I have always used FreeBSD to build petabyte scale ZFS-NFS servers for HPC.
This latest round involved NFSv4.2 and that FreeBSD to be enrolled into RedHAT IDM for auth. It was dog slow like I could not believe, and kept spewing a slurry of errors. Without having the luxury of time to solve all the issues, we ended up going with RedHat EL 9 purely to avoid the slowness from IDM integration.
I hope someone else has the time to figure out the issues with IPA integration in FreeBSD.
I know I sound entitled expecting a pkg install ipa-client
Without doing any of the work. But, my point of writing here is merely to highlight a problem that others who are in much better position that I am to fix it can take a look.
I'm confused. Getting IPA integration looks relatively straightforward. You need to make sure that the FreeBSD packages have certain integrations enabled. If you aren't happy with the default package settings, you can raise that with the maintainer
It's easy to change the package settings anyway. You can do this if you manually build them yourself using something like portmaster for a one-off server, or run your own package and build server with poudriere, if its for a cluster of servers.
Sorry for the less useful rant. Yes, we are integrating with IPA for just uid/gid mappings.
From the little time we got to debug before giving up, FreeBSD was fast and working as usual before IPA client enrolment was done.
We tried NFSv3 (with separate lockd) and NFSv4.2 both only performing at about 20% the throughput of what we currently get out of ZFS on Linux. Both ZFS versions being the same. ZFS-2.1
It felt like we were in uncharted waters with the IPA client and gave up instead of fixing the problems.
Unfortunately, it is going to stay mystically weird. We moved away to Linux in the interest of time. Yes, directory integration killed performance to unbearable levels. But, the fact that directory integration felt put together through uncharted channels in the first place made us not to waste time on it anymore.
It's basically still the only game in town for a high performance shared posix filesystem with multiple writers and builtin support in basically all operating systems.
As an application developer, I probably wouldn't choose to design a system that needed it.
The NFS 4.2 spec was released late 2016. Whats your newfangled alternative? Some cloud service (other guys computer) that runs a bunch of actual tech (like NFS) behind the scenes?
Beneath the layers of containers, rest-api's, js frameworks and web interfaces, there's someone that makes use of serious stuff.
NFS scales and operates incredibly well however it has constraints.
Like any tool, it has its appropriate uses.
Why would you exclude a useful tool from your arsenal because of perceived downsides that are easy to hide from the layer above with appropriate system design?
This latest round involved NFSv4.2 and that FreeBSD to be enrolled into RedHAT IDM for auth. It was dog slow like I could not believe, and kept spewing a slurry of errors. Without having the luxury of time to solve all the issues, we ended up going with RedHat EL 9 purely to avoid the slowness from IDM integration.
I hope someone else has the time to figure out the issues with IPA integration in FreeBSD.
Have a look at what it means to get FreeIPA client running on FreeBSD. https://vermaden.wordpress.com/2022/11/17/connect-freebsd-fr...
:-(
I know I sound entitled expecting a pkg install ipa-client Without doing any of the work. But, my point of writing here is merely to highlight a problem that others who are in much better position that I am to fix it can take a look.