I have been slowly rolling out FreeIPA to my systems, trying to track differences/changes. One of the most noticeable has been a large slow down in file access times.
Let me explain as best as I can. I use AIDE to track the file system (think tripwire) and it runs checks once a day. During these checks it is scanning (almost) the entire file system and comparing it to a stored database. On a moderately powered system with ~151k files, an AIDE run will usually take ~30 minutes. After the system becomes an IPA client the same run will generally take ~90-120 minutes. Un-install the ipa-client, back to ~30 minutes for an AIDE run. Now clearly a lot of lookups are being done for user names and group names, and this will have a performance hit that is dependant on the network. However, the odd thing is that even when running on the IPA server itself the slowdown is still the same. Not sure if this is an IPA problem, an SSSD problem, a bit of both, or neither, perhaps it is just the way it is, but a slowdown of 3-4x seems a bit much to me. Clearly the results are not scientific, however, they have been generally reproducible since I started rolling IPA out. As a side note this slowdown has also broken bacula backups, as the bacula client is scanning the filesystem for change (using accurate backups) the director times out. Any thoughts, or opinions? Workarounds etc? I have checked to make sure that SSSD caching is enabled, and functional. Thanks, -Erinn
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
