[Freeipa-users] Antwort: Re: Antwort: clean-run doesn't work

Alexander Frolushkin Alexander.Frolushkin at megafon.ru
Tue Jun 23 08:59:49 UTC 2015 

Unfortunately I can't really say what exactly it was -  all of this dups already gone by almost every IPA replica's re-initializing.
But it definitely was related to heavy load due to debug mode. The system itself was working as usual - a lot of this domain enrolled servers served users logins and so on, nothing special. Heavy loaded IPA servers while they was in debug mode failed to authenticate users, so sssd on clients have to use secondary servers.

Our IPA/IdM system currently in limited production state, so we cannot repeat this conditions to test what exactly happened.
I'm sorry for being useless now to explore the problem :(

WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764

From: thierry bordaz [mailto:tbordaz at redhat.com]
Sent: Tuesday, June 23, 2015 2:51 PM
To: Alexander Frolushkin (SIB)
Cc: Tamas Papp; 'Christoph Kaminski'; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Antwort: Re: Antwort: clean-run doesn't work

Hi Alexander,

This is mainly replication logging. Having many instances will increase the amount of logging especially if you have updates.
To create duplicate you are doing ADD in parallele of the same dn on differents servers. Do you what creates this ADD load ?
Can you see MODs/DELs ?

thanks
thierry
On 06/23/2015 06:01 AM, Alexander Frolushkin wrote:
Hello.
We have 19 RHEL 7.1 IPA (ipa-server-4.1.0-18.el7_1.3.x86_64) servers.
Debug level was changed this way on 4 of them:
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-level
nsslapd-errorlog-level:24576
-
replace: nsslapd-accesslog-level
nsslapd-accesslog-level:256
EOF

After this, IO was increased significally.
Two of servers hangs after some time, a lot of dups appears on most IPA servers in domain.


WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764

From: thierry bordaz [mailto:tbordaz at redhat.com]
Sent: Monday, June 22, 2015 6:21 PM
To: Tamas Papp
Cc: Alexander Frolushkin (SIB); 'Christoph Kaminski'; freeipa-users at redhat.com<mailto:freeipa-users at redhat.com>
Subject: Re: [Freeipa-users] Antwort: Re: Antwort: clean-run doesn't work

On 06/22/2015 11:50 AM, Tamas Papp wrote:
Fascinating.

Can you Red Hat guys reproduce this in you test environment?

Most of my tests are on RHEV with RHEL 7.1, I have not seen a crash of DS.
About the test case, you installed a server+replicas (version ?), then turn on errorlog-level (do you remember what level).
That would slow down the DS instance and fill errors log.
Then you hit extremely frequently a crash. Do you remember what kind of the load search/mod/add/del ?

thanks
thierry



Thanks,
tamas
On 06/22/2015 11:42 AM, Alexander Frolushkin wrote:
Hello everyone.
I can confirm this on VMWare, recently we have the similar issue when enabled dirsrv debug on 4 of our 19 IPA servers :(

WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764

From: freeipa-users-bounces at redhat.com<mailto:freeipa-users-bounces at redhat.com> [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Christoph Kaminski
Sent: Monday, June 22, 2015 2:50 PM
To: Tamas Papp
Cc: freeipa-users at redhat.com<mailto:freeipa-users at redhat.com>
Subject: [Freeipa-users] Antwort: Re: Antwort: clean-run doesn't work

>
> In my particular case I'm interested, whether it can crash servers.
> Does it for you? I don't see it in that thread.
>
> tamas

yes... we has had a really often a crash on virtual machines installations. On bare metal we had 2-3x a crash.

That was the reason for us to destroy all IPA VM's. There seems to be an IO issue on VM's with IPA (rhev virtualisation here). You can see it extremly if you turn the debug level higher.

Greetz

________________________________

Информация в этом сообщении предназначена исключительно для конкретных лиц, которым она адресована. В сообщении может содержаться конфиденциальная информация, которая не может быть раскрыта или использована кем-либо, кроме адресатов. Если вы не адресат этого сообщения, то использование, переадресация, копирование или распространение содержания сообщения или его части незаконно и запрещено. Если Вы получили это сообщение ошибочно, пожалуйста, незамедлительно сообщите отправителю об этом и удалите со всем содержимым само сообщение и любые возможные его копии и приложения.

The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient(s), any use, disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you have received this communication in error please notify us immediately by responding to this email and then delete the e-mail and all attachments and any copies thereof.

(c)20mf50






________________________________

Информация в этом сообщении предназначена исключительно для конкретных лиц, которым она адресована. В сообщении может содержаться конфиденциальная информация, которая не может быть раскрыта или использована кем-либо, кроме адресатов. Если вы не адресат этого сообщения, то использование, переадресация, копирование или распространение содержания сообщения или его части незаконно и запрещено. Если Вы получили это сообщение ошибочно, пожалуйста, незамедлительно сообщите отправителю об этом и удалите со всем содержимым само сообщение и любые возможные его копии и приложения.

The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient(s), any use, disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you have received this communication in error please notify us immediately by responding to this email and then delete the e-mail and all attachments and any copies thereof.

(c)20mf50


________________________________

Информация в этом сообщении предназначена исключительно для конкретных лиц, которым она адресована. В сообщении может содержаться конфиденциальная информация, которая не может быть раскрыта или использована кем-либо, кроме адресатов. Если вы не адресат этого сообщения, то использование, переадресация, копирование или распространение содержания сообщения или его части незаконно и запрещено. Если Вы получили это сообщение ошибочно, пожалуйста, незамедлительно сообщите отправителю об этом и удалите со всем содержимым само сообщение и любые возможные его копии и приложения.

The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient(s), any use, disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you have received this communication in error please notify us immediately by responding to this email and then delete the e-mail and all attachments and any copies thereof.

(c)20mf50
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150623/351d16e1/attachment.htm>

More information about the Freeipa-users mailing list