URL: https://github.com/freeipa/freeipa/pull/1114 Author: rcritten Title: #1114: Use 389-ds provided method for file limits tuning Action: opened
PR body: """ Previously IPA would set the LimitNOFILE value to 8192 to increase the number of concurrent clients. 389-ds-base does this by default as of 1.3.7.0. Remove the IPA-specific tuning and rely on the out-of-the-box 389-ds-base tuning. Bump the required version of 389-ds-base to 1.3.7.0. Any other tuning added by 389-ds-base will result in a dirsrv.systemd.rpmsave file which admins will need to merge in manually, like typical .rpmsave config changes. https://pagure.io/freeipa/issue/6994 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1114/head:pr1114 git checkout pr1114
From f306e4e0f89c1a9bf1a05a270077293606d8c8cd Mon Sep 17 00:00:00 2001 From: Rob Crittenden <rcrit...@redhat.com> Date: Wed, 27 Sep 2017 10:31:37 -0400 Subject: [PATCH] Use 389-ds provided method for file limits tuning Previously IPA would set the LimitNOFILE value to 8192 to increase the number of concurrent clients. 389-ds-base does this by default as of 1.3.7.0. Remove the IPA-specific tuning and rely on the out-of-the-box 389-ds-base tuning. Bump the required version of 389-ds-base to 1.3.7.0. Any other tuning added by 389-ds-base will result in a dirsrv.systemd.rpmsave file which admins will need to merge in manually, like typical .rpmsave config changes. https://pagure.io/freeipa/issue/6994 --- freeipa.spec.in | 4 ++-- ipaplatform/debian/services.py | 4 ---- ipaplatform/redhat/services.py | 28 ---------------------------- ipaserver/install/dsinstance.py | 25 ------------------------- 4 files changed, 2 insertions(+), 59 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 6d992ba151..d28d7a8d1b 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -283,7 +283,7 @@ Requires: python3-ipaserver = %{version}-%{release} %else Requires: python2-ipaserver = %{version}-%{release} %endif -Requires: 389-ds-base >= 1.3.5.14 +Requires: 389-ds-base >= 1.3.7.0 Requires: openldap-clients > 2.4.35-4 Requires: nss >= 3.14.3-12.0 Requires: nss-tools >= 3.14.3-12.0 @@ -322,7 +322,7 @@ Requires: policycoreutils >= 2.1.12-5 Requires: tar # certmonger-0.79.4-2 fixes newlines in PEM files Requires(pre): certmonger >= 0.79.4-2 -Requires(pre): 389-ds-base >= 1.3.5.14 +Requires(pre): 389-ds-base >= 1.3.7.0 Requires: fontawesome-fonts Requires: open-sans-fonts Requires: openssl diff --git a/ipaplatform/debian/services.py b/ipaplatform/debian/services.py index 5eef5ff8a5..54fc84a57f 100644 --- a/ipaplatform/debian/services.py +++ b/ipaplatform/debian/services.py @@ -121,10 +121,6 @@ def install(): def remove(): return True - @staticmethod - def tune_nofile_platform(): - return True - # For services which have no Debian counterpart class DebianNoService(base_services.PlatformService): diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py index 8840807fdf..0d8be0ffd4 100644 --- a/ipaplatform/redhat/services.py +++ b/ipaplatform/redhat/services.py @@ -93,34 +93,6 @@ def __init__(self, service_name, api=None): class RedHatDirectoryService(RedHatService): - def tune_nofile_platform(self, num=8192, fstore=None): - """ - Increase the number of files descriptors available to directory server - from the default 1024 to 8192. This will allow to support a greater - number of clients out of the box. - - This is a part of the implementation that is systemd-specific. - - Returns False if the setting of the nofile limit needs to be skipped. - """ - - if os.path.exists(paths.SYSCONFIG_DIRSRV_SYSTEMD): - # We need to enable LimitNOFILE=8192 in the dirsrv@.service - # Since 389-ds-base-1.2.10-0.8.a7 the configuration of the - # service parameters is performed via - # /etc/sysconfig/dirsrv.systemd file which is imported by systemd - # into dirsrv@.service unit - - replacevars = {'LimitNOFILE': str(num)} - ipautil.inifile_replace_variables(paths.SYSCONFIG_DIRSRV_SYSTEMD, - 'service', - replacevars=replacevars) - tasks.restore_context(paths.SYSCONFIG_DIRSRV_SYSTEMD) - ipautil.run(["/bin/systemctl", "--system", "daemon-reload"], - raiseonerr=False) - - return True - def is_installed(self, instance_name): file_path = "{}/{}-{}".format(paths.ETC_DIRSRV, "slapd", instance_name) return os.path.exists(file_path) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 4ec6ceed5a..65762e72b7 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -288,7 +288,6 @@ def __common_post_setup(self): self.step("adding replication acis", self.__add_replication_acis) self.step("activating sidgen plugin", self._add_sidgen_plugin) self.step("activating extdom plugin", self._add_extdom_plugin) - self.step("tuning directory server", self.__tuning) self.step("configuring directory to start on boot", self.__enable) @@ -1135,30 +1134,6 @@ def add_ca_cert(self, cacert_fname, cacert_name=''): return status - def tune_nofile(self, num=8192): - """ - Increase the number of files descriptors available to directory server - from the default 1024 to 8192. This will allow to support a greater - number of clients out of the box. - """ - - # Do the platform-specific changes - proceed = services.knownservices.dirsrv.tune_nofile_platform( - num=num, fstore=self.fstore) - - if proceed: - # finally change also DS configuration - # NOTE: dirsrv will not allow you to set max file descriptors unless - # the user limits allow it, so we have to restart dirsrv before - # attempting to change them in cn=config - self.__restart_instance() - - nf_sub_dict = dict(NOFILES=str(num)) - self._ldap_mod("ds-nfiles.ldif", nf_sub_dict) - - def __tuning(self): - self.tune_nofile(8192) - def __root_autobind(self): self._ldap_mod("root-autobind.ldif", ldap_uri="ldap://localhost",
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org