[Freeipa-users] krb5kdc process at 100%
Dmitri Pal
dpal at redhat.com
Sat Sep 10 01:38:41 UTC 2011
On 09/09/2011 07:28 PM, Dmitri Pal wrote:
> On 09/09/2011 03:14 PM, Smith, Martin R. [smma0901 at stcloudstate.edu]
> wrote:
>> I have linked a zip the whole directory from abrt. After typing
>> "abrt-cli -l" it outputted:
>> -----
>> Directory: /var/spool/abrt/ccpp-2011-09-09-13:41:51-972
>> count: 1
>> executable: /usr/sbin/krb5kdc
>> package: krb5-server-1.9.1-5.fc15
>> time: Fri 09 Sep 2011 01:41:51 PM CDT
>> uid: 0
>> -----
>>
>> Link to _crash.zip_
>> <http://studentweb.stcloudstate.edu/smma0901/crash.zip>
>>
>> This appears to be my current ldap "openldap-2.4.24-3.fc15.x86_64".
>>
>
> Can you please file a BZ? https://bugzilla.redhat.com
> I assume it is on Fedora 15 right?
End of day...
Did not notice that the package name has fc15.
I opened it myself: https://bugzilla.redhat.com/show_bug.cgi?id=737224
Feel free to add.
>
>>
>> -Martin
>>
>>
>> -----Original Message-----
>> From: Simo Sorce _[mailto:simo at redhat.com]_
>> <mailto:[mailto:simo at redhat.com]>
>> Sent: Friday, September 09, 2011 12:38 PM
>> To: Smith, Martin R. [smma0901 at stcloudstate.edu]
>> Cc: _freeipa-users at redhat.com_ <mailto:freeipa-users at redhat.com>
>> Subject: Re: [Freeipa-users] krb5kdc process at 100%
>>
>> If it crashes it is a bug in the KDC.
>> Can you please get us the core dump when it crashes ?
>>
>> If you have abtrd installed it should be somewhere in /var/cache/abrt
>> (check /var/log/messages) to see where.
>>
>> Alternatively you can run service krb5kdc stop then as root in a
>> shell run ulimit -c unlimited and manually start /usr/sbin/krb5kdc
>> wait for the crash then take the core file generated.
>>
>> Please also tell what is the exact version of the krb5-server package
>> and the related ldap driver package.
>>
>> Simo.
>>
>> On Fri, 2011-09-09 at 16:27 +0000, Smith, Martin R.
>> [smma0901 at stcloudstate.edu] wrote:
>> > I removed the -w 4 from the config file. Here is what happens now.
>> >
>> > When a user with expired password logs in the krb5kdc process now
>> crashes, instead of running at 100%.
>> > If I attach gdb to the process before it crashes and attempt to
>> login the process doesn't crash. Here are the results of "bt"
>> > ---------
>> > #0 0x00007fe84e0ea1d3 in __select_nocancel ()
>> > at ../sysdeps/unix/syscall-template.S:82
>> > #1 0x00007fe84f2a8047 in krb5int_cm_call_select (in=<optimized out>,
>> > out=0x7fe8501d8780, sret=0x7fff421862b4) at sendto_kdc.c:564
>> > #2 0x00007fe84ffd05ee in listen_and_process (handle=0x0,
>> > prog=0x7fff42187f52 "krb5kdc", reset=0x7fe84ffc6e10
>> <reset_for_hangup>)
>> > at net-server.c:1835
>> > #3 0x00007fe84ffbcf68 in main (argc=3, argv=<optimized out>) at
>> > main.c:1069
>> > --------
>> >
>> > I have also attached the /var/log/krb5kdc
>> >
>> > -Martin
>> >
>> > -----Original Message-----
>> > From: Simo Sorce _[mailto:simo at redhat.com]_
>> <mailto:[mailto:simo at redhat.com]>
>> > Sent: Friday, September 09, 2011 8:56 AM
>> > To: Smith, Martin R. [smma0901 at stcloudstate.edu]
>> > Cc: _freeipa-users at redhat.com_ <mailto:freeipa-users at redhat.com>
>> > Subject: Re: [Freeipa-users] krb5kdc process at 100%
>> >
>> > On Fri, 2011-09-09 at 05:09 +0000, Smith, Martin R.
>> > [smma0901 at stcloudstate.edu] wrote:
>> > > When I attach gdb to the process, I have tried the main process and
>> > > the four child processes, it provides no output.
>> > > Here are the steps I'm taking:
>> > > 1. On freeipa-server run htop and find the pid (or ps aux)
>> > > 1. Shows one parent PID and four child processes
>> > > 1. 934 root 20 0 46784 2656 388 S 0.0 0.1
>> > > 0:00.00 `- /usr/sbin/krb5kdc
>> > > -P /var/run/krb5kdc.pid -w 4
>> > > 2. 1939 root 20 0 78664 4460 2056 S 0.0
>> > > 0.1 0:00.26 | `- /usr/sbin/krb5kdc
>> > > -P /var/run/krb5kdc.pid -w 4
>> > > 3. 1938 root 20 0 78664 4460 2056 S 0.0
>> > > 0.1 0:00.26 | `- /usr/sbin/krb5kdc
>> > > -P /var/run/krb5kdc.pid -w 4
>> > > 4. 1936 root 20 0 78664 4460 2056 S 0.0
>> > > 0.1 0:00.26 | `- /usr/sbin/krb5kdc
>> > > -P /var/run/krb5kdc.pid -w 4
>> > > 5. 1935 root 20 0 78664 4212 1808 S 0.0
>> > > 0.1 0:00.26 | `- /usr/sbin/krb5kdc
>> > > -P /var/run/krb5kdc.pid -w 4
>> > > 2. run sudo gdb
>> > > 1. attach 934
>> > > 2. press "c"
>> > > 3. Wait for output…
>> > > 2. Attempt to login with user that has an expired password.
>> > > 3. Now the krb5kdc process 934 starts running at 100% and the
>> > > user is unable to login.
>> > > 4. Only way to get the process back to normal is to type "service
>> > > ipa restart"
>> >
>> > >
>> > > I've never debugged a program before so if I'm missing a step please
>> > > let me know.
>> >
>> > Ok, let's simplify the problem first.
>> >
>> > apperently you have a quadcore cpu so by default we configured
>> krb5kdc to spawn 4 worker processes. Let's bring it down to not
>> spawning any worker process so we can simplify debugging.
>> >
>> > Go to /etc/sysconfig/krb5kdc and remove the "-w 4" argument from it.
>> >
>> > Then simply do a service krb5kdc restart (no need to restart the
>> whole ipa service for this).
>> >
>> >
>> > If krb5kdc locks up again, gdb the process like you have done before
>> but do not press c, type 'bt' instead and copy the log then you can
>> exit gdb.
>> >
>> > Simo.
>> >
>> >
>> > _______________________________________________
>> > Freeipa-users mailing list
>> > _Freeipa-users at redhat.com_ <mailto:Freeipa-users at redhat.com>
>> > _https://www.redhat.com/mailman/listinfo/freeipa-users_
>>
>> --
>> Simo Sorce * Red Hat, Inc * New York
>>
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IPA project,
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110909/33b1a9b8/attachment.htm>
More information about the Freeipa-users
mailing list