| |
|
 |
|
 |
|
|
|
| |
|
|
xen-api
[Xen-API] [PATCH] CA-36294: Fix performance issues when credentials are
# HG changeset patch
# User Thomas Gazagnaire <thomas.gazagnaire@xxxxxxxxxx>
CA-36294: Fix performance issues when credentials are given using the pool
secret.
Previously, to check whether the received pool-secret was valid or not, RBAC
was trying to do a proper login using Session.slave_login and check whether
that call succeed or not; This makes DB calls on slave to pass from around 2ms
(before RBAC changes) to around 10ms (now). When doing a VM.start, slaves are
doing hundreds of DB access, so VM.start were becoming very slow (up to 5 times
slower!).
This patch simply compare the pool secret given in the request with the one
stored inside xapi memory which improve greatly the performance of slaves'
calls.
Issue found with Jonathan Davies' great help.
Signed-off-by: Thomas Gazagnaire <thomas.gazagnaire@xxxxxxxxxx>
diff -r d062b05c7867 ocaml/xapi/xapi_http.ml
--- a/ocaml/xapi/xapi_http.ml Tue Jan 19 15:17:14 2010 +0000
+++ b/ocaml/xapi/xapi_http.ml Wed Jan 20 19:09:56 2010 +0000
@@ -125,13 +125,10 @@
else
if List.mem_assoc "pool_secret" all
then begin
- let session_id = try
- Client.Session.slave_login inet_rpc (Helpers.get_localhost ())
(List.assoc "pool_secret" all)
- with _ -> raise (Http.Unauthorised realm)
- in
- Pervasiveext.finally
- (fun ()-> rbac_check session_id)
- (fun ()->(try Client.Session.logout inet_rpc session_id with _ -> ()))
+ if List.assoc "pool_secret" all = !Xapi_globs.pool_secret then
+ fn ()
+ else
+ raise (Http.Unauthorised realm)
end
else
begin
api-fix-rbac-performance-issues
Description: Text document
_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api
|
| <Prev in Thread] |
Current Thread |
[Next in Thread> |
- [Xen-API] [PATCH] CA-36294: Fix performance issues when credentials are given using the pool secret.,
Thomas Gazagnaire <=
|
|
|
| |
|
Home