Chavez, James R. wrote: > Hello Rich, list, > > > Earlier today we started getting this error in our FDS error log > repeatedly. Obviously connections were being refused at this point. I > had to restart the directory server for the server to function again. > Prior to releasing this box into production I did set the parameters > according to the Installation guide specifications. The output of > "ulimit -n" is 8192. The output of "sysctl -p" is below.(I increased > fs.file-max from 64000)Does anything look off? > net.ipv4.tcp_syncookies = 1 > net.ipv4.tcp_keepalive_time = 300 > fs.file-max = 128000 > net.ipv4.ip_local_port_range = 1024 65000 > > I also changed the setting in the config from > nsslapd-maxdescriptors: 1024 to > nsslapd-maxdescriptors: 8192 > > Is there a way to tweak these settings so that this will not happen in > the future? > I'm not sure what you mean. Unfortunately the max descriptor size is a kernel parameter - you cannot increase that value on demand afaik. There is always the possibility that this could happen. > This is a dedicated consumer or read only replica. > Directory size is roughly 20,000 users. > We are running FC9 and FDS 1.1.1-3. > We are lacking in RAM but look to improve on that shortly. > > I do see on the web past posts to this list regarding this error, I am > currently looking through them. Is there anyone out there that has > experienced this and gotten past it? > The first step is to figure out how many clients there are, and how many connections they can all open at the same time. > Thanks > James > > [25/Feb/2009:13:30:08 -0600] - Not listening for new connections - too > many fds open > [25/Feb/2009:13:30:08 -0600] - Listening for new connections again > [25/Feb/2009:13:30:08 -0600] - Not listening for new connections - too > many fds open > [25/Feb/2009:13:30:08 -0600] - Listening for new connections again > > CONFIDENTIALITY > This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof. > ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090225/0cc5d4d4/attachment.bin
