Add test to simulate client authentications using a pam tool #15
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The purpose of the test is to determine the maximum number of authentications an IPA server is capable of. The general rule of thumb has been 2-3000 clients per server. The intention of this test is to back that up with numbers. This is an IPA-centric test so only using IPA users and only authenticating via SSSD using the PAM login service. A single authentication for each user is done. The basic idea is: - Deploy some client machines, trying to gate their installation so that all are successful - Create a bunch of users in IPA for each specific host in the form of user000client000.ipa.test - Set Kerberos and LDAP passwords for every user to 'password' - Run the pamtest tool with a number of threads and collect the result - Pull the logs and determine the success rate This should scale both vertically (number of threads) and horizontally (more clients) so hopefully we can get a reproducible and relevant number. Signed-off-by: Rob Crittenden <rcritten@redhat.com> With many contributions from Antonio Torres <antorres@redhat.com>
Add option to write to a log file which makes collection a lot easier. Log the PAM errors as both strings and numbers for easier diagnosis. Signed-off-by: Rob Crittenden <rcritten@redhat.com>
|
LGTM! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add test to simulate client authentications using a pam tool
The purpose of the test is to determine the maximum number of
authentications an IPA server is capable of. The general rule
of thumb has been 2-3000 clients per server. The intention of
this test is to back that up with numbers.
This is an IPA-centric test so only using IPA users and only
authenticating via SSSD using the PAM login service. A single
authentication for each user is done.
The basic idea is:
so that all are successful
of user000client000.ipa.test
result
This should scale both vertically (number of threads) and
horizontally (more clients) so hopefully we can get a reproducible
and relevant number.
Signed-off-by: Rob Crittenden rcritten@redhat.com
With many contributions from Antonio Torres antorres@redhat.com