Le lundi 08 janvier 2007 à 10:52 -0500, Jason Chase a écrit :
> I'm having a problem I thought I had resolved.
> Jan 8 10:20:16 alpha slapd[21093]: warning: cannot open /etc/
> hosts.allow: Too many open files
This is a classic problem.
However, it's confusing, as it's not really "too many open files", but
rather "too many opened connections".
> Has anyone else run into this problem? I know how to increase the
> number of allowed file handles. What is the best way to determine
> what has all the files opened? This server runs LDAP, bind and
> DHCP. It is mirrored by another server with an identical
> configuration. Both are Redhat ES 4.
- To find opened files (or sockets)
ls /proc/`pidof slapd`/fd|wc -l
- To list all connections on the LDAP server by IP address:
netstat -puant | grep slapd|grep EST|awk '{print $5}'|cut -d':' -f 1|
sort|uniq -dc|sort -n
- To find the maximum number of open files for the ldap user, change the
ldap user shell in /etc/passwd for /bin/bash, then su to the ldap user
and execute "ulimit -n". By default, it's 1024.
How to get rid of the problem:
1) make sure you use NSCD on *every* machine that uses nss_ldap, and use
a big cache (by default, it uses only 211 entries). If you don't use
nscd, nss_ldap will use *a lot* of ldap connections, which eat file
descriptors on your ldap server.
2) In your /etc/init.d/ldap script, before the daemon() line, add
"ulimit -n 4096".
These two steps really make a difference, but sometimes, it's not
enough:
3) On a 2.4 kernel LDAP uses select() by default, which is limited to
1024 connections, no matter what ulimit says. When OpenLDAP runs on a
2.6 kernel, it can use epoll(), which can go up to 64,000 connections.
(Note: it has to be compiled on a 2.6 kernel as well)
4) Redhat's OpenLDAP version is an old one, and I found out it really
doesn't scale well. The best RPM out there is the one from Buchan Milne,
which is standard on Mandriva, but can also be recompiled for RedHat. I
have this setup on a school board, about 50 schools and 30,000 users,
and it works great.
Don't hesitate to contact me for more information. And if you're really
stuck, I'm just a hundred miles up north ;-)
--
Jean-Michel Dault <[EMAIL PROTECTED]>
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
