There are few hard rules for sizing of an IPA server but with a CA at least 2 GB of RAM is necessary to avoid constant swapping and chance of failure during installation and service restarts.
The solution needs to support bare metal, VM and container installations.
cgroup should be able to detect low memory situations for the container case but both v1 and v2 must be supported.
For bare metal and VM cases reading installed memory should be sufficient.
We already strongly discourage running other services on an IPA server so we will have to assume that any free memory will remain free and available for a new IPA installation.
The installer will check this available memory and fail with a description of the current condition and how much RAM is available. An installer override option will be necessary to allow a user to forge ahead.
The amount of memory required should be conditioned on the services being configured. This will also need to be considered when services are added post-installation (CA and DNS).
I wanted to get some baselines to see what the absolute minimum install RAM is so I created a F32 vagrant VM (libvirt) using the cloud image.
I was able to successfully install IPA + CA + DNS in 1280 of RAM, no swap. This was...unexpected.
Granted this is likely not at all useful but I was able to do some minor commands and generate a cert so the basics work.
So maybe 2GB is a reasonable minimum for VRAM + swap (free).
I haven't even looked at the restrictions in a container yet. It would be ideal to use the same API for both but it appears that psutil doesn't understand cgroups and will only report on host memory.
Metadata Update from @rcritten: - Issue assigned to rcritten
https://github.com/freeipa/freeipa/pull/5067
I decided to ignore swap. If you are so RAM tight that you want to include swap then fine but you'll need to skip the memory check.
master:
ipa-4-8:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @abbra: - Custom field changelog adjusted to FreeIPA server now requires at least 1.2 GiB RAM for installation to prevent performance degradation.
ipa-4-9:
This was implemented, but without the discussed override. I think I'll implement it, because it's causing me some grief on my dev VMs.
Nevermind, the override is implemented (--skip-mem-check) but was not adequately documented. I will file a PR to address that.
--skip-mem-check
https://github.com/freeipa/freeipa/pull/6350
ipa-4-10:
Login to comment on this ticket.