Hi
I'm not sure this is quite the right place to post this query, but the
problem is provoked by starting the ipa server so hopefully someone on
the list might have encountered and resolved the issue already.
This on a fully updated Redhat 7.2 system.
Once I have my ipa server started I'm finding that non-kerberised nfs4
mounts of a filesystem from a host that is not an ipa client are very
slow. Typically it takes 4-5 seconds for the mount operation to complete.
The nfs server is exporting the filesystem with the option sec=sys in
/etc/exports.
I testing the mount speed with the mount command (so no autofs involved)
and specifying the client address by ipv4 number (so no name lookups).
I can reduce the delay to 2-3 seconds by specifying -o sec=sys on the
mount line, but this too is very slow.
The following causes mounts to happen at full speed, ie less than 0.1
sec elapsed:
1) Using mount option -o vers=3 (nfs v3)
2) Turning off the nfs-secure service (stops rpc.gssd)
3) Turning off the ipa server (ipactl stop)
On my Redhat 6.7 testing ipa server the nfsv4 mounts also comlplete in
under 0.1 sec so this seems to be an RHEL7 change.
In /var/log/messages there are lots of messages like this:
gssproxy: gssproxy[790]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS
failure. Minor code may provide more information, No credentials cache
found
but they come out whether the nfs mounts are slow or quick.
Does anyone else see this or have any ideas on how to speed up the nfs
v4 mount on Redhat 7 when the ipa server is running?
Thanks
Roderick Johnstone
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
