Test user generation
Running the Authentication rate and OAuth 2.0 authorization code flow benchmarks requires a set of test users. This page provides instructions for generating a set of test users suitable for these two lightweight AM benchmarks. Note that these test users are not necessarily suitable for other benchmarks or load tests, and that they can’t be used with IDM.
For small and medium clusters
To generate test users for lightweight AM benchmarks for small and medium clusters, to provision the CDM userstores, and to prime the directory servers:
-
Make sure your Kubernetes context is set to the cluster in which the CDM is deployed, and that
prodis the active namespace in your context. -
Obtain the password for the directory superuser,
uid=admin:$ cd /path/to/forgeops/bin $ ./forgeops info | grep uid=admin
Make a note of this password. You’ll need it for subsequent steps in this procedure.
-
Change to the directory that contains the source for the
dsutilDocker container:$ cd /path/to/forgeops/docker/ds/dsutil
You’ll generate test users from a pod you create from the
dsutilcontainer. -
Build and push the
dsutilDocker container to your container registry, and then run the container.The my-registry parameter varies, depending on the location of your registry:
$ docker build --tag=my-registry/dsutil . $ docker push my-registry/dsutil $ kubectl run -it dsutil --image=my-registry/dsutil --restart=Never -- bash
The kubectl run command creates the
dsutilpod, and leaves you in a shell that lets you run commands in the pod. -
Generate the test users—1,000,000 users for a small CDM cluster, and 10,000,000 for a medium cluster:
Run these substeps from the
dsutilpod’s shell:-
Make an LDIF file that has the number of user entries for your cluster size:
For example, for a small cluster:
$ /opt/opendj/bin/makeldif -o data/entries.ldif \ -c numusers=1000000 config/MakeLDIF/ds-idrepo.template Processed 1000 entries Processed 2000 entries Processed 3000 entries . . . Processed 1000000 entries LDIF processing complete. 1000003 entries written
When the Cloud Deployment Team ran the makeldif script, it took approximately:
-
30 seconds to run on a small cluster.
-
4 minutes to run on a medium cluster.
-
-
Create the user entries in the directory:
$ /opt/opendj/bin/ldapmodify \ -h ds-idrepo-0.ds-idrepo -p 1389 --useStartTls --trustAll \ -D "uid=admin" -w directory-superuser-password --noPropertiesFile \ --no-prompt --continueOnError --numConnections 10 data/entries.ldifADD operation successfulmessages appear as user entries are added to the directory.When the Cloud Deployment Team ran the ldapmodify command, it took approximately:
-
15 minutes to run on a small cluster.
-
2 hours 35 minutes to run on a medium cluster.
-
-
-
Prime the directory servers:
-
Open a new terminal window or tab.
Use this new terminal window—not the one running the
dsutilpod’s shell—for the remaining substeps in this step. -
Prime the directory server running in the
ds-idrepo-0pod:-
Start a shell that lets you run commands in the
ds-idrepo-0pod:$ kubectl exec ds-idrepo-0 -it -- bash
-
Run the following command:
$ ldapsearch -D "uid=admin" -w directory-superuser-password \ -p 1389 -b "ou=identities" uid=user.* | grep dn: | wc -l 10000000 -
Exit from the
id-dsrepo-0pod’s shell:$ exit
-
-
Prime the directory server running in the
ds-idrepo-1pod.
-
For large clusters
Here are some very general steps you can follow if you want to generate test users for benchmarking or load testing a large cluster:
-
Install DS in a VM in the cloud.
-
Run the
makeldifandldapmodifycommands, as described above. -
Back up your directory.
-
Upload the backup files to cloud storage.
-
Restore a CDM
idrepopod from your backup, following the steps outlined in CDM restore.