On Mon, Dec 03, 2012 at 04:27:30PM -0500, Simo Sorce wrote: > On Mon, 2012-12-03 at 16:16 -0500, Dmitri Pal wrote: > > On 12/03/2012 03:21 PM, Simo Sorce wrote: > > > On Mon, 2012-12-03 at 21:12 +0100, Olivier wrote: > > >> I may be wrong but that is not exactly the way I read the man page : > > >> http://linux.die.net/man/5/sssd-ldap > > >> > > >> On failover section : > > >> > > >> --> Further connection attempts are made to machines or services > > >> marked as offline after a --> specified period of time; this is > > >> currently hard coded to 30 seconds. > > >> > > >> As I understand it, once a machine or service has been stamped "offline", > > >> then it won't be queried before 30 second has passed. > > >> > > >> The delay I would like to know (and to tune if possible) is the time > > >> after which > > >> sssd query the next ldap server in ldap_uri list if the current one is > > >> not reachable > > >> (IMHO, 5 second would be more than enough and I think would even tune > > >> less > > >> if I could). > > > Ah I think you've been mislead by the timeout section. > > > > > > That doesn't apply to a specific server but to a general attempt to go > > > online. > > > > > > If I remember correctly, when SSSD tries to go online it will try the > > > first server, and if it fails it will immediately try the next and so on > > > until it finds one that works or goes back offline because none work. > > > > > > If it goes back offline it will wait at least 30 sec. before going > > > online but will go online only if there is an event that requires data > > > after the 30 sec. has gone by. > > > > > > HTH, > > > Simo. > > > > > I think the question is for how long SSSD waits to detect that the > > server is offline and whether this is configurable. > > It is not, SSSD will find out the first time it needs to resolve > something and will try to fetch data from the offline server. > > At that point it will determine the server is offline. > > What we may do is to retry immediately once, I do not recall if we do > that.
We don't retry, once a server is offline, we either wait for 30 seconds or until libnetlink notifies us that the networking changed. Keep in mind that a "server" in failover concept is defined with host:port, not just host. So we can mark a Kerberos "server" as offline but happily talk to LDAP on the same machine. We have a special hack in IPA to force talking to the same physical host for both LDAP and Kerberos, but only in IPA. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
