|
 |
26521d |
From a825c288665556013a51a7efba2e07bc16ee4ee8 Mon Sep 17 00:00:00 2001
|
|
|
26521d |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
26521d |
Date: Fri, 5 Apr 2019 09:16:02 -0400
|
|
|
26521d |
Subject: [PATCH] Ticket 49990 - Increase the default FD limits
|
|
|
26521d |
|
|
|
26521d |
Description: As discussed in the ticket, this fix sets the maxdescriptors
|
|
|
26521d |
to the maximum allowed by the OS/systemd. If this limit can
|
|
|
26521d |
not be obtained then we fall back to 8192 as the limit
|
|
|
26521d |
|
|
|
26521d |
https://pagure.io/389-ds-base/issue/49990
|
|
|
26521d |
|
|
|
26521d |
Reviewed by: tbordaz & firstyear(Thanks!!)
|
|
|
26521d |
|
|
|
26521d |
(cherry picked from commit 8ca142034a051122b78bdaa3a948d3c50d4cca7e)
|
|
|
26521d |
(cherry picked from commit 2c583a97cffa54a7da9922215ae37156174a37c5)
|
|
|
26521d |
---
|
|
|
26521d |
.../suites/resource_limits/fdlimits_test.py | 63 +++++++++++++++++++
|
|
|
26521d |
ldap/servers/slapd/libglobs.c | 26 +++++---
|
|
|
26521d |
ldap/servers/slapd/main.c | 5 +-
|
|
|
26521d |
ldap/servers/slapd/proto-slap.h | 4 +-
|
|
|
26521d |
ldap/servers/slapd/slap.h | 6 +-
|
|
|
26521d |
wrappers/systemd.template.service.in | 1 -
|
|
|
26521d |
wrappers/systemd.template.sysconfig | 3 +-
|
|
|
26521d |
7 files changed, 90 insertions(+), 18 deletions(-)
|
|
|
26521d |
create mode 100644 dirsrvtests/tests/suites/resource_limits/fdlimits_test.py
|
|
|
26521d |
|
|
|
26521d |
diff --git a/dirsrvtests/tests/suites/resource_limits/fdlimits_test.py b/dirsrvtests/tests/suites/resource_limits/fdlimits_test.py
|
|
|
26521d |
new file mode 100644
|
|
|
26521d |
index 000000000..e5b14a747
|
|
|
26521d |
--- /dev/null
|
|
|
26521d |
+++ b/dirsrvtests/tests/suites/resource_limits/fdlimits_test.py
|
|
|
26521d |
@@ -0,0 +1,63 @@
|
|
|
26521d |
+import logging
|
|
|
26521d |
+import pytest
|
|
|
26521d |
+import os
|
|
|
26521d |
+import ldap
|
|
|
26521d |
+from lib389._constants import *
|
|
|
26521d |
+from lib389.topologies import topology_st
|
|
|
26521d |
+
|
|
|
26521d |
+logging.getLogger(__name__).setLevel(logging.INFO)
|
|
|
26521d |
+log = logging.getLogger(__name__)
|
|
|
26521d |
+
|
|
|
26521d |
+FD_ATTR = "nsslapd-maxdescriptors"
|
|
|
26521d |
+SYSTEMD_VAL = "16384"
|
|
|
26521d |
+CUSTOM_VAL = "9000"
|
|
|
26521d |
+TOO_HIGH_VAL = "65536"
|
|
|
26521d |
+TOO_LOW_VAL = "0"
|
|
|
26521d |
+
|
|
|
26521d |
+
|
|
|
26521d |
+def test_fd_limits(topology_st):
|
|
|
26521d |
+ """Test the default limits, and custom limits
|
|
|
26521d |
+
|
|
|
26521d |
+ :id: fa0a5106-612f-428f-84c0-9c85c34d0433
|
|
|
26521d |
+ :setup: Standalone Instance
|
|
|
26521d |
+ :steps:
|
|
|
26521d |
+ 1. Check default limit
|
|
|
26521d |
+ 2. Change default limit
|
|
|
26521d |
+ 3. Check invalid/too high limit is rejected
|
|
|
26521d |
+ 4. Check invalid/too low limit is rejected
|
|
|
26521d |
+ :expectedresults:
|
|
|
26521d |
+ 1. Success
|
|
|
26521d |
+ 2. Success
|
|
|
26521d |
+ 3. Success
|
|
|
26521d |
+ 4 Success
|
|
|
26521d |
+ """
|
|
|
26521d |
+
|
|
|
26521d |
+ # Check systemd default
|
|
|
26521d |
+ max_fd = topology_st.standalone.config.get_attr_val_utf8(FD_ATTR)
|
|
|
26521d |
+ assert max_fd == SYSTEMD_VAL
|
|
|
26521d |
+
|
|
|
26521d |
+ # Check custom value is applied
|
|
|
26521d |
+ topology_st.standalone.config.set(FD_ATTR, CUSTOM_VAL)
|
|
|
26521d |
+ max_fd = topology_st.standalone.config.get_attr_val_utf8(FD_ATTR)
|
|
|
26521d |
+ assert max_fd == CUSTOM_VAL
|
|
|
26521d |
+
|
|
|
26521d |
+ # Attempt to use val that is too high
|
|
|
26521d |
+ with pytest.raises(ldap.UNWILLING_TO_PERFORM):
|
|
|
26521d |
+ topology_st.standalone.config.set(FD_ATTR, TOO_HIGH_VAL)
|
|
|
26521d |
+ max_fd = topology_st.standalone.config.get_attr_val_utf8(FD_ATTR)
|
|
|
26521d |
+ assert max_fd == CUSTOM_VAL
|
|
|
26521d |
+
|
|
|
26521d |
+ # Attempt to use val that is too low
|
|
|
26521d |
+ with pytest.raises(ldap.OPERATIONS_ERROR):
|
|
|
26521d |
+ topology_st.standalone.config.set(FD_ATTR, TOO_LOW_VAL)
|
|
|
26521d |
+ max_fd = topology_st.standalone.config.get_attr_val_utf8(FD_ATTR)
|
|
|
26521d |
+ assert max_fd == CUSTOM_VAL
|
|
|
26521d |
+
|
|
|
26521d |
+ log.info("Test PASSED")
|
|
|
26521d |
+
|
|
|
26521d |
+
|
|
|
26521d |
+if __name__ == '__main__':
|
|
|
26521d |
+ # Run isolated
|
|
|
26521d |
+ # -s for DEBUG mode
|
|
|
26521d |
+ CURRENT_FILE = os.path.realpath(__file__)
|
|
|
26521d |
+ pytest.main(["-s", CURRENT_FILE])
|
|
|
26521d |
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
|
|
|
26521d |
index 59f8d06d5..91c3a4a89 100644
|
|
|
26521d |
--- a/ldap/servers/slapd/libglobs.c
|
|
|
26521d |
+++ b/ldap/servers/slapd/libglobs.c
|
|
|
26521d |
@@ -131,6 +131,7 @@
|
|
|
26521d |
#if defined(LINUX)
|
|
|
26521d |
#include <malloc.h>
|
|
|
26521d |
#endif
|
|
|
26521d |
+#include <sys/resource.h>
|
|
|
26521d |
|
|
|
26521d |
#define REMOVE_CHANGELOG_CMD "remove"
|
|
|
26521d |
|
|
|
26521d |
@@ -1465,6 +1466,8 @@ void
|
|
|
26521d |
FrontendConfig_init(void)
|
|
|
26521d |
{
|
|
|
26521d |
slapdFrontendConfig_t *cfg = getFrontendConfig();
|
|
|
26521d |
+ struct rlimit rlp;
|
|
|
26521d |
+ int64_t maxdescriptors = SLAPD_DEFAULT_MAXDESCRIPTORS;
|
|
|
26521d |
|
|
|
26521d |
#if SLAPI_CFG_USE_RWLOCK == 1
|
|
|
26521d |
/* initialize the read/write configuration lock */
|
|
|
26521d |
@@ -1480,6 +1483,11 @@ FrontendConfig_init(void)
|
|
|
26521d |
exit(-1);
|
|
|
26521d |
}
|
|
|
26521d |
#endif
|
|
|
26521d |
+ /* Default the maximum fd's to the maximum allowed */
|
|
|
26521d |
+ if (getrlimit(RLIMIT_NOFILE, &rlp) == 0) {
|
|
|
26521d |
+ maxdescriptors = (int64_t)rlp.rlim_max;
|
|
|
26521d |
+ }
|
|
|
26521d |
+
|
|
|
26521d |
/* Take the lock to make sure we barrier correctly. */
|
|
|
26521d |
CFG_LOCK_WRITE(cfg);
|
|
|
26521d |
|
|
|
26521d |
@@ -1514,7 +1522,7 @@ FrontendConfig_init(void)
|
|
|
26521d |
/* minssf is applied to rootdse, by default */
|
|
|
26521d |
init_minssf_exclude_rootdse = cfg->minssf_exclude_rootdse = LDAP_OFF;
|
|
|
26521d |
cfg->validate_cert = SLAPD_DEFAULT_VALIDATE_CERT;
|
|
|
26521d |
- cfg->maxdescriptors = SLAPD_DEFAULT_MAXDESCRIPTORS;
|
|
|
26521d |
+ cfg->maxdescriptors = maxdescriptors;
|
|
|
26521d |
cfg->groupevalnestlevel = SLAPD_DEFAULT_GROUPEVALNESTLEVEL;
|
|
|
26521d |
cfg->snmp_index = SLAPD_DEFAULT_SNMP_INDEX;
|
|
|
26521d |
cfg->SSLclientAuth = SLAPD_DEFAULT_SSLCLIENTAUTH;
|
|
|
26521d |
@@ -1665,8 +1673,7 @@ FrontendConfig_init(void)
|
|
|
26521d |
init_ndn_cache_enabled = cfg->ndn_cache_enabled = LDAP_ON;
|
|
|
26521d |
cfg->ndn_cache_max_size = SLAPD_DEFAULT_NDN_SIZE;
|
|
|
26521d |
init_sasl_mapping_fallback = cfg->sasl_mapping_fallback = LDAP_OFF;
|
|
|
26521d |
- init_ignore_vattrs =
|
|
|
26521d |
- cfg->ignore_vattrs = LDAP_OFF;
|
|
|
26521d |
+ init_ignore_vattrs = cfg->ignore_vattrs = LDAP_OFF;
|
|
|
26521d |
cfg->sasl_max_bufsize = SLAPD_DEFAULT_SASL_MAXBUFSIZE;
|
|
|
26521d |
cfg->unhashed_pw_switch = SLAPD_DEFAULT_UNHASHED_PW_SWITCH;
|
|
|
26521d |
init_return_orig_type = cfg->return_orig_type = LDAP_OFF;
|
|
|
26521d |
@@ -4011,13 +4018,12 @@ config_set_maxthreadsperconn(const char *attrname, char *value, char *errorbuf,
|
|
|
26521d |
return retVal;
|
|
|
26521d |
}
|
|
|
26521d |
|
|
|
26521d |
-#include <sys/resource.h>
|
|
|
26521d |
-int
|
|
|
26521d |
+int32_t
|
|
|
26521d |
config_set_maxdescriptors(const char *attrname, char *value, char *errorbuf, int apply)
|
|
|
26521d |
{
|
|
|
26521d |
- int retVal = LDAP_SUCCESS;
|
|
|
26521d |
- long nValue = 0;
|
|
|
26521d |
- int maxVal = 65535;
|
|
|
26521d |
+ int32_t retVal = LDAP_SUCCESS;
|
|
|
26521d |
+ int64_t nValue = 0;
|
|
|
26521d |
+ int64_t maxVal = 65535;
|
|
|
26521d |
struct rlimit rlp;
|
|
|
26521d |
char *endp = NULL;
|
|
|
26521d |
|
|
|
26521d |
@@ -5493,11 +5499,11 @@ config_get_maxthreadsperconn()
|
|
|
26521d |
return slapi_atomic_load_32(&(slapdFrontendConfig->maxthreadsperconn), __ATOMIC_ACQUIRE);
|
|
|
26521d |
}
|
|
|
26521d |
|
|
|
26521d |
-int
|
|
|
26521d |
+int64_t
|
|
|
26521d |
config_get_maxdescriptors(void)
|
|
|
26521d |
{
|
|
|
26521d |
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
|
|
|
26521d |
- int retVal;
|
|
|
26521d |
+ int64_t retVal;
|
|
|
26521d |
|
|
|
26521d |
CFG_LOCK_READ(slapdFrontendConfig);
|
|
|
26521d |
retVal = slapdFrontendConfig->maxdescriptors;
|
|
|
26521d |
diff --git a/ldap/servers/slapd/main.c b/ldap/servers/slapd/main.c
|
|
|
26521d |
index 219c91294..5e24b3b5f 100644
|
|
|
26521d |
--- a/ldap/servers/slapd/main.c
|
|
|
26521d |
+++ b/ldap/servers/slapd/main.c
|
|
|
26521d |
@@ -1074,7 +1074,10 @@ main(int argc, char **argv)
|
|
|
26521d |
slapi_ch_free((void **)&versionstring);
|
|
|
26521d |
}
|
|
|
26521d |
|
|
|
26521d |
- /* -sduloutre: compute_init() and entry_computed_attr_init() moved up */
|
|
|
26521d |
+ /* log the max fd limit as it is typically set in env/systemd */
|
|
|
26521d |
+ slapi_log_err(SLAPI_LOG_INFO, "main",
|
|
|
26521d |
+ "Setting the maximum file descriptor limit to: %ld\n",
|
|
|
26521d |
+ config_get_maxdescriptors());
|
|
|
26521d |
|
|
|
26521d |
if (mcfg.slapd_exemode != SLAPD_EXEMODE_REFERRAL) {
|
|
|
26521d |
int rc;
|
|
|
26521d |
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
|
|
|
26521d |
index 79017e68d..a0648ca3c 100644
|
|
|
26521d |
--- a/ldap/servers/slapd/proto-slap.h
|
|
|
26521d |
+++ b/ldap/servers/slapd/proto-slap.h
|
|
|
26521d |
@@ -383,7 +383,7 @@ int config_set_malloc_mxfast(const char *attrname, char *value, char *errorbuf,
|
|
|
26521d |
int config_set_malloc_trim_threshold(const char *attrname, char *value, char *errorbuf, int apply);
|
|
|
26521d |
int config_set_malloc_mmap_threshold(const char *attrname, char *value, char *errorbuf, int apply);
|
|
|
26521d |
#endif
|
|
|
26521d |
-int config_set_maxdescriptors(const char *attrname, char *value, char *errorbuf, int apply);
|
|
|
26521d |
+int32_t config_set_maxdescriptors(const char *attrname, char *value, char *errorbuf, int apply);
|
|
|
26521d |
int config_set_localuser(const char *attrname, char *value, char *errorbuf, int apply);
|
|
|
26521d |
|
|
|
26521d |
int config_set_maxsimplepaged_per_conn(const char *attrname, char *value, char *errorbuf, int apply);
|
|
|
26521d |
@@ -465,7 +465,7 @@ char *config_get_workingdir(void);
|
|
|
26521d |
char *config_get_encryptionalias(void);
|
|
|
26521d |
int32_t config_get_threadnumber(void);
|
|
|
26521d |
int config_get_maxthreadsperconn(void);
|
|
|
26521d |
-int config_get_maxdescriptors(void);
|
|
|
26521d |
+int64_t config_get_maxdescriptors(void);
|
|
|
26521d |
int config_get_reservedescriptors(void);
|
|
|
26521d |
int config_get_ioblocktimeout(void);
|
|
|
26521d |
int config_get_idletimeout(void);
|
|
|
26521d |
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
|
|
|
26521d |
index 618e245b6..bce720974 100644
|
|
|
26521d |
--- a/ldap/servers/slapd/slap.h
|
|
|
26521d |
+++ b/ldap/servers/slapd/slap.h
|
|
|
26521d |
@@ -351,8 +351,8 @@ typedef void (*VFPV)(); /* takes undefined arguments */
|
|
|
26521d |
|
|
|
26521d |
#define SLAPD_DEFAULT_PAGEDSIZELIMIT 0
|
|
|
26521d |
#define SLAPD_DEFAULT_PAGEDSIZELIMIT_STR "0"
|
|
|
26521d |
-#define SLAPD_DEFAULT_MAXDESCRIPTORS 1024
|
|
|
26521d |
-#define SLAPD_DEFAULT_MAXDESCRIPTORS_STR "1024"
|
|
|
26521d |
+#define SLAPD_DEFAULT_MAXDESCRIPTORS 8192
|
|
|
26521d |
+#define SLAPD_DEFAULT_MAXDESCRIPTORS_STR "8192"
|
|
|
26521d |
#define SLAPD_DEFAULT_MAX_FILTER_NEST_LEVEL 40
|
|
|
26521d |
#define SLAPD_DEFAULT_MAX_FILTER_NEST_LEVEL_STR "40"
|
|
|
26521d |
#define SLAPD_DEFAULT_GROUPEVALNESTLEVEL 0
|
|
|
26521d |
@@ -2254,7 +2254,7 @@ typedef struct _slapdFrontendConfig
|
|
|
26521d |
int idletimeout;
|
|
|
26521d |
slapi_int_t ioblocktimeout;
|
|
|
26521d |
slapi_onoff_t lastmod;
|
|
|
26521d |
- int maxdescriptors;
|
|
|
26521d |
+ int64_t maxdescriptors;
|
|
|
26521d |
int conntablesize;
|
|
|
26521d |
slapi_int_t maxthreadsperconn;
|
|
|
26521d |
int outbound_ldap_io_timeout;
|
|
|
26521d |
diff --git a/wrappers/systemd.template.service.in b/wrappers/systemd.template.service.in
|
|
|
26521d |
index 0d88900b6..4c1b13d98 100644
|
|
|
26521d |
--- a/wrappers/systemd.template.service.in
|
|
|
26521d |
+++ b/wrappers/systemd.template.service.in
|
|
|
26521d |
@@ -28,7 +28,6 @@ EnvironmentFile=@initconfigdir@/@package_name@-%i
|
|
|
26521d |
PIDFile=@localstatedir@/run/@package_name@/slapd-%i.pid
|
|
|
26521d |
ExecStartPre=@sbindir@/ds_systemd_ask_password_acl @instconfigdir@/slapd-%i/dse.ldif
|
|
|
26521d |
ExecStart=@sbindir@/ns-slapd -D @instconfigdir@/slapd-%i -i @localstatedir@/run/@package_name@/slapd-%i.pid
|
|
|
26521d |
-
|
|
|
26521d |
# Hardening options:
|
|
|
26521d |
# PrivateDevices=true
|
|
|
26521d |
# ProtectSystem=true
|
|
|
26521d |
diff --git a/wrappers/systemd.template.sysconfig b/wrappers/systemd.template.sysconfig
|
|
|
26521d |
index 903876b17..76c004d40 100644
|
|
|
26521d |
--- a/wrappers/systemd.template.sysconfig
|
|
|
26521d |
+++ b/wrappers/systemd.template.sysconfig
|
|
|
26521d |
@@ -7,7 +7,8 @@
|
|
|
26521d |
|
|
|
26521d |
# This controls the number of file handles avaliable. File handles
|
|
|
26521d |
# correlate to sockets for the process, and our access to logs and
|
|
|
26521d |
-# databases.
|
|
|
26521d |
+# databases. Note, the configuration setting in Directory Server,
|
|
|
26521d |
+# "nsslapd-maxdescriptors", can override this limit.
|
|
|
26521d |
LimitNOFILE=16384
|
|
|
26521d |
|
|
|
26521d |
# You can limit the memory in the cgroup with these, and ns-slapd
|
|
|
26521d |
--
|
|
|
26521d |
2.17.2
|
|
|
26521d |
|