I have been slowly rolling out FreeIPA to my systems, trying to track
differences/changes. One of the most noticeable has been a large slow
down in file access times.

Let me explain as best as I can. I use AIDE to track the file system
(think tripwire) and it runs checks once a day. During these checks it
is scanning (almost) the entire file system and comparing it to a stored
database. On a moderately powered system with ~151k files, an AIDE run
will usually take ~30 minutes. After the system becomes an IPA client
the same run will generally take ~90-120 minutes. Un-install the
ipa-client, back to ~30 minutes for an AIDE run.

Now clearly a lot of lookups are being done for user names and group
names, and this will have a performance hit that is dependant on the
network. However, the odd thing is that even when running on the IPA
server itself the slowdown is still the same.

Not sure if this is an IPA problem, an SSSD problem, a bit of both, or
neither, perhaps it is just the way it is, but a slowdown of 3-4x seems
a bit much to me. Clearly the results are not scientific, however, they
have been generally reproducible since I started rolling IPA out.

As a side note this slowdown has also broken bacula backups, as the
bacula client is scanning the filesystem for change (using accurate
backups) the director times out.

Any thoughts, or opinions? Workarounds etc? I have checked to make sure
that SSSD caching is enabled, and functional.



Attachment: signature.asc
Description: OpenPGP digital signature

Freeipa-users mailing list

Reply via email to