[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: too many open files and over 1K xinetd running

To: "Seger, Mark" <mark.seger@hp.com>
Subject: Re: too many open files and over 1K xinetd running
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Date: Tue, 6 Apr 2010 11:18:46 +0100
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-disposition: inline
In-reply-to: <9FCE3A46FE7C8045A6207AE4B42E9F9A4A9F824025@GVW1119EXC.americas.hpqcorp.net>
References: <9FCE3A46FE7C8045A6207AE4B42E9F9A4A9F824025@GVW1119EXC.americas.hpqcorp.net>
User-agent: Mutt/1.5.17 (2007-11-01)

On Fri, Apr 02, 2010 at 04:31:10PM +0000, Seger, Mark wrote:

> I'm using xinetd forwarding to allow a number of compute nodes that
> don't have a direct path to our ldap server to get forward on by a
> host that does.  When running a highly parallel job that starts over 1K
> instances at the same time, I see all these xinetd instances also start
> up on my forwarding server and in fact they don't seem to go away, at
> not any time soon.  Meanwhile back on my ldap server I see  number of
> 'too many open files' errors in /var/log/messages and if I try to "su
> user" on one of the nodes I'll see it hang for awhile.  I have bumped
> the number of open files very high on the ldap server and in fact:
> 
> [root@aicgateway ~]# cat /proc/sys/fs/file-nr
> 5610    0       201116
> 
> So out of a pool of 200K we're only using 5K.

Which version of OpenLDAP, and did you build it yourself?
What OS, and what bulid options?

What I am wondering here is whether slapd is built in such a way
that it is artificially limited to (say) 1024 usable file descriptors.

In any case, I think there is a better solution: use slapd instead
of xinetd on your proxy host. This is likely to be much more efficient,
and in some circumstances it can do connection-pooling. Here is an
extract from 'man slapd-ldap':

       The  LDAP  backend  to slapd(8) is not an actual database; instead it
       acts as a proxy to forward incoming requests to another LDAP  server.
       While  processing  requests  it  will  also  chase referrals, so that
       referrals are fully processed instead of being returned to the  slapd
       client.

       Sessions that explicitly Bind to the back-ldap database always create
       their own private connection to the  remote  LDAP  server.  Anonymous
       sessions  will  share  a  single  anonymous  connection to the remote
       server. For sessions bound through  other  mechanisms,  all  sessions
       with  the  same  DN  will  share the same connection. This connection
       pooling strategy can enhance the proxy's efficiency by  reducing  the
       overhead of repeatedly making/breaking multiple connections.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

References:
- too many open files and over 1K xinetd running
  - From: "Seger, Mark" <mark.seger@hp.com>

Prev by Date: Re: Using "overlay dynlist" with Ubuntu Karmic 9.10 LDAP server using slapd.d (not slapd.conf) ?
Next by Date: Re: Sample Large ldiff file to support 1K users
Index(es):
- Chronological
- Thread