On ma, 08 maalis 2021, Dominik Vogt via FreeIPA-users wrote:
Installing the ipa-server on our VMs takes about 13 to 14 minutes.
We have to do this often during development. Stupid question: Is
there a way to speed this up substantially? More memory, more
CPUs or whatever?
You can start by investigating which step takes most time.
We collect such statistics in Azure Pipelines in upstream CI with the
following small grep:
grep 'service duration:' /var/log/ipaserver-install.log | sed -e 's/DEBUG
//g'
For example, recent git master run does have following results:
2021-03-08T07:43:51.1097753Z 1 [2021-03-08 07:43:50] + ipa-server-install -U --domain
ipa.test --realm IPA.TEST -p Secret123 -a Secret123 --setup-dns --setup-kra
--auto-forwarders
[...]
2021-03-08T07:52:18.6298249Z 1 [2021-03-08 07:52:17] The ipa-server-install command was
successful
2021-03-08T07:52:18.6298977Z 1 [2021-03-08 07:52:18] + install_result=0
[...]
E.g. it takes around 8 minutes 27 seconds. If we look at individual
steps, then CA+KRA deployment needs good chunk of that time (157 + 166
seconds).
2021-03-08T07:52:18.6305973Z 1 [2021-03-08 07:52:18] + echo 'Installation complete.
Performance of individual steps:'
2021-03-08T07:52:18.6306790Z 1 [2021-03-08 07:52:18] Installation complete. Performance of
individual steps:
2021-03-08T07:52:18.6307490Z 1 [2021-03-08 07:52:18] + sed -e 's/DEBUG //g'
2021-03-08T07:52:18.6308203Z 1 [2021-03-08 07:52:18] + grep 'service duration:'
/var/log/ipaserver-install.log
2021-03-08T07:52:18.6308965Z 1 [2021-03-08 07:52:18] 2021-03-08T07:44:18Z service
duration: dirsrv 15.85 sec
2021-03-08T07:52:18.6309759Z 1 [2021-03-08 07:52:18] 2021-03-08T07:44:20Z service
duration: krb5kdc 2.69 sec
2021-03-08T07:52:18.6310536Z 1 [2021-03-08 07:52:18] 2021-03-08T07:44:21Z service
duration: kadmin 0.62 sec
2021-03-08T07:52:18.6311324Z 1 [2021-03-08 07:52:18] 2021-03-08T07:44:23Z service
duration: ipa-custodia 2.23 sec
2021-03-08T07:52:18.6312121Z 1 [2021-03-08 07:52:18] 2021-03-08T07:47:00Z service
duration: pki-tomcatd 157.07 sec
2021-03-08T07:52:18.6312927Z 1 [2021-03-08 07:52:18] 2021-03-08T07:47:16Z service
duration: dirsrv 15.68 sec
2021-03-08T07:52:18.6313843Z 1 [2021-03-08 07:52:18] 2021-03-08T07:47:46Z service
duration: ipa-otpd 0.69 sec
2021-03-08T07:52:18.6315109Z 1 [2021-03-08 07:52:18] 2021-03-08T07:47:54Z service
duration: httpd 7.99 sec
2021-03-08T07:52:18.6315980Z 1 [2021-03-08 07:52:18] 2021-03-08T07:48:02Z service
duration: krb5kdc 7.56 sec
2021-03-08T07:52:18.6316857Z 1 [2021-03-08 07:52:18] 2021-03-08T07:48:19Z service
duration: dirsrv 16.69 sec
2021-03-08T07:52:18.6317865Z 1 [2021-03-08 07:52:18] 2021-03-08T07:51:06Z service
duration: pki-tomcatd 166.42 sec
2021-03-08T07:52:18.6318843Z 1 [2021-03-08 07:52:18] 2021-03-08T07:51:52Z service
duration: named 6.08 sec
2021-03-08T07:52:18.6319818Z 1 [2021-03-08 07:52:18] 2021-03-08T07:51:59Z service
duration: ipa-dnskeysyncd 3.75 sec
IPA needs to generate a lot of keys and that needs good randomness.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland