[Freeipa-devel] [PATCH] 0015 Configure KDC to use multiple workers
Jakub Hrozek
jhrozek at redhat.com
Mon Nov 22 14:12:17 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/22/2010 02:36 PM, Simo Sorce wrote:
> On Mon, 22 Nov 2010 13:58:40 +0100
> Jakub Hrozek <jhrozek at redhat.com> wrote:
>
>> On Mon, Nov 15, 2010 at 09:05:55PM -0500, Simo Sorce wrote:
>>>
>>> Add code to detect the number of CPUs available at install time.
>>> If the kerberos version is >= 1.9 then the KDC supports multiple
>>> workers.
>>> If more than 1 CPU is available configure the KDC to start 1 worker
>>> per CPU to aid in scalability.
>>>
>>> Addresses ticket #222
>>>
>>> Simo.
>>
>> As I don't have Kerberos 1.9 (does not seem to be even in F15..) I
>> only tested that the patch modifies the /etc/sysconfig/krb5kdc file.
>>
>> The code looks good and seems to work fine. I have two suggestions:
>>
>> 1) we should test if the open() calls succeed
>
> In what case it can fail ?
For instance if the file was not present, if its SELinux label was
wrong..I just think it's good defensive behaviour.
Although it is true that the scripts would catch the exception and print
a more meaingful error message than just an ugly traceback, which was
basically my point. So this might actually be fine.
>
>> 2) I think that we should log that we are about to modify a file
>
> We don't do that for any of the many files we modify, why should we ?
OK, If we don't do that already, it makes no sense to do it for this
single occurrence. FWIW, I was thinking that as an admin I would
probably like to see when config on my system changes - at least when
the log level is set to debug.
>
>> A more general thought (although it's certainly not a task for 2.0),
>> maybe we should consider using Augeas, either via its Python API or
>> just calling augtool to modify config files. The benefits would be
>> safer modifications (augeas knows the file structure) and most
>> probably even cleaner code.
>
> This is a good idea, can you open an enhancement ticket ?
>
https://fedorahosted.org/freeipa/ticket/525
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkzqekEACgkQHsardTLnvCV7bwCgy1QqjR7200M3ogBQkR0voZVk
BnEAniLevMiMmFQZPTWc+aSySO2isBdB
=Tnhc
-----END PGP SIGNATURE-----
More information about the Freeipa-devel
mailing list