[Freeipa-users] caching of lookups / performance problem
Jakub Hrozek
jhrozek at redhat.com
Wed Feb 1 07:55:26 UTC 2017
On Tue, Jan 31, 2017 at 08:05:18PM +0000, Sullivan, Daniel [CRI] wrote:
> Hi,
>
> I figured out what was going on with this issue. Basically cache timeouts were causing a large number of uid numbers in an arbitrarily-timed directory listing to have expired cache records, which causes those records to be looked up again by the data provider (and thus blocking ‘ls -l’). To work around this issue now we currently setting the entry_cache_timeout to something arbitrarily high, i.e. 999999, I’m questioning whether or not this is the best approach. I’d like to use something like refresh_expired_interval, although based on my testing it appears that this does not update records for a trusted AD domain. I’ve also tried using enumeration, and that doesn’t seem to work either.
>
> I suppose my question is this; is there a preferred method to keep cache records up-to-date for a trusted AD domain? Right now I am thinking about cron-tabbing an ‘ls -l’ of /home and allowing entry_cache_nowait_percentage to fill this function, although that seems hacky to me.
>
> Any advisement that could be provided would be greatly appreciated.
Hi,
If the entries are requested reasonably often (typically at least once
per cache lifetime), then maybe just lowering the
'entry_cache_nowait_percentage' value so that the background check is
performed more often might help.
More information about the Freeipa-users
mailing list