[krbdev.mit.edu #7157] AutoReply: krb5-1.10.1 iprop fixes
Richard Basch via RT
rt-comment at krbdev.mit.edu
Sun Jun 3 15:34:41 EDT 2012
Enclosed is a revised patch.
The main difference since my last patch is the ability for an intermediate
slave in the hierarchy to respond to lower leaf nodes immediately after it
has itself performed a full resync and prior to accumulating any entries in
its ulog (obviously, any nodes it services will perform a full resync).
Summary of changes
==================
+ Kadmind can be started with "-proponly" which will enable iprop
distribution services only (but leave other kadmin services inactive)
+ Policy adds/deletes/changes will re-initialize the ulog so slaves will
receive a consistent copy of the database with the updated policies. The
full resync occurs after the next non-policy change.
+ When kpropd invokes ulog_replay() to process the upstream log entries, it
will also populate the local ulog with those same entries.
+ Removed idle timer which was causing spurious UPDATE_BUSY messages on busy
masters with many slaves.
+ Changed ulog_get_entries so it does not wait for a ulog_lock (if it cannot
get a lock, it will return UPDATE_BUSY).
+ Added additional consistency checking of the ulog file to detect possible
corruption.
No protocol or API changes were introduced, though I did have to remove the
"static" keyword of some functions to allow them to be used by other library
functions in different source files. New command-line arguments were
introduced in kpropd & kadmind to support tree replication.
No functional changes were made to kproplog, though some ulog parsing
functions did require some minor logic revision.
-----Original Message-----
From: krb5 [mailto:rt at krbdev.mit.edu]
Sent: Friday, June 01, 2012 6:44 PM
To: basch at alum.mit.edu
Subject: [krbdev.mit.edu #7157] AutoReply: krb5-1.10.1 iprop fixes
Greetings,
This message has been automatically generated in response to the
creation of a trouble ticket regarding:
"krb5-1.10.1 iprop fixes",
a summary of which appears below.
There is no need to reply to this message right now. Your ticket has been
assigned an ID of [krbdev.mit.edu #7157].
Please include the string:
[krbdev.mit.edu #7157]
in the subject line of all future correspondence about this issue. To do so,
you may reply to this message.
Thank you,
-------------------------------------------------------------------------
I have been trying to fix the iprop code in a significant way. it has a lot
of issues in a large environment with 30 or so slaves especially with short
polling intervals (Kerberos 1.4 with UMich krep code scaled better).
First and foremost, a tree distribution mechanism is required, i.e. the
master can sync a few systems which in turn can sync others. This paradigm
will work better with WAN links, especially if you have an organization with
international WAN links. Second, I removed some bad assumptions (e.g. the
log started with sno=1). And third, I found a few conditions which iprop
does not handle, and even worse, can leave replicas in an inconsistent state
with respect to the master (e.g. policy changes).
Summary of changes (the patch is ~800 lines long):
- Kadmind can be started with "-proponly" which will enable iprop
distribution services only (but leave other kadmin services inactive)
- Policy adds/deletes/changes will re-initialize the ulog so slaves
will receive a consistent copy of the database with the updated policies.
(Full resync is delayed until the next non-policy change is registered in
the ulog.)
- Fixed several sections of code to not assume the ulog starts with
sno=1 (particularly on downstream slaves); also fixed some edge conditions
to ensure consistency (i.e. ulogsize >= 2, or a math exception would
result).
- When kpropd invokes ulog_replay() to process the upstream log
entries, it will also populate the local ulog with those same entries.
(Note: Full resync's do not transmit the master's ulog along with the dump.
This would be ideal, but may require a protocol change.)
- Removed idle timer which was causing spurious UPDATE_BUSY messages
on busy masters with many slaves.
- Changed ulog_get_entries so it does not wait for a ulog_lock (if it
cannot get a lock, it will return UPDATE_BUSY).
- Added additional consistency checking of the ulog file to detect
possible corruption.
Changes were made to kpropd, kadmin, kproplog, and some library components
(though nothing which should affect any published API). There were a few
library functions which I had to promote from static visibility. This
version remains protocol-compatible (adding policy entry encoding or
transmitting the ulog with a full resync would have broken such).
More information about the krb5-bugs
mailing list