On (21/01/15 11:22), Orion Poplawski wrote:
On 01/06/2015 05:06 PM, Orion Poplawski wrote:
> We're having some trouble with sssd on centos 7 under load on a VPS. 389ds
> ldap server for id/auth. Part may be an issue with the VPS, but I'm trying to
> track down all possible issues.
>
> Also, we realized that we were running in a bit of a bad state - the primary
> ldap server was not available, but the backup was.
> Trouble:
> (Tue Jan 6 22:30:31 2015) [sssd[be[default]]]
> [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request failed.
> (Tue Jan 6 22:30:31 2015) [sssd[be[default]]] [sdap_sys_connect_done]
> (0x0020): sdap_async_connect_call request failed.
I ended up filing
https://fedorahosted.org/sssd/ticket/2562 as it seems like
sssd's handling of the ldap connection is not ideal.
I checked strace log file and I can confirm you are right.
But I have no idea how to reproduce or fix it.
Output from strace is not sufficient.
We would need to see sssd log files with high debug_level.
You mentined the most problematic part of VPS is I/0.
So increasing debug_level can just complicate situation.
I can just give you an advice about *sync calls you mentioned in ticket.
It is not visible in strace log but fdatasync() and msync() are used on file
descriptor of sssd cache (/var/lib/sss/db/cache_*.ldb. They are used in ldb/tdb
for transactions.
If you do not need offline authentication you can mount tmpfs to directory
/var/lib/sss/db/.
tmpfs /var/lib/sss/db/ tmpfs
size=300M,mode=0700,noauto,rootcontext=system_u:object_r:sssd_var_lib_t:s0 0 0
LS