[Freeipa-users] Freeipa 4.2.0 hangs intermittently
Rakesh Rajasekharan
rakesh.rajasekharan at gmail.com
Fri Aug 19 17:32:06 UTC 2016
I am running my set up on AWS cloud, and entropy is low at around 180 .
I plan to increase it bu installing haveged . But, would low entropy by any
chance cause this issue of intermittent hang .
Also, the hang is mostly observed when registering around 20 clients
together
On Fri, Aug 19, 2016 at 7:24 PM, Rakesh Rajasekharan <
rakesh.rajasekharan at gmail.com> wrote:
> yes there seems to be something thats worrying.. I have faced this today
> as well.
> There are few hosts around 280 odd left and when i try adding them to IPA
> , the slowness begins..
>
> all the ipa commands like ipa user-find.. etc becomes very slow in
> responding.
>
> the SYNC_RECV are not many though just around 80-90 and today that was
> around 20 only
>
>
> I have for now increased tcp_max_syn_backlog to 5000.
> For now the slowness seems to have gone.. but I will do a try adding the
> clients again tomorrow and see how it goes
>
> Thanks
> Rakesh
>
> The issues
>
> On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek <pspacek at redhat.com> wrote:
>
>> On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
>> > Hi
>> >
>> > I am migrating to freeipa from openldap and have around 4000 clients
>> >
>> > I had openned a another thread on that, but chose to start a new one
>> here
>> > as its a separate issue
>> >
>> > I was able to change the nssslapd-maxdescriptors adding an ldif file
>> >
>> > cat nsslapd-modify.ldif
>> > dn: cn=config
>> > changetype: modify
>> > replace: nsslapd-maxdescriptors
>> > nsslapd-maxdescriptors: 17000
>> >
>> > and running the ldapmodify command
>> >
>> > I have now started moving clients running an openldap to Freeipa and
>> have
>> > today moved close to 2000 clients
>> >
>> > However, I have noticed that IPA hangs intermittently.
>> >
>> > running a kinit admin returns the below error
>> > kinit: Generic error (see e-text) while getting initial credentials
>> >
>> > from the /var/log/messages, I see this entry
>> >
>> > prod-ipa-master-int kernel: [104090.315801] TCP: request_sock_TCP:
>> > Possible SYN flooding on port 88. Sending cookies. Check SNMP counters.
>>
>> I would be worried about this message. Maybe kernel/firewall is doing
>> something fishy behind your back and blocking some connections or so.
>>
>> Petr^2 Spacek
>>
>>
>> > Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started Session 4885 of
>> > user root.
>> > Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting Session 4885 of
>> > user root.
>> > Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started Session 4886 of
>> > user root.
>> > Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting Session 4886 of
>> > user root.
>> > Aug 18 13:02:40 prod-ipa-master-int python[28984]: ansible-command
>> Invoked
>> > with creates=None executable=None shell=True args= removes=None
>> warn=True
>> > chdir=None
>> > Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error: Unspecified
>> GSS
>> > failure. Minor code may provide more information (KDC returned error
>> > string: PROCESS_TGS)
>> >
>> > Could it be possible that its due to the initial load of adding the
>> clients
>> > or is there something else that I need to take care of.
>> >
>> > Thanks,
>> >
>> > Rakesh
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160819/d9674138/attachment.htm>
More information about the Freeipa-users
mailing list