On Mon, Jun 12, 2017 at 01:53:27PM +0000, Joakim Tjernlund wrote:
On Sun, 2017-06-11 at 20:55 +0200, Jakub Hrozek wrote:
> On Sat, Jun 10, 2017 at 07:56:47AM +0000, Joakim Tjernlund wrote:
> > On Sat, 2017-06-10 at 08:24 +0200, Jakub Hrozek wrote:
> > > On Fri, Jun 09, 2017 at 04:28:45PM +0000, Joakim Tjernlund wrote:
> > > > both 1.15.2 and git master hangs after less than 24 hour on
> > > > a server.
> > > >
> > > > I can see this repeating the domain log:
> > > >
> > > > (Fri Jun 9 18:21:49 2017) [sssd[be[infinera.com]]]
[orderly_shutdown] (0x0010): SIGTERM: killing children
> > > > (Fri Jun 9 18:21:49 2017) [sssd[be[infinera.com]]] [ldb] (0x0010): A
transaction is still active in ldb context [0xf65ce0] on
/var/lib/sss/db/cache_infinera.com.ldb
> > > > (Fri Jun 9 18:22:42 2017) [sssd[be[infinera.com]]]
[orderly_shutdown] (0x0010): SIGTERM: killing children
> > > > (Fri Jun 9 18:22:42 2017) [sssd[be[infinera.com]]] [ldb] (0x0010): A
transaction is still active in ldb context [0x239cce0] on
/var/lib/sss/db/cache_infinera.com.ldb
> > > > (Fri Jun 9 18:23:35 2017) [sssd[be[infinera.com]]]
[orderly_shutdown] (0x0010): SIGTERM: killing children
> > > > (Fri Jun 9 18:23:35 2017) [sssd[be[infinera.com]]] [ldb] (0x0010): A
transaction is still active in ldb context [0x1421ce0] on
/var/lib/sss/db/cache_infinera.com.ldb
> > > > (Fri Jun 9 18:24:28 2017) [sssd[be[infinera.com]]]
[orderly_shutdown] (0x0010): SIGTERM: killing children
> > > > (Fri Jun 9 18:24:28 2017) [sssd[be[infinera.com]]] [ldb] (0x0010): A
transaction is still active in ldb context [0x1cb0ce0] on
/var/lib/sss/db/cache_infinera.com.ldb
> > >
> > > This is caused by too long write to disk.
> > >
> >
> > Can I just increase the timeout for now? I will patch the code if needed.
> > On this sever we need enumerate = true ATM, cannot just turn it off.
>
> Oh, sure. The other alternative might be to mount the cache to tmpfs.
After mounting a tmpfs this morning on /var/lib/sss/db, the error has returned.
Seems to an additional problem here.
I don't this AD is that big either:
# > getent passwd | wc -l
3236
# > getent group | wc -l
885
Any ideas?
Can you get a pstack of when the process is 'stuck' ?
Does increasing the 'timeout' parameter from its default '10' to maybe
30 in the domain section help?