Univention Bugzilla – Bug 28729
Quota nicht bei jeder Anmeldung auswerten
Last modified: 2015-05-07 13:46:39 CEST
An Ticket 2012072421004332 berichtete ein Kunde performance Probleme bei der Windows Anmeldung (sowie Fehlermeldungen beim "net rpc join") durch /usr/sbin/univention-user-quota.
Ggf. könnte man hier, ähnlich wie bei Mail-Quota, definierbar machen dass die Quota z.B. nur einmal am Tag, einmal in 4 Stunden o.ä. ausgewertet werden (steuerbar per UCR).
Als Workaround kann die Auswertung derzeit mit "ucr set quota/userdefault=no" deaktiviert werden.
The problem occurs more often in UCS@school environments like 2013112621003598
UCS@school usually comes with a larger number of shares (one per class), which increases the problem. univention-user-quota processes each share with a policy result in case one matches to the current user. In addition, it seems to run more than one time per user (maybe samba4 triggers pam-session on each connection to a share?).
ideas to improve the script:
- modify it to run it once per user per day (as mentioned in comment #1)
- cache the informations about shares and their policy results
- fork a background process instead of blocking the PAM stack
Also reported in Ticket #2014090421000331.
Also reported at 2014100821000213
(In reply to Ingo Steuwer from comment #1)
> The problem occurs more often in UCS@school environments like
> UCS@school usually comes with a larger number of shares (one per class),
> which increases the problem.
In one case (2014100821000213) - it is not possible to even run the script once a day, as one run with >25000 users and >4000 shares takes much more than one day.
Another idea would be to configure a list with shares on wich the quota should be updated. This seems to dramatically increase the run time.
Another UCS@school customer reported this issue at Ticket #2014101321000203.
Reported at 2015012621000311
I think we should change it in the following way:
* The tool univention-user-quota doesn't run the policy_result itself. It uses a cache directory.
* The cache directory is filled by a listener module.
* The listener module has to re-create the cache for one share if the share path, the share hostname, or the policy reference has been changed at a share object or if a quota policy has been changed or if a policy reference has been changed at a parent object.
Backported from UCS 4.0-1errata, see Bug #36989 for details.
YAML: 2015-04-03-univention-quota.yaml: r59601
For QA: see also /usr/share/ucs-test/53_samba-common/50quota
Some more fixes: r59715 + r59717 + r59721 + r59723
A new directory /var/cache/univention-quota/todo has been added. The listener module now uses this directory to transfer the DNs from the handler to the postrun. The listener also uses the connection to the ldap/master if other ldap servers (ldap/server/*) are not reachable.
OK - see bug #36989
OK - YAML