John Moyer wrote:

So I've been preparing my infrastructure for a big change from an older
openldap system to a nice new IPA server.  I have a redundant secondary
server and snapshots taken daily.   I populated all my user data into
IPA, and gave the users a week to set a password.  They all did this and
the big switch was this past weekend.   We had done previous tests on
each server and it all worked.   We switched this past weekend and it
worked great.

This morning a light load hit it (since I've only put a small fraction
of our servers on it about 15) and the primary came to it's knees.
  Processor spiked, and logs started to fill (didn't fill at this
point).   I then decided it's probably a glitch (I'm an optimist) so I
restarted IPA services.   They all restarted except for named which
crashed (which then caused everything to stop).  I looked and now the
disk was full.   So I trash the logs (had no easy place to put them at
the time which I regret now) and I restart the services again.   IPA
fully crashes now (didn't even start the DIRSRV for my domain).

What error do you see in the 389-ds error log when the server fails to start?

So here are my questions:

1. Any idea what caused this?  Any performance issues that have been seen?

No, the logs would have really helped here. I don't recall any other reports like this.

2. Are the connection settings for IPA good out of the box?   I ask
because in RHDS (in the first versions I used) the default connection
timeouts were a MAJOR issue, I used to run a network of 400 servers and
I had to set the time-outs to >30sec which made my servers run really
really well, but if I used the 60 min defaults they also would come to
their knees.  Is there a buried setting like this?  (However, I must
admit there didn't seem like there were a lot of connections like when I
had the issue with the 400 servers years ago).

What does your IPA topology look like? How many clients are we talking about?

Also is there an easy place to set log rotation settings?  (If it's log
rotate just let me know, I just don't want to step on an internal app

It uses internal log rotation,


Freeipa-users mailing list

Reply via email to