On (21/01/15 11:22), Orion Poplawski wrote: >On 01/06/2015 05:06 PM, Orion Poplawski wrote: >> We're having some trouble with sssd on centos 7 under load on a VPS. 389ds >> ldap server for id/auth. Part may be an issue with the VPS, but I'm trying >> to >> track down all possible issues. >> >> Also, we realized that we were running in a bit of a bad state - the primary >> ldap server was not available, but the backup was. > >> Trouble: >> (Tue Jan 6 22:30:31 2015) [sssd[be[default]]] >> [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request >> failed. >> (Tue Jan 6 22:30:31 2015) [sssd[be[default]]] [sdap_sys_connect_done] >> (0x0020): sdap_async_connect_call request failed. > >I ended up filing https://fedorahosted.org/sssd/ticket/2562 as it seems like >sssd's handling of the ldap connection is not ideal. > I checked strace log file and I can confirm you are right. But I have no idea how to reproduce or fix it. Output from strace is not sufficient.
We would need to see sssd log files with high debug_level. You mentined the most problematic part of VPS is I/0. So increasing debug_level can just complicate situation. I can just give you an advice about *sync calls you mentioned in ticket. It is not visible in strace log but fdatasync() and msync() are used on file descriptor of sssd cache (/var/lib/sss/db/cache_*.ldb. They are used in ldb/tdb for transactions. If you do not need offline authentication you can mount tmpfs to directory /var/lib/sss/db/. tmpfs /var/lib/sss/db/ tmpfs size=300M,mode=0700,noauto,rootcontext=system_u:object_r:sssd_var_lib_t:s0 0 0 LS _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
