[Freeipa-users] FreeIPA 3.3 performance issues with many hosts
Tomas Babej
tbabej at redhat.com
Mon Oct 5 11:16:41 UTC 2015
On 10/01/2015 05:06 PM, Dominik Korittki wrote:
> Hello folks,
>
> I am running two FreeIPA Servers with around 100 users and around 15.000
> hosts, which are used by users to login via ssh. The FreeIPA servers
> (which are Centos 7.0) ran good for a while, but as more and more hosts
> got migrated to serve as FreeIPA hosts, it started to get slow and
> unstable.
>
> For example, its hard to maintain hostgroups, which have more than 1.000
> hosts. The ipa host-* commands are getting slower as the hostgroup
> grows. Is this normal?
> We also experience random dirsrv segfaults. Here's a dmesg line from the
> latest:
>
> [690787.647261] traps: ns-slapd[5217] general protection ip:7f8d6b6d6bc1
> sp:7f8d3aff2a88 error:0 in libc-2.17.so[7f8d6b650000+1b6000]
>
> Nothing in /var/log/dirsrv/slapd-INTERNAL/errors, which relates to the
> problem.
> I'm thinking about migrating to latest CentOS 7 FreeIPA 4, but does that
> solve my problems?
>
> FreeIPA server version is 3.3.3-28.el7.centos
> 389-ds-base.x86_64 is 1.3.1.6-26.el7_0
>
>
>
> Kind regards,
> Dominik Korittki
>
Hi Dominik,
performance issues are a known problem, there has been some work to
improve the performance with respect to large groups:
11bd9d96f191066f7ba760549f00179c128a9787
efcd48ad01a39a67f131a2cea9d54771642222fb
These improvements are in FreeIPA 4.2 only, however, which has not been
released for CentOS7 as of now. You may try to play with FreeIPA 4.2 on
Fedora, see https://copr.fedoraproject.org/coprs/mkosek/freeipa-4.2/.
HTH,
Tomas
More information about the Freeipa-users
mailing list