Fedora directory users - Dec 2005 - init script failure and ulimit

Hi,

The first of the init scripts, here:

http://directory.fedora.redhat.com/wiki/Howto:SysVInit

(URL to script: 
http://www.directory.fedora.redhat.com/download/FedoraDirectoryServer-init.d)

... does not start the Fedora Directory Server on boot if the system ulimit
has been changed before the installation of FDS.  If FDS detects a higher
ulimit then it will write:

(e.g.)
nsslapd-maxdescriptors: 8192

to:

/opt/fedora-ds/slapd-(servername)/config/dse.ldif

So that when the script above is run during bootup, the following message
will be generated in the logs, and FDS won''t start:

   dse - The entry cn=config in file
/opt/fedora-ds/slapd-fc3-dbw-1/config/dse.ldif
   is invalid, error code 53 (DSA is unwilling to perform) -
nsslapd-maxdescriptors:
   invalid value 8192, maximum file descriptors must range from 1 to 1024 (the
   current process limit)

To fix this, insert the string:

ulimit -n 8192

... somewhere near the top of the script.  e.g.:

myName=`basename $0`
fdsRoot="/opt/fedora-ds"
ulimit -n 8192


This problem is likely to be caused because the /opt/fedora-ds/setup/setup
script emits the following messages if it detects a low ulimit:

WARNING: There are only 1024 file descriptors (hard limit) available, which
limit the number of simultaneous connections.

WARNING: There are only 1024 file descriptors (soft limit) available, which
limit the number of simultaneous connections.

Changing the ulimit to 8192 in /etc/security/limits.conf makes the above
setup problem go away but then causes the startup script to fail.

-- 
Del

Del wrote:
> 
> Hi,
> 
> The first of the init scripts, here:
> 
> http://directory.fedora.redhat.com/wiki/Howto:SysVInit
> 
> (URL to script:  
>
http://www.directory.fedora.redhat.com/download/FedoraDirectoryServer-init.d)
> 
> 
> ... does not start the Fedora Directory Server on boot if the system ulimit
> has been changed before the installation of FDS.  If FDS detects a higher
> ulimit then it will write:
> 
> (e.g.)
> nsslapd-maxdescriptors: 8192
> 
> to:
> 
> /opt/fedora-ds/slapd-(servername)/config/dse.ldif
> 
> So that when the script above is run during bootup, the following message
> will be generated in the logs, and FDS won''t start:
> 
>   dse - The entry cn=config in file 
> /opt/fedora-ds/slapd-fc3-dbw-1/config/dse.ldif
>   is invalid, error code 53 (DSA is unwilling to perform) - 
> nsslapd-maxdescriptors:
>   invalid value 8192, maximum file descriptors must range from 1 to 1024 
> (the
>   current process limit)
> 
> To fix this, insert the string:
> 
> ulimit -n 8192
On top of that, you also have to put the same ulimit line in any scripts 
which call ns-slapd (bak2db, db2bak, bak2ldif, ldif2bak, etc). This 
"feature" caused me major problems several weeks ago when those
scripts
failed and left some files with wrong permissions, thus causing nearly 
impossible to debug write deadlocks.

I really hope that this is redesigned in an upcoming release.

--
mike

>> ulimit -n 8192
> 
> 
> On top of that, you also have to put the same ulimit line in any scripts 
> which call ns-slapd (bak2db, db2bak, bak2ldif, ldif2bak, etc). This 
> "feature" caused me major problems several weeks ago when those
scripts
> failed and left some files with wrong permissions, thus causing nearly 
> impossible to debug write deadlocks.
> 
> I really hope that this is redesigned in an upcoming release.
The ideal thing is if you extend the ulimit in /etc/security/limits.conf,
put the ulimit command in /etc/profile.  Then you don''t need to fix any
scripts.

Some of the system startup scripts won''t like it and complain because
they aren''t all run as root, and don''t all read /etc/profile,
and some
happen before the extension in limits.conf, but generally you''ll be
happier.

-- 
Del

Del wrote:
> 
>>> ulimit -n 8192
>>
>>
>>
>> On top of that, you also have to put the same ulimit line in any 
>> scripts which call ns-slapd (bak2db, db2bak, bak2ldif, ldif2bak, etc). 
>> This "feature" caused me major problems several weeks ago
when those
>> scripts failed and left some files with wrong permissions, thus 
>> causing nearly impossible to debug write deadlocks.
>>
>> I really hope that this is redesigned in an upcoming release.
> 
> 
> The ideal thing is if you extend the ulimit in /etc/security/limits.conf,
> put the ulimit command in /etc/profile.  Then you don''t need to
fix any
> scripts.
This is a linux thing, and maybe only a redhat linux thing (I don''t 
know, because I only use RHEL and FC as far as linux goes). It doesn''t 
exist on e.g. FreeBSD.

--
mike