Bug 1292559
Summary: | ns-slapd high cpu in ipa context and stack traces reviews | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Marc Sauton <msauton> |
Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> |
Status: | CLOSED DUPLICATE | QA Contact: | Steeve Goveas <sgoveas> |
Severity: | urgent | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.2 | CC: | grajaiya, jhrozek, lslebodn, mkosek, mreynolds, msauton, mzidek, nkinder, pbrezina, preichl, rmeggins, tbordaz |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-02-16 15:40:07 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Marc Sauton
2015-12-17 19:18:07 UTC
changing the priority to "urgent", as the customer case 01550492 is a sev1 there is something else: attachment 90-sosreport-mdhixnpipa01.mhbenp.lin.01550492-20151211071420.tar.xz file var/log/dirsrv/slapd-MHBENP-LIN/errors [11/Dec/2015:07:13:01 -0500] NSMMReplicationPlugin - agmt="cn=meTomdhixnpipa02.mhbenp.lin" (mdhixnpipa02:389): Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contact LDAP server) () over time, could a broken replication from no longer valid Krb LDAP service principal, contribute to this high ns-slapd issue? relaying some customer notes: " Clients are all RHEL6.7 in this environment running sssd-1.12.4-47.el6.x86_6. They were all patched when I patched the IPA servers the first of the month. " then I noticed this dn: cn=changelog,cn=ldbm database,cn=plugins,cn=config nsslapd-cachememsize: 512000 nsslapd-directory: /var/lib/dirsrv/slapd-MHBENP-LIN/db/changelog dn: cn=config,cn=ldbm database,cn=plugins,cn=config nsslapd-lookthroughlimit: 100000 nsslapd-idlistscanlimit: 100000 nsslapd-directory: /var/lib/dirsrv/slapd-MHBENP-LIN/db nsslapd-dbcachesize: 1073741824 dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config nsslapd-cachememsize: 2147483648 nsslapd-directory: /var/lib/dirsrv/slapd-MHBENP-LIN/db/userRoot dn: cn=ipaca,cn=ldbm database,cn=plugins,cn=config nsslapd-cachememsize: 1073741824 nsslapd-directory: /var/lib/dirsrv/slapd-MHBENP-LIN/db/ipaca while the db looks like this, only: ls -lh /var/lib/dirsrv/slapd-*/db/userRoot/ ...snip... -rw-------. 1 dirsrv dirsrv 2.0M Dec 17 13:57 id2entry.db ...snip... so the entry and db cache seem high for what is needed. should we reduce them? with the sudoHost filters requested by the SSSD RHEL 6.7 clients, should we tune down the following: nsslapd-lookthroughlimit: 100000 nsslapd-idlistscanlimit: 100000 ? This should be solved by https://bugzilla.redhat.com/show_bug.cgi?id=1244957 We are very close to pushing the patches for the native IPA sudo support to master. Would the customer be interested in testing? If not, can I go ahead and close this bugzilla? This BZ has been needinfo's for a month and the problem (even though solved by config changes for the original customer) would best be solved by using the native IPA sudo provider which was added to 6.8 and will be added to 7.3. Closing. *** This bug has been marked as a duplicate of bug 1244957 *** The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |