Chris Lalancette
2008-Jun-02 07:50 UTC
[Ovirt-devel] [PATCH]: Fix get_credentials so we don't fill log files
Hello,
I was doing some testing on the ovirt backend stuff (i.e. host-status,
taskomatic, etc.), and I noticed that the /var/log/krb5kdc.log file was filling
up very quickly. I traced it down to the host-status daemon, and in particular,
the fact that it was waking up every 5 seconds and running the get_credentials()
method in dutils. Every time it does that, two new lines are added to the
krb5kdc.log file. To fix it, I added a new method to the upstream krb5-auth
binding code called list_cache(), that will list all of the credentials (and
their properties) stored in a cache. This is the ovirt patch to use that
method; basically we just check to see if we have more than an hour left for
this credential, and if so, we don't renew it.
Signed-off-by: Chris Lalancette <clalance at redhat.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: renew.patch
Type: text/x-patch
Size: 1864 bytes
Desc: not available
URL:
<http://listman.redhat.com/archives/ovirt-devel/attachments/20080602/21dfacca/attachment.bin>
Alan Pevec
2008-Jun-02 10:39 UTC
[Ovirt-devel] [PATCH]: Fix get_credentials so we don't fill log files
Chris Lalancette wrote:> their properties) stored in a cache. This is the ovirt patch to use that > method; basically we just check to see if we have more than an hour left for > this credential, and if so, we don't renew it.ACK and let's push rubygem-krb5-auth update now!
Chris Lalancette
2008-Jul-18 14:44 UTC
[Ovirt-devel] [PATCH]: Fix get_credentials so we don't fill log files
Chris Lalancette wrote:> Hello, > I was doing some testing on the ovirt backend stuff (i.e. host-status, > taskomatic, etc.), and I noticed that the /var/log/krb5kdc.log file was filling > up very quickly. I traced it down to the host-status daemon, and in particular, > the fact that it was waking up every 5 seconds and running the get_credentials() > method in dutils. Every time it does that, two new lines are added to the > krb5kdc.log file. To fix it, I added a new method to the upstream krb5-auth > binding code called list_cache(), that will list all of the credentials (and > their properties) stored in a cache. This is the ovirt patch to use that > method; basically we just check to see if we have more than an hour left for > this credential, and if so, we don't renew it.I know this is kind of old, but I sort of forgot about it. Anyway, apevec ended up pushing the new rubygem-krb5-auth to the f-9 updates repo, so now this patch can work. I've committed it to next. Chris Lalancette