Re: nsslapd-conntablesize & nsslapd-maxfiledescriptors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 






From: Thierry Bordaz <tbordaz@xxxxxxxxxx>
Sent: Monday, September 6, 2021 2:31 AM
To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: [389-users] Re: nsslapd-conntablesize & nsslapd-maxfiledescriptors
 

On 9/5/21 11:45 PM, William Brown wrote:
>
>> On 3 Sep 2021, at 23:37, Michael Starling <mlstarling31@xxxxxxxxxxx> wrote:
>>
>> Given the current settings on a directory server I'm still seeing the errors below in the logs at peak times.
>>
>> "ERR - setup_pr_read_pds - Not listening for new connections - too many fds open"
>>
>>
>> nsslapd-reservedescriptors: 64
>> nsslapd-maxdescriptors: 65535
>> nsslapd-conntablesize: 8192
>>
>> At the OS level the ns-slapd process is set to 65535 as well.
>>
>> Max open files            65535
>>
>>
>> After reading the RHDS documentation it's a bit unclear as to how these parameters work together.
>>
>> The conntablesize documentation states:
>>
>> "The default value for nsslapd-conntablesize is the systems maxdescriptors which can be confiured using nsslapd-maxdescriptors"

The documentation is wrong, conntablesize is cap by process
maxdescriptors. So I would expect the connection table to  be 8192 as it
is lower than 65535. Do you know if when the message "too many fds open"
popup the number of open connections is higher than 8000 ?

regards
thierry


Thank you for the clarification, Thierry.

That makes sense because the fd message do come after the go north of 8192. I think the highest I've seen them go is around 13k. With that said I think setting conntablesize to 16384 should be enough.

Mike

>>
>> Now we look at the documentation for maxdescriptors:
>>
>>
>> The number of descriptors available for TCP/IP to serve client connections is determined by nsslapd-conntablesize, and is equal to the nsslapd-maxdescriptors attribute minus the number of file descriptors used by the server as specified in the nsslapd-reservedescriptors attribute for non-client connections, such as index management and managing replication. The nsslapd-reservedescriptors attribute is the number of file descriptors available for other uses as described above.
>>
>> Based on the numbers currently set does this mean no action needs to be taken as this implies maxdescriptors takes precedence over conntablesize?
>>
>> Or should I set conntablesize to 65535-64 = 65471?
> Perhaps there is a bug here if conntablesize is still set. Alternately, it could have been set manually and the config upgrade code never kicked in.
>
> It's probably best to increase this a bit carefully, adjust up conntablesize in increments of 8192 until you stop having connection issues?
>
> Hope that helps,

>
>
>>
>>
>>
>> 3.1.1.60. nsslapd-conntablesize
>>
>> This attribute sets the connection table size, which determines the total number of connections supported by the server.
>> The server has to be restarted for changes to this attribute to go into effect.
>> Parameter    Description
>> Entry DN     cn=config
>> Valid Values Operating-system dependent
>> Default Value        The default value is the system's max descriptors, which can be configured using the nsslapd-maxdescriptors attribute as described in Section 3.1.1.115, “nsslapd-maxdescriptors (Maximum File Descriptors)”
>> Syntax       Integer
>> Example      nsslapd-conntablesize: 4093
>> Increase the value of this attribute if Directory Server is refusing connections because it is out of connection slots. When this occurs, the Directory Server's error log file records the message Not listening for new connections -- too many fds open.
>> A server restart is required for the change to take effect.
>>
>>
>> Thanks
>> _______________________________________________
>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
> --
> Sincerely,
>
> William Brown
>
> Senior Software Engineer, Identity and Access Management
> SUSE Labs, Australia
>
> _______________________________________________
> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux