[Freeipa-users] IPA very very slow
Martin Kosek
mkosek at redhat.com
Fri Jun 12 07:11:07 UTC 2015
> Hi List,
>
> This is a problem that has surfaced after a reboot of this system in
> particular. It is being really, really slow. In terms of hardware
> usage issues, there are none. It is taking 3-5 minutes to list users
> in the gui. Running commands like ipa-replica-manage list is taking
> between 30seconds and 3 minutes. Memory usage is low, cpu usage is
> low, iops are low. I really have no idea where to start here, there
> is noting really damning in the logs. I have tried restarting IPA
> (ipactl restart) stopping and starting IPA (ipactl stop wait... ipactl
> start), and rebooting the entire server.
>
> The oddest thing is that there have been some krb errors saying that
> they cannot contact the krb server.. logging into the gui saying your
> session has timed out..
>
> It is just general strangeness.
>
> ipa-server-4.1.0-18.el7.centos.3.x86_64
> sssd-ipa-1.12.2-58.el7_1.6.x86_64
> krb5-server-1.12.2-14.el7.x86_64
>
> Any help would be greatly appreciated.
>
> Thanks,
> Bill
I would recommend starting with simple things, seeing the performance and then
following with more complex stuff:
- Try bare "ldapsearch" against the FreeIPA LDAP server, see the response rate.
If it is also slow, we have the root cause. Before ringing on DS people doors,
see if for example DNS is not slow and there are no DNS timeouts in play -
"host ipa.server.test" will tell you that
- If DS is OK, try Kerberos - kinit, kvno commands
- If Kerberos is also OK and "ipa-replica-manage list" is still slow, maybe we
should just "strace" it to see what it waits on.
HTH,
Martin
More information about the Freeipa-users
mailing list