On Fri, Oct 19, 2012 at 08:48:56PM +0200, Trond Hasle Amundsen wrote:
Jakub Hrozek <jhrozek(a)redhat.com> writes:
> even though RHEL-6.4 is still brewing, I think there might be some
> interest in trying out the 1.9.x series of the SSSD on RHEL-6.3.
> So I went ahead and built the SSSD 1.9.2 in a RHEL-6.3 buildroot:
> The NVR of these test packages will be lower than those in 6.4 to keep
> the upgrade path clean. The only missing functionality is the PAC
> responder, which means this SSSD version won't be able to work with
> an AD domain that is in a trust relationship with an IPA 3.x domain. I
> had to disable the PAC responder as it requires Kerberos 1.10.
> Because some new functionality required tweaking the SELinux policy, you
> will encounter AVC denials when the new fast cache is accessed. That
> said, my quick smoke testing went fine and we will be glad to hear test
> results or bug reports.
Hello Jakub and the SSSD team,
My interest in the 1.9 version is first and foremost the performance
enhancements related to large groups. At our site, we have lots of
fairly large file groups and a few enormous ones (which we're getting
rid of but it takes some time). I installed sssd-1.9 from your test repo
on a rhel6.3 VM, ran a couple of quick tests and compared it to an
identical VM with the stock sssd-1.8 from rhel6.3. The results are
Test 1: time getent group <group with 7k members>
Test 2: time id <member of several large groups>
Both tests were done without a preexisting cache, i.e. 'service sssd
stop; rm /var/lib/sss/db/*; service sssd start', then run test. We're
using plain LDAP (rfc3207) as id provider and auth provider.
This is a remarkable performance boost, and I can't wait to see an
official sssd-1.9 package in rhel6. Thanks for all your hard work and
have a nice weekend! :)
This is great to hear, Trond. Thank you for taking the time to test the
pre-release packages. I'm glad the performance has improved for you! I
believe that the in-memory fast cache would provide even bigger boost
for groups and users that are being accessed regularly.
PS. Will we see sssd-1.9 in Fedora 17?
Yes, as a matter of fact it might be the time to put 1.9 into