FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Edubuntu Development

 
 
LinkBack Thread Tools
 
Old 11-18-2007, 06:31 PM
Gavin McCullagh
 
Default [K12OSN] LDAP timeout question

Hi Jim,

On Fri, 16 Nov 2007, Jim Kronebusch wrote:

> Each application opened thereafter uses 1 more open file under the
> openldap user. These files remain open for the openldap user until the
> user session is terminated. So if one student logged on to every client
> in my network and opened both Firefox and OpenOffice, openldap would have
> 18 files opened per user across 108 clients. Now this is the part I can
> figure out easily, 108 users x 18 open files per user equals 1944 open
> file for the openldap user. The default open file limit per user under
> Edubuntu feisty is 1024,

This is good stuff to know about, thanks.

I know we've been over this before, but do you commonly have 108 concurrent
users on a single thin client server? That's pretty impressive. If you
haven't done it already, a short document briefly detailing the hardware
specs and the various tweaks you've needed would make very interesting
reading. Do they all use sound?

> I then decided I never want to see this error again, so I set the following in
> /etc/security/limits.conf:
>
> * soft nofile 4096
> * hard nofile 4096

Seems reasonable enough, though would it be as effective and a little more
prudent to do:

openldap soft nofile 4096
openldap hard nofile 4096

4096 files per user in general seems an awful lot and might allow users to
do nasty things to your system.

> If this works, I think there is a huge flaw with the maximum open file
> limit and the default configuration of OpenLDAP when used in a thin
> client environment.

The question is whether it should be fixed or if this is really just
"tuning" that should be documented for big systems. For example, the
default install of Postgresql sets limits which will not work when you go
above 20 users on a web application. It's expected that if you run it in
large scale production, you learn how to tune it for production use. Given
the number of users you have, I think it's fair to say you're a big
production user.

Right now, edubuntu doesn't use openldap, so it probably doesn't make sense
for edubuntu to change this limit. There can be very few system users
which would ever need this number of open files. Openldap could perhaps add
the above lines specific to itself in limits.conf (assuming it works!).
You could ask the openldap package maintainers.

Gavin


--
edubuntu-devel mailing list
edubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
 
Old 11-18-2007, 06:31 PM
Gavin McCullagh
 
Default [K12OSN] LDAP timeout question

Hi Jim,

On Fri, 16 Nov 2007, Jim Kronebusch wrote:

> Each application opened thereafter uses 1 more open file under the
> openldap user. These files remain open for the openldap user until the
> user session is terminated. So if one student logged on to every client
> in my network and opened both Firefox and OpenOffice, openldap would have
> 18 files opened per user across 108 clients. Now this is the part I can
> figure out easily, 108 users x 18 open files per user equals 1944 open
> file for the openldap user. The default open file limit per user under
> Edubuntu feisty is 1024,

This is good stuff to know about, thanks.

I know we've been over this before, but do you commonly have 108 concurrent
users on a single thin client server? That's pretty impressive. If you
haven't done it already, a short document briefly detailing the hardware
specs and the various tweaks you've needed would make very interesting
reading. Do they all use sound?

> I then decided I never want to see this error again, so I set the following in
> /etc/security/limits.conf:
>
> * soft nofile 4096
> * hard nofile 4096

Seems reasonable enough, though would it be as effective and a little more
prudent to do:

openldap soft nofile 4096
openldap hard nofile 4096

4096 files per user in general seems an awful lot and might allow users to
do nasty things to your system.

> If this works, I think there is a huge flaw with the maximum open file
> limit and the default configuration of OpenLDAP when used in a thin
> client environment.

The question is whether it should be fixed or if this is really just
"tuning" that should be documented for big systems. For example, the
default install of Postgresql sets limits which will not work when you go
above 20 users on a web application. It's expected that if you run it in
large scale production, you learn how to tune it for production use. Given
the number of users you have, I think it's fair to say you're a big
production user.

Right now, edubuntu doesn't use openldap, so it probably doesn't make sense
for edubuntu to change this limit. There can be very few system users
which would ever need this number of open files. Openldap could perhaps add
the above lines specific to itself in limits.conf (assuming it works!).
You could ask the openldap package maintainers.

Gavin


--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
 
Old 11-19-2007, 02:15 PM
"Jim Kronebusch"
 
Default [K12OSN] LDAP timeout question

On Sun, 18 Nov 2007 19:31:22 +0000, Gavin McCullagh wrote
> Hi Jim,
>
> On Fri, 16 Nov 2007, Jim Kronebusch wrote:
>
> > Each application opened thereafter uses 1 more open file under the
> > openldap user. These files remain open for the openldap user until the
> > user session is terminated. So if one student logged on to every client
> > in my network and opened both Firefox and OpenOffice, openldap would have
> > 18 files opened per user across 108 clients. Now this is the part I can
> > figure out easily, 108 users x 18 open files per user equals 1944 open
> > file for the openldap user. The default open file limit per user under
> > Edubuntu feisty is 1024,
>
> This is good stuff to know about, thanks.
>
> I know we've been over this before, but do you commonly have 108 concurrent
> users on a single thin client server? That's pretty impressive. If you
> haven't done it already, a short document briefly detailing the hardware
> specs and the various tweaks you've needed would make very interesting
> reading. Do they all use sound?

The server is as follows:
Dell PowerEdge 2900
Processors - Dual Quad core 2.66Ghz w/1333Mhz front side bus (8 cores total)
RAM - 16GB (will still upgrade to 32GB)
Hard Drives - 6 300GB SAS 3GB per second drives configured in RAID 10
NICs - 6 Intel Pro1000 teamed with Adaptive Load Balancing
OS - Edubuntu Feisty with linux-image-server kernel and LDM_DIRECTX=True
Thin terminals - 108 DevonIT 6020p w/ 17" Planar LCD and 512MB RAM

Most concurrent users I've seen yet is 75. With 75 users all in OpenOffice, Firefox
with sound and a good share running flash (darn flash game sites), the maximum processor
load I've seen yet is 25% with about 6GB RAM used.

As far as tweaks, that is the scary part :-) I don't think I remember most of them. I
did remove the Network Manager Applet, I removed the Gnome printing applet, I have Gnome
Watchdog running, I did the tweaks a few weeks back regarding swapiness and task
scheduling. I also make sure to not exceed 20 clients per gigabit switch feed. So all
6 NICs from the server go into a 24 port gigabit switch, then there is a gigabit feed
going from that switch to the labs, with no more than 20 clients per switch. I wanted
to be sure the network was not the weak point. I am running 1280x1024 for a client
resolution, and yes they are all using sound. I am using LDM_DIRECTX, but honestly
performance is pretty good without it. I also have the tweak for clearing out stale
swap files, the one for killing firefox if it uses more than 80% client RAM, and I'm
sure some others.

Cool thing is with one server, I can monitor/control all machines with a single instance
of fl_teachertool.


> > I then decided I never want to see this error again, so I set the following in
> > /etc/security/limits.conf:
> >
> > * soft nofile 4096
> > * hard nofile 4096
>
> Seems reasonable enough, though would it be as effective and a little more
> prudent to do:
>
> openldap soft nofile 4096
> openldap hard nofile 4096
>
> 4096 files per user in general seems an awful lot and might allow users to
> do nasty things to your system.

I tried that first on the fly, but it didn't make any difference. So when I had to
reboot the server I made the change to * just to be sure. Later I will definitely make
the change back to openldap and see what happens now that I know this works.

> > If this works, I think there is a huge flaw with the maximum open file
> > limit and the default configuration of OpenLDAP when used in a thin
> > client environment.
>
> The question is whether it should be fixed or if this is really just
> "tuning" that should be documented for big systems. For example, the
> default install of Postgresql sets limits which will not work when you go
> above 20 users on a web application. It's expected that if you run it in
> large scale production, you learn how to tune it for production use. Given
> the number of users you have, I think it's fair to say you're a big
> production user.
>
> Right now, edubuntu doesn't use openldap, so it probably doesn't make sense
> for edubuntu to change this limit. There can be very few system users
> which would ever need this number of open files. Openldap could perhaps add
> the above lines specific to itself in limits.conf (assuming it works!).
> You could ask the openldap package maintainers.
>
> Gavin

My thought here is that from reading it looks like one of the goals in Hardy Heron is to
modify the local users and groups so that it can integrate with ldap or active
directory. And it doesn't seem too far fetched to think that many schools or businesses
for that matter would need to authenticate many machines from a single instance of ldap.
So I thought that developers might want to know this to thwart possible future problems
if the intent is to better integrate ldap. But your probably right, this is likely
further upstream and more of a tweak.

Anyhow, at least now we have numbers to go by for a recommendation.

Jim

--
This message has been scanned for viruses and
dangerous content by the Cotter Technology
Department, and is believed to be clean.


--
edubuntu-devel mailing list
edubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
 
Old 11-19-2007, 02:15 PM
"Jim Kronebusch"
 
Default [K12OSN] LDAP timeout question

On Sun, 18 Nov 2007 19:31:22 +0000, Gavin McCullagh wrote
> Hi Jim,
>
> On Fri, 16 Nov 2007, Jim Kronebusch wrote:
>
> > Each application opened thereafter uses 1 more open file under the
> > openldap user. These files remain open for the openldap user until the
> > user session is terminated. So if one student logged on to every client
> > in my network and opened both Firefox and OpenOffice, openldap would have
> > 18 files opened per user across 108 clients. Now this is the part I can
> > figure out easily, 108 users x 18 open files per user equals 1944 open
> > file for the openldap user. The default open file limit per user under
> > Edubuntu feisty is 1024,
>
> This is good stuff to know about, thanks.
>
> I know we've been over this before, but do you commonly have 108 concurrent
> users on a single thin client server? That's pretty impressive. If you
> haven't done it already, a short document briefly detailing the hardware
> specs and the various tweaks you've needed would make very interesting
> reading. Do they all use sound?

The server is as follows:
Dell PowerEdge 2900
Processors - Dual Quad core 2.66Ghz w/1333Mhz front side bus (8 cores total)
RAM - 16GB (will still upgrade to 32GB)
Hard Drives - 6 300GB SAS 3GB per second drives configured in RAID 10
NICs - 6 Intel Pro1000 teamed with Adaptive Load Balancing
OS - Edubuntu Feisty with linux-image-server kernel and LDM_DIRECTX=True
Thin terminals - 108 DevonIT 6020p w/ 17" Planar LCD and 512MB RAM

Most concurrent users I've seen yet is 75. With 75 users all in OpenOffice, Firefox
with sound and a good share running flash (darn flash game sites), the maximum processor
load I've seen yet is 25% with about 6GB RAM used.

As far as tweaks, that is the scary part :-) I don't think I remember most of them. I
did remove the Network Manager Applet, I removed the Gnome printing applet, I have Gnome
Watchdog running, I did the tweaks a few weeks back regarding swapiness and task
scheduling. I also make sure to not exceed 20 clients per gigabit switch feed. So all
6 NICs from the server go into a 24 port gigabit switch, then there is a gigabit feed
going from that switch to the labs, with no more than 20 clients per switch. I wanted
to be sure the network was not the weak point. I am running 1280x1024 for a client
resolution, and yes they are all using sound. I am using LDM_DIRECTX, but honestly
performance is pretty good without it. I also have the tweak for clearing out stale
swap files, the one for killing firefox if it uses more than 80% client RAM, and I'm
sure some others.

Cool thing is with one server, I can monitor/control all machines with a single instance
of fl_teachertool.


> > I then decided I never want to see this error again, so I set the following in
> > /etc/security/limits.conf:
> >
> > * soft nofile 4096
> > * hard nofile 4096
>
> Seems reasonable enough, though would it be as effective and a little more
> prudent to do:
>
> openldap soft nofile 4096
> openldap hard nofile 4096
>
> 4096 files per user in general seems an awful lot and might allow users to
> do nasty things to your system.

I tried that first on the fly, but it didn't make any difference. So when I had to
reboot the server I made the change to * just to be sure. Later I will definitely make
the change back to openldap and see what happens now that I know this works.

> > If this works, I think there is a huge flaw with the maximum open file
> > limit and the default configuration of OpenLDAP when used in a thin
> > client environment.
>
> The question is whether it should be fixed or if this is really just
> "tuning" that should be documented for big systems. For example, the
> default install of Postgresql sets limits which will not work when you go
> above 20 users on a web application. It's expected that if you run it in
> large scale production, you learn how to tune it for production use. Given
> the number of users you have, I think it's fair to say you're a big
> production user.
>
> Right now, edubuntu doesn't use openldap, so it probably doesn't make sense
> for edubuntu to change this limit. There can be very few system users
> which would ever need this number of open files. Openldap could perhaps add
> the above lines specific to itself in limits.conf (assuming it works!).
> You could ask the openldap package maintainers.
>
> Gavin

My thought here is that from reading it looks like one of the goals in Hardy Heron is to
modify the local users and groups so that it can integrate with ldap or active
directory. And it doesn't seem too far fetched to think that many schools or businesses
for that matter would need to authenticate many machines from a single instance of ldap.
So I thought that developers might want to know this to thwart possible future problems
if the intent is to better integrate ldap. But your probably right, this is likely
further upstream and more of a tweak.

Anyhow, at least now we have numbers to go by for a recommendation.

Jim

--
This message has been scanned for viruses and
dangerous content by the Cotter Technology
Department, and is believed to be clean.


--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
 

Thread Tools




All times are GMT. The time now is 10:06 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org