[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: too many open files and over 1K xinetd running
On Fri, Apr 02, 2010 at 04:31:10PM +0000, Seger, Mark wrote:
> I'm using xinetd forwarding to allow a number of compute nodes that
> don't have a direct path to our ldap server to get forward on by a
> host that does. When running a highly parallel job that starts over 1K
> instances at the same time, I see all these xinetd instances also start
> up on my forwarding server and in fact they don't seem to go away, at
> not any time soon. Meanwhile back on my ldap server I see number of
> 'too many open files' errors in /var/log/messages and if I try to "su
> user" on one of the nodes I'll see it hang for awhile. I have bumped
> the number of open files very high on the ldap server and in fact:
>
> [root@aicgateway ~]# cat /proc/sys/fs/file-nr
> 5610 0 201116
>
> So out of a pool of 200K we're only using 5K.
Which version of OpenLDAP, and did you build it yourself?
What OS, and what bulid options?
What I am wondering here is whether slapd is built in such a way
that it is artificially limited to (say) 1024 usable file descriptors.
In any case, I think there is a better solution: use slapd instead
of xinetd on your proxy host. This is likely to be much more efficient,
and in some circumstances it can do connection-pooling. Here is an
extract from 'man slapd-ldap':
The LDAP backend to slapd(8) is not an actual database; instead it
acts as a proxy to forward incoming requests to another LDAP server.
While processing requests it will also chase referrals, so that
referrals are fully processed instead of being returned to the slapd
client.
Sessions that explicitly Bind to the back-ldap database always create
their own private connection to the remote LDAP server. Anonymous
sessions will share a single anonymous connection to the remote
server. For sessions bound through other mechanisms, all sessions
with the same DN will share the same connection. This connection
pooling strategy can enhance the proxy's efficiency by reducing the
overhead of repeatedly making/breaking multiple connections.
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------