[Freeipa-users] Freeipa 4.2.0 hangs intermittently
Rakesh Rajasekharan
rakesh.rajasekharan at gmail.com
Fri Aug 19 13:54:07 UTC 2016
yes there seems to be something thats worrying.. I have faced this today as
well.
There are few hosts around 280 odd left and when i try adding them to IPA ,
the slowness begins..
all the ipa commands like ipa user-find.. etc becomes very slow in
responding.
the SYNC_RECV are not many though just around 80-90 and today that was
around 20 only
I have for now increased tcp_max_syn_backlog to 5000.
For now the slowness seems to have gone.. but I will do a try adding the
clients again tomorrow and see how it goes
Thanks
Rakesh
The issues
On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek <pspacek at redhat.com> wrote:
> On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
> > Hi
> >
> > I am migrating to freeipa from openldap and have around 4000 clients
> >
> > I had openned a another thread on that, but chose to start a new one here
> > as its a separate issue
> >
> > I was able to change the nssslapd-maxdescriptors adding an ldif file
> >
> > cat nsslapd-modify.ldif
> > dn: cn=config
> > changetype: modify
> > replace: nsslapd-maxdescriptors
> > nsslapd-maxdescriptors: 17000
> >
> > and running the ldapmodify command
> >
> > I have now started moving clients running an openldap to Freeipa and have
> > today moved close to 2000 clients
> >
> > However, I have noticed that IPA hangs intermittently.
> >
> > running a kinit admin returns the below error
> > kinit: Generic error (see e-text) while getting initial credentials
> >
> > from the /var/log/messages, I see this entry
> >
> > prod-ipa-master-int kernel: [104090.315801] TCP: request_sock_TCP:
> > Possible SYN flooding on port 88. Sending cookies. Check SNMP counters.
>
> I would be worried about this message. Maybe kernel/firewall is doing
> something fishy behind your back and blocking some connections or so.
>
> Petr^2 Spacek
>
>
> > Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started Session 4885 of
> > user root.
> > Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting Session 4885 of
> > user root.
> > Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started Session 4886 of
> > user root.
> > Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting Session 4886 of
> > user root.
> > Aug 18 13:02:40 prod-ipa-master-int python[28984]: ansible-command
> Invoked
> > with creates=None executable=None shell=True args= removes=None warn=True
> > chdir=None
> > Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error: Unspecified
> GSS
> > failure. Minor code may provide more information (KDC returned error
> > string: PROCESS_TGS)
> >
> > Could it be possible that its due to the initial load of adding the
> clients
> > or is there something else that I need to take care of.
> >
> > Thanks,
> >
> > Rakesh
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160819/c92e2f7d/attachment.htm>
More information about the Freeipa-users
mailing list