On Thu, 2015-09-03 at 09:15 +0530, Prashant Bapat wrote:
Hi,
We have been using 389-ds as part of FreeIPA. In one of our environments,
we have 2 389-ds installations with replication.
Randomly, the 389-ds on either of them completely freezes and there are
high number of CLOSE_WAITs on tcp/389 port.
Only way to recover from this situation is to either reboot or "kill -9"
the ns-slapd process. Graceful restarts get stuck indefinitely.
One curious thing when this happens, a search using "ldapsearch" command
seems to work but a search using a python-ldap client does not. FreeIPA
does not work either.
Any pointers on troubleshooting this would be appreciated.
How many threads have you got on your server? How long is your timeouts set for?
Look for:
nsslapd-threadnumber
nsslapd-idletimeout
nsslapd-ioblocktimeout
You could have thread exhaustion occurring.
--
William Brown <william(a)blackhats.net.au>