Hide Forgot
Server performance has improved in many areas Some operations in Identity Management run much faster now. For example, this enhancement enables better scalability in large deployments exceeding 50,000 users and hosts. Most notably, the improvements include: * Faster adding of users and hosts * Faster Kerberos authentication for all commands * Faster execution of the "ipa user-find" and "ipa host-find" commands For information on how to reduce the time required for provisioning of a large number of entries, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#performance-tuning Note that to make the find operations faster, the "ipa *-find" commands no longer show membership by default. To display the membership, add the "--all" option to "ipa *-find" or, alternatively, use the "ipa *-show" commands.
At the moment, IPA performance is not great in large environments. E.g. user-add becomes the slower the more users exist or ipa-extom-plugin can exhaust DS worker threads if DS server is flooded with "IPA trusted domain ID mapper" extop operations. More use cases and testing details will be added and specified in more details to determine the scope of this RFE.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5597
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5599
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5448
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5788
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5802
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5866
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5914
https://fedorahosted.org/freeipa/ticket/5802 was unlinked. It requires bigger changes in member of plugin and therefore it is out of scope of 4.4 release.
5597 was closed as invalid.
master: https://fedorahosted.org/freeipa/changeset/8e3b7b24c1bec5b7e2519e7c9466e3c336f9a409
Ticket https://fedorahosted.org/freeipa/ticket/5788 won't be addressed in scope of this bz.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/6098
Certificate issues ticket #6098 were found. Should be this moved back to assigned? (Nothing prevents QA to test other parts (users, hosts, provisioning))
Upstream ticket: https://fedorahosted.org/freeipa/ticket/6100
Upstream ticket: https://fedorahosted.org/freeipa/ticket/6118
LGTM, thank you
*** Bug 1360810 has been marked as a duplicate of this bug. ***
Several bug found upstream, moving to assigned
Fixed slow user-add (regression caused by kerberos aliases feature in 4.4) upstream master: https://fedorahosted.org/freeipa/changeset/807702c986976ade8005ec344fcd827f70b2ba2f
master: https://fedorahosted.org/freeipa/changeset/c718ef058847bb39e78236e8af0ad69ac961bbcf
IPA-server version: ipa-server-4.4.0-12.el7.x86_64 ENVIRONMENT: ------------ 1. VM 2. RAM: 4GB RAM 3. Processor: 8 4. Tuned as per the details mentioned at: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/bulk-provisioning.html 5. Data population script: https://github.com/freeipa/freeipa-tools/blob/master/create-test-data.py Steps: 1. Setup IPA on RHEL 7.3. 2. Save the create-test-data.py to the machine and create ldif file using this python script. # python create-test-data.py > my.ldif Tune the machine as per the details. 3. Once done, capture the details at regular intervals for respective commands such that the each command is run 10 times and the avg time is taken into account. Observations: Using the setup and steps above following are the observations: --------------------------------------------------------------------- Task 7.3 7.2 Diff (7.3 – 7.2) (seconds) --------------------------------------------------------------------- User-add 5.03 9.62 -4.59 User-find 4.35 8.71 -4.36 User-show 3.06 8.8 -5.74 Host-add 59.73 76.38 -16.65 Host-find 61.13 80.23 -19.1 Host-show 50.99 79.1 -28.11 Group-add 3.34 5.65 -2.31 Group-find 3.72 4.97 -1.25 Group-show 2.91 3.95 -1.04 Hostgroup-add 3.69 4.63 -0.94 Hostgroup-find 4.57 5.62 -1.05 Hostgroup-show 2.6 5.11 -2.51 Sudorule-add 3.49 3.62 -0.13 Sudorule-find 6.56 7.23 -0.67 Sudorule-show 2.58 5.26 -2.68 Hbacrule-add 3.34 3.4 -0.06 Hbacrule-find 7.02 9.13 -2.11 Hbacrule-show 2.58 5.63 -3.05 Thus, it is noticed that there is a significant improvement in IPA 7.3 command execution. Thus marking the status of bug to "VERIFIED".
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html