[Beowulf] Poll - Directory implementation
Ryan Novosielski
novosirj at rutgers.edu
Fri Oct 26 13:44:28 PDT 2018
> On Oct 24, 2018, at 2:05 PM, Michael Di Domenico <mdidomenico4 at gmail.com> wrote:
>
> On Wed, Oct 24, 2018 at 1:51 PM Ryan Novosielski <novosirj at rutgers.edu> wrote:
>> On 10/24/2018 01:44 PM, Michael Di Domenico wrote:
>>> i don't want to diverge this thread from the OP, but how fast does
>>> ldap really need to be? i have ~700 machines talking to two
>>> openldap servers w/ ssl enabled. we have to run nslcd on the
>>> clients, but all is well
>>
>> It's somewhat relevant, given someone's consideration of migration.
>>
>> Faster than ours! We have a single at the moment (the VM is movable so
>> we don't really need it for high availability), but we are having
>> problems with certain operations (like ls -la /home). Our case appears
>> as if it might be related to our VM infrastructure or some tuning
>> parameter that is very wrong. I've done the usual things (indexing on
>> uidNumber and gidNumber, etc.) but haven't had a ton of luck so far.
>
> dunno, there's a lot of variables at play to make a suggestion. but i
> don't recall doing anything overlay special. nslcd was one thing we
> absolutely had to run, we tried to avoid it at first, but the lookups
> across the enterprise crushed the server. with nslcd running the ldap
> server load is generally low. we can spike it though with a
> large/fast rsync or someother filer heavy action, but most of our
> users cannot.
>
> how many objects do you have in your tree? are you storing more then
> passwd/shadow/group info?
Our LDAP is very small, compared to the sorts of things some people run.
We added indexes today on uid, uidNumber, and gidNumber and the problem went away. Didn’t try it earlier as it had virtually no impact on our testing system for whatever reason, but on a different testing system and on production, it dropped “ls -al /home/“ from ~90s to ~5s. I’m not sure if all three were necessary, but I’ll look back at that later.
We’ve run SSSD from day one, so that eliminates the nscld question. We also moved CentOS 5.x to SSSD, FYI (I believe there was someone else with some old systems around). Was pretty painless, and SSSD eliminates a lot of problems that exist with the older stuff (including some really boneheaded very large LDAP queries that were happening routinely with the older nss-ldap software if I’m remembering its name correctly).
--
____
|| \\UTGERS, |---------------------------*O*---------------------------
||_// the State | Ryan Novosielski - novosirj at rutgers.edu
|| \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus
|| \\ of NJ | Office of Advanced Research Computing - MSB C630, Newark
`'
More information about the Beowulf
mailing list