Re: [Freeipa-devel] [PATCH 0091] Perform dirsrv tuning at platform level
On 08/23/2013 07:50 PM, Nathaniel McCallum wrote: On Thu, 2013-08-22 at 17:23 +0200, Tomas Babej wrote: On 08/20/2013 06:40 PM, Nathaniel McCallum wrote: On Mon, 2013-08-19 at 14:48 +0200, Tomas Babej wrote: Hi, When configuring the 389 Directory Server instance, we tune it so that number of file descriptors available to the DS is increased from the default 1024 to 8192. There are platform specific steps that need to be conducted differently on systemd compatible platforms and sysV compatible platforms. systemd: set LimitNOFILE to 8192 in /etc/sysconfig/dirsrv.systemd sysV: set ulimit -n 8192 in /etc/sysconfig/dirsrv set ulimit - nofile 8192 in /etc/security/limits.conf https://fedorahosted.org/freeipa/ticket/3823 I'd prefer the use of 'with' in the RedHatDirectoryService: # check limits.conf need_limits = True with open(/etc/security/limits.conf) as f: for line in f: sline = line.strip() if not sline.startswith(DS_USER): continue if sline.find('nofile') == -1: continue # ok we already have an explicit entry for user/nofile need_limits = False ... and ... with open(/etc/sysconfig/dirsrv, a+) as f: f.write('ulimit -n %s\n' % str(num)) Nathaniel Fixed and I did some additional refactoring in the code. Attached. ACK Pushed to master, ipa-3-3 master: 6961cf2e77cca8f3784a6d82cebeb0bb8df1f535 ipa-3-3: 509e579472800a75fccb89c9fb83614744d80c87 -- PetrĀ³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0091] Perform dirsrv tuning at platform level
On Thu, 2013-08-22 at 17:23 +0200, Tomas Babej wrote: On 08/20/2013 06:40 PM, Nathaniel McCallum wrote: On Mon, 2013-08-19 at 14:48 +0200, Tomas Babej wrote: Hi, When configuring the 389 Directory Server instance, we tune it so that number of file descriptors available to the DS is increased from the default 1024 to 8192. There are platform specific steps that need to be conducted differently on systemd compatible platforms and sysV compatible platforms. systemd: set LimitNOFILE to 8192 in /etc/sysconfig/dirsrv.systemd sysV: set ulimit -n 8192 in /etc/sysconfig/dirsrv set ulimit - nofile 8192 in /etc/security/limits.conf https://fedorahosted.org/freeipa/ticket/3823 I'd prefer the use of 'with' in the RedHatDirectoryService: # check limits.conf need_limits = True with open(/etc/security/limits.conf) as f: for line in f: sline = line.strip() if not sline.startswith(DS_USER): continue if sline.find('nofile') == -1: continue # ok we already have an explicit entry for user/nofile need_limits = False ... and ... with open(/etc/sysconfig/dirsrv, a+) as f: f.write('ulimit -n %s\n' % str(num)) Nathaniel Fixed and I did some additional refactoring in the code. Attached. ACK ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0091] Perform dirsrv tuning at platform level
On 08/20/2013 06:40 PM, Nathaniel McCallum wrote: On Mon, 2013-08-19 at 14:48 +0200, Tomas Babej wrote: Hi, When configuring the 389 Directory Server instance, we tune it so that number of file descriptors available to the DS is increased from the default 1024 to 8192. There are platform specific steps that need to be conducted differently on systemd compatible platforms and sysV compatible platforms. systemd: set LimitNOFILE to 8192 in /etc/sysconfig/dirsrv.systemd sysV: set ulimit -n 8192 in /etc/sysconfig/dirsrv set ulimit - nofile 8192 in /etc/security/limits.conf https://fedorahosted.org/freeipa/ticket/3823 I'd prefer the use of 'with' in the RedHatDirectoryService: # check limits.conf need_limits = True with open(/etc/security/limits.conf) as f: for line in f: sline = line.strip() if not sline.startswith(DS_USER): continue if sline.find('nofile') == -1: continue # ok we already have an explicit entry for user/nofile need_limits = False ... and ... with open(/etc/sysconfig/dirsrv, a+) as f: f.write('ulimit -n %s\n' % str(num)) Nathaniel Fixed and I did some additional refactoring in the code. Attached. -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From dcdac193cb609e2aa24b961de7ba6d800f5880e4 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Tue, 6 Aug 2013 17:09:15 +0200 Subject: [PATCH] Perform dirsrv tuning at platform level When configuring the 389 Directory Server instance, we tune it so that number of file descriptors available to the DS is increased from the default 1024 to 8192. There are platform specific steps that need to be conducted differently on systemd compatible platforms and sysV compatible platforms. systemd: set LimitNOFILE to 8192 in /etc/sysconfig/dirsrv.systemd sysV: set ulimit -n 8192 in /etc/sysconfig/dirsrv set ulimit - nofile 8192 in /etc/security/limits.conf https://fedorahosted.org/freeipa/ticket/3823 --- ipapython/platform/fedora16/service.py | 30 --- ipapython/platform/redhat/service.py | 64 ipaserver/install/dsinstance.py| 67 +++--- 3 files changed, 102 insertions(+), 59 deletions(-) diff --git a/ipapython/platform/fedora16/service.py b/ipapython/platform/fedora16/service.py index bceb87cd5bb2111d5c3460ddcd9940edee5443f4..297e68332df0375d51f7bbf971a05b05339a84af 100644 --- a/ipapython/platform/fedora16/service.py +++ b/ipapython/platform/fedora16/service.py @@ -21,7 +21,7 @@ import os import time from ipapython import ipautil, dogtag -from ipapython.platform import base, redhat +from ipapython.platform import base from ipapython.platform.base import systemd from ipapython.platform.fedora16 import selinux from ipapython.ipa_log_manager import root_logger @@ -78,20 +78,38 @@ class Fedora16Service(systemd.SystemdService): # If we wouldn't do this, our instances will not be started as systemd would # not have any clue about instances (PKI-IPA and the domain we serve) at all. # Thus, hook into dirsrv.restart(). + + class Fedora16DirectoryService(Fedora16Service): -def enable(self, instance_name=): -super(Fedora16DirectoryService, self).enable(instance_name) + +def tune_nofile_platform(self, num=8192, fstore=None): + +Increase the number of files descriptors available to directory server +from the default 1024 to 8192. This will allow to support a greater +number of clients out of the box. + +This is a part of the implementation that is systemd-specific. + +Returns False if the setting of the nofile limit needs to be skipped. + + dirsrv_systemd = /etc/sysconfig/dirsrv.systemd + if os.path.exists(dirsrv_systemd): # We need to enable LimitNOFILE=8192 in the dirsrv@.service # Since 389-ds-base-1.2.10-0.8.a7 the configuration of the # service parameters is performed via # /etc/sysconfig/dirsrv.systemd file which is imported by systemd # into dirsrv@.service unit -replacevars = {'LimitNOFILE':'8192'} -ipautil.inifile_replace_variables(dirsrv_systemd, 'service', replacevars=replacevars) +replacevars = {'LimitNOFILE': str(num)} +ipautil.inifile_replace_variables(dirsrv_systemd, + 'service', + replacevars=replacevars) selinux.restore_context(dirsrv_systemd) -ipautil.run([/bin/systemctl, --system, daemon-reload],raiseonerr=False) +ipautil.run([/bin/systemctl, --system, daemon-reload], +raiseonerr=False) + +return True def restart(self, instance_name=, capture_output=True, wait=True): if len(instance_name) 0: diff --git
Re: [Freeipa-devel] [PATCH 0091] Perform dirsrv tuning at platform level
On Mon, 2013-08-19 at 14:48 +0200, Tomas Babej wrote: Hi, When configuring the 389 Directory Server instance, we tune it so that number of file descriptors available to the DS is increased from the default 1024 to 8192. There are platform specific steps that need to be conducted differently on systemd compatible platforms and sysV compatible platforms. systemd: set LimitNOFILE to 8192 in /etc/sysconfig/dirsrv.systemd sysV: set ulimit -n 8192 in /etc/sysconfig/dirsrv set ulimit - nofile 8192 in /etc/security/limits.conf https://fedorahosted.org/freeipa/ticket/3823 I'd prefer the use of 'with' in the RedHatDirectoryService: # check limits.conf need_limits = True with open(/etc/security/limits.conf) as f: for line in f: sline = line.strip() if not sline.startswith(DS_USER): continue if sline.find('nofile') == -1: continue # ok we already have an explicit entry for user/nofile need_limits = False ... and ... with open(/etc/sysconfig/dirsrv, a+) as f: f.write('ulimit -n %s\n' % str(num)) Nathaniel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH 0091] Perform dirsrv tuning at platform level
Hi, When configuring the 389 Directory Server instance, we tune it so that number of file descriptors available to the DS is increased from the default 1024 to 8192. There are platform specific steps that need to be conducted differently on systemd compatible platforms and sysV compatible platforms. systemd: set LimitNOFILE to 8192 in /etc/sysconfig/dirsrv.systemd sysV: set ulimit -n 8192 in /etc/sysconfig/dirsrv set ulimit - nofile 8192 in /etc/security/limits.conf https://fedorahosted.org/freeipa/ticket/3823 -- Tomas Babej Associate Software Engeneer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From 30cf5bf24a4ca52ec8dcc9c7c79c0b92608e Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Tue, 6 Aug 2013 17:09:15 +0200 Subject: [PATCH] Perform dirsrv tuning at platform level When configuring the 389 Directory Server instance, we tune it so that number of file descriptors available to the DS is increased from the default 1024 to 8192. There are platform specific steps that need to be conducted differently on systemd compatible platforms and sysV compatible platforms. systemd: set LimitNOFILE to 8192 in /etc/sysconfig/dirsrv.systemd sysV: set ulimit -n 8192 in /etc/sysconfig/dirsrv set ulimit - nofile 8192 in /etc/security/limits.conf https://fedorahosted.org/freeipa/ticket/3823 --- ipapython/platform/fedora16/service.py | 30 --- ipapython/platform/redhat/service.py | 69 ++ ipaserver/install/dsinstance.py| 67 +++-- 3 files changed, 107 insertions(+), 59 deletions(-) diff --git a/ipapython/platform/fedora16/service.py b/ipapython/platform/fedora16/service.py index bceb87cd5bb2111d5c3460ddcd9940edee5443f4..297e68332df0375d51f7bbf971a05b05339a84af 100644 --- a/ipapython/platform/fedora16/service.py +++ b/ipapython/platform/fedora16/service.py @@ -21,7 +21,7 @@ import os import time from ipapython import ipautil, dogtag -from ipapython.platform import base, redhat +from ipapython.platform import base from ipapython.platform.base import systemd from ipapython.platform.fedora16 import selinux from ipapython.ipa_log_manager import root_logger @@ -78,20 +78,38 @@ class Fedora16Service(systemd.SystemdService): # If we wouldn't do this, our instances will not be started as systemd would # not have any clue about instances (PKI-IPA and the domain we serve) at all. # Thus, hook into dirsrv.restart(). + + class Fedora16DirectoryService(Fedora16Service): -def enable(self, instance_name=): -super(Fedora16DirectoryService, self).enable(instance_name) + +def tune_nofile_platform(self, num=8192, fstore=None): + +Increase the number of files descriptors available to directory server +from the default 1024 to 8192. This will allow to support a greater +number of clients out of the box. + +This is a part of the implementation that is systemd-specific. + +Returns False if the setting of the nofile limit needs to be skipped. + + dirsrv_systemd = /etc/sysconfig/dirsrv.systemd + if os.path.exists(dirsrv_systemd): # We need to enable LimitNOFILE=8192 in the dirsrv@.service # Since 389-ds-base-1.2.10-0.8.a7 the configuration of the # service parameters is performed via # /etc/sysconfig/dirsrv.systemd file which is imported by systemd # into dirsrv@.service unit -replacevars = {'LimitNOFILE':'8192'} -ipautil.inifile_replace_variables(dirsrv_systemd, 'service', replacevars=replacevars) +replacevars = {'LimitNOFILE': str(num)} +ipautil.inifile_replace_variables(dirsrv_systemd, + 'service', + replacevars=replacevars) selinux.restore_context(dirsrv_systemd) -ipautil.run([/bin/systemctl, --system, daemon-reload],raiseonerr=False) +ipautil.run([/bin/systemctl, --system, daemon-reload], +raiseonerr=False) + +return True def restart(self, instance_name=, capture_output=True, wait=True): if len(instance_name) 0: diff --git a/ipapython/platform/redhat/service.py b/ipapython/platform/redhat/service.py index 61511b4899721869a015abfccb945660faa0aacf..a07ea2d94d21817e145109353cc408a2f12c45a0 100644 --- a/ipapython/platform/redhat/service.py +++ b/ipapython/platform/redhat/service.py @@ -25,6 +25,7 @@ from ipapython.ipa_log_manager import root_logger from ipapython.platform import base from ipalib import api + class RedHatService(base.PlatformService): def __wait_for_open_ports(self, instance_name=): @@ -107,11 +108,79 @@ class RedHatHTTPDService(RedHatService): time.sleep(5) self.start(instance_name, capture_output, wait) + +class