Hi Ryan,
Here's my config of LDAP master: --------------------------------------------------------------------------- # cat /etc/openldap/slapd.conf | grep -v ^# | grep -ve '^$' include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args modulepath /usr/lib64/openldap moduleload accesslog.la moduleload syncprov.la TLSCACertificateFile /etc/openldap/certs/CA.pem TLSCertificateFile /etc/openldap/certs/ldap-master.pem TLSCertificateKeyFile /etc/openldap/certs/ldap-master.key TLSVerifyClient allow
[ .. some limits here .. ]
[ .. some ACLs here .. ]
database config access to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none database monitor
[ .. some ACLs here .. ]
[ .. some limits here .. ]
database bdb cachesize 380000 idlcachesize 700000 readonly off suffix "dc=domain,dc=com" rootdn "cn=Manager,dc=domain,dc=com" rootpw {SSHA}XXXXXXXXXX directory /var/lib/ldap index uid eq index mail eq index objectClass eq index entryCSN eq index entryUUID eq overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
[ .. some limits here .. ]
loglevel sync stats stats2 shell checkpoint 5120 10 serverID 1 ---------------------------------------------------------------------------
Here's what I have on replica server:
--------------------------------------------------------------------------- include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args threads 8 [ .. some ACLs here .. ] database config access to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none database monitor [ .. some ACLs here .. ] database bdb cachesize 380000 idlcachesize 700000 readonly off suffix "dc=domain,dc=com" rootdn "cn=Manager,dc=jetbrains,dc=com" rootpw {SSHA}XXXXXXXXXXXXXXXXX directory /var/lib/ldap index uid eq index mail eq index objectClass eq index entryCSN eq index entryUUID eq checkpoint 5120 10 syncrepl rid=34 provider=ldaps://ldap-master.domain.net:636 tls_reqcert=demand tls_cacert=/etc/openldap/certs/CA.pem type=refreshAndPersist schemachecking=off searchbase="dc=domain,dc=com" scope=sub bindmethod=simple binddn="cn=repluser,ou=Accounts,dc=domain,dc=com" credentials=XXXXXXXXXX retry="300 +" updateref ldaps://ldap-master.domain.net [ .. some limits here .. ] loglevel stats sync stats2 shell
---------------------------------------------------------------------------
I restarted slapd with "LD_PRELOAD=/usr/lib64/libtcmalloc.so.4.1.0" to use a different memory allocator (tcmalloc) and now memory consumption is almost flat, please see http://i.imgur.com/brIvarB.png
I've also added "threads 8" directive into slapd.conf on LDAP master server but have not started the slapd process to make it active.
According to what I see from the OS (Linux) perspective, slapd is using 18 threads:
# ps -L -o pid= -p `pgrep slapd` | wc -l 18
Do your logs show what kind of client activity triggered the growth?
I have some logs but I nothing really special there. No unusual activity.
Regards, Sergey
On Sun, Mar 29, 2015 at 10:16 AM, Ryan Tandy ryan@nardis.ca wrote:
Hi,
On Thu, Mar 26, 2015 at 01:50:27PM +0300, Sergey Esin wrote:
Hi all,
We're running OpenLDAP 2.4.40 (the latest available release) with just one replica server (connected via TLS) and have the following picture - http://i.imgur.com/om0lMiy.png
On the graph you can see memory consumption of the slapd process on the host: in the beginngin it started without replica, then replica server was connected (memory consumption became around 4 Gigs) and then OOM (out-of-memory) killer on linux machine just killed the process.
I've seen a similar thing recently. The test case I posted to ITS#8081 causes very high memory usage on the host. (The crash bug is unrelated, it was a regression introduced after 2.4.40 was released.) Are you able to share your host config for comparison?
Howard wrote https://github.com/hyc/mleak while looking into it, but AFAIK we don't have a proven cause, only a suspicion that memory fragmentation may be involved.
Do your logs show what kind of client activity triggered the growth?
Do you use delta-syncrepl?
There are ~400 000 users in our ldap database.
OpenLDAP was compiled from sources using "./configure --prefix=/ldap2440 --with-tls --enable-slapd".
Are there any ways to understand what's is going wrong and how to fix it?
This server is really important for us, please share any ideas how to make it stable!
My DB_CONFIG is like below:
set_flags DB_LOG_AUTOREMOVE
set_cachesize 0 524288000 5 set_lg_regionmax 1048576 set_lg_max 10485760 set_lg_bsize 2097512
set_lk_max_locks 23000 set_lk_max_lockers 2300 set_lk_max_objects 2300
-- Regards, Sergey