WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-api

[Xen-API] [PATCH] CA-36294: Fix performance issues when credentials are

To: xen-api@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-API] [PATCH] CA-36294: Fix performance issues when credentials are given using the pool secret.
From: Thomas Gazagnaire <thomas.gazagnaire@xxxxxxxxxx>
Date: Mon, 1 Feb 2010 14:14:01 +0000
Delivery-date: Mon, 01 Feb 2010 06:13:56 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-api-request@lists.xensource.com?subject=help>
List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>
List-post: <mailto:xen-api@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-api-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Thomas Gazagnaire <thomas.gazagnaire@xxxxxxxxxx>
CA-36294: Fix performance issues when credentials are given using the pool 
secret.

Previously, to check whether the received pool-secret was valid or not, RBAC 
was trying to do a proper login using Session.slave_login and check whether 
that call succeed or not; This makes DB calls on slave to pass from around 2ms 
(before RBAC changes) to around 10ms (now). When doing a VM.start, slaves are 
doing hundreds of DB access, so VM.start were becoming very slow (up to 5 times 
slower!).

This patch simply compare the pool secret given in the request with the one 
stored inside xapi memory which improve greatly the performance of slaves' 
calls.

Issue found with Jonathan Davies' great help.

Signed-off-by: Thomas Gazagnaire <thomas.gazagnaire@xxxxxxxxxx>

diff -r d062b05c7867 ocaml/xapi/xapi_http.ml
--- a/ocaml/xapi/xapi_http.ml   Tue Jan 19 15:17:14 2010 +0000
+++ b/ocaml/xapi/xapi_http.ml   Wed Jan 20 19:09:56 2010 +0000
@@ -125,13 +125,10 @@
   else
   if List.mem_assoc "pool_secret" all
   then begin
-    let session_id = try
-      Client.Session.slave_login inet_rpc (Helpers.get_localhost ()) 
(List.assoc "pool_secret" all)
-    with _ -> raise (Http.Unauthorised realm)
-    in
-    Pervasiveext.finally
-      (fun ()-> rbac_check session_id)
-      (fun ()->(try Client.Session.logout inet_rpc session_id with _ -> ()))
+               if List.assoc "pool_secret" all = !Xapi_globs.pool_secret then
+                       fn ()
+               else
+                       raise (Http.Unauthorised realm)
   end
   else
     begin

Attachment: api-fix-rbac-performance-issues
Description: Text document

_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-API] [PATCH] CA-36294: Fix performance issues when credentials are given using the pool secret., Thomas Gazagnaire <=