[Fedora-directory-users] Too many FDS open

Chavez, James R. james.chavez at sanmina-sci.com
Thu Feb 26 19:01:13 UTC 2009 

Andrey, 
Thanks this actually helps alot towards my understanding. Appreciate the
information, that logconv.pl is slick!
 
James



 
Hi,

we use following approaches:
1. we limit the idle connection time "net.ipv4.tcp_keepalive_time = ..."
in /etc/sysctl.conf
2. fs.file-max = 65000 in the same sysct.conf
3. In "/etc/profile" we have added the libe "ulimit -n 65000", otherwise
/etc/init.d/dirsrv takes the value by default of 8192
4.     echo "ldap            hard    nofile  65000"    >>
/etc/security/limits.conf
        echo "ldap            soft    nofile  65000"    >>
/etc/security/limits.conf
        echo "ldap            hard    core    64"       >>
/etc/security/limits.conf
        echo "ldap            soft    core    64"       >>
/etc/security/limits.conf

        echo "root            hard    nofile  65000"    >>
/etc/security/limits.conf
        echo "root            soft    nofile  65000"    >>
/etc/security/limits.conf
        echo "root            hard    core    64"       >>
/etc/security/limits.conf
        echo "root            soft    core    64"       >>
/etc/security/limits.conf
5. verification of unindexed searches ("notes=U")
6. nsscache on clients

we have approx 180 clients, and even without nsscache about 300 conns in
parallel are ok...
You can also use logconv.pl -V logfile to analyse your logs and stats...




2009/2/26 Chavez, James R. <james.chavez at sanmina-sci.com>




	Thanks, I think that may be our issue. Can I ask what parameters
you set
	to accomplish this?
	And also what is your "net.ipv4.tcp_keepalive_time" set to?
	
	Thanks again
	James
	
	
	We had the same problem.  We set the idle timeout, and it was
fixed.  By
	default it doesn't timeout connections.  We are only doing
around 4K
	transactions a minute, but the idle connections would constantly
grow to
	1024.  Once putting in the timeout we maintain only about 30
idle at a
	time.  We set our limit to 60 seconds.
	
	
	-Kevin
	
	
	-----Original Message-----
	From: fedora-directory-users-bounces at redhat.com
	[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of
Chavez,
	James R.
	Sent: Thursday, February 26, 2009 9:24 AM
	To: General discussion list for the Fedora Directory server
project.
	Subject: RE: [Fedora-directory-users] Too many FDS open
	
	
	
	-----Original Message-----
	From: fedora-directory-users-bounces at redhat.com
	[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of
	sigid at JINLab
	Sent: Thursday, February 26, 2009 12:43 AM
	To: General discussion list for the Fedora Directory server
project.
	Subject: Re: [Fedora-directory-users] Too many FDS open
	
	Chavez, James R. wrote:
	> Hello Rich, list,
	>
	>
	> Earlier today we started getting this error in our FDS error
log
	> repeatedly. Obviously connections were being refused at this
point. I
	> had to restart the directory server for the server to function
again.
	> Prior to releasing this box into production I did set the
parameters
	> according to the Installation guide specifications. The output
of
	> "ulimit -n" is 8192. The output of "sysctl -p" is below.(I
increased
	> fs.file-max from 64000)Does anything look off?
	> net.ipv4.tcp_syncookies = 1
	> net.ipv4.tcp_keepalive_time = 300
	> fs.file-max = 128000
	> net.ipv4.ip_local_port_range = 1024 65000
	>
	> I also changed the setting in the config from
	> nsslapd-maxdescriptors: 1024 to
	> nsslapd-maxdescriptors: 8192
	>
	> Is there a way to tweak these settings so that this will not
happen in
	
	> the future?
	> This is a dedicated consumer or read only replica.
	> Directory size is roughly 20,000 users.
	> We are running FC9 and FDS 1.1.1-3.
	> We are lacking in RAM but look to improve on that shortly.
	>
	> I do see on the web past posts to this list regarding this
error, I am
	
	> currently looking through them. Is there anyone out there that
has
	> experienced this and gotten past it?
	>
	> Thanks
	> James
	>
	> [25/Feb/2009:13:30:08 -0600] - Not listening for new
connections - too
	
	> many fds open
	> [25/Feb/2009:13:30:08 -0600] - Listening for new connections
again
	> [25/Feb/2009:13:30:08 -0600] - Not listening for new
connections - too
	
	> many fds open
	> [25/Feb/2009:13:30:08 -0600] - Listening for new connections
again
	
	Is your client using windows OS? is there any posibilities that
it could
	be virus replicating and distributing it self into networks?
	If storing file on domain/networks using FDS for authentication,
the
	frequently authentication process should cause the "too many fds
open".
	
	--
	
	We are using all Linux clients. I would not think it would be
virus
	related. This implementation is actually replacing Windows.
	
	This box is the authentication source for all the Linux clients.
	What effect if any does replication have on fds or file
descriptors..
	
	Thanks
	James
	
	CONFIDENTIALITY
	This e-mail message and any attachments thereto, is intended
only for
	use by the addressee(s) named herein and may contain legally
privileged
	and/or confidential information. If you are not the intended
recipient
	of this e-mail message, you are hereby notified that any
dissemination,
	distribution or copying of this e-mail message, and any
attachments
	thereto, is strictly prohibited.  If you have received this
e-mail
	message in error, please immediately notify the sender and
permanently
	delete the original and any copies of this email and any prints
thereof.
	ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS
E-MAIL IS
	NOT INTENDED AS A SUBSTITUTE FOR A WRITING.  Notwithstanding the
Uniform
	Electronic Transactions Act or the applicability of any other
law of
	similar substance and effect, absent an express statement to the
	contrary hereinabove, this e-mail message its contents, and any
	attachments hereto are not intended to represent an offer or
acceptance
	to enter into a contract and are not otherwise intended to bind
the
	sender, Sanmina-SCI Corporation (or any of its subsidiaries), or
any
	other person or entity.
	
	--
	Fedora-directory-users mailing list
	Fedora-directory-users at redhat.com
	https://www.redhat.com/mailman/listinfo/fedora-directory-users
	
	
	
	Ahh, I think I found it for the idle connections.
	Thanks for the pointer, I appreciate it.
	

	James
	
	CONFIDENTIALITY
	This e-mail message and any attachments thereto, is intended
only for use by the addressee(s) named herein and may contain legally
privileged and/or confidential information. If you are not the intended
recipient of this e-mail message, you are hereby notified that any
dissemination, distribution or copying of this e-mail message, and any
attachments thereto, is strictly prohibited.  If you have received this
e-mail message in error, please immediately notify the sender and
permanently delete the original and any copies of this email and any
prints thereof.
	ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS
E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING.  Notwithstanding
the Uniform Electronic Transactions Act or the applicability of any
other law of similar substance and effect, absent an express statement
to the contrary hereinabove, this e-mail message its contents, and any
attachments hereto are not intended to represent an offer or acceptance
to enter into a contract and are not otherwise intended to bind the
sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any
other person or entity.
	
	--
	Fedora-directory-users mailing list
	Fedora-directory-users at redhat.com
	https://www.redhat.com/mailman/listinfo/fedora-directory-users
	



CONFIDENTIALITY
This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited.  If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof.
ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING.  Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090226/6bbff67b/attachment.htm>

More information about the Fedora-directory-users mailing list