On 9/5/21 11:45 PM, William Brown wrote:
On 3 Sep 2021, at 23:37, Michael Starling <[email protected]> wrote:
Given the current settings on a directory server I'm still seeing the errors
below in the logs at peak times.
"ERR - setup_pr_read_pds - Not listening for new connections - too many fds
open"
nsslapd-reservedescriptors: 64
nsslapd-maxdescriptors: 65535
nsslapd-conntablesize: 8192
At the OS level the ns-slapd process is set to 65535 as well.
Max open files 65535
After reading the RHDS documentation it's a bit unclear as to how these
parameters work together.
The conntablesize documentation states:
"The default value for nsslapd-conntablesize is the systems maxdescriptors which can
be confiured using nsslapd-maxdescriptors"
The documentation is wrong, conntablesize is cap by process
maxdescriptors. So I would expect the connection table to be 8192 as it
is lower than 65535. Do you know if when the message "too many fds open"
popup the number of open connections is higher than 8000 ?
regards
thierry
Now we look at the documentation for maxdescriptors:
The number of descriptors available for TCP/IP to serve client connections is
determined by nsslapd-conntablesize, and is equal to the nsslapd-maxdescriptors
attribute minus the number of file descriptors used by the server as specified
in the nsslapd-reservedescriptors attribute for non-client connections, such as
index management and managing replication. The nsslapd-reservedescriptors
attribute is the number of file descriptors available for other uses as
described above.
Based on the numbers currently set does this mean no action needs to be taken
as this implies maxdescriptors takes precedence over conntablesize?
Or should I set conntablesize to 65535-64 = 65471?
Perhaps there is a bug here if conntablesize is still set. Alternately, it
could have been set manually and the config upgrade code never kicked in.
It's probably best to increase this a bit carefully, adjust up conntablesize in
increments of 8192 until you stop having connection issues?
Hope that helps,
3.1.1.60. nsslapd-conntablesize
This attribute sets the connection table size, which determines the total
number of connections supported by the server.
The server has to be restarted for changes to this attribute to go into effect.
Parameter Description
Entry DN cn=config
Valid Values Operating-system dependent
Default Value The default value is the system's max descriptors, which can be
configured using the nsslapd-maxdescriptors attribute as described in Section
3.1.1.115, “nsslapd-maxdescriptors (Maximum File Descriptors)”
Syntax Integer
Example nsslapd-conntablesize: 4093
Increase the value of this attribute if Directory Server is refusing
connections because it is out of connection slots. When this occurs, the
Directory Server's error log file records the message Not listening for new
connections -- too many fds open.
A server restart is required for the change to take effect.
Thanks
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
--
Sincerely,
William Brown
Senior Software Engineer, Identity and Access Management
SUSE Labs, Australia
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
