On 07/23/2015 09:56 AM, Sumit Bose wrote:
On Thu, Jul 23, 2015 at 09:18:43AM +0200, Torsten Harenberg wrote:
Hi Sumit,


The principal looks strange, I would at least expect the fully-qualified
name of the ipa server here. What does the 'hostname' command return? It
[root@ipa slapd-PLEIADES-UNI-WUPPERTAL-DE]# hostname
ipa.pleiades.uni-wuppertal.de

is expected that it will return the fully-qualified name. Additionally if
you added the ipa server to /etc/hosts please only use the
fully-qualified name to be on the safe side (iirc it is ok to have the
short name as a second name, but the fully-qualified one should be
always first).
I removed the entries vom /etc/hosts again.

The keytab file /etc/krb5.keytab looks strange here. Later on the right
one /etc/dirsrv/ds.keytab is used. Did you try to run the
/usr/sbin/ns-slapd binary manually at some time?

Yes.. once .. after it did not came up.

After another reboot, the system came up now.

But what I found is

https://fedorahosted.org/freeipa/ticket/2739

and indeed:

[root@ipa slapd-PLEIADES-UNI-WUPPERTAL-DE]# grep WARNING *
errors:[21/Jul/2015:17:15:21 +0200] - WARNING: cache too small,
increasing to 500K bytes
errors:[21/Jul/2015:17:15:21 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[21/Jul/2015:17:15:21 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[21/Jul/2015:17:15:21 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[21/Jul/2015:17:15:21 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[21/Jul/2015:17:15:21 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[21/Jul/2015:17:15:21 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[21/Jul/2015:17:15:21 +0200] - WARNING: userRoot: entry cache
size 512000B is less than db size 4177920B; We recommend to increase the
entry cache size nsslapd-cachememsize.
errors:[21/Jul/2015:17:15:21 +0200] - WARNING: changelog: entry cache
size 512000B is less than db size 18096128B; We recommend to increase
the entry cache size nsslapd-cachememsize.
errors:[22/Jul/2015:11:03:31 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[22/Jul/2015:11:03:31 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[22/Jul/2015:11:03:31 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[22/Jul/2015:11:03:31 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[22/Jul/2015:11:03:31 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[22/Jul/2015:11:03:31 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[22/Jul/2015:11:03:31 +0200] - WARNING: userRoot: entry cache
size 512000B is less than db size 4218880B; We recommend to increase the
entry cache size nsslapd-cachememsize.
errors:[22/Jul/2015:11:03:31 +0200] - WARNING: changelog: entry cache
size 512000B is less than db size 27992064B; We recommend to increase
the entry cache size nsslapd-cachememsize.
errors:[23/Jul/2015:07:33:09 +0200] - WARNING: cache too small,
increasing to 500K bytes
errors:[23/Jul/2015:07:33:09 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[23/Jul/2015:07:33:09 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[23/Jul/2015:07:33:09 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[23/Jul/2015:07:33:09 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[23/Jul/2015:07:33:09 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[23/Jul/2015:07:33:09 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
I'm not a 389ds expert but in my setup nsslapd-cachememsize is set to
10M and since I didn't do any tuning I would expect that this is some
default.
yes, 10M should be the default. and OOM would be triggered by a memleak, not by the cache size.
Also the server seems to stop and start cleanly, and is not killed by oom


And what I see is that nodes occasionaly loose their users. I haven't
seen that the two month while testing (of course there were no real
users during that time, so I'm not 100% sure that it did not happen).

Could that be the cause of the trouble??
The users and groups are delivered to the system via SSSD. If SSSD loses
the connection to the IPA servers, e.g. because the server does not
respond, SSSD cannot lookup new users. Nevertheless SSSD has a cache and
users and groups are delivered from the cache in this case. But system
users which important for the services to run like the users dirsrv,
apache, pkiuser etc are defined in /etc/passwd. So I don't expect this
to bethe casue of the trouble.

bye,
Sumit

Kind regards,

   Torsten



--
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<>                                                              <>
<> Dr. Torsten Harenberg     harenb...@physik.uni-wuppertal.de  <>
<> Bergische Universitaet                                       <>
<> FB C - Physik             Tel.: +49 (0)202 439-3521          <>
<> Gaussstr. 20              Fax : +49 (0)202 439-2811          <>
<> 42097 Wuppertal                                              <>
<>                                                              <>
<><><><><><><>< Of course it runs NetBSD http://www.netbsd.org ><>

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to