subject:"\[Freeipa\-users\] Slowdowns in freeIPA 2.2.0"

[Freeipa-users] Slowdowns in freeIPA 2.2.0

2012-07-13 Thread Loris Santamaria

I have this test server with 8.000 entries, recently upgraded from 2.1.3
to 2.2.0 and I'm seeing some big slowdowns and I would like to know
where to look to debug them. The server is centos 6.3 with
ipa-server-2.2.0-16.el6.x86_64 and 389-ds-base-1.2.10.2-20.el6_3.x86_64

First of all in 2.2.0 ldapsearch with "-Y GSSAPI" is much slower than
using plain autentication:

# time ldapsearch -x uid=bdteg01662 dn
# extended LDIF
#
# LDAPv3
# base  (default) with scope subtree
# filter: uid=bdteg01662
# requesting: dn 
#

# bdteg01662, users, accounts, xxx.gob.ve
dn: uid=bdteg01662,cn=users,cn=accounts,dc=xxx,dc=gob,dc=ve

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

real0m0.006s
user0m0.001s
sys 0m0.003s

# time ldapsearch -Y GSSAPI uid=bdteg01662 dn
SASL/GSSAPI authentication started
SASL username: ad...@xxx.gob.ve
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base  (default) with scope subtree
# filter: uid=bdteg01662
# requesting: dn 
#

# bdteg01662, users, accounts, xxx.gob.ve
dn: uid=bdteg01662,cn=users,cn=accounts,dc=xxx,dc=gob,dc=ve

# search result
search: 4
result: 0 Success

# numResponses: 2
# numEntries: 1

real0m2.344s
user0m0.007s
sys 0m0.005s

As a consequence of this all of the ipa commands run a bit slow. But the
real slowdown is in the web interface, every search is terribly slow and
any search that returns more than 4 or 5 entries never completes, it
shows a dialogue that says just "Unknown error". In the dirsrv access
logs I see that the search completes in a short time and the apache
error log doesn't show any error whatsoever.

Note this is a test system, there are no other users of this server, and
the compat plugin is disabled.

-- 
Loris Santamaria   linux user #70506   xmpp:lo...@lgs.com.ve
Links Global Services, C.A.http://www.lgs.com.ve
Tel: 0286 952.06.87  Cel: 0414 095.00.10  sip:1...@lgs.com.ve

"If I'd asked my customers what they wanted, they'd have said
a faster horse" - Henry Ford


smime.p7s
Description: S/MIME cryptographic signature
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Slowdowns in freeIPA 2.2.0

2012-07-13 Thread Dmitri Pal

On 07/13/2012 11:46 AM, Loris Santamaria wrote:
> I have this test server with 8.000 entries, recently upgraded from 2.1.3
> to 2.2.0 and I'm seeing some big slowdowns and I would like to know
> where to look to debug them. The server is centos 6.3 with
> ipa-server-2.2.0-16.el6.x86_64 and 389-ds-base-1.2.10.2-20.el6_3.x86_64
>
> First of all in 2.2.0 ldapsearch with "-Y GSSAPI" is much slower than
> using plain autentication:
>
Hm. The only difference would be a new kerberos driver.
Please take a look at the KDC logs and see what is going on there.

> # time ldapsearch -x uid=bdteg01662 dn
> # extended LDIF
> #
> # LDAPv3
> # base  (default) with scope subtree
> # filter: uid=bdteg01662
> # requesting: dn 
> #
>
> # bdteg01662, users, accounts, xxx.gob.ve
> dn: uid=bdteg01662,cn=users,cn=accounts,dc=xxx,dc=gob,dc=ve
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> real  0m0.006s
> user  0m0.001s
> sys   0m0.003s
>
> # time ldapsearch -Y GSSAPI uid=bdteg01662 dn
> SASL/GSSAPI authentication started
> SASL username: ad...@xxx.gob.ve
> SASL SSF: 56
> SASL data security layer installed.
> # extended LDIF
> #
> # LDAPv3
> # base  (default) with scope subtree
> # filter: uid=bdteg01662
> # requesting: dn 
> #
>
> # bdteg01662, users, accounts, xxx.gob.ve
> dn: uid=bdteg01662,cn=users,cn=accounts,dc=xxx,dc=gob,dc=ve
>
> # search result
> search: 4
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> real  0m2.344s
> user  0m0.007s
> sys   0m0.005s
>
> As a consequence of this all of the ipa commands run a bit slow. But the
> real slowdown is in the web interface, every search is terribly slow and
> any search that returns more than 4 or 5 entries never completes, it
> shows a dialogue that says just "Unknown error". In the dirsrv access
> logs I see that the search completes in a short time and the apache
> error log doesn't show any error whatsoever.
>
> Note this is a test system, there are no other users of this server, and
> the compat plugin is disabled.
>

IPA in 2.2 uses memcached and session caching so web UI should be faster
than in earlier versions.
I wonder if the version of the memcached is misbehaving on CentOS 6.3.
Can you please provide mode details on that front?
Look at the httpd logs. There might be something that would give you
some hints about what is going on.

>
> ___
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

[Freeipa-users] Slowdowns in freeIPA 2.2.0

Re: [Freeipa-users] Slowdowns in freeIPA 2.2.0

2 matches

Site Navigation

Mail list logo

Footer information