ipa-server-install and ipa-replica-install take a considerable time to complete. On a fast server with plenty resources a server installation takes about 5 minutes. On a slower system with less resources installation can take twice as long or even longer.
ipa-server-install
ipa-replica-install
My experiments have shown that it is possible to speed up installation with a series of small modifications. There are several low hanging fruits. Each change contributes a couple of seconds. Combined I see runtime reduction from roughly 5 minutes down to 3:30 minutes for ipa-server-install.
master:
Rob wrote:
Is migrate_profiles_ldap() needed at all then? It's executed as part of the upgrade. Speeding that up would be nice too.
From IRC discussion about LDAP profile migration during upgrade:
18:04 < ftweedal> cheimes: a thought about optimising the certprofile import during upgrade. Not going to bother with pseudocode or anything, but we can probably conclude that if *any* profiles are already in LDAP, then *all* are in LDAP, and short circuit the whole thing. 18:05 < ftweedal> cheimes: on a per-host basis, we could also set the "we did this step" flag so that the skip gets skipped on future upgrades and we don't have to contact Dogtag at all 18:06 < ftweedal> cheimes: for the "freeipa included profiles" we probably do want to continue managing them in the current way. 18:06 < ftweedal> or at least, that is something we can look at later - there are only a few of them so it is not as a big an issue
ipa-4-8:
Some numbers from a test installation on 1minutetip m1.large instance (8 GB RAM, 4x Intel Xeon Processor 2.7 GHz)
# rpm -qa freeipa-server freeipa-server-4.8.10-5.fc32.x86_64 # time ipa-server-install -p Secret123 -a Secret123 -r IPA.EXAMPLE -n ipa.example --no-ntp -U ... real 5m12,632s user 0m31,968s sys 0m6,665s
# curl http://freeipa-org-pr-ci.s3-website.eu-central-1.amazonaws.com/jobs/a26d8e50-11e0-11eb-b85e-fa163ee3281e/rpms/freeipa-prci.repo > /etc/yum.repos.d/freeipa-prci.repo # dnf update -y # rpm -qa freeipa-server freeipa-client-4.9.0.dev-0.fc32.x86_64 # time ipa-server-install -p Secret123 -a Secret123 -r IPA.EXAMPLE -n ipa.example --no-ntp -U ... real 3m20,871s user 0m29,771s sys 0m6,821s
On 1MT the installer spends a considerable amount of time waiting on DNS. With ipa-server-install -p Secret123 -a Secret123 -r IPA.EXAMPLE -n ipa.example --no-ntp --no-host-dns --setup-dns --auto-forwarders --no-dnssec-validation -U speedup is down to about 1 minute:
ipa-server-install -p Secret123 -a Secret123 -r IPA.EXAMPLE -n ipa.example --no-ntp --no-host-dns --setup-dns --auto-forwarders --no-dnssec-validation -U
freeipa-server-4.8.10-5.fc32.x86_64 real 4m19,641s user 0m33,342s sys 0m6,575s
freeipa-client-4.9.0.dev-0.fc32.x86_64 real 3m18,411s user 0m28,540s sys 0m6,327s
Closing as all linked PRs are already merged.
Metadata Update from @antorres: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.