14-April-2021

Attending

Chris Hyzer, Penn, Chair
Shilen Patel, Duke
Chad Redman, University of North Carolina Chapel Hill
Vivek Sachdiva, independent
Jeff Williams UNCG
Carey Black, the Ohio State University
Emily Eisbruch, Internet2

Administrivia

https://internet2.edu/community/about-us/policies/internet2-intellectual-property-policy/
Approve minutes
Review AIs Grouper Project Action Items (Google Doc)
Agenda bash

Current Work

Vivek

Working w Chris and Shilen on object types
Used to propagate to Children in real time
You’d click on Save in UI and then propagate to all
There were performance issues, reaching out to database too many times
Now there is incremental sync
Full sync to reconcile everything
Minimize number of SQL queries
Get all necessary info in one SQL query
Question: is it still going thru predefined loop of attributes?
Answer: building off folders and groups of interest
New Incremental
Getting object types
Get children and ancestors
Trying not to do same query twice in incremental
Could be confusing
Workflow, as used for provisioning
Each method only does one thing
For ESB events, doesn’t do logic
Gets individual assignments
Then gets children
Then gets ancestors
Keep all data structures
Helps with logic
Don’t have to keep track
Do it at point you are ready to do it
Finding ancestors for a list of folders
Can remove relationships
Get to minimal queries you need
Everythings is committed
Vivek is testing logic for full sync
Suggestion to redo provisioning potentially using this approach
Less passing of arguments is better
Shilen will take a look at this new approach for provisioning
Hope for new Grouper release out by end of weekend
Object type full sync has been issue
Vivek will look at instrumentation daemon

Chris

GSH templates
Meta data for DNs , afterwards
VPN rollout is happening at Penn
If you add a VPN, build out a structure
Overall list, allow deny
In the allow you could have different ref groups
Come from org chart
GSH template adds value
59 steps to add a template
Each is a little block in the code
Email for the admin
Makes a report
Carey: Could templates spawn other templates?
- Could 2nd template add a user to role?
- Nest functions inside functions
Chris: yes possibly
Templates were not multi threaded
This is fixed in new branch
Another profile
Lightweight
Blog on GSH Templates is good idea
Focus on JS 232
AI Emily check with Dean on the deadlines for a blog on GSH templates blog and set up google doc for ChrisH. (Emily working on this)
Also, we are improving the
stable version of Grouper
- Every 6 months mark a stable version?
- Chad: feature based is fine
- New features not entirely stable and changing
- Makes it hard to keep up
- If there is a security issue, you must increment
- If we had long term support for a particular version, it is less risk
- Carey: people want new features
- Chris: want the stable new shiny
- Some Don’t want to wait a year
- It’s a life to go from a year ago to now
- Issue is validation
- Strawpoll : long term support version every 6 months: one vote
- UNCG moving into longer term model. Need more justification on upgrades
- Others want to keep releases as they are now
- Shilen : depends on what feature is happening
- If there’s a feature that’s really needed, we may want to upgrade more often than every 6 months
- But now, things may be too unstable
- Some JUNIT tests are not passing right now
- An issue is institutions that don’t need the bleeding edge, but don’t want to get burned with a need for an upgrade due to a security issue
- If we support 2 versions back, then sites must upgrade around every year
- Every 6 months increment 2.5 to 2.6 to 2.7
- Those who want can get the point releases, like 2.5.3 to 2.5.4
- We must stabilize provisioning so sites can upgrade
- GSH templates
- And subject sources
- Then sites will upgrade to long term support version
- Then design sessions and brainstorm next stages
- Hope changing data structures in database will help performance issues
- Move to Grouper 3.0
- Chad, nice having everything in one branch
- Matt: how to patch the long term release?
- Chris: It’s another minor version

Shilen

Made minor provisioning changes related to propagation issues
Added logic in LDAPTIVE code so if you have AD set to TRUE and don't’ specify page size, since paging is usually done w AD, then it will query AD
Defaults to 1000
Looking at performance issues
- Running profilers
- Adding 200K members to a group
- Identified a few issues
- Query to retrieve members from Grouper is expensive
- Batches of 900
- For a large group, this needs improvement
- 2nd issue: in retrieving entity , it asks for same entity multiple times
- 3rd issue: when going thru to check values for membership object, adding membership to set, it checks entire set
- Another issue: If running incremental as new changes are being added, it will get most of work done, but won’t fully increment last sequence processed, Not sure why