Summary: an openldap 2.4.4 (CentOS7 stock RPM) replication consumer slapd server stops responding to requests for a period of up to fifteen minutes.
Environment:
Two centos7 ldap servers in mirror mode, providers to 4 openldap syncrepl consumers. The systems are 2 CPU, 12 core Intel Xeon E5-2420s, and have 48GB of RAM.
The four consumers are load-balanced through a FreeBSD "relayd" redirector, facing approximately six thousand clients.
Problem:
Periodically, one or more (or all) of the consumers will stop responding, including localhost cn=monitoring traffic and anything over the network. Note, only slapd stops responding. email out, logging in, etc, all remain unaffected. Analysis after the event starts doesn't show anything unusual in CPU usage or memory. Analysis of the ldap logs doesn't show anything unusual in number of requests, number of connects, etc until the system stops responding -- at which point, they drop to zero.
I'm stumped as to a) what's causing it, and b) how to address it on the slapd side so my servers stop dozing off.
Any suggestions?
-- John Jasen (jjasen@gmail.com)
On 7/17/18 12:21 PM, John Jasen wrote:
Summary: an openldap 2.4.4 (CentOS7 stock RPM) replication consumer slapd server stops responding to requests for a period of up to fifteen minutes.
Environment:
Two centos7 ldap servers in mirror mode, providers to 4 openldap syncrepl consumers. The systems are 2 CPU, 12 core Intel Xeon E5-2420s, and have 48GB of RAM.
The four consumers are load-balanced through a FreeBSD "relayd" redirector, facing approximately six thousand clients.
Problem:
Periodically, one or more (or all) of the consumers will stop responding, including localhost cn=monitoring traffic and anything over the network. Note, only slapd stops responding. email out, logging in, etc, all remain unaffected. Analysis after the event starts doesn't show anything unusual in CPU usage or memory. Analysis of the ldap logs doesn't show anything unusual in number of requests, number of connects, etc until the system stops responding -- at which point, they drop to zero.
I'm stumped as to a) what's causing it, and b) how to address it on the slapd side so my servers stop dozing off.
Any suggestions?
-- John Jasen (jjasen@gmail.com)
So when this happens you can still log into the consumer and run typical slapdump/slapcat, ldapsearch, etc. commands with no problem? or are you only losing access via the network?
Andy Dorman
Am Tue, 17 Jul 2018 13:21:58 -0400 schrieb John Jasen jjasen@gmail.com:
Summary: an openldap 2.4.4 (CentOS7 stock RPM) replication consumer slapd server stops responding to requests for a period of up to fifteen minutes.
[...] If that really is 2.4.4 the package is from 2006 and has never been a stable release. The initial release for 2.4 series is OpenLDAP 2.4.6 Release (2007/10/31) If you face problems you must update to the current release 2.4.46
-Dieter
openldap-technical@openldap.org
-
Andy Dorman -
Dieter Klünter -
John Jasen -
Ryan Tandy