On Sun, 18 Nov 2007 19:31:22 +0000, Gavin McCullagh wrote > Hi Jim, > > On Fri, 16 Nov 2007, Jim Kronebusch wrote: > > > Each application opened thereafter uses 1 more open file under the > > openldap user. These files remain open for the openldap user until the > > user session is terminated. So if one student logged on to every client > > in my network and opened both Firefox and OpenOffice, openldap would have > > 18 files opened per user across 108 clients. Now this is the part I can > > figure out easily, 108 users x 18 open files per user equals 1944 open > > file for the openldap user. The default open file limit per user under > > Edubuntu feisty is 1024, > > This is good stuff to know about, thanks. > > I know we've been over this before, but do you commonly have 108 concurrent > users on a single thin client server? That's pretty impressive. If you > haven't done it already, a short document briefly detailing the hardware > specs and the various tweaks you've needed would make very interesting > reading. Do they all use sound?
The server is as follows: Dell PowerEdge 2900 Processors - Dual Quad core 2.66Ghz w/1333Mhz front side bus (8 cores total) RAM - 16GB (will still upgrade to 32GB) Hard Drives - 6 300GB SAS 3GB per second drives configured in RAID 10 NICs - 6 Intel Pro1000 teamed with Adaptive Load Balancing OS - Edubuntu Feisty with linux-image-server kernel and LDM_DIRECTX=True Thin terminals - 108 DevonIT 6020p w/ 17" Planar LCD and 512MB RAM Most concurrent users I've seen yet is 75. With 75 users all in OpenOffice, Firefox with sound and a good share running flash (darn flash game sites), the maximum processor load I've seen yet is 25% with about 6GB RAM used. As far as tweaks, that is the scary part :-) I don't think I remember most of them. I did remove the Network Manager Applet, I removed the Gnome printing applet, I have Gnome Watchdog running, I did the tweaks a few weeks back regarding swapiness and task scheduling. I also make sure to not exceed 20 clients per gigabit switch feed. So all 6 NICs from the server go into a 24 port gigabit switch, then there is a gigabit feed going from that switch to the labs, with no more than 20 clients per switch. I wanted to be sure the network was not the weak point. I am running 1280x1024 for a client resolution, and yes they are all using sound. I am using LDM_DIRECTX, but honestly performance is pretty good without it. I also have the tweak for clearing out stale swap files, the one for killing firefox if it uses more than 80% client RAM, and I'm sure some others. Cool thing is with one server, I can monitor/control all machines with a single instance of fl_teachertool. > > I then decided I never want to see this error again, so I set the following > > in > > /etc/security/limits.conf: > > > > * soft nofile 4096 > > * hard nofile 4096 > > Seems reasonable enough, though would it be as effective and a little more > prudent to do: > > openldap soft nofile 4096 > openldap hard nofile 4096 > > 4096 files per user in general seems an awful lot and might allow users to > do nasty things to your system. I tried that first on the fly, but it didn't make any difference. So when I had to reboot the server I made the change to * just to be sure. Later I will definitely make the change back to openldap and see what happens now that I know this works. > > If this works, I think there is a huge flaw with the maximum open file > > limit and the default configuration of OpenLDAP when used in a thin > > client environment. > > The question is whether it should be fixed or if this is really just > "tuning" that should be documented for big systems. For example, the > default install of Postgresql sets limits which will not work when you go > above 20 users on a web application. It's expected that if you run it in > large scale production, you learn how to tune it for production use. Given > the number of users you have, I think it's fair to say you're a big > production user. > > Right now, edubuntu doesn't use openldap, so it probably doesn't make sense > for edubuntu to change this limit. There can be very few system users > which would ever need this number of open files. Openldap could perhaps add > the above lines specific to itself in limits.conf (assuming it works!). > You could ask the openldap package maintainers. > > Gavin My thought here is that from reading it looks like one of the goals in Hardy Heron is to modify the local users and groups so that it can integrate with ldap or active directory. And it doesn't seem too far fetched to think that many schools or businesses for that matter would need to authenticate many machines from a single instance of ldap. So I thought that developers might want to know this to thwart possible future problems if the intent is to better integrate ldap. But your probably right, this is likely further upstream and more of a tweak. Anyhow, at least now we have numbers to go by for a recommendation. Jim -- This message has been scanned for viruses and dangerous content by the Cotter Technology Department, and is believed to be clean. -- edubuntu-devel mailing list edubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
