yes there seems to be something thats worrying.. I have faced this today as well. There are few hosts around 280 odd left and when i try adding them to IPA , the slowness begins..
all the ipa commands like ipa user-find.. etc becomes very slow in responding. the SYNC_RECV are not many though just around 80-90 and today that was around 20 only I have for now increased tcp_max_syn_backlog to 5000. For now the slowness seems to have gone.. but I will do a try adding the clients again tomorrow and see how it goes Thanks Rakesh The issues On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek <pspa...@redhat.com> wrote: > On 18.8.2016 17:23, Rakesh Rajasekharan wrote: > > Hi > > > > I am migrating to freeipa from openldap and have around 4000 clients > > > > I had openned a another thread on that, but chose to start a new one here > > as its a separate issue > > > > I was able to change the nssslapd-maxdescriptors adding an ldif file > > > > cat nsslapd-modify.ldif > > dn: cn=config > > changetype: modify > > replace: nsslapd-maxdescriptors > > nsslapd-maxdescriptors: 17000 > > > > and running the ldapmodify command > > > > I have now started moving clients running an openldap to Freeipa and have > > today moved close to 2000 clients > > > > However, I have noticed that IPA hangs intermittently. > > > > running a kinit admin returns the below error > > kinit: Generic error (see e-text) while getting initial credentials > > > > from the /var/log/messages, I see this entry > > > > prod-ipa-master-int kernel: [104090.315801] TCP: request_sock_TCP: > > Possible SYN flooding on port 88. Sending cookies. Check SNMP counters. > > I would be worried about this message. Maybe kernel/firewall is doing > something fishy behind your back and blocking some connections or so. > > Petr^2 Spacek > > > > Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started Session 4885 of > > user root. > > Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting Session 4885 of > > user root. > > Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started Session 4886 of > > user root. > > Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting Session 4886 of > > user root. > > Aug 18 13:02:40 prod-ipa-master-int python[28984]: ansible-command > Invoked > > with creates=None executable=None shell=True args= removes=None warn=True > > chdir=None > > Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error: Unspecified > GSS > > failure. Minor code may provide more information (KDC returned error > > string: PROCESS_TGS) > > > > Could it be possible that its due to the initial load of adding the > clients > > or is there something else that I need to take care of. > > > > Thanks, > > > > Rakesh > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project