[MODULES-7319] selmodule provider should only list modules once - Puppet Jira Server

XML

Word

Printable

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: selinux_core
Labels:

Acceptance Criteria:

Hide

Selmodule provider no longer makes redundant queries to the operating system

Show
Selmodule provider no longer makes redundant queries to the operating system
Team:
Night's Watch
Story Points:
2
Sprint:
ready for triage

CS Priority:
Reviewed

Release Notes:
Not Needed

Description

With a selmodule resource such as:

selmodule { 'test':

  ensure => present,

  selmodulepath => '/usr/share/selinux/test.pp',

  syncversion => true,

The provider runs semodule --list twice, once for exists? and once for syncversion:

Debug: Selmodule[test](provider=semodule): Checking for module test

Debug: Executing '/usr/sbin/semodule --list'

Debug: Selmodule[test](provider=semodule): Checking syncversion on test

Debug: Executing '/usr/sbin/semodule --list'

Debug: Selmodule[test](provider=semodule): load version 1.1

Debug: Selmodule[test](provider=semodule): file version 1.1

The semodule --list command takes around 2-3 seconds to execute, which causes a large performance hit when there are multiple selmodule resources.

This impact could be cut in half if the command was only run once and the data cached for the syncversion function. It could be cut even more dramatically if semodule --list was stored as a fact and the output merely referenced in the provider.

Attachments

Issue Links

relates to

PUP-10313 Selmodule provider fetch loaded modules performance

Resolved

Activity

People

Assignee:: Branan Riley

Reporter:: Adam Bottchen

Votes:: 2 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2016/07/15 10:38 AM

Updated:: 2020/11/05 12:51 AM

Resolved:: 2020/03/27 12:36 AM