[Date Prev][Date Next]
Re: (ITS#8623) test022-ppolicy can fail due to timing dependency between lockout and expiration tests
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8623) test022-ppolicy can fail due to timing dependency between lockout and expiration tests
- From: email@example.com
- Date: Wed, 22 Mar 2017 19:11:13 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
> Full_Name: Kartik Subbarao
> Version: 2.4.44
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (188.8.131.52)
> A recent 2.4.44 package build failed on a VM due to the following timing
> dependency between the lockout and expiration tests in test022-ppolicy.
Clocks on VMs are notoriously unstable, which is why we have always used such
large margins in these tests. Shaving things down to "1 second more than
needed" will probably break in multiple build environments.
> The problem is that the password expiration time is 30 seconds, and on slower
> VMs, lines 67-91 take more than 30 seconds to execute. This causes the password
> to expire by the time the ldapsearch command on line 93 is executed. That
> ldapsearch command eats up one of the grace logins that's not supposed to be
> consumed until line 106. This causes the grep count on line 124 to be off,
> failing the entire script.
> A simple improvement would be to change line 91 to "sleep 10" instead of the
> current "sleep 20". This would buy 10 more seconds of leeway on slower VMs,
> while guaranteeing sufficient delay between lines 67-90 (e.g. 16 seconds, 1
> second more than the 15 second lockout time) on fast VMs. A more robust
> improvement would be to check how much time has actually elapsed between lines
> 67-90 and change line 91 to only sleep until 16 total seconds have elapsed since
> line 67.
> Another suggestion would be to change the "sleep 20" on line 104 to "sleep 15".
> That will shave 5 seconds off the build time for everyone, while still
> guaranteeing that 31 seconds (e.g. 1 second more than the 30 second expiration
> time) will have elapsed between lines 67-106).
> A further optimization could be implemented, if desired, by revisiting the test
> and reducing all lockout times, expiration times, and other delays to the bare
> minimum necessary, which would speed up package build times across the board.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/