[Freeipa-users] OT: slow NFS4 (kerberos) since moving to IPA

Torsten Harenberg harenberg at physik.uni-wuppertal.de
Thu Sep 22 09:39:04 UTC 2016 

Dear all,

please excuse, this is slightly off-topic.

We run an NFS4 server (running Ubuntu 14.04) serving about 40 clients on
(running Ubuntu and Mint as well as a few CentOS 6 nodes).

We moved all our infrastructure to IPA to have Kerberos security. File
systems are mounted with

home             -fstype=nfs4,rw,sec=krb5i

using the automounter.

That all works fine.

Now the clients show timeouts in the system logs

physikd98kuech kernel: [  595.004026] nfs: server
whep-nfs.pleiades.uni-wuppertal.de not responding, still trying

and sometimes the NFS server has a

 whep-nfs kernel: [ 1129.628090] RPC: AUTH_GSS upcall failed. Please
check user daemon is running.

or

 whep-nfs rpc.gssd[462]: destroying client /run/rpc_pipefs/nfsd4_cb/clnt151

in their logs. We already increased the debug levels (for example of
idmapd) but haven't had anything obvious so far.

Surprisingly, we have three main "public login machines" running CentOS
6, they seem to run fine. So probably it's not a NFS server issue.

We increased the number of NFS server processes running on the NFS
server from the default 8 (which might be too little for a setup like
this) to 128. Also I upgraded the sssd on the server to 1.12.5 (compared
to the 1.11 which comes with Ubuntu).

All with little success, users are still complaining about the slow
connection.

Our munin monitoring shows no satuaration on the NFS server. The load is
also nearly 0. The real file system is mounted through a high-perfomance
FibreChannel system.

Any thoughts / ideas are appreciated.

Thanks

  Torsten


-- 
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<>                                                              <>
<> Dr. Torsten Harenberg     harenberg at physik.uni-wuppertal.de  <>
<> Bergische Universitaet                                       <>
<> FB C - Physik             Tel.: +49 (0)202 439-3521          <>
<> Gaussstr. 20              Fax : +49 (0)202 439-2811          <>
<> 42097 Wuppertal                                              <>
<>                                                              <>
<><><><><><><>< Of course it runs NetBSD http://www.netbsd.org ><>

More information about the Freeipa-users mailing list