC (History)
7 users (show)

Fixed In Version: ipa-4.5.0-3.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 09:46:16 UTC
Target Upstream Version:

Attachments (Terms of Use)
Console Output (38.04 KB, text/plain)
2017-06-05 10:48 UTC, Nikhil Dehadrai 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2304 normal SHIPPED_LIVE ipa bug fix and enhancement update 2017-08-01 12:41:35 UTC

Description Petr Vobornik 2017-03-21 12:13:42 UTC 
Cloned from upstream: https://pagure.io/freeipa/issue/6641

The RPC client library for XML-RPC and JSON-RPC calls does not support "Connection: keep-alive" to benefit from persistent TCP connection. Every RPC call creates a new TCP connection and therefore triggers a TLS handshake. A persistent TCP connection improves performance and reduces both overhead and latency. Even for a local and idling server, keep-alive can reduce round-trip time by 20% or more.
Comment 2 Petr Vobornik 2017-03-21 12:23:08 UTC 
Upstream ticket:
https://pagure.io/freeipa/issue/6641
Comment 3 Petr Vobornik 2017-03-21 12:23:38 UTC 
master:
    7beb6d1cad7e2200208cb14be6c823a89abf0dc3 Use connection keep-alive
    b2bdd2e1a912573ae4a3e8e5f40831a800d972f7 Add debug logging for keep-alive
    7f567286f6b89f3e981af02913e833d3e8ed5064 Increase Apache HTTPD's default keep alive timeout

ipa-4-5:
    25cf4a2e76ff976fe15029f9da7e4e3555f203d4 Use connection keep-alive
    f78439439c3c2ef6491fd5275de9d40b4b40a9b7 Add debug logging for keep-alive
    4b426fbfa2dc83f1f43abbc2b9396bd9f1b07f74 Increase Apache HTTPD's default keep alive timeout
Comment 4 Petr Vobornik 2017-03-21 12:24:52 UTC 
A performance enhancement which speeds up all CLI usages but it is wanted mainly for Custodia Vault use cases which internally uses a lot of connections from client.
Comment 8 Rob Crittenden 2017-03-28 17:36:57 UTC 
I'd think this would demonstrate it: ipa --debug -vvv vault-add test --password=Secret.123

Three v's will show the HTTP headers and the --debug will show the added debug messages in the patchset. You'd want to look for "HTTP connection keep-alive" in particular.

This may end up being too verbose for its own good but it's where I'd start.
Comment 12 Nikhil Dehadrai 2017-06-05 10:46:50 UTC 
IPA-server-version:

Tested this bug with following observations:

Verified that on executing "vault-add" command, a persistent TCP connection "HTTP Connection Keep-alive" task is observed.

# echo Secret123 | ipa-kra-install
# ipa --debug -vvv vault-add test2 --password=Secret.123

Refer attached log.

Thus on the basis of observations inside the log, marking the status of bug to "VERIFIED".
Comment 13 Nikhil Dehadrai 2017-06-05 10:48:49 UTC 
Created attachment 1285014 [details]
Console Output

Console Output
Comment 14 errata-xmlrpc 2017-08-01 09:46:16 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304
Note You need to log in before you can comment on or make changes to this bug.