Bug 731747 - Offline actions take a very long time
Offline actions take a very long time
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: sssd (Show other bugs)
15
All Linux
unspecified Severity high
: ---
: ---
Assigned To: Stephen Gallagher
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 767168
  Show dependency treegraph
 
Reported: 2011-08-18 10:37 EDT by Orion Poplawski
Modified: 2011-12-13 07:54 EST (History)
5 users (show)

See Also:
Fixed In Version: sssd-1.5.13-1.fc15.2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 767168 (view as bug list)
Environment:
Last Closed: 2011-09-09 01:30:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
sssd_default.log (210.33 KB, text/x-log)
2011-08-18 10:37 EDT, Orion Poplawski
no flags Details
sssd_default.log (260.12 KB, text/plain)
2011-08-19 09:22 EDT, Orion Poplawski
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
FedoraHosted SSSD 977 None None None Never

  None (edit)
Description Orion Poplawski 2011-08-18 10:37:48 EDT
Created attachment 518884 [details]
sssd_default.log

Description of problem:

This is a laptop I keep at home.  Account provider is LDAP, that is inaccessible so I'm running off cached information.  Even after authenticating once, new authentications take a very long time.  Of particular trouble is unlocking the screen, can take 30-60 seconds or more.

I'm attaching sssd_default.log with debug 10 with the following events:

su -
su - orion
su - orion again
unlock screen

Version-Release number of selected component (if applicable):
sssd-1.5.12-1.fc15.i686

I'm trying for a configuration that will be as fast as possible in offline mode.

[sssd]
config_file_version = 2
reconnection_retries = 0
sbus_timeout = 30
services = nss, pam
domains = default
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 0
[pam]
reconnection_retries = 0
[domain/default]
ldap_id_use_start_tls = True
ldap_search_base = dc=nwra,dc=com
krb5_realm = CORA.NWRA.COM
krb5_server = kerberos.cora.nwra.com
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_uri = ldap://ldap.cora.nwra.com/
krb5_kpasswd = kerberos.cora.nwra.com
cache_credentials = True
ldap_tls_cacertdir = /etc/openldap/cacerts
debug_level = 10
reconnection_retries = 0
entry_cache_timeout = 86400
Comment 1 Jakub Hrozek 2011-08-19 06:23:02 EDT
Judging by the logs you attached I strongly suspect an issue we fixed upstream but haven't released yet. 

Can you test this scratch build to see if it fixes the problem?

http://koji.fedoraproject.org/koji/taskinfo?taskID=3285659
Comment 2 Orion Poplawski 2011-08-19 09:22:19 EDT
Created attachment 519036 [details]
sssd_default.log

That seems a lot better.  su - orion still strikes me as too slow, but I'm not sure it is still a sssd issue at this point.  Attaching updated logs.
Comment 3 Jakub Hrozek 2011-08-19 11:22:25 EDT
The only timeout I see now is 6 seconds between issuing the LDAP search and giving up. 

In the logs I see that the server is resolvable but not reachable, so SSSD tried to connect every time it retries online operation.unusual.

The timeout can be set using "ldap_network_timeout" option.
Comment 4 Orion Poplawski 2011-08-23 11:50:52 EDT
Thanks, I'll poke around more.  Any chance we'll see F15 and F14 updates soon?
Comment 5 Fedora Update System 2011-08-30 07:57:52 EDT
sssd-1.5.13-1.fc15.1, evolution-mapi-3.0.2-2.fc15.1, certmonger-0.45-1.fc15.1, openchange-0.9-18.fc15.1, samba4-4.0.0-25.alpha11.fc15.4, libldb-1.0.0-3.fc15, libtevent-0.9.13-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/sssd-1.5.13-1.fc15.1,evolution-mapi-3.0.2-2.fc15.1,certmonger-0.45-1.fc15.1,openchange-0.9-18.fc15.1,samba4-4.0.0-25.alpha11.fc15.4,libldb-1.0.0-3.fc15,libtevent-0.9.13-1.fc15
Comment 6 Fedora Update System 2011-08-30 21:40:20 EDT
Package sssd-1.5.13-1.fc15.1, evolution-mapi-3.0.2-2.fc15.1, certmonger-0.45-1.fc15.1, openchange-0.9-18.fc15.1, libldb-1.0.0-3.fc15, libtevent-0.9.13-1.fc15, samba4-4.0.0-25.alpha11.fc15.5:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing sssd-1.5.13-1.fc15.1 evolution-mapi-3.0.2-2.fc15.1 certmonger-0.45-1.fc15.1 openchange-0.9-18.fc15.1 libldb-1.0.0-3.fc15 libtevent-0.9.13-1.fc15 samba4-4.0.0-25.alpha11.fc15.5'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/sssd-1.5.13-1.fc15.1,evolution-mapi-3.0.2-2.fc15.1,certmonger-0.45-1.fc15.1,openchange-0.9-18.fc15.1,samba4-4.0.0-25.alpha11.fc15.5,libldb-1.0.0-3.fc15,libtevent-0.9.13-1.fc15
then log in and leave karma (feedback).
Comment 7 Fedora Update System 2011-09-06 20:27:25 EDT
Package sssd-1.5.13-1.fc15.2, openchange-0.9-18.fc15.2, evolution-mapi-3.0.2-2.fc15.1, certmonger-0.45-1.fc15.1, libldb-1.0.0-3.fc15, libtevent-0.9.13-1.fc15, samba4-4.0.0-25.alpha11.fc15.5:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing sssd-1.5.13-1.fc15.2 openchange-0.9-18.fc15.2 evolution-mapi-3.0.2-2.fc15.1 certmonger-0.45-1.fc15.1 libldb-1.0.0-3.fc15 libtevent-0.9.13-1.fc15 samba4-4.0.0-25.alpha11.fc15.5'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/sssd-1.5.13-1.fc15.2,evolution-mapi-3.0.2-2.fc15.1,certmonger-0.45-1.fc15.1,openchange-0.9-18.fc15.2,samba4-4.0.0-25.alpha11.fc15.5,libldb-1.0.0-3.fc15,libtevent-0.9.13-1.fc15
then log in and leave karma (feedback).
Comment 8 Fedora Update System 2011-09-09 01:30:26 EDT
sssd-1.5.13-1.fc15.2, openchange-0.9-18.fc15.2, certmonger-0.45-1.fc15.1, libldb-1.0.0-3.fc15, libtevent-0.9.13-1.fc15, samba4-4.0.0-25.alpha11.fc15.5, evolution-mapi-3.0.3-2.fc15, evolution-exchange-3.0.3-1.fc15, evolution-3.0.3-1.fc15, evolution-data-server-3.0.3-1.fc15, gtkhtml3-4.0.2-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.