[Beowulf] Poll - Directory implementation
Ryan Novosielski
novosirj at rutgers.edu
Mon Oct 29 09:00:20 PDT 2018
It’s a very easy switch, and you could do it on earlier versions of RedHat if you want to eliminate that as a change on upgrade.
FWIW, my favorite SSSD debug level for running in production is 0x0180.
--
____
|| \\UTGERS, |---------------------------*O*---------------------------
||_// the State | Ryan Novosielski - novosirj at rutgers.edu<mailto:novosirj at rutgers.edu>
|| \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus
|| \\ of NJ | Office of Advanced Research Computing - MSB C630, Newark
`'
On Oct 26, 2018, at 23:12, Skylar Thompson <skylar.thompson at gmail.com<mailto:skylar.thompson at gmail.com>> wrote:
Good to know - we're still nslcd users so have yet to run into that, though
are about to make the leap to CentOS 7 where I think we will have to use
it.
On Sat, Oct 27, 2018 at 03:13:47AM +0100, John Hearns via Beowulf wrote:
Skylar, I believe that nscd does not work well with sssd and I disabled
it.
See [1]https://access.redhat.com/documentation/en-us/red_hat_enterprise
_linux/6/html/deployment_guide/usingnscd-sssd
I believe that nscd is the work of Auld Nick himself and causes more
problems than it is worth on HPC nodes.
If you want to speed up cacheing with sssd itself you can put its local
caches on a RAMdisk. This has the cost of no persistence of course and
uses up RAM which you may prefer to put to better use.
On Sat, 27 Oct 2018 at 00:59, Skylar Thompson
<[2]skylar.thompson at gmail.com<mailto:skylar.thompson at gmail.com>> wrote:
On Fri, Oct 26, 2018 at 08:44:28PM +0000, Ryan Novosielski wrote:
Our LDAP is very small, compared to the sorts of things some
people run.
We added indexes today on uid, uidNumber, and gidNumber and the
problem went away. Didn’t try it earlier as it had virtually no
impact on our testing system for whatever reason, but on a different
testing system and on production, it dropped “ls -al /home/“ from
~90s to ~5s. I’m not sure if all three were necessary, but I’ll look
back at that later.
We’ve run SSSD from day one, so that eliminates the nscld
question. We also moved CentOS 5.x to SSSD, FYI (I believe there was
someone else with some old systems around). Was pretty painless, and
SSSD eliminates a lot of problems that exist with the older stuff
(including some really boneheaded very large LDAP queries that were
happening routinely with the older nss-ldap software if I’m
remembering its name correctly).
Have you experimented with client-side caching services like nscd?
nscd has
its quirks (in particular, it does very poorly with caching spurious
negative
results from transient network failures), but it also is a big
performance
improvement since you don't even have to hit the network or the
directory
services.
--
Skylar
_______________________________________________
Beowulf mailing list, [3]Beowulf at beowulf.org<mailto:Beowulf at beowulf.org> sponsored by Penguin
Computing
To change your subscription (digest mode or unsubscribe) visit
[4]http://www.beowulf.org/mailman/listinfo/beowulf
References
1. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/usingnscd-sssd
2. mailto:skylar.thompson at gmail.com
3. mailto:Beowulf at beowulf.org
4. http://www.beowulf.org/mailman/listinfo/beowulf
_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org<mailto:Beowulf at beowulf.org> sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
--
Skylar
_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org<mailto:Beowulf at beowulf.org> sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.beowulf.org/pipermail/beowulf/attachments/20181029/67adb23b/attachment-0001.html>
More information about the Beowulf
mailing list