diff options
| -rw-r--r-- | install/share/Makefile.am | 1 | ||||
| -rw-r--r-- | install/share/ds-nfiles.ldif | 8 | ||||
| -rw-r--r-- | ipaserver/install/dsinstance.py | 70 |
3 files changed, 75 insertions, 4 deletions
diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 8fa84f9a8..1e71ae804 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -17,6 +17,7 @@ app_DATA = \ default-keytypes.ldif \ default-pwpolicy.ldif \ delegation.ldif \ + ds-nfiles.ldif \ dns.ldif \ kerberos.ldif \ indices.ldif \ diff --git a/install/share/ds-nfiles.ldif b/install/share/ds-nfiles.ldif new file mode 100644 index 000000000..e97c1e630 --- /dev/null +++ b/install/share/ds-nfiles.ldif @@ -0,0 +1,8 @@ +dn: cn=config +changetype: modify +replace: nsslapd-maxdescriptors +nsslapd-maxdescriptors: $NOFILES +- +replace: nsslapd-reservedescriptors +nsslapd-reservedescriptors: 64 +- diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 761bae693..158476257 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -185,10 +185,7 @@ class DsInstance(service.Service): else: self.suffix = None - if fstore: - self.fstore = fstore - else: - self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') + self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') def create_instance(self, ds_user, realm_name, fqdn, domain_name, @@ -239,6 +236,7 @@ class DsInstance(service.Service): self.step("creating default HBAC rule allow_all", self.add_hbac) self.step("enabling compatibility plugin", self.__enable_compat_plugin) + self.step("tuning directory server", self.__tuning) self.step("configuring directory to start on boot", self.__enable) @@ -532,6 +530,7 @@ class DsInstance(service.Service): self.stop() try: + self.fstore.restore_file("/etc/security/limits.conf") self.fstore.restore_file("/etc/sysconfig/dirsrv") except ValueError, error: logging.debug(error) @@ -603,3 +602,66 @@ class DsInstance(service.Service): self.start() return status + + def tune_nofile(self, num=8192): + """ + Increase the number of files descriptors available to directory server + from the default 1024 to 8192. This will allow to support a greater + number of clients out of the box. + """ + + # check limits.conf + need_limits = True + fd = open("/etc/security/limits.conf", "r") + lines = fd.readlines() + fd.close() + for line in lines: + sline = line.strip() + if not sline.startswith(self.ds_user): + continue + if sline.find('nofile') == -1: + continue + # ok we already have an explicit entry for user/nofile + need_limits = False + + # check sysconfig/dirsrv + need_sysconf = True + fd = open("/etc/sysconfig/dirsrv", "r") + lines = fd.readlines() + fd.close() + for line in lines: + sline = line.strip() + if not sline.startswith('ulimit'): + continue + if sline.find('-n') == -1: + continue + # ok we already have an explicit entry for file limits + need_sysconf = False + + #if sysconf or limits are set avoid messing up and defer to the admin + if need_sysconf and need_limits: + self.fstore.backup_file("/etc/security/limits.conf") + fd = open("/etc/security/limits.conf", "a+") + fd.write('%s\t\t-\tnofile\t\t%s\n' % (self.ds_user, str(num))) + fd.close() + + fd = open("/etc/sysconfig/dirsrv", "a+") + fd.write('ulimit -n %s\n' % str(num)) + fd.close() + + else: + logging.info("Custom file limits are already set! Skipping\n") + print "Custom file limits are already set! Skipping\n" + return + + # finally change also DS configuration + # NOTE: dirsrv will not allow you to set max file descriptors unless + # the user limits allow it, so we have to restart dirsrv before + # attempting to change them in cn=config + self.__restart_instance() + + nf_sub_dict = dict(NOFILES=str(num)) + self._ldap_mod("ds-nfiles.ldif", nf_sub_dict) + + def __tuning(self): + self.tune_nofile(8192) |