[Freeipa-users] SSSD setting memcache_timeout on ipa master

[Jakub Hrozek]

On Sat, Apr 08, 2017 at 05:55:00PM +0200, Ronald Wimmer wrote:
> On 2017-04-08 12:53, Lukas Slebodnik wrote:
> > On (04/04/17 09:41), Ronald Wimmer wrote:
> > > On 2017-03-31 13:35, Lukas Slebodnik wrote:
> > > > On (29/03/17 10:47), Ronald Wimmer wrote:
> > > > > Hi,
> > > > > 
> > > > > yesterday I suddenly was unable to use the webinterface of my ipa master. SSH
> > > > > login (with root user) did not work also.
> > > > > 
> > > > > When I uncommented the setting "memcache_timeout = 600" in the sssd config
> > > > > file of the master everything seemed to work fine again. (my ipa setup has a
> > > > > trust to AD)
> > > > > 
> > > > I doubt it had anything to do memcache_timeout.
> > > > I would say that restart of sssd helped. But it difficult to say
> > > > without log files. either sssd logs or at least /var/log/secure
> > > > (journald for pam).
> > > You were right. I uncommented the setting and the problem ocurred again.
> > > 
> > Did you find anything suspicious in journald?
> > Is sssd_be busy (or any other process)?
> > high CPU, IO operations ...
> > 
> > It would be good to know more details. Restarting sssd is not a solution.
> 
> sssd_be consumed a lot of CPU and produced a lot of I/O in the sssd cache
> directory. After following https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/
> the problems did nod reappear.

btw even after the performance improvements we did in 1.14 we an issue
where even parsing the entries takes too long. What we did in 1.14 was
that if the entries didn't change compared to what is already in the
cache, then we skipped saving the full entry again just to bump the
timestamp. Making the parsing faster is planned for the next version.

(btw there was a bug where on upgrade, this new performance improvement
didn't take effect for objects that were already cached. Removing the
cache is a simple workaround and it's something we should fix soon in
the code..)