Bug 1298288
| Summary: | [RFE] Improve performance in large environments. | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Petr Vobornik <pvoborni> | |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | |
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> | |
| Severity: | medium | Docs Contact: | Aneta Šteflová Petrová <apetrova> | |
| Priority: | high | |||
| Version: | 7.2 | CC: | mbasti, mkosek, ndehadra, rcritten, tbordaz | |
| Target Milestone: | rc | Keywords: | FutureFeature | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | ipa-4.4.0-8.el7 | Doc Type: | Release Note | |
| Doc Text: |
Server performance has improved in many areas
Some operations in Identity Management run much faster now. For example, this enhancement enables better scalability in large deployments exceeding 50,000 users and hosts. Most notably, the improvements include:
* Faster adding of users and hosts
* Faster Kerberos authentication for all commands
* Faster execution of the "ipa user-find" and "ipa host-find" commands
For information on how to reduce the time required for provisioning of a large number of entries, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#performance-tuning
Note that to make the find operations faster, the "ipa *-find" commands no longer show membership by default. To display the membership, add the "--all" option to "ipa *-find" or, alternatively, use the "ipa *-show" commands.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 1351239 (view as bug list) | Environment: | ||
| Last Closed: | 2016-11-04 05:49:12 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1138797, 1196958, 1301901 | |||
| Bug Blocks: | 1292074, 1296125, 1313485, 1351239 | |||
|
Description
Petr Vobornik
2016-01-13 16:22:05 UTC
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5597 Upstream ticket: https://fedorahosted.org/freeipa/ticket/5599 Upstream ticket: https://fedorahosted.org/freeipa/ticket/5448 Upstream ticket: https://fedorahosted.org/freeipa/ticket/5788 Upstream ticket: https://fedorahosted.org/freeipa/ticket/5802 Upstream ticket: https://fedorahosted.org/freeipa/ticket/5866 Upstream ticket: https://fedorahosted.org/freeipa/ticket/5914 https://fedorahosted.org/freeipa/ticket/5802 was unlinked. It requires bigger changes in member of plugin and therefore it is out of scope of 4.4 release. 5597 was closed as invalid. Ticket https://fedorahosted.org/freeipa/ticket/5788 won't be addressed in scope of this bz. Upstream ticket: https://fedorahosted.org/freeipa/ticket/6098 Certificate issues ticket #6098 were found. Should be this moved back to assigned? (Nothing prevents QA to test other parts (users, hosts, provisioning)) Upstream ticket: https://fedorahosted.org/freeipa/ticket/6100 Upstream ticket: https://fedorahosted.org/freeipa/ticket/6118 LGTM, thank you *** Bug 1360810 has been marked as a duplicate of this bug. *** Several bug found upstream, moving to assigned Fixed slow user-add (regression caused by kerberos aliases feature in 4.4) upstream master: https://fedorahosted.org/freeipa/changeset/807702c986976ade8005ec344fcd827f70b2ba2f IPA-server version: ipa-server-4.4.0-12.el7.x86_64 ENVIRONMENT: ------------ 1. VM 2. RAM: 4GB RAM 3. Processor: 8 4. Tuned as per the details mentioned at: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/bulk-provisioning.html 5. Data population script: https://github.com/freeipa/freeipa-tools/blob/master/create-test-data.py Steps: 1. Setup IPA on RHEL 7.3. 2. Save the create-test-data.py to the machine and create ldif file using this python script. # python create-test-data.py > my.ldif Tune the machine as per the details. 3. Once done, capture the details at regular intervals for respective commands such that the each command is run 10 times and the avg time is taken into account. Observations: Using the setup and steps above following are the observations: --------------------------------------------------------------------- Task 7.3 7.2 Diff (7.3 – 7.2) (seconds) --------------------------------------------------------------------- User-add 5.03 9.62 -4.59 User-find 4.35 8.71 -4.36 User-show 3.06 8.8 -5.74 Host-add 59.73 76.38 -16.65 Host-find 61.13 80.23 -19.1 Host-show 50.99 79.1 -28.11 Group-add 3.34 5.65 -2.31 Group-find 3.72 4.97 -1.25 Group-show 2.91 3.95 -1.04 Hostgroup-add 3.69 4.63 -0.94 Hostgroup-find 4.57 5.62 -1.05 Hostgroup-show 2.6 5.11 -2.51 Sudorule-add 3.49 3.62 -0.13 Sudorule-find 6.56 7.23 -0.67 Sudorule-show 2.58 5.26 -2.68 Hbacrule-add 3.34 3.4 -0.06 Hbacrule-find 7.02 9.13 -2.11 Hbacrule-show 2.58 5.63 -3.05 Thus, it is noticed that there is a significant improvement in IPA 7.3 command execution. Thus marking the status of bug to "VERIFIED". Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html |