I am running my set up on AWS cloud, and entropy is low at around 180 . I plan to increase it bu installing haveged . But, would low entropy by any chance cause this issue of intermittent hang . Also, the hang is mostly observed when registering around 20 clients together
On Fri, Aug 19, 2016 at 7:24 PM, Rakesh Rajasekharan < rakesh.rajasekha...@gmail.com> wrote: > yes there seems to be something thats worrying.. I have faced this today > as well. > There are few hosts around 280 odd left and when i try adding them to IPA > , the slowness begins.. > > all the ipa commands like ipa user-find.. etc becomes very slow in > responding. > > the SYNC_RECV are not many though just around 80-90 and today that was > around 20 only > > > I have for now increased tcp_max_syn_backlog to 5000. > For now the slowness seems to have gone.. but I will do a try adding the > clients again tomorrow and see how it goes > > Thanks > Rakesh > > The issues > > On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek <pspa...@redhat.com> wrote: > >> On 18.8.2016 17:23, Rakesh Rajasekharan wrote: >> > Hi >> > >> > I am migrating to freeipa from openldap and have around 4000 clients >> > >> > I had openned a another thread on that, but chose to start a new one >> here >> > as its a separate issue >> > >> > I was able to change the nssslapd-maxdescriptors adding an ldif file >> > >> > cat nsslapd-modify.ldif >> > dn: cn=config >> > changetype: modify >> > replace: nsslapd-maxdescriptors >> > nsslapd-maxdescriptors: 17000 >> > >> > and running the ldapmodify command >> > >> > I have now started moving clients running an openldap to Freeipa and >> have >> > today moved close to 2000 clients >> > >> > However, I have noticed that IPA hangs intermittently. >> > >> > running a kinit admin returns the below error >> > kinit: Generic error (see e-text) while getting initial credentials >> > >> > from the /var/log/messages, I see this entry >> > >> > prod-ipa-master-int kernel: [104090.315801] TCP: request_sock_TCP: >> > Possible SYN flooding on port 88. Sending cookies. Check SNMP counters. >> >> I would be worried about this message. Maybe kernel/firewall is doing >> something fishy behind your back and blocking some connections or so. >> >> Petr^2 Spacek >> >> >> > Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started Session 4885 of >> > user root. >> > Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting Session 4885 of >> > user root. >> > Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started Session 4886 of >> > user root. >> > Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting Session 4886 of >> > user root. >> > Aug 18 13:02:40 prod-ipa-master-int python[28984]: ansible-command >> Invoked >> > with creates=None executable=None shell=True args= removes=None >> warn=True >> > chdir=None >> > Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error: Unspecified >> GSS >> > failure. Minor code may provide more information (KDC returned error >> > string: PROCESS_TGS) >> > >> > Could it be possible that its due to the initial load of adding the >> clients >> > or is there something else that I need to take care of. >> > >> > Thanks, >> > >> > Rakesh >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
