-
-
Notifications
You must be signed in to change notification settings - Fork 14.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unscd: init at 0.53 #124019
unscd: init at 0.53 #124019
Conversation
Result of 1 package failed to build:
1 package built successfully:
Note that build failures may predate this PR, and could be nondeterministic or hardware dependent. Result of 1 package failed to build:
2 packages built successfully:
7 suggestions:
Note that build failures may predate this PR, and could be nondeterministic or hardware dependent. |
Hold that. @petabyteboy if you're down for a rabbithole, if I set |
I think it does pick up custom nss modules, but it currently doesn't proxy all the request types that glibc nscd supports, so that might be one thing. Anyways, I'll look into it, thanks! |
An alternative solution may be using sssd for nss requests, and a seperate service like systemd-resolved for DNS requests. Fedora seems to do that and got rid of nscd entirely. |
If unscd doesn't load external nss modules properly, there's no point in using it. I can just disable nscd entirely to have a similar result. |
It does load nss modules, but it doesn't implement the GETFD* calls, which expose the internal cache as a file descriptor. |
I poked inside unscd code base, https://github.com/bytedance/unscd/blob/master/nscd.c#L615-L616 lists some things as "won't do. Can you elaborate a bit more on this? Is this why some nss lookups fall back to the (broken) local lookup? Would this not also be super unsafe to do for 32bit binaries on a 64bit nscd? |
Can we merge this? Even if |
Seems like this merge caused breakage on the main branch: #169157 |
The same error is on the CI: https://github.com/NixOS/nixpkgs/runs/6049668074?check_suite_focus=true#step:5:165 |
How did ofborg pass on this PR? Or was the result ignored? Edit: Please don't ignore ofborg failures in the future. |
I created a revert: #169190 |
Sorry!! I saw the Cachix failure and missed the manual failure before it which was collapsed --- making me think the cachix failure was spurious. Will not happen aagin. |
unscd as nscd however still doesn't seem to work: #193535 |
Motivation for this change
When using NixOS as a router in a DFZ use case, the glibc nscd causes severe performance issues for the whole system.
This includes a change to the nscd module, so that
services.nscd.package = pkgs.unscd;
can be used to replace the glibc nscd with unscd.I have been running this on my systems for a few hours and haven't noticed any problems. It prints these warnings at startup though:
Those calls might just be uncached when using unscd.
Detailed explanation from the source file:
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)