-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Opa cli slow on Windows 10 #4646
Comments
I think I've seen this related to the location of the binary. If it's used straight out of the download folder, extra checks apply that take time. It's a Windows thing. Can you check where there binaries are placed and perhaps try in another location, please? |
Thanks for the quick response, I have tested on following locations, results are the same:
|
Can you try disabling any anti virus software that could be interfering? |
I have tested it further. Without any antivirus software running i get the same results.
|
Also a windows user here (Windows 10 pro, Intel processor). I ran 'opa version' with different versions and using 'time' to get the stats. Here is what I got running on gitbash: I also tried from inside WSL2, its faster but still not OK: Oddly enough, running on PowerShell is even worse than gitbash |
Its consistent for me and I have SSD |
@wermerb thanks for the quick reply! :) |
So, trying to shed some light onto this, I'll build binaries that drop trace logs on exit. If you could download them, please, and give it a go, and share the resulting |
Here you go: |
Hrmm from the trace, the binary was running for 25ms. So it must be something outside of the binary's doing? Regardless, I've pushed another commit to the debug PR, because we do something special after all on windows: the "mouse trap". Cobra, the CLI lib we use, does that by default via https://github.com/inconshreveable/mousetrap. If you don't mind, could you try again with the binaries that'll show up in this build in a bit? Since it was only 25ms before, I don't think this is the issue, but it would still be interesting to have another trace without the mousetrap call... |
Sure np, here is the new trace: |
Thanks. I assume there's no huge change from that last run? The execution went down to ~7ms; because it didn't to the mousetrap work, but this still means that whatever happens happens outside of the binary execution. Perhaps loading some libraries, or trying to find them, or something 🤔 I'll need to do some reading on what could be causing this... |
So I've asked around internally, and we came up with a few more things to note and check:
@kyorav+@wermerb Could you have a look at those points, by any chance? I'd appreciate it a lot. |
Hey @srenatus, I'll will iterate over the list later today. |
I had some success with procmon.
The above events only displayed when i ran the v0.40.0 and v0.39.0. |
Hrrm but what is it...? Can you use tcpdump or wireshark or something to sniff the traffic? Does the binary without them mousetrap exhibit this, too? Could be it's only related to gathering the process info. The TCP calls alone don't mean that this is what's causing the wait time. |
I'll check it as well, however I think its interesting that the v0.38.0 does not have any TCP event. |
#4374 I have a suspicion. I'll get you a build that doesn't do that tomorrow 🤞 |
More detail about the last comment above: I suspect the TCP connection you've seen is related to looking up the user when trying to see if their UID or GID is 0. Since that can't happen on Windows I've removed that check on windows in 49ddc71. @wermerb Could you please grab that build's binary and see how it behaves on your system? Specifically, I'd be interested in
Thinking about this more, if you've seen the TCP event using Sorry if this is dragging along, but I won't drop this until it's resolved 😅 |
@srenatus no worries happy to help :). For testing I'm using the
To help the investigation, I'll create and attach the procmon logs for the v0.38.0 and v0.40.0 maybe you'll find something other interesting point in it. |
Ah, ok. So that doesn't instantiate the runtime, so my suspicion was wrong. Well, that's progress, too. 🙃
Thank you! Looking forward to 🔍 them. |
One more thing that is changed is the Go version, i dont know whether it has anything to do with it or not:
Here are the procmon logs: |
Thanks! I'm having a look and try to find anything suspicious... I'm not an expert on windows, though 😓 |
So it seems like the procmon csv captures the time it takes to run
☝️ While I'lm not certain how to read those time stamps, it's Looking at the event counts, we find: v0.38.1:
v0.40.0:
So there's lot more file action going on. But looking at the differences in the referred to files, it seems to be user info related:
Looking at the RegQueryValue keys, we've got a bunch of TCP and socket-related registry keys being read, but that's also related to the TCP connections. I suspect this still boils down to something lookup up user information, and that's a costly operation on windows (at least in some situations, AD, kerberos, etc). Now what I don't understand is why that happens: For
|
@wermerb I've compared the 0.40.0 binary, and 0.38.1's, using Using the binaries from this build, do we
|
@srenatus Thanks for the update. |
So I've not made any breakthrough here. How are you holding up? Using the old version, or waiting patiently? |
I'm using the older version for now. |
Good news. We've located another |
Hey, @srenatus thanks for the update. I would be happy to test it. Unfortunately im not so familiar with Github actions could you point me where can i find the corresponding binaries? |
https://github.com/open-policy-agent/opa/actions/runs/2541221364 Please try the binaries from here, from the Artifacts section on that page 😃 |
Yup, you hit the nail on the head, this one works :) |
Yay. This makes me happy |
I'll close this. The next release will come with the fix. Thanks for bearing with me! |
Thank you sir :) |
Hi,
It seems something has changed with the Windows binary in the last couple of releases.
The cli bootstrap time got significantly slower.
If I run the following command
opa help
response times are:I cannot reproduce the above with the linux binaries.
Thank you
The text was updated successfully, but these errors were encountered: