Hello! I found some strange behaviour of NIS/nscd when NIS in compat mode. In /etc/nsswitch.conf I have: netgroup: cache compat passwd: cache compat group: cache compat #group_compat: cache nis #passwd_compat: cache nis in /etc/nscd.conf: #nscd.conf threads 16 enable-cache passwd yes keep-hot-count passwd 20480 positive-time-to-live passwd 36000 enable-cache group yes keep-hot-count group 20480 positive-time-to-live group 36000 enable-cache group_compat yes keep-hot-count group_compat 20480 positive-time-to-live group.byname 36000 enable-cache passwd_compat yes keep-hot-count passwd_compat 20480 positive-time-to-live passwd_compat 36000 enable-cache netgroup yes keep-hot-count netgroup 20480 positive-time-to-live netgroup 36000 But, when I do some actions on NIS-client host (host with ypbind), host ignoring cached data. In ypserv debug log: ... ypserv: retrieving next key, previous was: [XXX] ypserv: result of lookup: key: [XXXXXXXXX] data: [XXXXXX:*:1168:] ypserv: procedure ypproc_next called from XXX.XXX.XXX.XXX:739 ypserv: client is referencing map "group.byname". ypserv: retrieving next key, previous was: [XXXXXXXXXXX] ypserv: result of lookup: key: [baytin] data: [XXXXXX:*:1220:] ypserv: procedure ypproc_next called from XXX.XXX.XXX.XXX:739 ypserv: client is referencing map "group.byname". ypserv: retrieving next key, previous was: [XXXXXX] ypserv: result of lookup: key: [XXXX] data: [XXXX:*:3012:] ypserv: procedure ypproc_next called from XXX.XXX.XXX.XXX:739 ypserv: client is referencing map "group.byname". ypserv: retrieving next key, previous was: [XXXX] ypserv: result of lookup: key: [XXX] data: [XXX:*:3021:] ypserv: procedure ypproc_next called from XXX.XXX.XXX.XXX:739 ypserv: client is referencing map "group.byname". ypserv: retrieving next key, previous was: [XXX] ypserv: result of lookup: key: [vereschagin] data: [XXXXXXXXXXX:*:3024:] ypserv: procedure ypproc_next called from XXX.XXX.XXX.XXX:739 ypserv: client is referencing map "group.byname". ypserv: retrieving next key, previous was: [XXXXXXXXXXX] ... If I set in nsswitch.conf: netgroup: cache compat passwd: cache compat group: cache compat group_compat: cache nis passwd_compat: cache nis I have other errors: Jan 17 21:53:13 mfas002 sudo: NSSWITCH(nss_method_lookup): cache, passwd_compat, setpwent, not found Jan 17 21:53:15 mfas002 sudo: NSSWITCH(nss_method_lookup): cache, group_compat, setgrent, not found Jan 17 21:53:15 mfas002 sudo: NSSWITCH(nss_method_lookup): cache, group_compat, getgrent_r, not found Jan 17 21:53:15 mfas002 last message repeated 197 times Jan 17 21:53:15 mfas002 sudo: NSSWITCH(nss_method_lookup): cache, group_compat, endgrent, not found Jan 17 21:53:15 mfas002 sudo: NSSWITCH(nss_method_lookup): cache, passwd_compat, endpwent, not found Jan 17 21:53:15 mfas002 sudo: NSSWITCH(nss_method_lookup): cache, group_compat, endgrent, not found Seems group_compat and passwd_compat databases can't operate with cache sourse. Is that true? -- Denis Barov | /"\ Yandex WEB-Search Administration Team | \ / ASCII Ribbon Campaign phone: : +7 (495) 739-70-00 add. 7154 | X NO HTML/RTF in e-mail e-mail: dindin@yandex-team.ru | / \ NO Word docs in e-mail
Hi Denis, Several things: 1. You definitely can't use cache for *_compat sources. I mean lines like "group_compat: cache nis" aren't supported. 2. Cache should work ok with the configuration you've mentioned in your first example, i.e.: "group: cache compat". Just checking - why do you think that cache isn't working? The correct way to determine it is to perform the same query twice. During the first pass (when query is not cached), the request will be processed by NIS module and you'll have all the NIS-related stuff in the logs. On the second pass the request should be handled by scd module - and you shouldn't see any activity in NIS logs. It would be great to see the debug log (with nscd log turned on) separately - for the first and the second pass. It would help to find the error in nscd, if there is one. With best regards, Michael Bushkov On Jan 17, 2008, at 9:55 PM, Denis Barov wrote:> Hello! > > I found some strange behaviour of NIS/nscd when NIS in compat mode. In > /etc/nsswitch.conf I have: > > netgroup: cache compat > passwd: cache compat > group: cache compat > #group_compat: cache nis > #passwd_compat: cache nis > > in /etc/nscd.conf: > #nscd.conf > threads 16 > > enable-cache passwd yes > keep-hot-count passwd 20480 > positive-time-to-live passwd 36000 > > enable-cache group yes > keep-hot-count group 20480 > positive-time-to-live group 36000 > > enable-cache group_compat yes > keep-hot-count group_compat 20480 > positive-time-to-live group.byname 36000 > > enable-cache passwd_compat yes > keep-hot-count passwd_compat 20480 > positive-time-to-live passwd_compat 36000 > > enable-cache netgroup yes > keep-hot-count netgroup 20480 > positive-time-to-live netgroup 36000 > > > But, when I do some actions on NIS-client host (host with ypbind), > host > ignoring cached data. In ypserv debug log: > > ... > ypserv: retrieving next key, previous was: [XXX] > ypserv: result of lookup: key: [XXXXXXXXX] data: [XXXXXX:*:1168:] > ypserv: procedure ypproc_next called from XXX.XXX.XXX.XXX:739 > ypserv: client is referencing map "group.byname". > ypserv: retrieving next key, previous was: [XXXXXXXXXXX] > ypserv: result of lookup: key: [baytin] data: [XXXXXX:*:1220:] > ypserv: procedure ypproc_next called from XXX.XXX.XXX.XXX:739 > ypserv: client is referencing map "group.byname". > ypserv: retrieving next key, previous was: [XXXXXX] > ypserv: result of lookup: key: [XXXX] data: [XXXX:*:3012:] > ypserv: procedure ypproc_next called from XXX.XXX.XXX.XXX:739 > ypserv: client is referencing map "group.byname". > ypserv: retrieving next key, previous was: [XXXX] > ypserv: result of lookup: key: [XXX] data: [XXX:*:3021:] > ypserv: procedure ypproc_next called from XXX.XXX.XXX.XXX:739 > ypserv: client is referencing map "group.byname". > ypserv: retrieving next key, previous was: [XXX] > ypserv: result of lookup: key: [vereschagin] data: [XXXXXXXXXXX:*: > 3024:] > ypserv: procedure ypproc_next called from XXX.XXX.XXX.XXX:739 > ypserv: client is referencing map "group.byname". > ypserv: retrieving next key, previous was: [XXXXXXXXXXX] > ... > > If I set in nsswitch.conf: > netgroup: cache compat > passwd: cache compat > group: cache compat > group_compat: cache nis > passwd_compat: cache nis > > I have other errors: > > Jan 17 21:53:13 mfas002 sudo: NSSWITCH(nss_method_lookup): cache, > passwd_compat, setpwent, not found > Jan 17 21:53:15 mfas002 sudo: NSSWITCH(nss_method_lookup): cache, > group_compat, setgrent, not found > Jan 17 21:53:15 mfas002 sudo: NSSWITCH(nss_method_lookup): cache, > group_compat, getgrent_r, not found > Jan 17 21:53:15 mfas002 last message repeated 197 times > Jan 17 21:53:15 mfas002 sudo: NSSWITCH(nss_method_lookup): cache, > group_compat, endgrent, not found > Jan 17 21:53:15 mfas002 sudo: NSSWITCH(nss_method_lookup): cache, > passwd_compat, endpwent, not found > Jan 17 21:53:15 mfas002 sudo: NSSWITCH(nss_method_lookup): cache, > group_compat, endgrent, not found > > > Seems group_compat and passwd_compat databases can't operate with > cache > sourse. Is that true? > -- > Denis Barov | /"\ > Yandex WEB-Search Administration Team | \ / ASCII Ribbon Campaign > phone: : +7 (495) 739-70-00 add. 7154 | X NO HTML/RTF in e-mail > e-mail: dindin@yandex-team.ru | / \ NO Word docs in e-mail
Anton - Valqk
2008-Mar-26 16:33 UTC
REPOST for archive: Re: nscd again (nis client cache) patch for 6 stable branch
I've been searching in the mailist archives and never found this, so I'm reposting for archiving purposes. According to Denis Barov <dindin@yandex-team.ru>: Gzipped patch avialable at http://www.dindin.ru/wiki/FreeBSD?action=AttachFile&do=get&target=nscd_backport.gz (78Kb) Mon, Dec 24, 2007 at 12:15 +0300 Denis Barov:> > Hi, Michael! > > In attachment patch for backporing nscd from RELENG_7 to RELENG_6. Tested on > > > > FreeBSD sepulca.yandex.ru 6.3-PRERELEASE FreeBSD 6.3-PRERELEASE #0: Thu Dec > > 23 22:06:36 MSK 2007 > > root@sepulca.yandex.ru:/usr/obj/usr/RELENG_6_ncsd/src/sys/GENERIC amd64 > > > > and works fine. > > > > Must I prepare pr? > > > > P.S. Don't forget to mkdir -p src/usr.sbin/nscd/agents before patching ;)On Wed, Jan 23, 2008 at 11:52:21AM +0200, Anton - Valqk wrote: Is there nscd/cached for STABLE 6 branch or it's only implemented in 7.X? Adam McDougall wrote: > I wanted to say Thanks!!! for this example, because before this point > I was under the impression that nscd/cached was of no use for NIS clients, > only LDAP or maybe other directory systems that I don't use. I tried > "cache compat" as below for passwd and group and it works! Our NIS > entries at work are big enough that without the cache, top takes 7+ seconds to > open, ssh login takes a few seconds, and samba logins were concerningly > slow. I did not try samba connections, but the other methods are much > faster now on the second run. Wanted to post this for the archive too. > > On Sat, Jan 19, 2008 at 02:17:11PM +0300, Michael Bushkov wrote: > > Hi Denis, > Several things: > 1. You definitely can't use cache for *_compat sources. I mean lines like > "group_compat: cache nis" aren't supported. > 2. Cache should work ok with the configuration you've mentioned in your > first example, i.e.: "group: cache compat". Just checking - why do you > think that cache isn't working? The correct way to determine it is to > perform the same query twice. During the first pass (when query is not > cached), the request will be processed by NIS module and you'll have all > the NIS-related stuff in the logs. On the second pass the request should be > handled by scd module - and you shouldn't see any activity in NIS logs. It > would be great to see the debug log (with nscd log turned on) separately - > for the first and the second pass. It would help to find the error in nscd, > if there is one. > > With best regards, > Michael Bushkov > > On Jan 17, 2008, at 9:55 PM, Denis Barov wrote: > > >>> Hello! >>> >>> I found some strange behaviour of NIS/nscd when NIS in compat mode. In >>> /etc/nsswitch.conf I have: >>> >>> netgroup: cache compat >>> passwd: cache compat >>> group: cache compat >>> > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Here is the mirror of the backport for 6 that Denis sent me: http://valqk.ath.cx/nscd_fbsd_6/ Adam McDougall wrote:> According to Denis Barov <dindin@yandex-team.ru>: > > Gzipped patch avialable at > http://www.dindin.ru/wiki/FreeBSD?action=AttachFile&do=get&target=nscd_backport.gz > (78Kb) > > Mon, Dec 24, 2007 at 12:15 +0300 Denis Barov: > >>> Hi, Michael! >>> In attachment patch for backporing nscd from RELENG_7 to RELENG_6. Tested on >>> >>> FreeBSD sepulca.yandex.ru 6.3-PRERELEASE FreeBSD 6.3-PRERELEASE #0: Thu Dec >>> 23 22:06:36 MSK 2007 >>> root@sepulca.yandex.ru:/usr/obj/usr/RELENG_6_ncsd/src/sys/GENERIC amd64 >>> >>> and works fine. >>> >>> Must I prepare pr? >>> >>> P.S. Don't forget to mkdir -p src/usr.sbin/nscd/agents before patching ;) >>> > > > > > On Wed, Jan 23, 2008 at 11:52:21AM +0200, Anton - Valqk wrote: > > Is there nscd/cached for STABLE 6 branch or it's only implemented in 7.X? > > Adam McDougall wrote: > > I wanted to say Thanks!!! for this example, because before this point > > I was under the impression that nscd/cached was of no use for NIS clients, > > only LDAP or maybe other directory systems that I don't use. I tried > > "cache compat" as below for passwd and group and it works! Our NIS > > entries at work are big enough that without the cache, top takes 7+ seconds to > > open, ssh login takes a few seconds, and samba logins were concerningly > > slow. I did not try samba connections, but the other methods are much > > faster now on the second run. Wanted to post this for the archive too. > > > > On Sat, Jan 19, 2008 at 02:17:11PM +0300, Michael Bushkov wrote: > > > > Hi Denis, > > Several things: > > 1. You definitely can't use cache for *_compat sources. I mean lines like > > "group_compat: cache nis" aren't supported. > > 2. Cache should work ok with the configuration you've mentioned in your > > first example, i.e.: "group: cache compat". Just checking - why do you > > think that cache isn't working? The correct way to determine it is to > > perform the same query twice. During the first pass (when query is not > > cached), the request will be processed by NIS module and you'll have all > > the NIS-related stuff in the logs. On the second pass the request should be > > handled by scd module - and you shouldn't see any activity in NIS logs. It > > would be great to see the debug log (with nscd log turned on) separately - > > for the first and the second pass. It would help to find the error in nscd, > > if there is one. > > > > With best regards, > > Michael Bushkov > > > > On Jan 17, 2008, at 9:55 PM, Denis Barov wrote: > > > > > >>> Hello! > >>> > >>> I found some strange behaviour of NIS/nscd when NIS in compat mode. In > >>> /etc/nsswitch.conf I have: > >>> > >>> netgroup: cache compat > >>> passwd: cache compat > >>> group: cache compat > >>> > > _______________________________________________ > > freebsd-stable@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > >-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.