Thanks for the info, Tomas.
I will definitely try this one out! Couldn’t wait for it to be released
for CentOS if it really does what the changes you mentioned describe :-)
We would like to have hostgroup of 10.000 hostmembers or even more in
one group. We currently split these group into multiple smaller groups
with max 1000 members, because adding, modifying or removing a members
of a large group (~7k hostmembers) takes around 7 seconds (removing one
host from the group alone).
Kind regards,
Dominik Korittki
Am 05.10.2015 um 13:16 schrieb Tomas Babej:
On 10/01/2015 05:06 PM, Dominik Korittki wrote:
Hello folks,
I am running two FreeIPA Servers with around 100 users and around 15.000
hosts, which are used by users to login via ssh. The FreeIPA servers
(which are Centos 7.0) ran good for a while, but as more and more hosts
got migrated to serve as FreeIPA hosts, it started to get slow and
unstable.
For example, its hard to maintain hostgroups, which have more than 1.000
hosts. The ipa host-* commands are getting slower as the hostgroup
grows. Is this normal?
We also experience random dirsrv segfaults. Here's a dmesg line from the
latest:
[690787.647261] traps: ns-slapd[5217] general protection ip:7f8d6b6d6bc1
sp:7f8d3aff2a88 error:0 in libc-2.17.so[7f8d6b650000+1b6000]
Nothing in /var/log/dirsrv/slapd-INTERNAL/errors, which relates to the
problem.
I'm thinking about migrating to latest CentOS 7 FreeIPA 4, but does that
solve my problems?
FreeIPA server version is 3.3.3-28.el7.centos
389-ds-base.x86_64 is 1.3.1.6-26.el7_0
Kind regards,
Dominik Korittki
Hi Dominik,
performance issues are a known problem, there has been some work to
improve the performance with respect to large groups:
11bd9d96f191066f7ba760549f00179c128a9787
efcd48ad01a39a67f131a2cea9d54771642222fb
These improvements are in FreeIPA 4.2 only, however, which has not been
released for CentOS7 as of now. You may try to play with FreeIPA 4.2 on
Fedora, see https://copr.fedoraproject.org/coprs/mkosek/freeipa-4.2/.
HTH,
Tomas
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
