[Freeipa-users] krb5kdc process at 100%
Simo Sorce
simo at redhat.com
Fri Sep 9 13:55:50 UTC 2011
On Fri, 2011-09-09 at 05:09 +0000, Smith, Martin R.
[smma0901 at stcloudstate.edu] wrote:
> When I attach gdb to the process, I have tried the main process and
> the four child processes, it provides no output.
> Here are the steps I'm taking:
> 1. On freeipa-server run htop and find the pid (or ps aux)
> 1. Shows one parent PID and four child processes
> 1. 934 root 20 0 46784 2656 388 S 0.0 0.1
> 0:00.00 `- /usr/sbin/krb5kdc
> -P /var/run/krb5kdc.pid -w 4
> 2. 1939 root 20 0 78664 4460 2056 S 0.0
> 0.1 0:00.26 | `- /usr/sbin/krb5kdc
> -P /var/run/krb5kdc.pid -w 4
> 3. 1938 root 20 0 78664 4460 2056 S 0.0
> 0.1 0:00.26 | `- /usr/sbin/krb5kdc
> -P /var/run/krb5kdc.pid -w 4
> 4. 1936 root 20 0 78664 4460 2056 S 0.0
> 0.1 0:00.26 | `- /usr/sbin/krb5kdc
> -P /var/run/krb5kdc.pid -w 4
> 5. 1935 root 20 0 78664 4212 1808 S 0.0
> 0.1 0:00.26 | `- /usr/sbin/krb5kdc
> -P /var/run/krb5kdc.pid -w 4
> 2. run sudo gdb
> 1. attach 934
> 2. press "c"
> 3. Wait for output…
> 2. Attempt to login with user that has an expired password.
> 3. Now the krb5kdc process 934 starts running at 100% and the
> user is unable to login.
> 4. Only way to get the process back to normal is to type "service
> ipa restart"
>
> I've never debugged a program before so if I'm missing a step please
> let me know.
Ok, let's simplify the problem first.
apperently you have a quadcore cpu so by default we configured krb5kdc
to spawn 4 worker processes. Let's bring it down to not spawning any
worker process so we can simplify debugging.
Go to /etc/sysconfig/krb5kdc and remove the "-w 4" argument from it.
Then simply do a service krb5kdc restart (no need to restart the whole
ipa service for this).
If krb5kdc locks up again, gdb the process like you have done before but
do not press c, type 'bt' instead and copy the log then you can exit
gdb.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list