IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
a9334ce5e5
freeipa/install
History
Rob Crittenden 18a8a41580 Improve performance of ipa-server-guard 
* Drop support for python 2
* Only import traceback and syslog when needed
* Only import ipaserver.install.certs when the lock is needed
* Only import ipautil when run is needed

For the unsupported operations case this improves performance by
95%

For the supported operations that don't require a lock the
improvement is about 50%.

For the supported operations that require a lock the improvement
is about 20%

When configuring a CA certmonger calls its helper with the
following operations:

IDENTIFY
FETCH-ROOTS
GET-SUPPORTED-TEMPLATES
GET-DEFAULT-TEMPLATE
GET-NEW-REQUEST-REQUIREMENTS
GET-RENEW-REQUEST-REQUIREMENTS
FETCH-SCEP-CA-CAPS
FETCH-SCEP-CA-CERTS

Only IDENTIFY, FETCH-ROOTS and GET-NEW-REQUEST-REQUIREMENTS are
supported by ipa-submit, along with the request options SUBMIT and
POLL.

Which means every time the IPA CA in certmonger is updated
eight calls to ipa-server-guard are made so the savings are
cumulative.

The savings when executing these eight operations is a 73% decrease
(.7 sec vs 2.5 sec).

https://pagure.io/freeipa/issue/8425

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2020-08-19 13:59:11 -04:00
..
certmonger Improve performance of ipa-server-guard 2020-08-19 13:59:11 -04:00
custodia Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
html Don't fully quality the FQDN in ssbrowser.html for Chrome 2020-02-18 09:15:57 -05:00
migration Use new LDAPClient constructors 2019-02-05 08:39:13 -05:00
oddjob Create a common place to retrieve facts about an IPA installation 2020-08-06 14:11:27 +02:00
restart_scripts Don't create log files from help scripts 2019-09-24 15:23:30 +02:00
share Write state dir to smb.conf 2020-07-30 11:38:25 +02:00
tools Create a common place to retrieve facts about an IPA installation 2020-08-06 14:11:27 +02:00
ui WebUI: Unify adapter property definition for state evaluators 2020-08-07 12:42:50 +02:00
updates Issue 8456 - Add new aci's for the new replication changelog entries 2020-08-17 10:44:03 +02:00
wsgi Add absolute_import future imports 2018-04-20 09:43:37 +02:00
Makefile.am Move Custodia secrets handler to scripts 2019-04-26 12:09:22 +02:00
README.schema

README.schema 

Ground rules on adding new schema

Brand new schema, particularly when written specifically for IPA, should be
added in share/*.ldif. Any new files need to be explicitly loaded in
ipaserver/install/dsinstance.py. These simply get copied directly into
the new instance schema directory.

Existing schema (e.g. in an LDAP draft) may either be added as a separate
ldif in share or as an update in the updates directory. The advantage of
adding the schema as an update is if 389-ds ever adds the schema then the
installation won't fail due to existing schema failing to load during
bootstrap.

If the new schema requires a new container then this should be added
to install/bootstrap-template.ldif.