Univention Bugzilla – Bug 28729
Quota nicht bei jeder Anmeldung auswerten
Last modified: 2015-05-07 13:46:39 CEST
An Ticket 2012072421004332 berichtete ein Kunde performance Probleme bei der Windows Anmeldung (sowie Fehlermeldungen beim "net rpc join") durch /usr/sbin/univention-user-quota. Ggf. könnte man hier, ähnlich wie bei Mail-Quota, definierbar machen dass die Quota z.B. nur einmal am Tag, einmal in 4 Stunden o.ä. ausgewertet werden (steuerbar per UCR). Als Workaround kann die Auswertung derzeit mit "ucr set quota/userdefault=no" deaktiviert werden.
The problem occurs more often in UCS@school environments like 2013112621003598 UCS@school usually comes with a larger number of shares (one per class), which increases the problem. univention-user-quota processes each share with a policy result in case one matches to the current user. In addition, it seems to run more than one time per user (maybe samba4 triggers pam-session on each connection to a share?). ideas to improve the script: - modify it to run it once per user per day (as mentioned in comment #1) - cache the informations about shares and their policy results - fork a background process instead of blocking the PAM stack
Also reported in Ticket #2014090421000331.
Also reported at 2014100821000213
(In reply to Ingo Steuwer from comment #1) > The problem occurs more often in UCS@school environments like > 2013112621003598 > > UCS@school usually comes with a larger number of shares (one per class), > which increases the problem. In one case (2014100821000213) - it is not possible to even run the script once a day, as one run with >25000 users and >4000 shares takes much more than one day. Another idea would be to configure a list with shares on wich the quota should be updated. This seems to dramatically increase the run time.
Another UCS@school customer reported this issue at Ticket #2014101321000203.
Reported at 2015012621000311
I think we should change it in the following way: * The tool univention-user-quota doesn't run the policy_result itself. It uses a cache directory. * The cache directory is filled by a listener module. * The listener module has to re-create the cache for one share if the share path, the share hostname, or the policy reference has been changed at a share object or if a quota policy has been changed or if a policy reference has been changed at a parent object.
Backported from UCS 4.0-1errata, see Bug #36989 for details. ucs-test: r59599 univention-quota: r59600 YAML: 2015-04-03-univention-quota.yaml: r59601 For QA: see also /usr/share/ucs-test/53_samba-common/50quota
Some more fixes: r59715 + r59717 + r59721 + r59723 A new directory /var/cache/univention-quota/todo has been added. The listener module now uses this directory to transfer the DNs from the handler to the postrun. The listener also uses the connection to the ldap/master if other ldap servers (ldap/server/*) are not reachable.
OK - see bug #36989 OK - YAML
<http://errata.univention.de/ucs/3.2/311.html>