Project

General

Profile

Actions

Architecture #4444

closed

allowusers is duplicated in cf-served.cf

Added by Christophe Nowicki almost 11 years ago. Updated over 10 years ago.

Status:
Released
Priority:
2
Category:
Performance and scalability
Target version:
Effort required:
Name check:
Fix check:
Regression:

Description

Hi,

Looks like the allowusers is duplicated in cf-served.cf / "body server control" section :

allowusers        => {
          "root",
          "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root"         };

The number of allowed users is equal to the number of nodes.

Best Regards,


Subtasks 3 (0 open3 closed)

Architecture #4543: Don't have duplicates in the user list in the generated promises (Rudder part)ReleasedFrançois ARMAND2014-02-28Actions
Architecture #4544: Don't have duplicates in the user list in the generated promises (cf-clerk part)ReleasedFrançois ARMAND2014-02-28Actions
Architecture #4545: Don't have duplicates in the user list in the generated promises (Techniques part)ReleasedNicolas CHARLES2014-02-28Actions
Actions #1

Updated by Matthieu CERDA almost 11 years ago

  • Category set to Web - Nodes & inventories
  • Status changed from New to 8
  • Assignee set to François ARMAND
  • Priority changed from N/A to 2
  • Target version set to 2.9.3

It is an autogenerated part of the Techniques as part of the common Technique. Assigning to FAR as I think he is the most able to know how to solve this :)

Actions #2

Updated by François ARMAND almost 11 years ago

  • Assignee changed from François ARMAND to Nicolas CHARLES

I believe it's the awaited behaviour. Nicolas, is this OK ? And still OK for thousand of nodes ?

Actions #3

Updated by Nicolas CHARLES almost 11 years ago

  • Assignee changed from Nicolas CHARLES to François ARMAND

Unfortunately, this is not what we need nor want (cf http://www.rudder-project.org/redmine/issues/1121 ), but appart from perf issue with thousands of nodes,it doesn't break.

This variable is a standard variable, and we have no way to remove duplicates in standrs variable (without hacks), nor with stringtemplate.

The easiest fix would be to convert ADMIN to a system variable, but it's more of a hack than anything else

Francois, what do you think of this ?

Actions #4

Updated by Christophe Nowicki almost 11 years ago

François ARMAND wrote:

I believe it's the awaited behaviour. Nicolas, is this OK ? And still OK for thousand of nodes ?

Tens of thousands ;-)

Actions #5

Updated by François ARMAND almost 11 years ago

Well, my opinion is that we just CAN'T have a thousand time the same thing, that is just bad.

So, I would like to know in which user case (i.e: in standard Technique, not system one) we have that kind of use case ? I can't see none of them, but perhaps I missing some (it seems that most of the time, the user don't want to have duplicated section in multivalued field, and that, actually, we don't support that use case in the UI (duplicates are removed)).

So, if it is only a system use case, I'm for using system variable, perhaps even with ad hoc processing. And even, I'm not against having a different processing of system Technique & Directive that user one. I'm pretty sure we are doing hardcore things in system directives, and that supporting these things has a BIG impact on performance and complexity for the general case (I'm looking at you, rule-dependant variables).

Actions #6

Updated by Nicolas CHARLES almost 11 years ago

  • Tracker changed from Bug to User story
  • Target version changed from 2.9.3 to 2.10.0~beta1

This change is pretty impacting, so targeting to 2.10

Actions #7

Updated by François ARMAND almost 11 years ago

  • Status changed from 8 to Discussion
  • Assignee changed from François ARMAND to Nicolas CHARLES

Could you explain what is the hight level design of the modification to prevent having lots of user ?

Before, the logic was easy: for each node, we had the corresponding user. Now, what's going to happen ? How it is implemented ?

Thanks,

Actions #8

Updated by Nicolas CHARLES almost 11 years ago

  • Assignee changed from Nicolas CHARLES to François ARMAND

Sure, the change is very simple.
We have a system variable, that is populated the same way as previously (for each node, get the user). But then, we remove duplicate by transforming the list into a Set
This change requiered to use a system variable, as we don't have implementations for deduplicating system var

Is it ok for you ?

Actions #9

Updated by François ARMAND almost 11 years ago

OK. So in fact there wasn't any mapping between nodes and user, just a set of allowed user ?

Thanks,

Actions #10

Updated by François ARMAND almost 11 years ago

  • Assignee changed from François ARMAND to Nicolas CHARLES
Actions #11

Updated by Jonathan CLARKE almost 11 years ago

  • Status changed from Discussion to 10
Actions #12

Updated by Jonathan CLARKE almost 11 years ago

  • Tracker changed from User story to Architecture
  • Status changed from 10 to Discussion
Actions #13

Updated by Nicolas CHARLES almost 11 years ago

We used to extract the list of user by fetching the list of nodes that have this server as policy server, and getting their admin user.
The mecanisms is still the same, except we add a "distinct" on the list of users

Actions #14

Updated by Nicolas CHARLES almost 11 years ago

Ok, I understood the question now :)
This list is used to define which users can connect to the policy server.
cf-serverd only check, at connection, if the user connecting is present in the list. There is no order expected (simply be there or not be there), and duplicating is pointless (it doesn't make it MORE there)
there are not specifically linked with files access ACL

Actions #15

Updated by Jonathan CLARKE almost 11 years ago

  • Status changed from Discussion to 12
Actions #16

Updated by Anonymous almost 11 years ago

  • Status changed from 12 to Pending release
  • % Done changed from 67 to 100
Actions #17

Updated by Vincent MEMBRÉ almost 11 years ago

  • Category changed from Web - Nodes & inventories to 14
Actions #18

Updated by Vincent MEMBRÉ almost 11 years ago

  • Category changed from 14 to System techniques
Actions #19

Updated by Vincent MEMBRÉ almost 11 years ago

  • Category changed from System techniques to Performance and scalability
Actions #20

Updated by Vincent MEMBRÉ over 10 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.10.0~beta1, which was released today.
Check out:

The release announcement: http://www.rudder-project.org/pipermail/rudder-announce/2014-March/000084.html
The full ChangeLog: http://www.rudder-project.org/foswiki/bin/view/System/Documentation:ChangeLog210
Download information: https://www.rudder-project.org/site/get-rudder/downloads/
Actions

Also available in: Atom PDF