New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OSX: Slow boot time when machine tied to Active Directory #27402
Comments
I have the same issue and it seems to be related to the query of group memberships when the group module runs I will be looking at specifically what causes the group query to take so long in the mean time. A possible issue could be grains generated at start up that are not available until the active directory plugin can contact the domain controller. m |
I see that this ticket is "High Severity", but I don't see any advancement. |
Do you have a large AD? |
We're on LDAP here and not that many users right now, around 30. |
Not possible if you rely on python's default I haven't done very detailed testing yet. There's no response from saltstack at the moment, so I might have to take another look. I thought maybe you could delay the launch daemon until after the directory plugin has connected, but that doesn't necessarily fix the issue. You can still cause an OSX client to hang on minion startup if you just start the minion interactively. I'm going to fork and see how much mileage i get out of swapping all the calls to grp for OS X. |
grp.getgrall() will use api calls, those api calls will look at configuration files. For example ldap.conf is the common name for ldap configuration files, and within it you can configure search paths. |
Some more information which might give some more context to the issue:
This is the function invoked by python's grp module on the Python 2.7.10 shipped with Mac OS X 10.11.6. I'm not aware of any configuration file that can change the behaviour of this API on OSX, but I'm happy to be proven wrong! |
The exact invocation of getgrall that is causing the issue: I've made a hotfix branch on my fork for this issue. For the moment I've just used a different verify_env function when In other news, you should be able to prevent a pinwheel at startup with the minion config |
Thank you so much guys for looking into it. @mosen you're a golden god ! |
@lesphinks oh dear :( |
@lesphinks I tried to replicate the issue with |
@mosen |
@lesphinks no problem ill try file.managed and recursive and report back |
Add this to your minion config
|
I tried salt on a few macs connected to AD and it is very disruptive to using the computer. I'm guessing this is my issue? Any workarounds? |
Based on advice from @mosen above, we use this snippet to avoid the AD pinwheel problem on our MacOS minions.
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue. |
Still happening. Please reopen. |
Hi,
I ran into an issue thats been bugging me for a while. In a nutshell, if I tie a Mac to the Active Directory and try to launch the salt-minion via launchd at boot / login I have to accept a 3 minute delay.
So far I tested a multitude of plists, starting with the one from pkg/darwin and working my way onwards from there, all with the same effect. Even when switching to a LaunchAgent I see the delay, however not during boot but during login.
Using the same plist on the same Mac but without ties to the Active Directory will boot without any delay.
When looking at the system.log I see a 3m delay between the start of process all plists in /Library/LaunchDaemons and the next steps.
If you can provide me with a hint / suggestion / guidance where to look next for troubleshooting I'm happy to help.
Cheers!
The text was updated successfully, but these errors were encountered: