Page MenuHomePhabricator

Investigate why nscd is used in labs
Closed, DeclinedPublic

Description

It's not running in production, and @BBlack says we should rip it out unless absolutely needed.

Investigate why it was introduced and see if it still is required.

Event Timeline

yuvipanda raised the priority of this task from to Needs Triage.
yuvipanda updated the task description. (Show Details)
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 27 2015, 9:13 PM
scfc added a subscriber: scfc.May 27 2015, 10:00 PM

It was introduced with de059228933681b6b0f97a818a561cde22901e1e ("Initial commit of public puppet repo."). In the past IIRC we have increased the caching TTLs several times to reduce network load for DNS requests. With the changes in the network configuration (conntrack), it may be possible for the Labs network to sustain the load now, but that issue should be approached with due caution :-).

Yeah, I agree :) We could perhaps try switching it off after the move to designate.

I'd say mostly to avoid roundtrips to ldap?

$ sudo nscd -g | grep -e 'cache:$' -e 'rate' -e 'number of cached'
passwd cache:
              1% cache hit rate
             38  current number of cached values
            948  maximum number of cached values
group cache:
              0% cache hit rate
             54  current number of cached values
             83  maximum number of cached values
hosts cache:
              0% cache hit rate
             14  current number of cached values
             23  maximum number of cached values
services cache:
              0% cache hit rate
              1  current number of cached values
              6  maximum number of cached values
netgroup cache:
              0% cache hit rate
              0  current number of cached values
              0  maximum number of cached values

It's back on on tools-master now, and doesn't really seem to be causing any issues atm.

@fgiunchedi but we also have nslcd which does that...

nslcd AFAIK doesn't cache responses, so querying nss will still result in a ldap lookup (through nslcd) if nscd isn't running

yuvipanda set Security to None.
Restricted Application added a subscriber: StudiesWorld. · View Herald TranscriptNov 15 2015, 3:15 AM
yuvipanda closed this task as Declined.Nov 16 2015, 3:33 AM

Looks like we need it for caching.