[Fedora-directory-users] Too many FDS open

Andrey Ivanov andrey.ivanov at polytechnique.fr
Thu Feb 26 18:38:21 UTC 2009 

Hi,

we use following approaches:
1. we limit the idle connection time "net.ipv4.tcp_keepalive_time = ..." in
/etc/sysctl.conf
2. fs.file-max = 65000 in the same sysct.conf
3. In "/etc/profile" we have added the libe "ulimit -n 65000", otherwise
/etc/init.d/dirsrv takes the value by default of 8192
4.     echo "ldap            hard    nofile  65000"    >>
/etc/security/limits.conf
        echo "ldap            soft    nofile  65000"    >>
/etc/security/limits.conf
        echo "ldap            hard    core    64"       >>
/etc/security/limits.conf
        echo "ldap            soft    core    64"       >>
/etc/security/limits.conf

        echo "root            hard    nofile  65000"    >>
/etc/security/limits.conf
        echo "root            soft    nofile  65000"    >>
/etc/security/limits.conf
        echo "root            hard    core    64"       >>
/etc/security/limits.conf
        echo "root            soft    core    64"       >>
/etc/security/limits.conf
5. verification of unindexed searches ("notes=U")
6. nsscache on clients

we have approx 180 clients, and even without nsscache about 300 conns in
parallel are ok...
You can also use logconv.pl -V logfile to analyse your logs and stats...



2009/2/26 Chavez, James R. <james.chavez at sanmina-sci.com>

>
>
> Thanks, I think that may be our issue. Can I ask what parameters you set
> to accomplish this?
> And also what is your "net.ipv4.tcp_keepalive_time" set to?
>
> Thanks again
> James
>
>
> We had the same problem.  We set the idle timeout, and it was fixed.  By
> default it doesn't timeout connections.  We are only doing around 4K
> transactions a minute, but the idle connections would constantly grow to
> 1024.  Once putting in the timeout we maintain only about 30 idle at a
> time.  We set our limit to 60 seconds.
>
>
> -Kevin
>
>
> -----Original Message-----
> From: fedora-directory-users-bounces at redhat.com
> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Chavez,
> James R.
> Sent: Thursday, February 26, 2009 9:24 AM
> To: General discussion list for the Fedora Directory server project.
> Subject: RE: [Fedora-directory-users] Too many FDS open
>
>
>
> -----Original Message-----
> From: fedora-directory-users-bounces at redhat.com
> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of
> sigid at JINLab
> Sent: Thursday, February 26, 2009 12:43 AM
> To: General discussion list for the Fedora Directory server project.
> Subject: Re: [Fedora-directory-users] Too many FDS open
>
> Chavez, James R. wrote:
> > Hello Rich, list,
> >
> >
> > Earlier today we started getting this error in our FDS error log
> > repeatedly. Obviously connections were being refused at this point. I
> > had to restart the directory server for the server to function again.
> > Prior to releasing this box into production I did set the parameters
> > according to the Installation guide specifications. The output of
> > "ulimit -n" is 8192. The output of "sysctl -p" is below.(I increased
> > fs.file-max from 64000)Does anything look off?
> > net.ipv4.tcp_syncookies = 1
> > net.ipv4.tcp_keepalive_time = 300
> > fs.file-max = 128000
> > net.ipv4.ip_local_port_range = 1024 65000
> >
> > I also changed the setting in the config from
> > nsslapd-maxdescriptors: 1024 to
> > nsslapd-maxdescriptors: 8192
> >
> > Is there a way to tweak these settings so that this will not happen in
>
> > the future?
> > This is a dedicated consumer or read only replica.
> > Directory size is roughly 20,000 users.
> > We are running FC9 and FDS 1.1.1-3.
> > We are lacking in RAM but look to improve on that shortly.
> >
> > I do see on the web past posts to this list regarding this error, I am
>
> > currently looking through them. Is there anyone out there that has
> > experienced this and gotten past it?
> >
> > Thanks
> > James
> >
> > [25/Feb/2009:13:30:08 -0600] - Not listening for new connections - too
>
> > many fds open
> > [25/Feb/2009:13:30:08 -0600] - Listening for new connections again
> > [25/Feb/2009:13:30:08 -0600] - Not listening for new connections - too
>
> > many fds open
> > [25/Feb/2009:13:30:08 -0600] - Listening for new connections again
>
> Is your client using windows OS? is there any posibilities that it could
> be virus replicating and distributing it self into networks?
> If storing file on domain/networks using FDS for authentication, the
> frequently authentication process should cause the "too many fds open".
>
> --
>
> We are using all Linux clients. I would not think it would be virus
> related. This implementation is actually replacing Windows.
>
> This box is the authentication source for all the Linux clients.
> What effect if any does replication have on fds or file descriptors..
>
> Thanks
> James
>
> CONFIDENTIALITY
> This e-mail message and any attachments thereto, is intended only for
> use by the addressee(s) named herein and may contain legally privileged
> and/or confidential information. If you are not the intended recipient
> of this e-mail message, you are hereby notified that any dissemination,
> distribution or copying of this e-mail message, and any attachments
> thereto, is strictly prohibited.  If you have received this e-mail
> message in error, please immediately notify the sender and permanently
> delete the original and any copies of this email and any prints thereof.
> ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS
> NOT INTENDED AS A SUBSTITUTE FOR A WRITING.  Notwithstanding the Uniform
> Electronic Transactions Act or the applicability of any other law of
> similar substance and effect, absent an express statement to the
> contrary hereinabove, this e-mail message its contents, and any
> attachments hereto are not intended to represent an offer or acceptance
> to enter into a contract and are not otherwise intended to bind the
> sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any
> other person or entity.
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> Ahh, I think I found it for the idle connections.
> Thanks for the pointer, I appreciate it.
>
> James
>
> CONFIDENTIALITY
> This e-mail message and any attachments thereto, is intended only for use
> by the addressee(s) named herein and may contain legally privileged and/or
> confidential information. If you are not the intended recipient of this
> e-mail message, you are hereby notified that any dissemination, distribution
> or copying of this e-mail message, and any attachments thereto, is strictly
> prohibited.  If you have received this e-mail message in error, please
> immediately notify the sender and permanently delete the original and any
> copies of this email and any prints thereof.
> ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT
> INTENDED AS A SUBSTITUTE FOR A WRITING.  Notwithstanding the Uniform
> Electronic Transactions Act or the applicability of any other law of similar
> substance and effect, absent an express statement to the contrary
> hereinabove, this e-mail message its contents, and any attachments hereto
> are not intended to represent an offer or acceptance to enter into a
> contract and are not otherwise intended to bind the sender, Sanmina-SCI
> Corporation (or any of its subsidiaries), or any other person or entity.
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090226/138379b0/attachment.htm>

More information about the Fedora-directory-users mailing list