[Opendnssec-user]How to speed up signing performance

Matthijs Mekking matthijs at nlnetlabs.nl
Wed Nov 21 15:34:03 UTC 2012 

Sorry for the late follow-up.

FYI.

The cpu patch was incorporated and is already included in the 1.4 beta.

The aggressive retry patch is also applied, with small adjustments:

-        if (status == ODS_STATUS_UNCHANGED) {
-            worker_wait_timeout_locked(&q->q_lock, &q->q_nonfull, 60);
+        if (!tries && status == ODS_STATUS_UNCHANGED) {
+            worker_wait_timeout_locked(&q->q_lock, &q->q_nonfull, 5);
         }

The waiting should only occur when the number of max tries has been
reached (tries has been reset to 0). Also, 60 seconds seems indeed a
long maximum wait, 5 will do too (If the queue is not full, the timeout
should of course be shorter). This change is for now only in trunk, it
will be in the 1.4 rc.

Best regards,
  Matthijs

On 09/05/2012 10:56 PM, Paul Wouters wrote:
> On Tue, 4 Sep 2012, Jerry Lundström wrote:
> 
>> On Fri, Aug 31, 2012 at 6:58 PM, Paul Wouters <paul at nohats.ca> wrote:
>>> We use the attached two patches to speed up the signerd. For us it seems
>>> mostly related to locking issues.
>>
>> These two patches really does not affect signing time per say. The
>> first patch has no affect on signing time if your HSM works correctly,
>> all it does is to reduce the wait time on a mutex that will be
>> signaled once there is work to be done.
> 
> It does ensure we no longer see signings failing for over an hour.
> 
>> And the second one is a bug
>> fix to the code executing external commands from the signer, if your
>> running from SVN trunk this will already be in.
>>
>> I would do as Matthijs said and run ods-hsmspeed to see how fast your
>> HSM can go, change conf.xml to the optimal workers and drudgers and
>> then compare the numbers from ods-hsmspeed with the STATS line from
>> the Signer.
> 
> We saw this too when only doing like 10 signatures. I'm not sure if your
> explanation would cover that, but I just attached it as reference, as
> with these two patches, it seems we no longer have any issues.



> 
> Paul
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20121121/67d98fd4/attachment.bin>

More information about the Opendnssec-user mailing list