DAOS-15874 control: Add optional credential cache to agent #14412
Conversation
|
Ticket title is 'Optionally cache generated client credentials in daos_agent' |
On heavily-loaded client nodes where many processes are being launched by the same user or users, the admin may optionally enable the credential cache in the agent in order to lower agent overhead caused by generating identical credentials for each process owned by a user. The agent-generated credential is presented by the client process during pool/container connection and is used to evaluate ACL permissions for that connection. Example config: credential_config: cache_lifetime: 1m Features: control Required-githooks: true Change-Id: I6ae2a8be1dd97ef14e0ccef0283d65bc1fabc4ed Signed-off-by: Michael MacDonald <mjmac@google.com>
|
Test stage Functional Hardware Medium completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-14412/3/execution/node/1506/log |
|
Test stage Functional Hardware Medium completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-14412/4/execution/node/657/log |
|
Runs 3 & 4 both hit a timeout in the offline reintegration tests, which appears to be tracked in DAOS-15608. I don't think it's related to any changes made in this patch. |
Required-githooks: true Change-Id: I05033f12fc40f7abdab0fbf12086a900d1f96142
* Remove lock management from RefreshableItem implementations
* Add interface assignments checks to ensure that breaking
implementation updates are flagged by the compiler
Features: control
Required-githooks: true
Change-Id: Id3351895d4de6ce928b5f65bbbde8408dc841c55
Signed-off-by: Michael MacDonald <mjmac@google.com>
|
Test stage Functional on EL 8.8 completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-14412/5/execution/node/1183/log |
| lastResponse: &control.GetAttachInfoResp{}, | ||
| }, | ||
| }, | ||
| } { | ||
| t.Run(name, func(t *testing.T) { | ||
| test.AssertEqual(t, tc.expResult, tc.ai.NeedsRefresh(), "") | ||
| refreshed, _ := tc.ai.RefreshIfNeeded(test.Context(t)) |
There was a problem hiding this comment.
Should probably verify the resulting error as well?
| cachedCredential struct { | ||
| cacheItem | ||
| key string | ||
| expiredAt time.Time |
There was a problem hiding this comment.
| expiredAt time.Time | |
| expiresAt time.Time |
Just a nit but expiredAt reads to me as "already expired"
|
Test stage Functional Hardware Medium MD on SSD completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-14412/6/execution/node/752/log |
|
Test stage Functional Hardware Medium Verbs Provider completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-14412/6/execution/node/798/log |
|
Test stage Functional Hardware Medium UCX Provider completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-14412/6/execution/node/1207/log |
Change-Id: Ic077b4b35fce9893290ce2075b03f93a1279621f
|
Test stage Functional Hardware Medium completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-14412/8/execution/node/1562/log |
|
Test stage Functional Hardware Medium Verbs Provider MD on SSD completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-14412/8/execution/node/1700/log |
|
Test stage Functional Hardware Medium UCX Provider completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-14412/8/execution/node/1883/log |
Change-Id: I4ee7940dcdd3dcd5647ffae1fd346ae1c1dec750
On heavily-loaded client nodes where many processes are being launched by the same user or users, the admin may optionally enable the credential cache in the agent in order to lower agent overhead caused by generating identical credentials for each process owned by a user. The agent-generated credential is presented by the client process during pool/container connection and is used to evaluate ACL permissions for that connection. Example config: credential_config: cache_expiration: 1m Signed-off-by: Michael MacDonald <mjmac@google.com>
On heavily-loaded client nodes where many processes are being launched by the same user or users, the admin may optionally enable the credential cache in the agent in order to lower agent overhead caused by generating identical credentials for each process owned by a user. The agent-generated credential is presented by the client process during pool/container connection and is used to evaluate ACL permissions for that connection. Example config: credential_config: cache_expiration: 1m Signed-off-by: Michael MacDonald <mjmac@google.com>
…14739) On heavily-loaded client nodes where many processes are being launched by the same user or users, the admin may optionally enable the credential cache in the agent in order to lower agent overhead caused by generating identical credentials for each process owned by a user. The agent-generated credential is presented by the client process during pool/container connection and is used to evaluate ACL permissions for that connection. Example config: credential_config: cache_expiration: 1m Signed-off-by: Michael MacDonald <mjmac@google.com>
…k#14412) On heavily-loaded client nodes where many processes are being launched by the same user or users, the admin may optionally enable the credential cache in the agent in order to lower agent overhead caused by generating identical credentials for each process owned by a user. The agent-generated credential is presented by the client process during pool/container connection and is used to evaluate ACL permissions for that connection. Example config: credential_config: cache_expiration: 1m Signed-off-by: Michael MacDonald <mjmac@google.com>
On heavily-loaded client nodes where many processes are being
launched by the same user or users, the admin may optionally
enable the credential cache in the agent in order to lower
agent overhead caused by generating identical credentials
for each process owned by a user. The agent-generated
credential is presented by the client process during pool/container
connection and is used to evaluate ACL permissions for
that connection.
Example config:
credential_config:
cache_expiration: 1m
Signed-off-by: Michael MacDonald mjmac@google.com