|
| 1 | +Profiling SSSD |
| 2 | +############## |
| 3 | + |
| 4 | +Getting Ready |
| 5 | +************* |
| 6 | + |
| 7 | +There are several tools allowing us to profile an application. We will focus on |
| 8 | +perf_ which seems to be the one that works best with SSSD. |
| 9 | + |
| 10 | +.. _perf: https://perf.wiki.kernel.org |
| 11 | + |
| 12 | +First you need to install the ``perf`` tool: |
| 13 | + |
| 14 | +.. code-tabs:: |
| 15 | + |
| 16 | + .. fedora-tab:: |
| 17 | + |
| 18 | + # dnf -y install perf js-d3-flame-graph |
| 19 | + |
| 20 | + .. ubuntu-tab:: |
| 21 | + |
| 22 | + $ sudo apt install linux-tools-common linux-tools-generic |
| 23 | + |
| 24 | + |
| 25 | +Make sure the debug information is available for SSSD and all its dependencies |
| 26 | +either by using ``debuginfod``, or by manually installing the debug information |
| 27 | +packages: |
| 28 | + |
| 29 | +.. code-tabs:: |
| 30 | + |
| 31 | + .. fedora-tab:: |
| 32 | + |
| 33 | + # dnf -y --enable-repo=fedora-debuginfo --enable-repo=updates-debuginfo \ |
| 34 | + install sssd*debuginfo libsss_*-debuginfo samba-client-libs-debuginfo \ |
| 35 | + libldb-debuginfo libtevent-debuginfo libtalloc-debuginfo glibc-debuginfo |
| 36 | + |
| 37 | + .. ubuntu-tab:: |
| 38 | + |
| 39 | + $ sudo apt install sssd-ad-common-dbgsym sssd-ad-dbgsym sssd-common-dbgsym \ |
| 40 | + sssd-dbus-dbgsym sssd-ipa-dbgsym sssd-kcm-dbgsym sssd-krb5-common-dbgsym \ |
| 41 | + sssd-krb5-dbgsym sssd-ldap-dbgsym sssd-proxy-dbgsym sssd-tools-dbgsym \ |
| 42 | + libsss-certmap0-dbgsym libsss-idmap0-dbgsym libsss-nss-idmap0-dbgsym \ |
| 43 | + libsss-simpleifp0-dbgsym libsss-sudo-dbgsym libldb2-dbgsym libtdb1-dbgsym \ |
| 44 | + libtalloc2-dbgsym libtevent0-dbgsym libc6-dbgsym |
| 45 | + |
| 46 | +.. seealso:: |
| 47 | + |
| 48 | + More information on `Debug Symbol Packages`_ for Ubuntu. |
| 49 | + |
| 50 | +.. _`Debug Symbol Packages`: https://documentation.ubuntu.com/server/reference/debugging/debug-symbol-packages/ |
| 51 | + |
| 52 | +.. note:: |
| 53 | + |
| 54 | + If you are using SELinux, the shipped targeted policy may prevent ``perf`` |
| 55 | + from interacting with the SSSD process. You can put SELinux into permissive |
| 56 | + mode to confirm or look at the audit logs and add the required rules. Rules |
| 57 | + can be added using ``audit2allow``. |
| 58 | + |
| 59 | +Profiling |
| 60 | +********* |
| 61 | + |
| 62 | +The simplest way to profile one of the SSSD's daemons is to attach the profiler |
| 63 | +to the process while it is running. |
| 64 | + |
| 65 | +Once SSSD is running and ready to be profiled, identify the PID of the process |
| 66 | +you want to monitor (``sssd_ssh``, ``sssd_nss``, ``sssd_be``, etc.), start the |
| 67 | +``perf`` command in the background, launch the command you want to profile |
| 68 | +and stop the profiling after the command completes: |
| 69 | + |
| 70 | +.. code-block:: console |
| 71 | + :caption: `Profiling the LDAP domain daemon during the id command` |
| 72 | +
|
| 73 | + # PID=$(pgrep -f 'sssd_be --domain LDAP') |
| 74 | + # perf record --pid=$PID --call-graph=dwarf -e cycles:u & |
| 75 | + # id user1002@LDAP |
| 76 | + # kill %% |
| 77 | +
|
| 78 | +.. code-block:: console |
| 79 | + :caption: `Profiling the sssd_nss daemon during the ls command` |
| 80 | +
|
| 81 | + # perf record --pid=$(pgrep -f 'sssd_nss') --call-graph=dwarf -e cycles:u & |
| 82 | + # ls -l /tmp |
| 83 | + # kill %% |
| 84 | +
|
| 85 | +
|
| 86 | +This will create a ``perf.data`` file in your current directory. It is |
| 87 | +recommended to process this file in the same machine, so that the debug |
| 88 | +information matches perfectly the installed binaries. You can later move the |
| 89 | +results to another host. |
| 90 | + |
| 91 | +The ``-e cycles:u`` argument tells ``perf`` to only monitor the CPU cycles the |
| 92 | +application consumes in user space. The kernel will not be profiled. Check the |
| 93 | +``perf-record(1)`` man page for more options that might be useful in you |
| 94 | +particular case. |
| 95 | + |
| 96 | +Generating the Reports |
| 97 | +********************** |
| 98 | + |
| 99 | +We will create two types of reports: a text report and a flame graph to be seen |
| 100 | +in a web browser. But before doing that, it is necessary to update ``perf``'s |
| 101 | +cache of debug information: |
| 102 | + |
| 103 | +.. code-block:: console |
| 104 | +
|
| 105 | + # perf buildid-list |
| 106 | + # perf report -g > report.txt |
| 107 | + # perf script report flamegraph |
| 108 | +
|
| 109 | +The files ``report.txt`` and ``flamegraph.html`` contain the reports, are |
| 110 | +self-contained, and can safely be moved to another host. |
| 111 | + |
| 112 | +.. seealso:: |
| 113 | + |
| 114 | + Other reports are available. You can learn about them in the |
| 115 | + ``perf-report(1)`` and ``perf-script(1)`` man pages. |
| 116 | + |
0 commit comments