On Tue, 16 Nov 2010 14:09:58 -0500
Simo Sorce <sso...@redhat.com> wrote:
>
> This patch bumps up the default number of files allowed by default for
> directory server. This allows more clients and also reserves a bigger
> number of FDs (at least according to doc) for replication agreements
> and such things.
>
> Ticket 464.
Changed the patch to restore files on uninstall. Now 0016-2 depends on
0017 attached here too.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
>From 4e66fbf473bebe08daec18f59d68a0ba79ec7239 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Tue, 16 Nov 2010 12:45:21 -0500
Subject: [PATCH 2/3] Autotune directory server to use a greater number of files
This changes the system limits for the dirsrv user as well as
configuring DS to allow by default 8192 max files and 64 reserved
files (for replication indexes, etc..).
Fixes: https://fedorahosted.org/freeipa/ticket/464
---
install/share/Makefile.am | 1 +
install/share/ds-nfiles.ldif | 8 ++++
ipaserver/install/dsinstance.py | 70 ++++++++++++++++++++++++++++++++++++--
3 files changed, 75 insertions(+), 4 deletions(-)
create mode 100644 install/share/ds-nfiles.ldif
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 8fa84f9a844dd4a1993dfebd236d89db58f08e99..1e71ae804fe2fde659c69c4341768a8230c2f487 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -17,6 +17,7 @@ app_DATA = \
default-keytypes.ldif \
default-pwpolicy.ldif \
delegation.ldif \
+ ds-nfiles.ldif \
dns.ldif \
kerberos.ldif \
indices.ldif \
diff --git a/install/share/ds-nfiles.ldif b/install/share/ds-nfiles.ldif
new file mode 100644
index 0000000000000000000000000000000000000000..e97c1e63012e5874e21d51cc15774dba3c1b5e9a
--- /dev/null
+++ b/install/share/ds-nfiles.ldif
@@ -0,0 +1,8 @@
+dn: cn=config
+changetype: modify
+replace: nsslapd-maxdescriptors
+nsslapd-maxdescriptors: $NOFILES
+-
+replace: nsslapd-reservedescriptors
+nsslapd-reservedescriptors: 64
+-
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 761bae6935b551fc6a8d8ccdc1a85e710845d516..15847625771630782de23d654dc742d54f564265 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -185,10 +185,7 @@ class DsInstance(service.Service):
else:
self.suffix = None
- if fstore:
- self.fstore = fstore
- else:
- self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
+ self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
def create_instance(self, ds_user, realm_name, fqdn, domain_name,
@@ -239,6 +236,7 @@ class DsInstance(service.Service):
self.step("creating default HBAC rule allow_all", self.add_hbac)
self.step("enabling compatibility plugin",
self.__enable_compat_plugin)
+ self.step("tuning directory server", self.__tuning)
self.step("configuring directory to start on boot", self.__enable)
@@ -532,6 +530,7 @@ class DsInstance(service.Service):
self.stop()
try:
+ self.fstore.restore_file("/etc/security/limits.conf")
self.fstore.restore_file("/etc/sysconfig/dirsrv")
except ValueError, error:
logging.debug(error)
@@ -603,3 +602,66 @@ class DsInstance(service.Service):
self.start()
return status
+
+ def tune_nofile(self, num=8192):
+ """
+ Increase the number of files descriptors available to directory server
+ from the default 1024 to 8192. This will allow to support a greater
+ number of clients out of the box.
+ """
+
+ # check limits.conf
+ need_limits = True
+ fd = open("/etc/security/limits.conf", "r")
+ lines = fd.readlines()
+ fd.close()
+ for line in lines:
+ sline = line.strip()
+ if not sline.startswith(self.ds_user):
+ continue
+ if sline.find('nofile') == -1:
+ continue
+ # ok we already have an explicit entry for user/nofile
+ need_limits = False
+
+ # check sysconfig/dirsrv
+ need_sysconf = True
+ fd = open("/etc/sysconfig/dirsrv", "r")
+ lines = fd.readlines()
+ fd.close()
+ for line in lines:
+ sline = line.strip()
+ if not sline.startswith('ulimit'):
+ continue
+ if sline.find('-n') == -1:
+ continue
+ # ok we already have an explicit entry for file limits
+ need_sysconf = False
+
+ #if sysconf or limits are set avoid messing up and defer to the admin
+ if need_sysconf and need_limits:
+ self.fstore.backup_file("/etc/security/limits.conf")
+ fd = open("/etc/security/limits.conf", "a+")
+ fd.write('%s\t\t-\tnofile\t\t%s\n' % (self.ds_user, str(num)))
+ fd.close()
+
+ fd = open("/etc/sysconfig/dirsrv", "a+")
+ fd.write('ulimit -n %s\n' % str(num))
+ fd.close()
+
+ else:
+ logging.info("Custom file limits are already set! Skipping\n")
+ print "Custom file limits are already set! Skipping\n"
+ return
+
+ # finally change also DS configuration
+ # NOTE: dirsrv will not allow you to set max file descriptors unless
+ # the user limits allow it, so we have to restart dirsrv before
+ # attempting to change them in cn=config
+ self.__restart_instance()
+
+ nf_sub_dict = dict(NOFILES=str(num))
+ self._ldap_mod("ds-nfiles.ldif", nf_sub_dict)
+
+ def __tuning(self):
+ self.tune_nofile(8192)
--
1.7.3.2
>From 17bc86b5da0e158523068df086bc5a1bd72fe34f Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Wed, 17 Nov 2010 12:25:01 -0500
Subject: [PATCH 1/3] Save and restore on uninstall ds related config files
---
ipaserver/install/dsinstance.py | 14 ++++++++++++++
ipaserver/install/krbinstance.py | 1 -
2 files changed, 14 insertions(+), 1 deletions(-)
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 830228daa0002bd2ef1d4de9e6901f0bc222d2aa..761bae6935b551fc6a8d8ccdc1a85e710845d516 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -30,6 +30,7 @@ import time
import tempfile
from ipapython import ipautil
+from ipapython import sysrestore
import service
import installutils
@@ -184,6 +185,12 @@ class DsInstance(service.Service):
else:
self.suffix = None
+ if fstore:
+ self.fstore = fstore
+ else:
+ self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
+
+
def create_instance(self, ds_user, realm_name, fqdn, domain_name,
dm_password, pkcs12_info=None, self_signed_ca=False,
idstart=1100, idmax=999999, subject_base=None,
@@ -282,6 +289,7 @@ class DsInstance(service.Service):
def __create_instance(self):
self.backup_state("running", is_ds_running())
self.backup_state("serverid", self.serverid)
+ self.fstore.backup_file("/etc/sysconfig/dirsrv")
self.sub_dict['BASEDC'] = self.realm_name.split('.')[0].lower()
base_txt = ipautil.template_str(BASE_TEMPLATE, self.sub_dict)
@@ -523,6 +531,12 @@ class DsInstance(service.Service):
if not running is None:
self.stop()
+ try:
+ self.fstore.restore_file("/etc/sysconfig/dirsrv")
+ except ValueError, error:
+ logging.debug(error)
+ pass
+
if not enabled is None and not enabled:
self.chkconfig_off()
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index e0d040dce1e89bc64e97caeb72d7c2e52ba3bfd4..41c687897401473807480438257227aeebd5d680 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -514,7 +514,6 @@ class KrbInstance(service.Service):
self.fstore.backup_file("/etc/dirsrv/ds.keytab")
installutils.create_keytab("/etc/dirsrv/ds.keytab", ldap_principal)
- self.fstore.backup_file("/etc/sysconfig/dirsrv")
update_key_val_in_file("/etc/sysconfig/dirsrv", "export KRB5_KTNAME", "/etc/dirsrv/ds.keytab")
pent = pwd.getpwnam(self.ds_user)
os.chown("/etc/dirsrv/ds.keytab", pent.pw_uid, pent.pw_gid)
--
1.7.3.2
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
