[Freeipa-users] krb5kdc process at 100%
Dmitri Pal
dpal at redhat.com
Fri Sep 9 23:28:51 UTC 2011
On 09/09/2011 03:14 PM, Smith, Martin R. [smma0901 at stcloudstate.edu] wrote:
> I have linked a zip the whole directory from abrt. After typing
> "abrt-cli -l" it outputted:
> -----
> Directory: /var/spool/abrt/ccpp-2011-09-09-13:41:51-972
> count: 1
> executable: /usr/sbin/krb5kdc
> package: krb5-server-1.9.1-5.fc15
> time: Fri 09 Sep 2011 01:41:51 PM CDT
> uid: 0
> -----
>
> Link to _crash.zip_
> <http://studentweb.stcloudstate.edu/smma0901/crash.zip>
>
> This appears to be my current ldap "openldap-2.4.24-3.fc15.x86_64".
>
Can you please file a BZ? https://bugzilla.redhat.com
I assume it is on Fedora 15 right?
>
> -Martin
>
>
> -----Original Message-----
> From: Simo Sorce _[mailto:simo at redhat.com]_
> <mailto:[mailto:simo at redhat.com]>
> Sent: Friday, September 09, 2011 12:38 PM
> To: Smith, Martin R. [smma0901 at stcloudstate.edu]
> Cc: _freeipa-users at redhat.com_ <mailto:freeipa-users at redhat.com>
> Subject: Re: [Freeipa-users] krb5kdc process at 100%
>
> If it crashes it is a bug in the KDC.
> Can you please get us the core dump when it crashes ?
>
> If you have abtrd installed it should be somewhere in /var/cache/abrt
> (check /var/log/messages) to see where.
>
> Alternatively you can run service krb5kdc stop then as root in a shell
> run ulimit -c unlimited and manually start /usr/sbin/krb5kdc wait for
> the crash then take the core file generated.
>
> Please also tell what is the exact version of the krb5-server package
> and the related ldap driver package.
>
> Simo.
>
> On Fri, 2011-09-09 at 16:27 +0000, Smith, Martin R.
> [smma0901 at stcloudstate.edu] wrote:
> > I removed the -w 4 from the config file. Here is what happens now.
> >
> > When a user with expired password logs in the krb5kdc process now
> crashes, instead of running at 100%.
> > If I attach gdb to the process before it crashes and attempt to login
> the process doesn't crash. Here are the results of "bt"
> > ---------
> > #0 0x00007fe84e0ea1d3 in __select_nocancel ()
> > at ../sysdeps/unix/syscall-template.S:82
> > #1 0x00007fe84f2a8047 in krb5int_cm_call_select (in=<optimized out>,
> > out=0x7fe8501d8780, sret=0x7fff421862b4) at sendto_kdc.c:564
> > #2 0x00007fe84ffd05ee in listen_and_process (handle=0x0,
> > prog=0x7fff42187f52 "krb5kdc", reset=0x7fe84ffc6e10
> <reset_for_hangup>)
> > at net-server.c:1835
> > #3 0x00007fe84ffbcf68 in main (argc=3, argv=<optimized out>) at
> > main.c:1069
> > --------
> >
> > I have also attached the /var/log/krb5kdc
> >
> > -Martin
> >
> > -----Original Message-----
> > From: Simo Sorce _[mailto:simo at redhat.com]_
> <mailto:[mailto:simo at redhat.com]>
> > Sent: Friday, September 09, 2011 8:56 AM
> > To: Smith, Martin R. [smma0901 at stcloudstate.edu]
> > Cc: _freeipa-users at redhat.com_ <mailto:freeipa-users at redhat.com>
> > Subject: Re: [Freeipa-users] krb5kdc process at 100%
> >
> > On Fri, 2011-09-09 at 05:09 +0000, Smith, Martin R.
> > [smma0901 at stcloudstate.edu] wrote:
> > > When I attach gdb to the process, I have tried the main process and
> > > the four child processes, it provides no output.
> > > Here are the steps I'm taking:
> > > 1. On freeipa-server run htop and find the pid (or ps aux)
> > > 1. Shows one parent PID and four child processes
> > > 1. 934 root 20 0 46784 2656 388 S 0.0 0.1
> > > 0:00.00 `- /usr/sbin/krb5kdc
> > > -P /var/run/krb5kdc.pid -w 4
> > > 2. 1939 root 20 0 78664 4460 2056 S 0.0
> > > 0.1 0:00.26 | `- /usr/sbin/krb5kdc
> > > -P /var/run/krb5kdc.pid -w 4
> > > 3. 1938 root 20 0 78664 4460 2056 S 0.0
> > > 0.1 0:00.26 | `- /usr/sbin/krb5kdc
> > > -P /var/run/krb5kdc.pid -w 4
> > > 4. 1936 root 20 0 78664 4460 2056 S 0.0
> > > 0.1 0:00.26 | `- /usr/sbin/krb5kdc
> > > -P /var/run/krb5kdc.pid -w 4
> > > 5. 1935 root 20 0 78664 4212 1808 S 0.0
> > > 0.1 0:00.26 | `- /usr/sbin/krb5kdc
> > > -P /var/run/krb5kdc.pid -w 4
> > > 2. run sudo gdb
> > > 1. attach 934
> > > 2. press "c"
> > > 3. Wait for output…
> > > 2. Attempt to login with user that has an expired password.
> > > 3. Now the krb5kdc process 934 starts running at 100% and the
> > > user is unable to login.
> > > 4. Only way to get the process back to normal is to type "service
> > > ipa restart"
> >
> > >
> > > I've never debugged a program before so if I'm missing a step please
> > > let me know.
> >
> > Ok, let's simplify the problem first.
> >
> > apperently you have a quadcore cpu so by default we configured
> krb5kdc to spawn 4 worker processes. Let's bring it down to not
> spawning any worker process so we can simplify debugging.
> >
> > Go to /etc/sysconfig/krb5kdc and remove the "-w 4" argument from it.
> >
> > Then simply do a service krb5kdc restart (no need to restart the
> whole ipa service for this).
> >
> >
> > If krb5kdc locks up again, gdb the process like you have done before
> but do not press c, type 'bt' instead and copy the log then you can
> exit gdb.
> >
> > Simo.
> >
> >
> > _______________________________________________
> > Freeipa-users mailing list
> > _Freeipa-users at redhat.com_ <mailto:Freeipa-users at redhat.com>
> > _https://www.redhat.com/mailman/listinfo/freeipa-users_
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110909/8633c1a9/attachment.htm>
More information about the Freeipa-users
mailing list