Recently i've migrated our SVN server (virtual machine) from C6 to C7
(more precisely - migrated data to freshly installed virtual machine).
And we have problem with very slow authentication. Server is configured
with SSSD, user data are fetching from our LDAP server. SVN is
configured with apache (pwauth for authentication + LDAP search for
Require ldap-group).
It takes pwauth even 10 seconds to authenticate. Whet it comes to svn's
externals it could take as long as 9 minutes to _svn up_ project (when
there are no commits to fetch). Every external may take even 15 seconds
(and sometimes even more).
SSSD was configured at first with authconfig / authconfig-tui.
I was struggling with SSSD configuration but with no success. I'm not
sure where to look (SSSD, apache?). How can i debug this issue?
sssd.conf:
[domain/default]
autofs_provider = ldap
cache_credentials = True
krb5_realm = #
ldap_search_base = ou=Main,o=company
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://ldap.our.domain/
ldap_group_search_base = ou=Group,ou=Main,o=company
ldap_user_search_base = ou=People,ou=Main,o=company
ldap_id_use_start_tls = False
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_reqcert = allow
#debug_level = 4
refresh_expired_interval = 120
enumerate = True
ldap_referrals = False
[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = default
[nss]
homedir_substring = /home
entry_cache_timeout = 5400
[pam]
pam_id_timeout=20
apache:
LDAPCacheTTL 30
<VirtualHost 10.0.32.19:80>
ErrorLog logs/svn_http_error_log
CustomLog logs/svn_http_access_log "%t %u %{SVN-ACTION}e"
env=SVN-ACTION
ServerName svn.our.domain
DirectoryIndex none
DefineExternalAuth pwauth pipe /usr/bin/pwauth
#AddExternalGroup unixgroup /usr/sbin/unixgroup
#SetExternalGroupMethod unixgroup environment
<Location />
SVNPathAuthz off
DAV svn
SVNPath /home/repos/subversion_free_avr
AuthBasicAuthoritative off
AuthBasicProvider socache external
AuthExternal pwauth
AuthnCacheProvideFor external
AuthType Basic
AuthName "Subversion repository"
AuthLDAPURL ldap://ldap.our.domain/ou=Main,o=company
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=programmers,ou=group,ou=main,o=company
#GroupExternal unixgroup
#Require group programmers
#Require valid-user
#AuthzSVNAccessFile /home/repos/svn.access
</Location>
</VirtualHost>
On same server we have redmine (with database on separate server and
LDAP auth) and git repositories (with gitbucket as frontend, also LDAP
auth) but those repos aren't extensively used right now. Redmine works
not-so-bad, so i guess it is not overall server performance issue.
Disks performance (measured under normal workload):
[root at luah pam.d]# hdparm -tT /dev/vda
/dev/vda: (system)
Timing cached reads: 11412 MB in 2.00 seconds = 5710.28 MB/sec
Timing buffered disk reads: 522 MB in 3.63 seconds = 143.79 MB/sec
[root at luah pam.d]# hdparm -tT /dev/vdd
/dev/vdd: (/home where all data resides)
Timing cached reads: 10020 MB in 2.00 seconds = 5013.17 MB/sec
Timing buffered disk reads: 172 MB in 3.20 seconds = 53.73 MB/sec
It's comparable with other our VMs.
Any ideas?
--
Over And Out
MoonWolf