URL: https://github.com/SSSD/sssd/pull/705 Author: jhrozek Title: #705: KCM: Add configurable quotas Action: opened
PR body: """ This PR adds several patches that let the user configure quotas to store their ccaches.
Please see the commit messages, I hope they are verbose enough. One thing that should be pointed out is that the global number of ccaches is explicitly unlimited. Does anyone see an issue with just enforcing the per-UID limits?
An upcoming PR(s) would implement warning when the quota is being exceeded and a sssctl command to let the administrator display the quota taken. """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/705/head:pr705 git checkout pr705
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
jhrozek commented: """ retest this please """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-444096360
URL: https://github.com/SSSD/sssd/pull/705 Author: jhrozek Title: #705: KCM: Add configurable quotas Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/705/head:pr705 git checkout pr705
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
jhrozek commented: """ The test failed because of pep8 failures in the test. Now it will hopefully come back clean.
Still looking for a reviewer.. """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-445982591
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
jhrozek commented: """ retest this please """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-446184702
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
jhrozek commented: """ I still need to amend the tests: ``` =========================== short test summary info ============================ FAIL test_kcm.py::test_kcm_secrets_quota FAIL test_secrets.py::test_global_quota
=================================== FAILURES =================================== ____________________________ test_kcm_secrets_quota ____________________________ Traceback (most recent call last): File "/var/lib/jenkins/workspace/ci/label/fedora28/src/tests/intg/test_kcm.py", line 555, in test_kcm_secrets_quota cli.set_secret(str(MAX_SECRETS), sec_value) File "/usr/lib/python2.7/site-packages/_pytest/python_api.py", line 627, in __exit__ fail(self.message) File "/usr/lib/python2.7/site-packages/_pytest/outcomes.py", line 92, in fail raise Failed(msg=msg, pytrace=pytrace) Failed: DID NOT RAISE <class 'requests.exceptions.HTTPError'> ______________________________ test_global_quota _______________________________ Traceback (most recent call last): File "/var/lib/jenkins/workspace/ci/label/fedora28/src/tests/intg/test_secrets.py", line 480, in test_global_quota run_quota_test(cli, 10, 2) File "/var/lib/jenkins/workspace/ci/label/fedora28/src/tests/intg/test_secrets.py", line 429, in run_quota_test cli.set_secret(str(max_secrets), sec_value) File "/usr/lib/python2.7/site-packages/_pytest/python_api.py", line 627, in __exit__ fail(self.message) File "/usr/lib/python2.7/site-packages/_pytest/outcomes.py", line 92, in fail raise Failed(msg=msg, pytrace=pytrace) Failed: DID NOT RAISE <class 'requests.exceptions.HTTPError'> ```
I have no idea why didn't the sssd-ci tests catch this...maybe somethng for @pbrezina to look at? """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-446215481
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
jhrozek commented: """ I'm adding changes requested, but since the issue is 'only' in tests, I would still appreciate a review """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-446216805
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
Label: +Changes requested
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
jhrozek commented: """ OK, I'll squash this diff: ``` diff --git a/src/responder/secrets/secsrv.c b/src/responder/secrets/secsrv.c index b18bbfd19..e783e231d 100644 --- a/src/responder/secrets/secsrv.c +++ b/src/responder/secrets/secsrv.c @@ -98,9 +98,6 @@ static int sec_get_config(struct sec_ctx *sctx) sctx->max_payload_size = 1;
/* Read the global quota first -- this should be removed in a future release */ - /* Note that this sets the defaults for the sec_config quota to be used - * in sec_get_hive_config() - */ ret = sss_sec_get_quota(sctx->rctx->cdb, sctx->rctx->confdb_service_path, &dfl_sec_nest_level, @@ -114,6 +111,16 @@ static int sec_get_config(struct sec_ctx *sctx) goto fail; }
+ /* Use the global quota values as defaults for the secrets/secrets section */ + dfl_sec_nest_level.default_value = \ + sctx->sec_config.quota.containers_nest_level; + dfl_sec_max_secrets.default_value = \ + sctx->sec_config.quota.max_secrets; + dfl_sec_max_uid_secrets.default_value = \ + sctx->sec_config.quota.max_uid_secrets; + dfl_sec_max_payload_size.default_value = \ + sctx->sec_config.quota.max_payload_size; + /* Read the per-hive configuration */ ret = sss_sec_get_hive_config(sctx->rctx->cdb, "secrets", ```
Into "SECRETS: Use different option names from secrets and KCM for quota options". The previous code never used the (deprecated) quotas from the global [secrets] question.
(The removed comment also gives a nice hint at what the previous code did) """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-446359085
URL: https://github.com/SSSD/sssd/pull/705 Author: jhrozek Title: #705: KCM: Add configurable quotas Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/705/head:pr705 git checkout pr705
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
Label: -Changes requested
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
pbrezina commented: """ @jhrozek Local run of integration tests failed but sssd-ci did succeeded? Did you figure it out or should I look into it? """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-451135395
URL: https://github.com/SSSD/sssd/pull/705 Author: jhrozek Title: #705: KCM: Add configurable quotas Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/705/head:pr705 git checkout pr705
URL: https://github.com/SSSD/sssd/pull/705 Author: jhrozek Title: #705: KCM: Add configurable quotas Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/705/head:pr705 git checkout pr705
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
jhrozek commented: """ rebased """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-458698402
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
mzidek-rh commented: """ Thanks this LGTM. I will do one more test with the rebased patches and give an ack if everything goes well. """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-458914034
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
Label: +Changes requested
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
mzidek-rh commented: """ Ah, I forgot to add a comment when adding the label.
There were some issues in multihost tests with the latest iteration of these patches. I added changes requested label until they are resolved. """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-460675593
URL: https://github.com/SSSD/sssd/pull/705 Author: jhrozek Title: #705: KCM: Add configurable quotas Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/705/head:pr705 git checkout pr705
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
jhrozek commented: """ The tests were not cleaning after one another. I guess that's why I didn't see the failed results on my machine when running the tests one-by-one. So far I added a standalone fixup commit for easier review, if you think the patchset is not OK, I will squash the latest patch into the one that adds the tests. """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-460960832
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
Label: -Changes requested
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
mzidek-rh commented: """ Hi, can you please rebase these patches? I think the other KCM patchset that was just pushed causes conflicts. """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-461851713
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
Label: +Changes requested
URL: https://github.com/SSSD/sssd/pull/705 Author: jhrozek Title: #705: KCM: Add configurable quotas Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/705/head:pr705 git checkout pr705
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
jhrozek commented: """ rebased """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-467054904
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
Label: -Changes requested
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
jhrozek commented: """ The test needs to have a title added as PR #756 does. """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-479843270
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
Label: +Changes requested
URL: https://github.com/SSSD/sssd/pull/705 Author: jhrozek Title: #705: KCM: Add configurable quotas Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/705/head:pr705 git checkout pr705
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
jhrozek commented: """ Rebased and added the title for each test. @mzidek-rh said he would look at the test failures. """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-503557824
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
Label: -Changes requested
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
mzidek-rh commented: """ Hi,
all the tests added in this patchset are failing for me. It would be nice if someone could verify that the tests work and it is problem with my setup.
Also, when I run the tests multiple times in a row, sssd randomly stops working in the VM. The backend simply takes too long to start and gets killed by the monitor. I checked by sshing to the VM and tried to start sssd myself and it looks like the DNS resolution took too long for no obvious reason. After restarting SSSD few times, the DNS was fast again. I could only get to this state in VM by running the multihost tests. This is probably completely unrelated to these patches.
Feel free to take over the review if someone has time, it could be that the issues I see are related to my setup. Otherwise I will return to it once I get back from PTO. """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-508088926
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
jhrozek commented: """ I can see the tests failing now, too..
Setting Changes requested so I can take a look.. """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-515969272
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
Label: +Changes requested
URL: https://github.com/SSSD/sssd/pull/705 Author: jhrozek Title: #705: KCM: Add configurable quotas Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/705/head:pr705 git checkout pr705
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
jhrozek commented: """ @mzidek-rh please try now, there was some conflict between the tests, so I just removed the secrets db with the quota tests. (Only the patch with the tests was modified) """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-516355581
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
Label: -Changes requested
URL: https://github.com/SSSD/sssd/pull/705 Author: jhrozek Title: #705: KCM: Add configurable quotas Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/705/head:pr705 git checkout pr705
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
jhrozek commented: """ Now some pep8 errors found by CI were fixed. """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-516752179
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
mzidek-rh commented: """ Sigh... I forgot to ACK this second day in a row. Sorry for the delay. The patches work for me, there is a an unrelated failure on debian, other tests passed.
ACK. """
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-517857445
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
jhrozek commented: """ * master: * 247aa48004ceb2efba42e917cebecc0ab74dc207 * f024b5e46b62ad49f0099ed8db8155e7ea475639 * f00db73d7bbf312e3e2a772b8b10895d5460b989 * 940002ca21abde53ad81df622d1f4dd3b5e8e014 * f74b97860ec7c66df01ed2b719d29a138c958081 * 84eca2e812f8a8684a35b4cd0c262660930e0d40 * ca02a20c16a1249a8fcecad31e915bf64df77cc9
"""
See the full comment at https://github.com/SSSD/sssd/pull/705#issuecomment-519226953
URL: https://github.com/SSSD/sssd/pull/705 Author: jhrozek Title: #705: KCM: Add configurable quotas Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/705/head:pr705 git checkout pr705
URL: https://github.com/SSSD/sssd/pull/705 Title: #705: KCM: Add configurable quotas
Label: +Pushed
sssd-devel@lists.fedorahosted.org
-
jhrozek -
mzidek-rh
-
pbrezina