[Freeipa-users] FreeIPA 3.3 performance issues with many hosts
Dominik Korittki
d.korittki at mittwald.de
Tue Oct 6 12:55:26 UTC 2015
Thanks for the info, Tomas.
I will definitely try this one out! Couldn’t wait for it to be released
for CentOS if it really does what the changes you mentioned describe :-)
We would like to have hostgroup of 10.000 hostmembers or even more in
one group. We currently split these group into multiple smaller groups
with max 1000 members, because adding, modifying or removing a members
of a large group (~7k hostmembers) takes around 7 seconds (removing one
host from the group alone).
Kind regards,
Dominik Korittki
Am 05.10.2015 um 13:16 schrieb Tomas Babej:
> On 10/01/2015 05:06 PM, Dominik Korittki wrote:
>> Hello folks,
>>
>> I am running two FreeIPA Servers with around 100 users and around 15.000
>> hosts, which are used by users to login via ssh. The FreeIPA servers
>> (which are Centos 7.0) ran good for a while, but as more and more hosts
>> got migrated to serve as FreeIPA hosts, it started to get slow and
>> unstable.
>>
>> For example, its hard to maintain hostgroups, which have more than 1.000
>> hosts. The ipa host-* commands are getting slower as the hostgroup
>> grows. Is this normal?
>> We also experience random dirsrv segfaults. Here's a dmesg line from the
>> latest:
>>
>> [690787.647261] traps: ns-slapd[5217] general protection ip:7f8d6b6d6bc1
>> sp:7f8d3aff2a88 error:0 in libc-2.17.so[7f8d6b650000+1b6000]
>>
>> Nothing in /var/log/dirsrv/slapd-INTERNAL/errors, which relates to the
>> problem.
>> I'm thinking about migrating to latest CentOS 7 FreeIPA 4, but does that
>> solve my problems?
>>
>> FreeIPA server version is 3.3.3-28.el7.centos
>> 389-ds-base.x86_64 is 1.3.1.6-26.el7_0
>>
>>
>>
>> Kind regards,
>> Dominik Korittki
>>
>
>
> Hi Dominik,
>
> performance issues are a known problem, there has been some work to
> improve the performance with respect to large groups:
>
> 11bd9d96f191066f7ba760549f00179c128a9787
> efcd48ad01a39a67f131a2cea9d54771642222fb
>
> These improvements are in FreeIPA 4.2 only, however, which has not been
> released for CentOS7 as of now. You may try to play with FreeIPA 4.2 on
> Fedora, see https://copr.fedoraproject.org/coprs/mkosek/freeipa-4.2/.
>
> HTH,
> Tomas
>
>
>
More information about the Freeipa-users
mailing list