Hi,
When configuring the 389 Directory Server instance, we tune it
so that number of file descriptors available to the DS is increased
from the default 1024 to 8192.
There are platform specific steps that need to be conducted
differently on systemd compatible platforms and sysV compatible
platforms.
systemd: set LimitNOFILE to 8192 in /etc/sysconfig/dirsrv.systemd
sysV: set ulimit -n 8192 in /etc/sysconfig/dirsrv
set ulimit - nofile 8192 in /etc/security/limits.conf
https://fedorahosted.org/freeipa/ticket/3823
--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From 30cf5bf24a4ca999952ec8dcc9c7c79c0b92608e Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Tue, 6 Aug 2013 17:09:15 +0200
Subject: [PATCH] Perform dirsrv tuning at platform level
When configuring the 389 Directory Server instance, we tune it
so that number of file descriptors available to the DS is increased
from the default 1024 to 8192.
There are platform specific steps that need to be conducted
differently on systemd compatible platforms and sysV compatible
platforms.
systemd: set LimitNOFILE to 8192 in /etc/sysconfig/dirsrv.systemd
sysV: set ulimit -n 8192 in /etc/sysconfig/dirsrv
set ulimit - nofile 8192 in /etc/security/limits.conf
https://fedorahosted.org/freeipa/ticket/3823
---
ipapython/platform/fedora16/service.py | 30 ++++++++++++---
ipapython/platform/redhat/service.py | 69 ++++++++++++++++++++++++++++++++++
ipaserver/install/dsinstance.py | 67 +++++++--------------------------
3 files changed, 107 insertions(+), 59 deletions(-)
diff --git a/ipapython/platform/fedora16/service.py b/ipapython/platform/fedora16/service.py
index bceb87cd5bb2111d5c3460ddcd9940edee5443f4..297e68332df0375d51f7bbf971a05b05339a84af 100644
--- a/ipapython/platform/fedora16/service.py
+++ b/ipapython/platform/fedora16/service.py
@@ -21,7 +21,7 @@ import os
import time
from ipapython import ipautil, dogtag
-from ipapython.platform import base, redhat
+from ipapython.platform import base
from ipapython.platform.base import systemd
from ipapython.platform.fedora16 import selinux
from ipapython.ipa_log_manager import root_logger
@@ -78,20 +78,38 @@ class Fedora16Service(systemd.SystemdService):
# If we wouldn't do this, our instances will not be started as systemd would
# not have any clue about instances (PKI-IPA and the domain we serve) at all.
# Thus, hook into dirsrv.restart().
+
+
class Fedora16DirectoryService(Fedora16Service):
- def enable(self, instance_name=""):
- super(Fedora16DirectoryService, self).enable(instance_name)
+
+ def tune_nofile_platform(self, num=8192, fstore=None):
+ """
+ Increase the number of files descriptors available to directory server
+ from the default 1024 to 8192. This will allow to support a greater
+ number of clients out of the box.
+
+ This is a part of the implementation that is systemd-specific.
+
+ Returns False if the setting of the nofile limit needs to be skipped.
+ """
+
dirsrv_systemd = "/etc/sysconfig/dirsrv.systemd"
+
if os.path.exists(dirsrv_systemd):
# We need to enable LimitNOFILE=8192 in the dirsrv@.service
# Since 389-ds-base-1.2.10-0.8.a7 the configuration of the
# service parameters is performed via
# /etc/sysconfig/dirsrv.systemd file which is imported by systemd
# into dirsrv@.service unit
- replacevars = {'LimitNOFILE':'8192'}
- ipautil.inifile_replace_variables(dirsrv_systemd, 'service', replacevars=replacevars)
+ replacevars = {'LimitNOFILE': str(num)}
+ ipautil.inifile_replace_variables(dirsrv_systemd,
+ 'service',
+ replacevars=replacevars)
selinux.restore_context(dirsrv_systemd)
- ipautil.run(["/bin/systemctl", "--system", "daemon-reload"],raiseonerr=False)
+ ipautil.run(["/bin/systemctl", "--system", "daemon-reload"],
+ raiseonerr=False)
+
+ return True
def restart(self, instance_name="", capture_output=True, wait=True):
if len(instance_name) > 0:
diff --git a/ipapython/platform/redhat/service.py b/ipapython/platform/redhat/service.py
index 61511b4899721869a015abfccb945660faa0aacf..a07ea2d94d21817e145109353cc408a2f12c45a0 100644
--- a/ipapython/platform/redhat/service.py
+++ b/ipapython/platform/redhat/service.py
@@ -25,6 +25,7 @@ from ipapython.ipa_log_manager import root_logger
from ipapython.platform import base
from ipalib import api
+
class RedHatService(base.PlatformService):
def __wait_for_open_ports(self, instance_name=""):
"""
@@ -107,11 +108,79 @@ class RedHatHTTPDService(RedHatService):
time.sleep(5)
self.start(instance_name, capture_output, wait)
+
+class RedHatDirectoryService(RedHatService):
+
+ # This has been moved from dsinstance.py here to platform-level
+ # to continue support sysV services
+
+ def tune_nofile_platform(self, num=8192, fstore=None):
+ """
+ Increase the number of files descriptors available to directory server
+ from the default 1024 to 8192. This will allow to support a greater
+ number of clients out of the box.
+
+ This is a part of the implementation that is sysV-specific.
+
+ Returns False if the setting of the nofile limit needs to be skipped.
+ """
+
+ DS_USER = 'dirsrv'
+
+ # check limits.conf
+ need_limits = True
+ fd = open("/etc/security/limits.conf", "r")
+ lines = fd.readlines()
+ fd.close()
+ for line in lines:
+ sline = line.strip()
+ if not sline.startswith(DS_USER):
+ continue
+ if sline.find('nofile') == -1:
+ continue
+ # ok we already have an explicit entry for user/nofile
+ need_limits = False
+
+ # check sysconfig/dirsrv
+ need_sysconf = True
+ fd = open("/etc/sysconfig/dirsrv", "r")
+ lines = fd.readlines()
+ fd.close()
+ for line in lines:
+ sline = line.strip()
+ if not sline.startswith('ulimit'):
+ continue
+ if sline.find('-n') == -1:
+ continue
+ # ok we already have an explicit entry for file limits
+ need_sysconf = False
+
+ #if sysconf or limits are set avoid messing up and defer to the admin
+ if need_sysconf and need_limits:
+ if fstore:
+ fstore.backup_file("/etc/security/limits.conf")
+ fd = open("/etc/security/limits.conf", "a+")
+ fd.write('%s\t\t-\tnofile\t\t%s\n' % (DS_USER, str(num)))
+ fd.close()
+
+ fd = open("/etc/sysconfig/dirsrv", "a+")
+ fd.write('ulimit -n %s\n' % str(num))
+ fd.close()
+
+ else:
+ root_logger.info("Custom file limits are already set! Skipping\n")
+ return False
+
+ return True
+
+
def redhat_service(name):
if name == 'sshd':
return RedHatSSHService(name)
elif name == 'httpd':
return RedHatHTTPDService(name)
+ elif name == 'dirsrv':
+ return RedHatDirectoryService(name)
return RedHatService(name)
class RedHatServices(base.KnownServices):
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index e48ced4b8653863f377debe206594e304a80d11e..8a37743b85057e5dc3f8244f4b0415621110bfbd 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -29,7 +29,7 @@ import base64
import stat
from ipapython.ipa_log_manager import *
-from ipapython import ipautil, sysrestore, dogtag, ipaldap
+from ipapython import ipautil, sysrestore, ipaldap
from ipapython import services as ipaservices
import service
import installutils
@@ -801,58 +801,19 @@ class DsInstance(service.Service):
number of clients out of the box.
"""
- # check limits.conf
- need_limits = True
- fd = open("/etc/security/limits.conf", "r")
- lines = fd.readlines()
- fd.close()
- for line in lines:
- sline = line.strip()
- if not sline.startswith(DS_USER):
- continue
- if sline.find('nofile') == -1:
- continue
- # ok we already have an explicit entry for user/nofile
- need_limits = False
-
- # check sysconfig/dirsrv
- need_sysconf = True
- fd = open("/etc/sysconfig/dirsrv", "r")
- lines = fd.readlines()
- fd.close()
- for line in lines:
- sline = line.strip()
- if not sline.startswith('ulimit'):
- continue
- if sline.find('-n') == -1:
- continue
- # ok we already have an explicit entry for file limits
- need_sysconf = False
-
- #if sysconf or limits are set avoid messing up and defer to the admin
- if need_sysconf and need_limits:
- self.fstore.backup_file("/etc/security/limits.conf")
- fd = open("/etc/security/limits.conf", "a+")
- fd.write('%s\t\t-\tnofile\t\t%s\n' % (DS_USER, str(num)))
- fd.close()
-
- fd = open("/etc/sysconfig/dirsrv", "a+")
- fd.write('ulimit -n %s\n' % str(num))
- fd.close()
-
- else:
- root_logger.info("Custom file limits are already set! Skipping\n")
- print "Custom file limits are already set! Skipping\n"
- return
-
- # finally change also DS configuration
- # NOTE: dirsrv will not allow you to set max file descriptors unless
- # the user limits allow it, so we have to restart dirsrv before
- # attempting to change them in cn=config
- self.__restart_instance()
-
- nf_sub_dict = dict(NOFILES=str(num))
- self._ldap_mod("ds-nfiles.ldif", nf_sub_dict)
+ # Do the platform-specific changes
+ proceed = ipaservices.knownservices.dirsrv.tune_nofile_platform(
+ num=num, fstore=self.fstore)
+
+ if proceed:
+ # finally change also DS configuration
+ # NOTE: dirsrv will not allow you to set max file descriptors unless
+ # the user limits allow it, so we have to restart dirsrv before
+ # attempting to change them in cn=config
+ self.__restart_instance()
+
+ nf_sub_dict = dict(NOFILES=str(num))
+ self._ldap_mod("ds-nfiles.ldif", nf_sub_dict)
def __tuning(self):
self.tune_nofile(8192)
--
1.8.3.1
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
