So I've been preparing my infrastructure for a big change from an older 
openldap system to a nice new IPA server.  I have a redundant secondary server 
and snapshots taken daily.   I populated all my user data into IPA, and gave 
the users a week to set a password.  They all did this and the big switch was 
this past weekend.   We had done previous tests on each server and it all 
worked.   We switched this past weekend and it worked great.   

        This morning a light load hit it (since I've only put a small fraction 
of our servers on it about 15) and the primary came to it's knees.  Processor 
spiked, and logs started to fill (didn't fill at this point).   I then decided 
it's probably a glitch (I'm an optimist) so I restarted IPA services.   They 
all restarted except for named which crashed (which then caused everything to 
stop).  I looked and now the disk was full.   So I trash the logs (had no easy 
place to put them at the time which I regret now) and I restart the services 
again.   IPA fully crashes now (didn't even start the DIRSRV for my domain).

        So here are my questions:

        1. Any idea what caused this?  Any performance issues that have been 

        2. Are the connection settings for IPA good out of the box?   I ask 
because in RHDS (in the first versions I used) the default connection timeouts 
were a MAJOR issue, I used to run a network of 400 servers and I had to set the 
time-outs to >30sec which made my servers run really really well, but if I used 
the 60 min defaults they also would come to their knees.  Is there a buried 
setting like this?  (However, I must admit there didn't seem like there were a 
lot of connections like when I had the issue with the 400 servers years ago).  

        Also is there an easy place to set log rotation settings?  (If it's log 
rotate just let me know, I just don't want to step on an internal app rotate). 

John Moyer
Director, IT Operations

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Freeipa-users mailing list

Reply via email to