On (06/04/17 11:06), Ronald Wimmer wrote: >On 2017-04-04 11:19, Jakub Hrozek wrote: >> On Tue, Apr 04, 2017 at 09:51:04AM +0200, Ronald Wimmer wrote: >> > Hi, >> > >> > my IPA master has an AD trust (several thousand users). Since the trust has >> > been set up I am experiencing that I cannot login on the web interface. >> > Even >> > connecting via SSH does not work or takes extremely long. When I managed to >> > log in as root via SSH (after waiting and trying several times or rebooting >> > the machine) I could not restart SSSD (systemctl restart sssd). I had to >> > kill the SSSD processes manually and then everything seemed to work fine >> > again. >> > >> > What could be going on? Could the SSSD cache be to big (122M)? Where should >> > I take a deeper look? >> > >> > Any hints are highly appreciated! >> SSSD logs that capture the problem are always a good start. >> >I found out that the CPU was quite busy (sssd_be process) and that there was >a lot I/O in the cache directory. So I upgraded from 1 to 4 virtual CPUs and >followed your recommendations regarding large deployments: >https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/ > >No problems so far... > May I ask which version of sssd do you use?
LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project