Configure KDC to use multiple workers

Only if more than one CPU is available Only if supported by the installed krb5kdc
2025-02-25 18:55:28 -06:00 · 2010-11-15 17:06:32 -05:00
parent 57e1edd052
commit b67df045be
1 changed files with 34 additions and 0 deletions
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -46,6 +46,7 @@ import struct

 import certs
 import httpinstance
+from distutils import version

 KRBMKEY_DENY_ACI = '(targetattr = "krbMKey")(version 3.0; acl "No external access"; deny (read,write,search,compare) userdn != "ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";)'

@@ -363,6 +364,39 @@ class KrbInstance(service.Service):
            except ipautil.CalledProcessError, e:
                print "Failed to populate the realm structure in kerberos", e

+        MIN_KRB5KDC_WITH_WORKERS = "1.9"
+        cpus = os.sysconf('SC_NPROCESSORS_ONLN')
+        workers = False
+        (stdout, stderr, rc) = ipautil.run(['/usr/bin/klist', '-V'], raiseonerr=False)
+        if rc == 0:
+            verstr = stdout.split()[-1]
+            ver = version.LooseVersion(verstr)
+            min = version.LooseVersion(MIN_KRB5KDC_WITH_WORKERS)
+            if ver >= min:
+                workers = True
+        if workers and cpus > 1:
+            #read in memory, find KRB5KDC_ARGS, check/change it, then overwrite file
+            self.fstore.backup_file("/etc/sysconfig/krb5kdc")
+
+            need_w = True
+            fd = open("/etc/sysconfig/krb5kdc", "r")
+            lines = fd.readlines()
+            fd.close()
+            for line in lines:
+                sline = line.strip()
+                if not sline.startswith('KRB5KDC_ARGS'):
+                    continue
+                sline = sline.replace('"', '')
+                if sline.find("-w") != -1:
+                    need_w = False
+
+            if need_w:
+                fd = open("/etc/sysconfig/krb5kdc", "w")
+                for line in lines:
+                    fd.write(line)
+                fd.write('KRB5KDC_ARGS="${KRB5KDC_ARGS} -w %s"\n' % str(cpus))
+                fd.close()
+
    def __write_stash_from_ds(self):
        try:
            entry = self.conn.getEntry("cn=%s, cn=kerberos, %s" % (self.realm, self.suffix), ldap.SCOPE_SUBTREE)