Hi Toby/Quanah,
I'm currently using a RHEL7 derivative (SL7) on our production OpenLDAP servers i.e. Central Authorisation Service.
We use rsyslog partly out of familiarity but also because it allows sending logs to a central rsyslog server.
The way this setup appears to work with a system using systemd + rsyslog is that all the things are logged via systemd's journalctl.
The downside of this approach is that you are effectively running 2 logging daemons in parallel. As logging seems to be a potential bottleneck for OpenLDAP anyway it potentially exacerbates this even further.
Another gotcha is w.r.t. rate limiting as both journald and rsyslog implement this independently of one another. Disabling this completely can make the bottleneck mentioned above even more apparent! Setting your OpenLDAP logging level appropriately can mitigate this (I log at Stats+ Sync)
From my experience I'd say RHEL7 is a stable system to run OpenLDAP on. If you have a heavily-loaded system or don't need centralised logging though I'd try and get away with journalctl on it's own and only introduce rsyslog logging if you need it.
Kind regards,
Mark
On 01/07/16 10:21, Toby Blake wrote:
On Thu, 30 Jun 2016, Quanah Gibson-Mount wrote:
On a side note, we've been moving customers off of RHEL7 back to RHEL6, as we've simply found it too unstable for production use.
Hi Quanah,
This is concerning - can you provide a little more detail on this?
Cheers Toby Blake School of Informatics University of Edinburgh