[38532] in Kerberos
special ccache performance issue
daemon@ATHENA.MIT.EDU (Wang Jian)
Mon May 13 03:22:53 2019
MIME-Version: 1.0
From: Wang Jian <larkwang@gmail.com>
Date: Mon, 13 May 2019 15:22:27 +0800
Message-ID: <CAF75rJCQHz-YypnrhYfYX49o09VMGDvr=f4XBEsk+HQW=b5CSA@mail.gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi list,
When using ansible with kerberos for thousands of targets, there is a
serious ccache performance issue.
Using file ccache (DIR:)
- from a cold ccache, running simple script on servers is fast, at 500-700
hosts/min with 2 or 4 concurrent ansible instance. But things change when
ccache has over 5000 host tickets. The speed drops to 10-30/min and sys CPU
keeps very high.
- High file lock intesion which consumes nearly all CPU
Using kernel keyring ccahe
- fast from start, but eventually, continuous failure, and high sys CPU
- from klist -a, the output is empty now and then, which indicates that
keyring has kneed down under pressure
Using Heimdal KCM
- didn't try. Heimdal KCM uses sequential algorithm and single lock
That is, it's nearly impractical to for thousands hosts, kerberos and
ansible.
I know this is a special case, but perhaps it should be addressed.
--
Regards
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
