An updated version for polygraph 4.3.1
Markus
"Markus Moeller" <huaraz_at_moeller.plus.com> wrote in message
news:ij8iqo$5a5$1_at_dough.gmane.org...
> Hi
>
> Here is a patch for the latest polygraph version to perform Kerberos
> based
> performance testing.
>
>
> Apply attached patch and rebuild configure and other files with:
>
> aclocal
> autoheader
> automake -a
> autoreconf -f -i
>
> Now run ./configure ...
>
>
> Four new options are introduced:
>
> 1) kerberos_auth = true;
> Selects Kerberos over NTLM in Negotiate requests
> 2) kerberos_config_path = "krb5_WINDOWS.conf";
> Defines the Kerberos configuration file to use
> 3) kerberos_clear_cache = true;
> Do not cache credentials but re-authenticate user for every HTTP
> request. Creates high amount of Keberos traffic to
> kdc or Active Directory and not recommended
> 4) kerberos_proxy_spn = "HTTP/<fqdn>" ( and kerberos_server_spn =
> "HTTP/<fqdn> for testing web server performance)
> Setting the spn avoids DNS resolution of the proxy or web server
> hotsname to IP address and vice versa.
>
> Simple Polygraph configuration
>
> /*
> * A very simple "Hello, World!" workload
> */
>
> // this is just one of the simplest workloads that can produce hits
> // never use this workload for benchmarking
>
> // SimpleContent defines properties of content that the server generates;
> // if you get no hits, set SimpleContent.obj_life_cycle to cntStatic,
> which
> // is defined in workloads/include/contents.pg
> Content SimpleContent = {
> size = exp(13KB); // response sizes distributed exponentially
> cachable = 80%; // 20% of content is uncachable
> };
>
> // a primitive server cleverly labeled "S101"
> // normally, you would specify more properties,
> // but we will mostly rely on defaults for now
> Server S = {
> kind = "S101";
> contents = [ SimpleContent ];
> direct_access = contents;
>
> addresses = [ '192.168.1.12:9090' ]; // where to create these
> server
> agents
> };
>
> DnsResolver dr = {
> servers = [ '127.0.0.1:53' ];
> timeout = 5sec;
> };
>
> AddrMap M = {
> addresses = [ '192.168.1.10' ,'192.168.1.11', '192.168.1.12' ];
> names = [ 'client.suse.home' , 'proxy.suse.home', 'server.suse.home' ];
> };
>
>
> // a primitive robot
> Robot R1 = {
> kind = "R101";
> pop_model = { pop_distr = popUnif(); };
> recurrence = 55% / SimpleContent.cachable; // adjusted to get 55%
> DHR
>
> origins = S.addresses; // where the origin servers are
> addresses = [ '192.168.1.10' ]; // where these robot agents will be
> created
> // kerberos_clear_cache = true;
> kerberos_auth = true;
> kerberos_config_path = "krb5_SUSE.conf";
> kerberos_proxy_spn = "HTTP/proxy.suse.home";
> credentials = [ "user1:user1" ];
> dns_resolver = dr;
> };
>
> // a primitive robot
> Robot R2 = {
> kind = "R101";
> pop_model = { pop_distr = popUnif(); };
> recurrence = 55% / SimpleContent.cachable; // adjusted to get 55%
> DHR
>
> origins = S.addresses; // where the origin servers are
> addresses = [ '192.168.1.10' ]; // where these robot agents will be
> created
> // kerberos_clear_cache = true;
> kerberos_auth = true;
> kerberos_config_path = "krb5_WINDOWS.conf";
> // user can be the same as in Robot R1 as the default domain in krb5 will
> differentiate them as user1@<WINDOWS-DOMAIN> and user1@<SUSE-DOMAIN>
> kerberos_proxy_spn = "HTTP/proxy.suse.home";
> credentials = [ "user1:user1" ];
> dns_resolver = dr;
> };
>
> // commit to using these servers and robots
> use(M);
> use(S, R1, R2);
>
>
>
> Run the client with:
>
> /opt/polygraph-4.0.11/bin/polygraph-client --proxy
> 192.168.1.11:3128 --config
> /home/markus/mysources/polygraph/simple_proxy.pg --verb_lvl 10 --log
> client.log
>
>
> Simple Kerberos configuration file
>
> [libdefaults]
> default_realm = WIN2003R2.HOME
> default_keytab_name = /etc/krb5.keytab
> default_tgs_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-crc
> des-cbc-md5
> default_tkt_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-crc
> des-cbc-md5
> permitted_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-crc des-cbc-md5
>
> #Heimdal settings
> default_etypes = arcfour-hmac-md5 des3-cbc-sha1 des-cbc-crc
> des-cbc-md5
> default_etypes_des = des-cbc-crc des-cbc-md5
>
> # DNS settings to reduce DNS traffic and rely on below settings
> dns_lookup_kdc = no
> dns_lookup_realm = no
>
> [realms]
> WIN2003R2.HOME = {
> kdc = 192.168.1.10
> admin_server = 192.168.1.10
> }
> [domain_realm]
> .win2003r2.home = WIN2003R2.HOME
> win2003r2.home = WIN2003R2.HOME
>
> [logging]
>
>
>
> Using IP-addresses reduces the load on DNS !!
>
> In the case of a high number of connections you may see errors 1765328228
> from krb5_get_init_creds_password. This can happen when more than
> FD_SETSIZE file descriptors are open. The only way to avoid this is to
> recompile the Kerberos library after setting with sysctl ( on Linux) a
> file
> max file descriptor number and changing the header file define for
> FD_SETSIZE in typesizes.h (depending on OS it is defined inother header
> files).
>
> Any feedback is appreciated.
>
> Regards
> Markus
>
This archive was generated by hypermail 2.2.0 : Sat Mar 05 2011 - 12:00:03 MST