On 22/07/15 17:13, German Parente wrote:
Hi Martin,

imho, nsslapd-db-locks is an "advanced" parameter and should be set by customer 
at RHDS level, not at replica creation.

The problem we have had at customer site is that the default was not enough to 
do the replication total update. So, replica creation was failing and we 
couldn't workaround it but by changing the dse template.

What I was thinking, since any node in IPA is rather identical, and keeps the 
same database, is that some settings could be copied from master replica.

To explain a little bit my idea, if I configure a master node with, for instance, some 
"cache" settings or "maximum number of locks", it's clear that I would like all 
the other nodes with similar settings since the db they will contain is the same.

So, if I configure master to have some particular number of db-locks or 
particular cache size, why not helping the customer to have the same values in 
all their nodes ? Ok, we could think that he could have a different 
hardware/resources by node but in general, it would be reasonable to keep those 
settings through all the nodes.

The problem of the initial value for db-locks is not still solved (Ludwig could probably 
give a hint here) but having this sort of "configuration copy", in a future 
situation, we could ask the customer to, eventually, change the db locks at master node 
side, and this will be propagated to all nodes to have, in this case, total update 

We do not support this kind of central configuration (yet?). Changes in cn=config tree are local only, and currently IPA has no way how to change that on all replicas at once, so that value will not be in sync with other replicas. And also DS must be in shutdown state to be able to change the db locks value, this is even level above.

Of course, I don't know the internals and scenarios enough to see if this could 
be reasonable to implement or if there's any drawback.

Thanks and regards,


I would wait for Ludwig investigation/recommendation, which solution use.

----- Original Message -----
From: "Martin Basti" <mba...@redhat.com>
To: "freeipa-devel" <freeipa-devel@redhat.com>, "German Parente" 
Sent: Wednesday, July 22, 2015 3:56:37 PM
Subject: [PATCH 0293] Allow to set number of DB locks during install

Hello all,

I attached WIP patch to solve https://fedorahosted.org/freeipa/ticket/4949

I received several suggestions:

1) (implemented in patch) is to add the option --db-locks to installer
(maybe as hidden option)

2) Configure the nsslapd-db-locks to higher value as default (what is
the right value?)

3) Combination of 1and 2: set default higher value and also have hidden
option to allow configure higher number of locks during install

Comments are more than welcome :-)

Martin Basti

Martin Basti

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to