summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2010-11-16 12:45:21 -0500
committerAdam Young <ayoung@redhat.com>2010-11-22 12:42:16 -0500
commitc53c0ca1ad5d236c3bc8be719a04d223ad8afbf7 (patch)
tree3e70a02e3d15c00c827f07bde019ea17d15b3b01
parent733dc89f753629d47a89340e8efa3647bf55e5bb (diff)
downloadfreeipa-c53c0ca1ad5d236c3bc8be719a04d223ad8afbf7.tar.gz
freeipa-c53c0ca1ad5d236c3bc8be719a04d223ad8afbf7.tar.xz
freeipa-c53c0ca1ad5d236c3bc8be719a04d223ad8afbf7.zip
Autotune directory server to use a greater number of files
This changes the system limits for the dirsrv user as well as configuring DS to allow by default 8192 max files and 64 reserved files (for replication indexes, etc..). Fixes: https://fedorahosted.org/freeipa/ticket/464
-rw-r--r--install/share/Makefile.am1
-rw-r--r--install/share/ds-nfiles.ldif8
-rw-r--r--ipaserver/install/dsinstance.py70
3 files changed, 75 insertions, 4 deletions
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 8fa84f9a8..1e71ae804 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -17,6 +17,7 @@ app_DATA = \
default-keytypes.ldif \
default-pwpolicy.ldif \
delegation.ldif \
+ ds-nfiles.ldif \
dns.ldif \
kerberos.ldif \
indices.ldif \
diff --git a/install/share/ds-nfiles.ldif b/install/share/ds-nfiles.ldif
new file mode 100644
index 000000000..e97c1e630
--- /dev/null
+++ b/install/share/ds-nfiles.ldif
@@ -0,0 +1,8 @@
+dn: cn=config
+changetype: modify
+replace: nsslapd-maxdescriptors
+nsslapd-maxdescriptors: $NOFILES
+-
+replace: nsslapd-reservedescriptors
+nsslapd-reservedescriptors: 64
+-
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 761bae693..158476257 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -185,10 +185,7 @@ class DsInstance(service.Service):
else:
self.suffix = None
- if fstore:
- self.fstore = fstore
- else:
- self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
+ self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
def create_instance(self, ds_user, realm_name, fqdn, domain_name,
@@ -239,6 +236,7 @@ class DsInstance(service.Service):
self.step("creating default HBAC rule allow_all", self.add_hbac)
self.step("enabling compatibility plugin",
self.__enable_compat_plugin)
+ self.step("tuning directory server", self.__tuning)
self.step("configuring directory to start on boot", self.__enable)
@@ -532,6 +530,7 @@ class DsInstance(service.Service):
self.stop()
try:
+ self.fstore.restore_file("/etc/security/limits.conf")
self.fstore.restore_file("/etc/sysconfig/dirsrv")
except ValueError, error:
logging.debug(error)
@@ -603,3 +602,66 @@ class DsInstance(service.Service):
self.start()
return status
+
+ def tune_nofile(self, num=8192):
+ """
+ Increase the number of files descriptors available to directory server
+ from the default 1024 to 8192. This will allow to support a greater
+ number of clients out of the box.
+ """
+
+ # check limits.conf
+ need_limits = True
+ fd = open("/etc/security/limits.conf", "r")
+ lines = fd.readlines()
+ fd.close()
+ for line in lines:
+ sline = line.strip()
+ if not sline.startswith(self.ds_user):
+ continue
+ if sline.find('nofile') == -1:
+ continue
+ # ok we already have an explicit entry for user/nofile
+ need_limits = False
+
+ # check sysconfig/dirsrv
+ need_sysconf = True
+ fd = open("/etc/sysconfig/dirsrv", "r")
+ lines = fd.readlines()
+ fd.close()
+ for line in lines:
+ sline = line.strip()
+ if not sline.startswith('ulimit'):
+ continue
+ if sline.find('-n') == -1:
+ continue
+ # ok we already have an explicit entry for file limits
+ need_sysconf = False
+
+ #if sysconf or limits are set avoid messing up and defer to the admin
+ if need_sysconf and need_limits:
+ self.fstore.backup_file("/etc/security/limits.conf")
+ fd = open("/etc/security/limits.conf", "a+")
+ fd.write('%s\t\t-\tnofile\t\t%s\n' % (self.ds_user, str(num)))
+ fd.close()
+
+ fd = open("/etc/sysconfig/dirsrv", "a+")
+ fd.write('ulimit -n %s\n' % str(num))
+ fd.close()
+
+ else:
+ logging.info("Custom file limits are already set! Skipping\n")
+ print "Custom file limits are already set! Skipping\n"
+ return
+
+ # finally change also DS configuration
+ # NOTE: dirsrv will not allow you to set max file descriptors unless
+ # the user limits allow it, so we have to restart dirsrv before
+ # attempting to change them in cn=config
+ self.__restart_instance()
+
+ nf_sub_dict = dict(NOFILES=str(num))
+ self._ldap_mod("ds-nfiles.ldif", nf_sub_dict)
+
+ def __tuning(self):
+ self.tune_nofile(8192)