There are plenty of ways to accomplish HA in this
scenario, if that's what you're getting at.
John
--
John Madden
Sr UNIX Systems Engineer
Ivy Tech Community College of Indiana
jmad...@ivytech.edu
a smaller environment, but even on a several-years-old
v2.2.x install I regularly see several thousand requests per second --
not minute -- with tons of logging enabled -- handled while hardly
touching the CPU. Are you sure you really need multiple machines?
John
--
John Madden
Sr UNIX Systems
;s your
configuration, not the software. Don't add a layer of dumb (caching) in
an attempt to fix this.
Besides, what's "*a lot*" mean?
John
--
John Madden
Sr. UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
than
> balancing connections between the two masters all the time, to
> avoid/minimize write conflicts).
Good point, I hadn't considered write conflicts. Active/passive of
course won't provide you the read performance of active/active/LB, but I
doubt that's really the concern he
e mirror mode in an
active/active cluster (behind a load balancer) would allow me to do
that.
John
--
John Madden
Sr. UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
ched my own init script, which handles shutdowns quite gracefully.
Actually, your system will fail to shut down at all if slapd remains
running.
(Looking at this code now, well, I honestly don't remember writing at
least parts of it, so I can't take credit for it.)
HTH
John
--
John
out of the picture.
If you really need to load balance OpenLDAP 2.3, I submit that something
is wrong with what you're doing with the directory -- on decent
hardware, you could easily serve tens of thousands of requests/sec.
If all you're really trying to accomplish is HA, there are va
ep 1
res=`ps -efl | grep slapd | grep $pid`
done
echo "slapd stopped"
else
echo "PID file found, but slapd not running"
fi
else
echo "slapd not running"
fi
;;
*)
--
John Madden
Sr. UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
ould
definitely be on v2.3.x anyway.
John
--
John Madden
Sr. UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
for some reason, be careful.
I didn't muck with my system clock, I just changed the timezone of the machine
from EST to EST+DST.
John
--
John Madden
Sr. UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
it came under
load; now it's returning all queries ok but it's sitting at 100% cpu usage
for no apparent reason. I haven't had time to look into that one.
John
--
John Madden
Sr. UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
such doesn't
seem to help; it never gets to the point of accepting connections. Is it
more a bdb problem?
John
--
John Madden
Sr. UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
according to the docs, tune slapd
according to the docs.
Modify your benchmark to run queries in *parallel* and see which one comes out
on top. Try pounding your RDBMS with 64 clients and you'll quickly see the
performance drop off, whereas OpenLDAP will hardly even touch the CPU and
still
necessary. (And we use a 3GB bdb cache,
btw, although that's obviously not all consumed -- but with 8GB RAM...)
John
--
John Madden
Sr. UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
e,
> but I can see that it started to with 7.4, so maybe it gives an
> advantage. (prior to 7.4 prepare was just client side sugar).
And I had no idea it didn't make a difference under 7.3 -- I've always coded
as if they were separate. Wonderful. :)
John
--
John Madden
Sr. UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
ration. Because the search is
performed instantly, i.e., you can't define $mesg once and reuse it 20k times
(as you can with DBD::Pg), I don't think this test is going to be an
effective measure of OpenLDAP's performance. Howard suggested other
libraries -- perhaps they prov
issue. I use both DBD::Pg and Net::LDAP
extensively and I have very good metrics from both of them. But in a tree of
20,000 objects, he should easily be able to pull 15k queries/sec on decent
hardware out of OpenLDAP and I suspect PostgreSQL (or any other RDBMS)
couldn't come close.
John
> As Kurt already mentioned, nothing else comes to mind.
How 'bout you go outside of OpenLDAP and look at the network level? Why not
restrict access by shaping down this client's traffic so much it can't make so
many requests?
John
--
John Madden
Sr. UNIX Systems
a config change (removing the syncrepl stanza)
and
a slapd restart as part of your failover process to avoid this as well...
FWIW, I'm currently running the first half of this setup, but I don't
particularly
want any writes being committed in the event of a failover anyway.
John
--
all on one mirrored pair.)
John
--
John Madden
Sr. UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
ow on 2.3.18 in hopes that one of the ITS's fixed is this problem.
None
of them sound related, none even mentioning bdb problems, but fingers crossed
anyway.
John
--
John Madden
Sr. UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
g of the bdb env. Whatever's going on in my case isn't
causing a slapd crash, but causing [alleged] corruption of the environment.
Either way, I've backed my slapcat's to once a day to minimize any potential
impact...
John
--
John Madden
Sr. UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
blem?
John
--
John Madden
Sr. UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
least, but what could've caused this? And
why/how on both the master and replica?
Thanks,
John
--
John Madden
Sr. UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
.30.
>
> Other than the relatively low performance (as compared to 2.3.11), 2.3.17 has
> been
> quite solid.
Eh-hehm. See my other recent post, insert grain of salt. ;)
--
John Madden
Sr. UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
han the relatively low performance (as compared to 2.3.11), 2.3.17 has
been
quite solid.
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
s last night) to the point where I'll be taking some downtime this
weekend to slapcat/slapadd everything back in. 2.3.17 does now seem to be
behaving better, but that's what I said about 2.3.16 Tuesday morning. :) We'll
see...
John
--
John Madden
UNIX Systems Engineer
Ivy
default thread count and I noticed that at higher thread levels,
this CPU situation would happen sometimes within a couple of hours. Should I go
even lower than 16, or is this another Linux-2.6 issue where I should consider
using 2.4 instead?
Thanks,
John
--
John Madden
UNIX Systems Engineer
.2, 100,000+ objects, ~4 million operations a day.)
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
t to track down where it's coming from; more on that later.
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
we trust 2.3.16 more than 2.3.11?
Thanks,
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
h node as normal.
Uhm, I believe we're now OT, at least for -software. :)
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
erves to fix. A client can connect, grab some data, and because
of
RAC's distributed lock mechanism, can be guaranteed that it isn't being written
to
at that time someplace else in the cluster. IMO, any multi-master would need
the
same sort of communication and agreement among the n
>> object. Do you know of one?
>
> Maybe ActiveDirectory, but there is a software patent on it.
...Pretty sure AD's doesn't do this either.
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
i-master implementation on the
market that will allow you to load balance a directory and actually guarantee
that
two clients running down two different nodes will get a consistent view of an
object. Do you know of one?
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
to date at any given point in time since replication is asynchronous.)
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
>> patch -p0 < ../openldap-2.3.x/build/BerkeleyDB42.patch
>
> Just of note, if OpenLDAP 2.3.12 ever gets released, the above patch will
> no longer be necessary for BDB 4.2. :P
Will BDB need to be rebuilt *without* that patch to upgrade a 2.3.11 install to
2.3.12?
John
--
> I can't use 2.3 and syncrepl because:
> 1. FreeBSD has many dependences on OpenLDAP 2.2, that I use.
> 2. It hard to update second host - it has RedHat 9.0, old compiler, etc...
Both of these should compile a 2.3 build nicely...?
John
--
John Madden
UNIX Systems Eng
> How can you avoid a loop situation if you use syncrepl on both machines ?
I believe you don't have to worry about loops with syncrepl. Don't take my word
for it, try it out...
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
27;t a good idea.
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
#x27;ve got a dual syncrepl/heartbeat setup, so
I
can flip/slapcat/delete/slapadd/yadayada with minimal downtime if it gets to be
an
issue post-production. But it'd be nice to not have to explain this to the
boss;
I'm getting tired of whiteboard diagrams of the whole thing. :)
Thanks,
future to have to delete, say, 60,000 objects to
pull
a semester of students, for example.
Thanks,
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
ped that line (which as it turns out was basically
just an OEM anyway) in favor of something "more-Sun." And Sun's always
wishy-washy on their products anyway... FWIW, I've been quite happy with the HP
DL585, too. Mmm... Opteron...
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
;s marked "Stable" or someone says so at the very least, I can't buy
into
v2.3. This is for the college's enterprise directory, one of those do-or-die
sorts of things...
Thanks for all the info just the same.
Thanks,
John
--
John Madden
UNIX Systems Engineer
Ivy Tec
ere are more than 4 chars in the string. Yet:
uid=test* : 0.007 seconds
# numEntries: 100
uid=*est222* : 0.048s
# numEntries:
Quite good.
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
27;t be
taken down for upgrades. Going from 2.0 to 2.1 or 2.2 is risky, yet updates and
such (security, grave bugs) aren't maintained for 2.0. The vendor handles that
for me. ...I trust Debian.
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
b's for ease of maintenance, so I'll have to
work
around this another way.
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
guessing that "*XXX*" is one character short index wise. That may
> or may not be by design.
It seems that having the glob on the end of the string is perhaps related to
things being slow, although I've done so many tests I don't remember clearly.
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
final in the
manpage. I've read that the default for "sub" is subany...
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
*2 : 29 seconds
# numEntries: 10
uid=*22 : 0.41 seconds
# numEntries: 1
...So 10,000 entries can be returned off an index search, well over the 8188.
Is
there another allids-like limit someplace?
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
8GB.
This is all on Debian 3.1's (amd64) libdb4.2 and slapd packages.
Any ideas here?
Thanks,
John
--
John Madden
UNIX Systems Engineer
Ivy Tech Community College of Indiana
[EMAIL PROTECTED]
51 matches
Mail list logo
