[Freeipa-users] FreeIPA 3.3 performance issues with many hosts
Rich Megginson
rmeggins at redhat.com
Thu Oct 1 20:23:34 UTC 2015
On 10/01/2015 01:52 PM, Rob Crittenden wrote:
> Dominik Korittki wrote:
>> Hello folks,
>>
>> I am running two FreeIPA Servers with around 100 users and around 15.000
>> hosts, which are used by users to login via ssh. The FreeIPA servers
>> (which are Centos 7.0) ran good for a while, but as more and more hosts
>> got migrated to serve as FreeIPA hosts, it started to get slow and
>> unstable.
>>
>> For example, its hard to maintain hostgroups, which have more than 1.000
>> hosts. The ipa host-* commands are getting slower as the hostgroup
>> grows. Is this normal?
> You mean the ipa hostgroup-* commands? Whenever the entry is displayed
> (show and add) it needs to dereference all members so yes, it is
> understandable that it gets somewhat slower with more members. How slow
> are we talking about?
>
>> We also experience random dirsrv segfaults. Here's a dmesg line from the
>> latest:
>>
>> [690787.647261] traps: ns-slapd[5217] general protection ip:7f8d6b6d6bc1
>> sp:7f8d3aff2a88 error:0 in libc-2.17.so[7f8d6b650000+1b6000]
> You probably want to start here:
> http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes
>
and
debuginfo-install ipa-server slapi-nis
in addition to the other packages
>> Nothing in /var/log/dirsrv/slapd-INTERNAL/errors, which relates to the
>> problem.
>> I'm thinking about migrating to latest CentOS 7 FreeIPA 4, but does that
>> solve my problems?
>>
>> FreeIPA server version is 3.3.3-28.el7.centos
>> 389-ds-base.x86_64 is 1.3.1.6-26.el7_0
>>
>>
>>
>> Kind regards,
>> Dominik Korittki
>>
More information about the Freeipa-users
mailing list