URL: https://github.com/freeipa/freeipa/pull/624 Author: tiran Title: #624: Use connection keep-alive Action: opened
PR body: """ Do not forcefully close the connection after every request. This enables HTTP connection keep-alive, also known as persistent TCP and TLS/SSL connection. Keep-alive speed up consecutive HTTP requests by 15% (for local, low-latency network connections to a fast server) to multiple times (high latency connections or remote peers). pache has a default keep alive timeout of 5 seconds. That's too low for interactive commands, e.g. password prompts. 30 seconds sounds like a good compromise. https://pagure.io/freeipa/issue/6641 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/624/head:pr624 git checkout pr624
From a6fd562321f14d9463d56e400b35796553724011 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Mon, 20 Mar 2017 08:47:41 +0100 Subject: [PATCH 1/3] Use connection keep-alive Do not forcefully close the connection after every request. This enables HTTP connection keep-alive, also known as persistent TCP and TLS/SSL connection. Keep-alive speed up consecutive HTTP requests by 15% (for local, low-latency network connections to a fast server) to multiple times (high latency connections or remote peers). https://pagure.io/freeipa/issue/6641 Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipalib/rpc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 16ffb8b..8d58718 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -686,7 +686,7 @@ def single_request(self, host, handler, request_body, verbose=0): return self.parse_response(response) except gssapi.exceptions.GSSError as e: self._handle_exception(e) - finally: + except BaseException: self.close() if six.PY3: From 4bd89726681dbc7d86f138da9bbb4b1a1b353df1 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Mon, 20 Mar 2017 08:47:51 +0100 Subject: [PATCH 2/3] Add debug logging for keep-alive Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipalib/rpc.py | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 8d58718..38321d1 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -79,6 +79,13 @@ from xmlrpc.client import (Binary, Fault, DateTime, dumps, loads, ServerProxy, Transport, ProtocolError, MININT, MAXINT) +# pylint: disable=import-error +if six.PY3: + from http.client import RemoteDisconnected +else: + from httplib import BadStatusLine as RemoteDisconnected +# pylint: enable=import-error + if six.PY3: unicode = str @@ -531,6 +538,7 @@ def make_connection(self, host): host, self._extra_headers, _x509 = self.get_host_info(host) if self._connection and host == self._connection[0]: + root_logger.debug("HTTP connection keep-alive (%s)", host) return self._connection[1] conn = create_https_connection( @@ -540,6 +548,7 @@ def make_connection(self, host): tls_version_max=api.env.tls_version_max) conn.connect() + root_logger.debug("New HTTP connection (%s)", host) self._connection = host, conn return self._connection[1] @@ -686,8 +695,18 @@ def single_request(self, host, handler, request_body, verbose=0): return self.parse_response(response) except gssapi.exceptions.GSSError as e: self._handle_exception(e) - except BaseException: + except RemoteDisconnected: + # keep-alive connection was terminated by remote peer, close + # connection and let transport handle reconnect for us. + self.close() + root_logger.debug("HTTP server has closed connection (%s)", host) + raise + except BaseException as e: + # Unexpected exception may leave connections in a bad state. self.close() + root_logger.debug("HTTP connection destroyed (%s)", + host, exc_info=True) + raise if six.PY3: def __send_request(self, connection, host, handler, request_body, debug): From fd03824d4c318b566bf41bd5ba7089c54c112919 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Mon, 20 Mar 2017 08:47:56 +0100 Subject: [PATCH 3/3] Increase Apache HTTPD's default keep alive timeout Apache has a default keep alive timeout of 5 seconds. That's too low for interactive commands, e.g. password prompts. 30 seconds sounds like a good compromise. Signed-off-by: Christian Heimes <chei...@redhat.com> --- install/conf/ipa.conf | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 164231c..e1f1a58 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -1,5 +1,5 @@ # -# VERSION 24 - DO NOT REMOVE THIS LINE +# VERSION 25 - DO NOT REMOVE THIS LINE # # This file may be overwritten on upgrades. # @@ -20,6 +20,11 @@ DirectoryIndex index.html # requests, ticket #2767. This should easily support a 64KiB PAC. LimitRequestFieldSize 100000 +# Increase connection keep alive time. Default value is 5 seconds, which is too +# short for interactive ipa commands. 30 seconds is a good compromise. +KeepAlive On +KeepAliveTimeout 30 + # ipa-rewrite.conf is loaded separately # This is required so the auto-configuration works with Firefox 2+
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
