Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Directory (http://www.linux-archive.org/fedora-directory/)
-   -   ns-slapd processes not dying (http://www.linux-archive.org/fedora-directory/419137-ns-slapd-processes-not-dying.html)

Angel Bosch Mora 08-27-2010 11:51 AM
ns-slapd processes not dying
 
hi,

i had problems with "too many fds open" on some instances and after digging a bit i've found that ns-slapd dont die.

i got 5 similar installations and this is happening just in two of them and i can't identify what is about.


i've been recollecting process informations and i know for sure that the only process that keep increasing is ns-slapd and eventually, after some weeks, 389 starts refusing new connections and i got the "too many fds open" message.

i can increase max fds but the problem of processes keeping alive is still there.

anyone facing similar situation?

regards,

abosch
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Andrey Ivanov 08-28-2010 12:38 PM
ns-slapd processes not dying
 
Hi,

You can try to change the following parameters to reduce the timeouts of the connections :
* system parameters (reduce keepalive time to 700 seconds):
****************************** echo "net.ipv4.tcp_keepalive_time = 700"*************** >> /etc/sysctl.conf

****************************** sysctl -p
* 389 parameters in cn=config (change the maximum time limit per search operation to 120 sec & set idle connection timeout to 600 sec):
****************************** nsslapd-timelimit: 120

****************************** nsslapd-idletimeout: 600
*
The file descriptor number* used by a connecton can be seen in access log (fd=139) :
[28/Aug/2010:14:35:08 +0200] conn=58377 fd=139 slot=139 SSL connection from x.x.x.x to x.x.x.x

****************************
You may also use /logconv.pl utility to see the long requests, number of parallel/oncurrent connections and file descriptor usage ('Highest FD taken')

Total Connections:*********** 2855
Peak Concurrent Connections:* 4
Total Operations:************ 157116
Total Results:*************** 157139
Overall Performance:********* 100.0%
...
FDs Taken:******************* 3112

FDs Returned:**************** 3112
Highest FD Taken:************ 143
...
----- Top 20 Most Frequent etimes -----

156965********* etime=0****
58************* etime=1****
58************* etime=3****

58************* etime=2*


@+

2010/8/27 Angel Bosch Mora <angbosch@conselldemallorca.net>

hi,



i had problems with "too many fds open" on some instances and after digging a bit i've found that ns-slapd dont die.



i got 5 similar installations and this is happening just in two of them and i can't identify what is about.





i've been recollecting process informations and i know for sure that the only process that keep increasing is ns-slapd and eventually, after some weeks, 389 starts refusing new connections and i got the "too many fds open" message.




i can increase max fds but the problem of processes keeping alive is still there.



anyone facing similar situation?



regards,



abosch

--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Chun Tat David Chu 09-07-2010 05:30 PM
ns-slapd processes not dying
 
Hi,

We had similar problem before, but I am not sure if it is related to your case.

The file descriptors that were opened by the ns-slapd process was all in a CLOSE_WAIT state.* You can try execute "netstat -anput | grep CLOSE_WAIT" and see if there's a lot of dangling CLOSE_WAIT socket opened by ns-slapd.


If that was the case, I suggest you to update to the latest version of 389 directory because that has been fixed.

This is the bugzilla ticket that I submitted awhile back.
https://bugzilla.redhat.com/show_bug.cgi?id=567429


- David

2010/8/28 Andrey Ivanov <andrey.ivanov@polytechnique.fr>

Hi,

You can try to change the following parameters to reduce the timeouts of the connections :
* system parameters (reduce keepalive time to 700 seconds):
****************************** echo "net.ipv4.tcp_keepalive_time = 700"*************** >> /etc/sysctl.conf


****************************** sysctl -p
* 389 parameters in cn=config (change the maximum time limit per search operation to 120 sec & set idle connection timeout to 600 sec):
****************************** nsslapd-timelimit: 120


****************************** nsslapd-idletimeout: 600
*
The file descriptor number* used by a connecton can be seen in access log (fd=139) :
[28/Aug/2010:14:35:08 +0200] conn=58377 fd=139 slot=139 SSL connection from x.x.x.x to x.x.x.x


****************************
You may also use /logconv.pl utility to see the long requests, number of parallel/oncurrent connections and file descriptor usage ('Highest FD taken')


Total Connections:*********** 2855
Peak Concurrent Connections:* 4
Total Operations:************ 157116
Total Results:*************** 157139
Overall Performance:********* 100.0%
...
FDs Taken:******************* 3112


FDs Returned:**************** 3112
Highest FD Taken:************ 143
...
----- Top 20 Most Frequent etimes -----

156965********* etime=0****
58************* etime=1****
58************* etime=3****


58************* etime=2*


@+

2010/8/27 Angel Bosch Mora <angbosch@conselldemallorca.net>


hi,



i had problems with "too many fds open" on some instances and after digging a bit i've found that ns-slapd dont die.



i got 5 similar installations and this is happening just in two of them and i can't identify what is about.





i've been recollecting process informations and i know for sure that the only process that keep increasing is ns-slapd and eventually, after some weeks, 389 starts refusing new connections and i got the "too many fds open" message.





i can increase max fds but the problem of processes keeping alive is still there.



anyone facing similar situation?



regards,



abosch

--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users




--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Angel Bosch Mora 09-08-2010 06:37 AM
ns-slapd processes not dying
 
----- Missatge original -----
> Hi,
>
> We had similar problem before, but I am not sure if it is related to
> your case.
>
> The file descriptors that were opened by the ns-slapd process was all
> in a CLOSE_WAIT state. You can try execute "netstat -anput | grep
> CLOSE_WAIT" and see if there's a lot of dangling CLOSE_WAIT socket
> opened by ns-slapd.
>

seems that is not the case.

i can see lot of ESTABLISHED connections, but not a single CLOSE_WAIT. ex:


tcp 0 0 ::ffff:172.26.67.79:389 ::ffff:192.168.224.16:53143 ESTABLISHED 315/ns-slapd


the quick and dirty workaround is restarting the instance every night.


regards,

abosch
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


All times are GMT. The time now is 10:03 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.