[Freeipa-users] SSSD hangs on IPA master
Ronald Wimmer
ronaldw at ronzo.at
Thu Apr 6 09:06:50 UTC 2017
On 2017-04-04 11:19, Jakub Hrozek wrote:
> On Tue, Apr 04, 2017 at 09:51:04AM +0200, Ronald Wimmer wrote:
>> Hi,
>>
>> my IPA master has an AD trust (several thousand users). Since the trust has
>> been set up I am experiencing that I cannot login on the web interface. Even
>> connecting via SSH does not work or takes extremely long. When I managed to
>> log in as root via SSH (after waiting and trying several times or rebooting
>> the machine) I could not restart SSSD (systemctl restart sssd). I had to
>> kill the SSSD processes manually and then everything seemed to work fine
>> again.
>>
>> What could be going on? Could the SSSD cache be to big (122M)? Where should
>> I take a deeper look?
>>
>> Any hints are highly appreciated!
> SSSD logs that capture the problem are always a good start.
>
I found out that the CPU was quite busy (sssd_be process) and that there
was a lot I/O in the cache directory. So I upgraded from 1 to 4 virtual
CPUs and followed your recommendations regarding large deployments:
https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/
No problems so far...
Regards,
Ronald
More information about the Freeipa-users
mailing list