Andrey,
Thanks this actually helps alot towards my understanding. Appreciate the
information, that logconv.pl is slick!
James
Hi,
we use following approaches:
1. we limit the idle connection time "net.ipv4.tcp_keepalive_time = ..."
in /etc/sysctl.conf
2. fs.file-max = 65000 in the same sysct.conf
3. In "/etc/profile" we have added the libe "ulimit -n 65000",
otherwise
/etc/init.d/dirsrv takes the value by default of 8192
4. echo "ldap hard nofile 65000" >>
/etc/security/limits.conf
echo "ldap soft nofile 65000" >>
/etc/security/limits.conf
echo "ldap hard core 64" >>
/etc/security/limits.conf
echo "ldap soft core 64" >>
/etc/security/limits.conf
echo "root hard nofile 65000" >>
/etc/security/limits.conf
echo "root soft nofile 65000" >>
/etc/security/limits.conf
echo "root hard core 64" >>
/etc/security/limits.conf
echo "root soft core 64" >>
/etc/security/limits.conf
5. verification of unindexed searches ("notes=U")
6. nsscache on clients
we have approx 180 clients, and even without nsscache about 300 conns in
parallel are ok...
You can also use logconv.pl -V logfile to analyse your logs and stats...
2009/2/26 Chavez, James R. <james.chavez(a)sanmina-sci.com>
Thanks, I think that may be our issue. Can I ask what parameters
you set
to accomplish this?
And also what is your "net.ipv4.tcp_keepalive_time" set to?
Thanks again
James
We had the same problem. We set the idle timeout, and it was
fixed. By
default it doesn't timeout connections. We are only doing
around 4K
transactions a minute, but the idle connections would constantly
grow to
1024. Once putting in the timeout we maintain only about 30
idle at a
time. We set our limit to 60 seconds.
-Kevin
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
Chavez,
James R.
Sent: Thursday, February 26, 2009 9:24 AM
To: General discussion list for the Fedora Directory server
project.
Subject: RE: [Fedora-directory-users] Too many FDS open
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
sigid@JINLab
Sent: Thursday, February 26, 2009 12:43 AM
To: General discussion list for the Fedora Directory server
project.
Subject: Re: [Fedora-directory-users] Too many FDS open
Chavez, James R. wrote:
Hello Rich, list,
Earlier today we started getting this error in our FDS error
log
repeatedly. Obviously connections were being refused at this
point. I
had to restart the directory server for the server to function
again.
Prior to releasing this box into production I did set the
parameters
according to the Installation guide specifications. The output
of
"ulimit -n" is 8192. The output of "sysctl -p" is
below.(I
increased
fs.file-max from 64000)Does anything look off?
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 300
fs.file-max = 128000
net.ipv4.ip_local_port_range = 1024 65000
I also changed the setting in the config from
nsslapd-maxdescriptors: 1024 to
nsslapd-maxdescriptors: 8192
Is there a way to tweak these settings so that this will not
happen in
the future?
This is a dedicated consumer or read only replica.
Directory size is roughly 20,000 users.
We are running FC9 and FDS 1.1.1-3.
We are lacking in RAM but look to improve on that shortly.
I do see on the web past posts to this list regarding this
error, I am
currently looking through them. Is there anyone out there that
has
experienced this and gotten past it?
Thanks
James
[25/Feb/2009:13:30:08 -0600] - Not listening for new
connections - too
many fds open
[25/Feb/2009:13:30:08 -0600] - Listening for new connections
again
[25/Feb/2009:13:30:08 -0600] - Not listening for new
connections - too
many fds open
[25/Feb/2009:13:30:08 -0600] - Listening for new connections
again
Is your client using windows OS? is there any posibilities that
it could
be virus replicating and distributing it self into networks?
If storing file on domain/networks using FDS for authentication,
the
frequently authentication process should cause the "too many fds
open".
--
We are using all Linux clients. I would not think it would be
virus
related. This implementation is actually replacing Windows.
This box is the authentication source for all the Linux clients.
What effect if any does replication have on fds or file
descriptors..
Thanks
James
CONFIDENTIALITY
This e-mail message and any attachments thereto, is intended
only for
use by the addressee(s) named herein and may contain legally
privileged
and/or confidential information. If you are not the intended
recipient
of this e-mail message, you are hereby notified that any
dissemination,
distribution or copying of this e-mail message, and any
attachments
thereto, is strictly prohibited. If you have received this
e-mail
message in error, please immediately notify the sender and
permanently
delete the original and any copies of this email and any prints
thereof.
ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS
E-MAIL IS
NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the
Uniform
Electronic Transactions Act or the applicability of any other
law of
similar substance and effect, absent an express statement to the
contrary hereinabove, this e-mail message its contents, and any
attachments hereto are not intended to represent an offer or
acceptance
to enter into a contract and are not otherwise intended to bind
the
sender, Sanmina-SCI Corporation (or any of its subsidiaries), or
any
other person or entity.
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
Ahh, I think I found it for the idle connections.
Thanks for the pointer, I appreciate it.
James
CONFIDENTIALITY
This e-mail message and any attachments thereto, is intended
only for use by the addressee(s) named herein and may contain legally
privileged and/or confidential information. If you are not the intended
recipient of this e-mail message, you are hereby notified that any
dissemination, distribution or copying of this e-mail message, and any
attachments thereto, is strictly prohibited. If you have received this
e-mail message in error, please immediately notify the sender and
permanently delete the original and any copies of this email and any
prints thereof.
ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS
E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding
the Uniform Electronic Transactions Act or the applicability of any
other law of similar substance and effect, absent an express statement
to the contrary hereinabove, this e-mail message its contents, and any
attachments hereto are not intended to represent an offer or acceptance
to enter into a contract and are not otherwise intended to bind the
sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any
other person or entity.
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
CONFIDENTIALITY
This e-mail message and any attachments thereto, is intended only for use by the
addressee(s) named herein and may contain legally privileged and/or confidential
information. If you are not the intended recipient of this e-mail message, you are hereby
notified that any dissemination, distribution or copying of this e-mail message, and any
attachments thereto, is strictly prohibited. If you have received this e-mail message in
error, please immediately notify the sender and permanently delete the original and any
copies of this email and any prints thereof.
ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A
SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the
applicability of any other law of similar substance and effect, absent an express
statement to the contrary hereinabove, this e-mail message its contents, and any
attachments hereto are not intended to represent an offer or acceptance to enter into a
contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or
any of its subsidiaries), or any other person or entity.