Hide Forgot
Description of problem: When a system has thousands of users and cgrules.conf has thousands of lines, this can add several seconds to login times. Version-Release number of selected component (if applicable): libcgroup-0.37-7.1.el6_4.x86_64 How reproducible: Always Steps to Reproduce: 1. Create 5000 users on a system 2. Create one or more lines per user in /etc/cgrules.conf ; for example: 513ac93f500446a08a000091 cpu,cpuacct,memory,net_cls,freezer /openshift/513ac93f500446a08a000091 3. Add "session optional pam_cgroup.so" to /etc/pam.d/sshd Actual results: Logins will take several seconds. Expected results: Login should take less than one second. Additional info: The root cause of this seems to be that the libcgroup code reads /etc/passwd once for every line in cgrules.conf , unless CGFLAG_USECACHE is used.
Created attachment 759312 [details] Patch to use CGFLAG_USECACHE flag
This is currently affecting OpenShift Online. It would be great if it could be fixed quickly. Thanks!
*** Bug 973353 has been marked as a duplicate of this bug. ***
confirmed this is fixed in libcgroup-pam-0.40.rc1-3, reproduced with libcgroup-pam-0.37-7.1.el6_4.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1685.html
FYI: The released errata fix for this bug completely disables all functionality of pam_cgroup. This makes the reported slow performance go away, since doing nothing is a very fast operation. I have reported this as bug 1060227. Personally I don't think libcgroup have been designed for the reported use case. If you have thousands of users you probably need to avoid having thousands of rules in cgrules.conf, for example by using templates in that config file.