LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 12-27-2020, 07:44 PM   #1
tchen003
LQ Newbie
 
Registered: Jun 2019
Posts: 4

Rep: Reputation: Disabled
Slowness after install FreeIPA on CentOS7


I follow below guide to install FreeIPA

Question 1: the install failed at below stage. I have already turned off firewall and selinux. Any advice why requesting to CA got no response?

Code:
  [12/30]: requesting RA certificate from CA
  [error] RuntimeError: request timed out
ipapython.admintool: ERROR    request timed out
ipapython.admintool: ERROR    The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
Killed
[root@ipa ~]#
Question 2: my server is becoming very slow. It take 5 seconds to print out the current time. Any advice?

Code:
[root@ipa ~]# time date
Sun Dec 27 20:20:03 EST 2020

real    0m5.143s
user    0m0.000s
sys     0m0.009s
[root@ipa ~]#
Reference: https://medium.com/@iced_burn/instal...s-7-9dd7d3d611

Last edited by tchen003; 12-27-2020 at 07:45 PM. Reason: forgot to include tags
 
Old 12-28-2020, 01:06 AM   #2
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316

Rep: Reputation: 1994Reputation: 1994Reputation: 1994Reputation: 1994Reputation: 1994Reputation: 1994Reputation: 1994Reputation: 1994Reputation: 1994Reputation: 1994Reputation: 1994
Quote:
Originally Posted by tchen003 View Post
Question 1: the install failed at below stage. I have already turned off firewall and selinux. Any advice why requesting to CA got no response?
See /var/log/ipaserver-install.log for more information.
Quote:
Question 2: my server is becoming very slow. It take 5 seconds to print out the current time. Any advice?
I would start with strace to find out which system call(s) are likely at the root of this behaviour.

The five seconds look suspiciously like the five seconds it takes to get an SSH shell prompt when DNS resolution is not set up correctly, but I can't come up with a good reason for date to use DNS. On the other hand, bad DNS configuration might well cause the CA access to fail, however this is pure speculation. Therefore check the log (which is what you should do in all troubleshooting scenarios - that's what logs are for).

Last edited by berndbausch; 12-28-2020 at 01:12 AM. Reason: Added the last oaragraph.
 
Old 01-02-2021, 05:27 PM   #3
bgstack15
Member
 
Registered: Jul 2017
Distribution: korora
Posts: 90

Rep: Reputation: Disabled
Agreed on the DNS resolution issue. Although in my experience, it doesn't even have to be ssh. It could be the system trying to look itself up. So, for example, if your hostname is "ipa," then it's possible that the /etc/hosts was munged, as well as /etc/resolv.conf so that all listed resolvers, and the /etc/hosts entry, for "ipa" (unqualified) fails to return any value, or a bad value.

In a (Kerberos) domain situation such as FreeIPA or Active Directory, a Linux system really should get back as its IP address for its own hostname as its public IP address and not loopback. I had to hard-code these values into /etc/hosts in one of my environments, because dns sucked (don't ask). That is, for host server12345vm, I put into /etc/hosts the string "192.168.11.5 server12345vm.example.com server12345vm" where 192.168.11.5 was my public (relatively speaking) IP address.
If I had put "127.0.0.1 server12345vm.example.com" which is the default, into /etc/hosts, then my Kerberos auth would not work.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Any problem if I install CENTOS7 Workstation over CENTOS7 Server? Rich Strebendt Linux - Software 5 05-03-2018 11:05 PM
FreeIPA Centos7 fails after first reboot due to 389dir service crashing jessedalestacey Linux - Server 1 08-27-2015 10:15 AM
FreeIPA Install on CentOS 7 - "Cannot contact any KDC" chrischarles2002 Linux - Server 3 08-24-2015 03:00 AM
Freeipa vs Samba4 : will Redhat dump freeipa in favor of Samba4? exodius Linux - Enterprise 1 12-16-2013 02:16 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 09:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration