proposed PAG handling changes for Arla

Neulinger, Nathan R. nneul at umr.edu
Mon Jul 26 21:26:10 CEST 1999 


The performance hit can be QUITE noticeable. Random 20-30 second lockups on
a machine that gets thousands of logins a day from users with 24 hour
tokens, some with 30 day tokens... The in-memory structure gets  huge VERY
quickly.

On Solaris and some other architectures, transarc has implemented something
that scans the pags and gets rid of tokens in any unused pags. 

I wrote a script to clean them up on HP-UX that is specialized for our
situation (no users running stuff authenticated as other userids on the
problem machines). It is at:

	http://www.unixtools.org/~nneul/sw/afs/clean-unused-tokens.pl

It's designed for a hpux 10.20 box, though I'm sure it could easily be
adapted to others.

Running that out of cron on a regular basis has eliminated all the
performance problems/lockups.

NOTE - If you run that on a machine that has a huge pag/token list in memory
and it gets rid of a LOT of tokens/pags, you will get a couple of 40-60
second lock ups while the kernel compacts the hash. Once that is done, it
shouldn't lock up again unless you let it get huge again. 

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul at umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216


> -----Original Message-----
> From: Jeffrey Hutzelman [mailto:jhutz+ at cmu.edu]
> Sent: Saturday, July 24, 1999 3:58 PM
> To: Chris Wing
> Cc: arla-drinkers at stacken.kth.se
> Subject: Re: proposed PAG handling changes for Arla
> 
> 
> > So does the official AFS never get rid of tokens or PAG 
> data structures
> > unless there is always an explicit unlog? We run some 
> pretty big login
> > servers around here that use the latest 'official' AFS on Solaris or
> > HP-UX, and I haven't noticed them being particularly slow 
> to setpag(),
> > despite long uptimes and the fact that most of the users don't unlog
> > before logging out.
> 
> A PAG isn't a data structure; it's just a number, like a UID. 
>  The mere
> existence of a PAG doesn't occupy any resources -- the resources are
> occupied by the structure that holds a user's credentials.  
> Such structures
> are created as needed (when you set tokens), and are automatically
> garbage-collected from time to time, if they contain no 
> current tokens.
> The problem is that if a user doesn't unlog, the data 
> structure holding his
> credentials is not reclaimed until up to two hours after 
> those credentials
> expire.
> 
> The net effect is that you don't see problems on machines 
> with long uptimes
> but relatively few login sessions, but you _will_ see 
> problems on machines
> which have lots of users logging in and out all day.  Also, 
> the performance
> hit isn't on setpag(), which is essentially free; it's on looking up
> credentials for users.
> 
>  
>

More information about the Arla-drinkers mailing list