Kambiz Aghaiepour wrote:
I'm seeing our IPA replicas periodically failing with errors of:

[08/Nov/2010:08:12:02 -0500] - Not listening for new connections - too
many fds open
[08/Nov/2010:08:12:02 -0500] - Listening for new connections again
[08/Nov/2010:08:12:02 -0500] - Not listening for new connections - too
many fds open
[08/Nov/2010:08:12:02 -0500] - Listening for new connections again

It's not clear to me what's triggering this condition.
You have too many connections to the directory server and it is running out of file descriptors. You'll have to increase the number of file descriptors the directory server can use, or figure out if there are "rogue" clients opening too many connections but not closing them properly. You can use logconv.pl to analyze your access logs. See also http://directory.fedoraproject.org/wiki/Performance_Tuning#Linux and man sysctl - the parameter fs.file-max
When it happens,
we're restarting services on the replica (ipactl restart), and things go
back to normal for several days, until the next failure. I notice the
following during "normal" running of services :

NSMMReplicationPlugin - repl_set_mtn_referrals: could not set referrals
for replica dc=example,dc=org: 1
I think this is benign (but annoying)
(on both the consumers and provider).  Is this an error I should worry
about ?

Kambiz

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to