Hi

I have an issue that occured before, but I did not figure out what it was. It 
happened again
today, and the issue is related to high load on the LDAP servers.

I ran a batch job that added a lot of users to different groups, using the "ipa 
group-add-member
--users="$members" $group" command. This caused high CPU load across all the 
LDAP servers as the
changes we're replicating between the servers.

After a few minutes DNS stopped working and errors started to occur in the 
messages log.

The only way to get around it is to stop the batch job to lower the CPU load on 
the LDAP servers,
and then kill the named daemon with kill -9 and restart named. "service named 
restart" timed out
while stopping named and did not manage to restart the named daemon.

This happened across all 3 IPA servers almost at the same time, taking the 
entire environment down.

A rather nasty bug.


Apr 24 09:32:08 ipa03 named[31837]: LDAP error: Invalid DN syntax
Apr 24 09:32:08 ipa03 named[31837]: connection to the LDAP server was lost
Apr 24 09:32:09 ipa03 named[31837]: LDAP error: Invalid DN syntax
Apr 24 09:32:09 ipa03 named[31837]: connection to the LDAP server was lost



Regards,
Siggi


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to