tuning nscd on RHEL 5.x
Tim Mooney
Tim.Mooney at ndsu.edu
Tue Jul 8 22:27:29 UTC 2008
All-
I'm looking for some advice on using and tuning nscd on RHEL 5.2.
We have several IMAP mail servers running RHEL 5.2, each with somewhere
between 3000 and 7000 /etc/passwd entries.
On a busy mail system, there are a few processes (sendmail, procmail,
the imapd processes, et. al.) that will be making getpwnam() and other
calls frequently, so nscd caching seems like it could be a big win.
Our customers can only access the IMAP systems via IMAP.
Using
nscd -g
after the systems have been up for a while, the default hit rates for
passwd, group, and hosts is pretty low -- generally less than 10% for
passwd and even less (usually 0%) for group and hosts.
This is mainly because the default (prime) "suggested size" parameter from
/etc/nscd.conf is 211, much too small for a box with this many entries in
/etc/passwd. I increased it to 1987 (the year I graduated from high
school...) and restarted nscd on one of the boxes, and that's helped the
cache hit rate for the passwd category (it sometimes makes it into the 40%
range), but hasn't done much for group or hosts.
I'm now left with a few questions and observations:
- what tuning have others done to improve the cache hit rates with nscd?
- in particular, beyond increasing the suggested size, have you
increased the durations that positive or negative hits are cached?
- on the one system where I increased the suggested size, I've now
had nscd apparently die on a couple different occassions. Since nscd
can't dump core (it can't write to /, its CWD), I don't have any core
files to show for it.
Anyone else that's tuned nscd having it exit periodically?
- I've seen recommendations to not even bother with caching the hosts, and
to just run caching nameservers instead (which we do elsewhere). Anyone
care to comment on that?
- we run a nightly script on our IMAP boxes to purge email older than
30 days in each person's "Spam-Quarantine" folders. The script uses
sudo to switch to the user and then run the command to prune old email:
sudo -H -u ${THEUSER} /usr/local/sbin/mailutil \
prune ${POTENTIAL} \
"before ${DATE_THIRTY_DAYS_AGO}" 1> /dev/null
A few times a week, that cron job outputs a message of the form
sudo: no passwd entry for joeuser!
even though joeuser has a passwd file entry.
I'm suspicious this is nscd screwing up and returning something like
ENOENT in certain rare conditions, even though the user most certainly
does exist in /etc/passwd.
Anyone seen this behavior?
Thanks,
Tim
--
Tim Mooney Tim.Mooney at ndsu.edu
Enterprise Computing & Infrastructure 701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
More information about the redhat-sysadmin-list
mailing list