Re: [Freeipa-devel] [PATCH] 0016 Tune directory server
On 11/18/2010 08:40 PM, Adam Young wrote: On 11/17/2010 04:26 PM, Simo Sorce wrote: On Tue, 16 Nov 2010 14:09:58 -0500 Simo Sorce wrote: This patch bumps up the default number of files allowed by default for directory server. This allows more clients and also reserves a bigger number of FDs (at least according to doc) for replication agreements and such things. Ticket 464. Changed the patch to restore files on uninstall. Now 0016-2 depends on 0017 attached here too. Simo. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Patched 17 failed to apply. Ran using git am as well as patch -p1 Here's the rej --- ipaserver/install/dsinstance.py +++ ipaserver/install/dsinstance.py @@ -185,6 +186,12 @@ else: self.suffix = None +if fstore: +self.fstore = fstore +else: +self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') + + def create_instance(self, ds_user, realm_name, fqdn, domain_name, dm_password, pkcs12_info=None, self_signed_ca=False, idstart=1100, idmax=99, subject_base=None, Tried patch 16-2 and it failed, too. Here's the rej --- ipaserver/install/dsinstance.py +++ ipaserver/install/dsinstance.py @@ -185,10 +185,7 @@ else: self.suffix = None -if fstore: -self.fstore = fstore -else: -self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') +self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') def create_instance(self, ds_user, realm_name, fqdn, domain_name, @@ -533,6 +531,7 @@ self.stop() try: +self.fstore.restore_file("/etc/security/limits.conf") self.fstore.restore_file("/etc/sysconfig/dirsrv") except ValueError, error: logging.debug(error) ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK and pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0016 Tune directory server
On 11/17/2010 04:26 PM, Simo Sorce wrote: On Tue, 16 Nov 2010 14:09:58 -0500 Simo Sorce wrote: This patch bumps up the default number of files allowed by default for directory server. This allows more clients and also reserves a bigger number of FDs (at least according to doc) for replication agreements and such things. Ticket 464. Changed the patch to restore files on uninstall. Now 0016-2 depends on 0017 attached here too. Simo. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Patched 17 failed to apply. Ran using git am as well as patch -p1 Here's the rej --- ipaserver/install/dsinstance.py +++ ipaserver/install/dsinstance.py @@ -185,6 +186,12 @@ else: self.suffix = None +if fstore: +self.fstore = fstore +else: +self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') + + def create_instance(self, ds_user, realm_name, fqdn, domain_name, dm_password, pkcs12_info=None, self_signed_ca=False, idstart=1100, idmax=99, subject_base=None, Tried patch 16-2 and it failed, too. Here's the rej --- ipaserver/install/dsinstance.py +++ ipaserver/install/dsinstance.py @@ -185,10 +185,7 @@ else: self.suffix = None -if fstore: -self.fstore = fstore -else: -self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') +self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') def create_instance(self, ds_user, realm_name, fqdn, domain_name, @@ -533,6 +531,7 @@ self.stop() try: +self.fstore.restore_file("/etc/security/limits.conf") self.fstore.restore_file("/etc/sysconfig/dirsrv") except ValueError, error: logging.debug(error) ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0016 Tune directory server
On Tue, 16 Nov 2010 14:09:58 -0500 Simo Sorce wrote: > > This patch bumps up the default number of files allowed by default for > directory server. This allows more clients and also reserves a bigger > number of FDs (at least according to doc) for replication agreements > and such things. > > Ticket 464. Changed the patch to restore files on uninstall. Now 0016-2 depends on 0017 attached here too. Simo. -- Simo Sorce * Red Hat, Inc * New York >From 4e66fbf473bebe08daec18f59d68a0ba79ec7239 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 16 Nov 2010 12:45:21 -0500 Subject: [PATCH 2/3] Autotune directory server to use a greater number of files This changes the system limits for the dirsrv user as well as configuring DS to allow by default 8192 max files and 64 reserved files (for replication indexes, etc..). Fixes: https://fedorahosted.org/freeipa/ticket/464 --- install/share/Makefile.am |1 + install/share/ds-nfiles.ldif|8 ipaserver/install/dsinstance.py | 70 -- 3 files changed, 75 insertions(+), 4 deletions(-) create mode 100644 install/share/ds-nfiles.ldif diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 8fa84f9a844dd4a1993dfebd236d89db58f08e99..1e71ae804fe2fde659c69c4341768a8230c2f487 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -17,6 +17,7 @@ app_DATA =\ default-keytypes.ldif \ default-pwpolicy.ldif \ delegation.ldif \ + ds-nfiles.ldif \ dns.ldif \ kerberos.ldif \ indices.ldif \ diff --git a/install/share/ds-nfiles.ldif b/install/share/ds-nfiles.ldif new file mode 100644 index ..e97c1e63012e5874e21d51cc15774dba3c1b5e9a --- /dev/null +++ b/install/share/ds-nfiles.ldif @@ -0,0 +1,8 @@ +dn: cn=config +changetype: modify +replace: nsslapd-maxdescriptors +nsslapd-maxdescriptors: $NOFILES +- +replace: nsslapd-reservedescriptors +nsslapd-reservedescriptors: 64 +- diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 761bae6935b551fc6a8d8ccdc1a85e710845d516..15847625771630782de23d654dc742d54f564265 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -185,10 +185,7 @@ class DsInstance(service.Service): else: self.suffix = None -if fstore: -self.fstore = fstore -else: -self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') +self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') def create_instance(self, ds_user, realm_name, fqdn, domain_name, @@ -239,6 +236,7 @@ class DsInstance(service.Service): self.step("creating default HBAC rule allow_all", self.add_hbac) self.step("enabling compatibility plugin", self.__enable_compat_plugin) +self.step("tuning directory server", self.__tuning) self.step("configuring directory to start on boot", self.__enable) @@ -532,6 +530,7 @@ class DsInstance(service.Service): self.stop() try: +self.fstore.restore_file("/etc/security/limits.conf") self.fstore.restore_file("/etc/sysconfig/dirsrv") except ValueError, error: logging.debug(error) @@ -603,3 +602,66 @@ class DsInstance(service.Service): self.start() return status + +def tune_nofile(self, num=8192): +""" +Increase the number of files descriptors available to directory server +from the default 1024 to 8192. This will allow to support a greater +number of clients out of the box. +""" + +# check limits.conf +need_limits = True +fd = open("/etc/security/limits.conf", "r") +lines = fd.readlines() +fd.close() +for line in lines: +sline = line.strip() +if not sline.startswith(self.ds_user): +continue +if sline.find('nofile') == -1: +continue +# ok we already have an explicit entry for user/nofile +need_limits = False + +# check sysconfig/dirsrv +need_sysconf = True +fd = open("/etc/sysconfig/dirsrv", "r") +lines = fd.readlines() +fd.close() +for line in lines: +sline = line.strip() +if not sline.startswith('ulimit'): +continue +if sline.find('-n') == -1: +continue +# ok we already have an explicit entry for file limits +need_sysconf = False + +#if sysconf or limits are set avoid messing up and defer to the admin +if need_sysconf and need_limits: +self.fstore.backup_file("/etc/security/limits.conf") +fd = open("/etc/security/limits.conf", "a+") +fd.write('%s\t\t-\tnofile\t\t%s\n' % (self.ds_user, str(num))) +fd.close() + +fd = open("/etc
[Freeipa-devel] [PATCH] 0016 Tune directory server
This patch bumps up the default number of files allowed by default for directory server. This allows more clients and also reserves a bigger number of FDs (at least according to doc) for replication agreements and such things. Ticket 464. Simo.>From 57afaef17e49e0d4e71ca219f2084c6598bb3026 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 16 Nov 2010 12:45:21 -0500 Subject: [PATCH] Autotune directory server to use a greater number of files This changes the system limits for the dirsrv user as well as configuring DS to allow by default 8192 max files and 64 reserved files (for replication indexes, etc..). Fixes: https://fedorahosted.org/freeipa/ticket/464 --- install/share/Makefile.am |1 + install/share/ds-nfiles.ldif|8 + ipaserver/install/dsinstance.py | 64 +++ 3 files changed, 73 insertions(+), 0 deletions(-) create mode 100644 install/share/ds-nfiles.ldif diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 8fa84f9a844dd4a1993dfebd236d89db58f08e99..1e71ae804fe2fde659c69c4341768a8230c2f487 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -17,6 +17,7 @@ app_DATA =\ default-keytypes.ldif \ default-pwpolicy.ldif \ delegation.ldif \ + ds-nfiles.ldif \ dns.ldif \ kerberos.ldif \ indices.ldif \ diff --git a/install/share/ds-nfiles.ldif b/install/share/ds-nfiles.ldif new file mode 100644 index ..e97c1e63012e5874e21d51cc15774dba3c1b5e9a --- /dev/null +++ b/install/share/ds-nfiles.ldif @@ -0,0 +1,8 @@ +dn: cn=config +changetype: modify +replace: nsslapd-maxdescriptors +nsslapd-maxdescriptors: $NOFILES +- +replace: nsslapd-reservedescriptors +nsslapd-reservedescriptors: 64 +- diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 830228daa0002bd2ef1d4de9e6901f0bc222d2aa..a9c7afa09b27b3f00caf5654aa462588778e3e9f 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -232,6 +232,7 @@ class DsInstance(service.Service): self.step("creating default HBAC rule allow_all", self.add_hbac) self.step("enabling compatibility plugin", self.__enable_compat_plugin) +self.step("tuning directory server", self.__tuning) self.step("configuring directory to start on boot", self.__enable) @@ -589,3 +590,66 @@ class DsInstance(service.Service): self.start() return status + +def tune_nofile(self, num=8192): +""" +Increase the number of files descriptors available to directory server +from the default 1024 to 8192. This will allow to support a greater +number of clients out of the box. +""" + +# check limits.conf +need_limits = True +fd = open("/etc/security/limits.conf", "r") +lines = fd.readlines() +fd.close() +for line in lines: +sline = line.strip() +if not sline.startswith(self.ds_user): +continue +if sline.find('nofile') == -1: +continue +# ok we already have an explicit entry for user/nofile +need_limits = False + +# check sysconfig/dirsrv +need_sysconf = True +fd = open("/etc/sysconfig/dirsrv", "r") +lines = fd.readlines() +fd.close() +for line in lines: +sline = line.strip() +if not sline.startswith('ulimit'): +continue +if sline.find('-n') == -1: +continue +# ok we already have an explicit entry for file limits +need_sysconf = False + +#if sysconf or limits are set avoid messing up and defer to the admin +if need_sysconf and need_limits: +self.fstore.backup_file("/etc/security/limits.conf") +fd = open("/etc/security/limits.conf", "a+") +fd.write('%s\t\t-\tnofile\t\t%s\n' % (self.ds_user, str(num))) +fd.close() + +fd = open("/etc/sysconfig/dirsrv", "a+") +fd.write('ulimit -n %s\n' % str(num)) +fd.close() + +else: +logging.info("Custom file limits are already set! Skipping\n") +print "Custom file limits are already set! Skipping\n" +return + +# finally change also DS configuration +# NOTE: dirsrv will not allow you to set max file descriptors unless +# the user limits allow it, so we have to restart dirsrv before +# attempting to change them in cn=config +self.__restart_instance() + +nf_sub_dict = dict(NOFILES=str(num)) +self._ldap_mod("ds-nfiles.ldif", nf_sub_dict) + +def __tuning(self): +self.tune_nofile(8192) -- 1.7.3.2 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel