On Thu, 2017-08-17 at 10:53 +1000, William Brown wrote: > On Tue, 2017-08-15 at 13:15 +0000, Lucas Diedrich wrote: > > Willian, > > > > Cache values from cn=config + cn=userRoot: > > https://paste.fedoraproject.org/paste/ZqmA2wUkQDcSUaUIcpGDhg > > free -h + lspcu: > > https://paste.fedoraproject.org/paste/Br8Vz5-quxtcatiDyMy3QA > > > > I'll check it out the docs for the optimization + wait until your response, > > i think it will more secure. > > Hey mate, > > Those values are all default of 10MB. You probably want to change: > > dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config > nsslapd-cachememsize: 10485760 > nsslapd-dncachememsize: 10485760 > > and > > dn: cn=config,cn=ldbm database,cn=plugins,cn=config > nsslapd-dbcachesize: 10000000 > > Looking at your values of free/cpu, I would recommend something like: > > dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config > nsslapd-cachememsize: 268435456 > nsslapd-dncachememsize: 67108864 > > and > > dn: cn=config,cn=ldbm database,cn=plugins,cn=config > nsslapd-dbcachesize: 536870912 > > > That should help you as a start, and you can tweak these up and down as > needed. > I was forwarded this from another list user too: Lucas, You may also want to make additional modifications below in addition to what William provided. You currently have transactions building up and until you hit 60 seconds the commits are being held in durability transaction log. Below setting will keep durability transaction log on, BUT only 1 transaction will be held until 60 seconds nsslapd-db-transaction-batch-val: 0 to be nsslapd-db-transaction-batch-val: 1 If you are not doing ldif2db transactions as part of normal operation have discovered over the Years that disabling import-cache-autosize helps with memory management. Historically 389ds will fence this Memory not use it and never release it back to OS. nsslapd-import-cache-autosize: -1 nsslapd-import-cachesize: 20000000 to be nsslapd-import-cache-autosize: 0 nsslapd-import-cachesize: 20000000 Make sure you check cachesize values for change after each directory restart. They are dynamic based on available memory on OS at time of service start. If you have something else running on host with memory leak Directory Server slowly will be starved and eventually crash. Memory allocations for each directory instance you have running on host are cumulative so be aware what else is running on host before modifying the cachesize settings especially if you leave autosize enabled. David M. Partridge Identity Management and Security Engineer Tangible Security Inc 2010 Corporate Ridge, Suite 250 McLean, VA 22102 I hope this helps you too, -- Sincerely, William Brown Software Engineer Red Hat, Australia/Brisbane
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
