Fedora directory users - Aug 2006 - leak

I''ve seen one recent mention on this list about leaks in the directory 
server but I have a ns-slapd process that grows by dozens of megabytes a 
day.  At least once a week I restart the directory server after it eats 
up ~90% of the system memory.  Right now it''s a 1.2G process and it
sure
isn''t cached data because there are not that many entries in this 
thing.  I don''t recall the issue being this extreme when I first set it
up.  Cold the leak be associated with replication or some other 
subsystem not active in a fresh install?
--
Jason Russler
Helix Systems, NIH, DHHS

Same here, ''reasonable'' usage, constant leaking.
We are using multimaster replication.

Haven''t had any responses, though.

frits

On 8/21/06, Jason Russler <jrussler@helix.nih.gov>
wrote:
>
> I''ve seen one recent mention on this list about leaks in the
directory
> server but I have a ns-slapd process that grows by dozens of megabytes a
> day.  At least once a week I restart the directory server after it eats
> up ~90% of the system memory.  Right now it''s a 1.2G process and
it sure
> isn''t cached data because there are not that many entries in this
> thing.  I don''t recall the issue being this extreme when I first
set it
> up.  Cold the leak be associated with replication or some other
> subsystem not active in a fresh install?
> --
> Jason Russler
> Helix Systems, NIH, DHHS
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

Frits Hoogland wrote:
> Same here, ''reasonable'' usage, constant leaking.
> We are using multimaster replication.
>
> Haven''t had any responses, though.
Are you guys using SSL?  What OS version?  I''m assuming you are using 
FDS 1.0.2.
>
> frits
>
> On 8/21/06, * Jason Russler* <jrussler@helix.nih.gov 
> <mailto:jrussler@helix.nih.gov>> wrote:
>
>     I''ve seen one recent mention on this list about leaks in the
directory
>     server but I have a ns-slapd process that grows by dozens of
>     megabytes a
>     day.  At least once a week I restart the directory server after it
>     eats
>     up ~90% of the system memory.  Right now it''s a 1.2G process
and
>     it sure
>     isn''t cached data because there are not that many entries in
this
>     thing.  I don''t recall the issue being this extreme when I
first
>     set it
>     up.  Cold the leak be associated with replication or some other
>     subsystem not active in a fresh install?
>     --
>     Jason Russler
>     Helix Systems, NIH, DHHS
>
>     --
>     Fedora-directory-users mailing list
>     Fedora-directory-users@redhat.com
>     <mailto:Fedora-directory-users@redhat.com>
>     https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

Yes. Version 1.0.2. Yes using SSL. os: Debian GNU/Linux 3.1 (aka sarge)

On 8/21/06, Richard Megginson <rmeggins@redhat.com>
wrote:
>
> Frits Hoogland wrote:
> > Same here, ''reasonable'' usage, constant leaking.
> > We are using multimaster replication.
> >
> > Haven''t had any responses, though.
> Are you guys using SSL?  What OS version?  I''m assuming you are
using
> FDS 1.0.2.
> >
> > frits
> >
> > On 8/21/06, * Jason Russler* <jrussler@helix.nih.gov
> > <mailto:jrussler@helix.nih.gov>> wrote:
> >
> >     I''ve seen one recent mention on this list about leaks in
the
> directory
> >     server but I have a ns-slapd process that grows by dozens of
> >     megabytes a
> >     day.  At least once a week I restart the directory server after it
> >     eats
> >     up ~90% of the system memory.  Right now it''s a 1.2G
process and
> >     it sure
> >     isn''t cached data because there are not that many entries
in this
> >     thing.  I don''t recall the issue being this extreme when
I first
> >     set it
> >     up.  Cold the leak be associated with replication or some other
> >     subsystem not active in a fresh install?
> >     --
> >     Jason Russler
> >     Helix Systems, NIH, DHHS
> >
> >     --
> >     Fedora-directory-users mailing list
> >     Fedora-directory-users@redhat.com
> >     <mailto:Fedora-directory-users@redhat.com>
> >     https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
> >
------------------------------------------------------------------------
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>
>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> On 8/21/06, Richard Megginson <rmeggins@redhat.com > wrote:
>
> Frits Hoogland wrote:
>> Same here, ''reasonable'' usage, constant leaking.
>> We are using multimaster replication.
>>
>> Haven''t had any responses, though.
> Are you guys using SSL?  What OS version?  I''m assuming you are
using
> FDS 1.0.2.
Seeing the same thing here. FDS 1.0.2 using SSL, on RHEL4.  Once the server 
went production and started getting hits, the memory started creeping up. 
Resident memory size remains fairly constant, but the virutal image grows 
to consume all available resources.

  -paul

- -- 
Paul D. Engle                | Rice University
Sr. Systems Administrator    | Information Technology - MS119
(713) 348-4702               | P.O. Box 1892
pengle@rice.edu              | Houston, TX 77251-1892
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFE6ccpCpkISWtyHNsRAqzzAJ0R9Q0PHMF2DLlx3s7ApkW2tsaQ6ACffKR7
QpWKqaXzdqiEyNO6ylwBx/I=NPYN
-----END PGP SIGNATURE-----

I''ll reply with another "me too."  We''re using FDS
1.0.2 on x86_64 with
SSL.  With less than two thousand entries in the directory the resident
size is 3.6GB, the virtual image is over 5GB, and both are still growing.

It''s like that old Johnny Cash song:
"How high is the water, mama?"
"Five feet high and risin''..."

David

Ah yes, using the SSL port rather than a "start TLS" session on 389.  
FDS 1.0.2.  I did switch to that a while ago. 
> Are you guys using SSL?  What OS version?  I''m assuming you are
using
> FDS 1.0.2.
>>
>>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

Another "me too". We are running FDS 1.0.2 on RHEL4 with SSL. Here is
a
crude measure showing the change after running a short soak test:
$ ps -ely|grep ns-slapd
S UID PID PPID C PRI NI RSS SZ WCHAN TTY TIME CMD
S 389 19007 1 0 75 0 282044 220799 - ? 00:06:52 ns-slapd
and later:
S 389 19007 1 0 75 0 324100 231461 - ? 00:14:52 ns-slapd

Regards
Nick Johnson

This might be a leak in NSS 3.11.  There has since been NSS 3.11.1 and 
3.11.2.  For those of you who feel inclined to build NSPR and NSS -
http://directory.fedora.redhat.com/wiki/Building#Mozilla.org_components

Note that the CVS tag for the latest NSPR 4.6.2 is NSPR_4_6_2_RTM and 
the CVS tag for NSS is NSS_3_11_2_RTM.  Also note that DBM is now part 
of NSS, so you do not have to check out dbm separately, just do the 
following (after checking out NSPR):

 cvs -z3 co -r NSS_3_9_3_RTM mozilla/security/coreconf mozilla/security/nss
mozilla/security/dbm

Then
 make -C mozilla/security/nss BUILD_OPT=1 [USE_64=1] nss_build_all


Once this is done, find the nspr and nss shared libs under 
mozilla/dist/<platform>/lib.  You will need to replace the following 
libs in bin/slapd/lib with the ones from mozilla/dist/<platform>/lib:
libfreebl3.chk libfreebl3.so libnspr4.so libnss3.so libplc4.so 
libplds4.so libsmime3.so libsoftokn3.chk libsoftokn3.so libssl3.so

For those of you unable or unwilling to build NSS/NSPR for yourself, 
drop me a line and let me know what OS, version, and arch you are 
using.  I may be able to build binaries for RHEL/FC 32 bit and 64 bit 
platforms.

Nick Johnson wrote:
> Another "me too". We are running FDS 1.0.2 on RHEL4 with SSL.
Here is
> a crude measure showing the change after running a short soak test:
> $ ps -ely|grep ns-slapd
> S UID PID PPID C PRI NI RSS SZ WCHAN TTY TIME CMD
> S 389 19007 1 0 75 0 282044 220799 - ? 00:06:52 ns-slapd
> and later:
> S 389 19007 1 0 75 0 324100 231461 - ? 00:14:52 ns-slapd
>
> Regards
> Nick Johnson
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

Excellent, thanks for the info.

Richard Megginson wrote:
> This might be a leak in NSS 3.11.  There has since been NSS 3.11.1 and 
> 3.11.2.  For those of you who feel inclined to build NSPR and NSS -
> http://directory.fedora.redhat.com/wiki/Building#Mozilla.org_components
>
> Note that the CVS tag for the latest NSPR 4.6.2 is NSPR_4_6_2_RTM and 
> the CVS tag for NSS is NSS_3_11_2_RTM.  Also note that DBM is now part 
> of NSS, so you do not have to check out dbm separately, just do the 
> following (after checking out NSPR):
>
> cvs -z3 co -r NSS_3_9_3_RTM mozilla/security/coreconf 
> mozilla/security/nss mozilla/security/dbm
>
> Then
> make -C mozilla/security/nss BUILD_OPT=1 [USE_64=1] nss_build_all
>
>
> Once this is done, find the nspr and nss shared libs under 
> mozilla/dist/<platform>/lib.  You will need to replace the following 
> libs in bin/slapd/lib with the ones from mozilla/dist/<platform>/lib:
> libfreebl3.chk libfreebl3.so libnspr4.so libnss3.so libplc4.so 
> libplds4.so libsmime3.so libsoftokn3.chk libsoftokn3.so libssl3.so
>
> For those of you unable or unwilling to build NSS/NSPR for yourself, 
> drop me a line and let me know what OS, version, and arch you are 
> using.  I may be able to build binaries for RHEL/FC 32 bit and 64 bit 
> platforms.
>
> Nick Johnson wrote:
>> Another "me too". We are running FDS 1.0.2 on RHEL4 with SSL.
Here is
>> a crude measure showing the change after running a short soak test:
>> $ ps -ely|grep ns-slapd
>> S UID PID PPID C PRI NI RSS SZ WCHAN TTY TIME CMD
>> S 389 19007 1 0 75 0 282044 220799 - ? 00:06:52 ns-slapd
>> and later:
>> S 389 19007 1 0 75 0 324100 231461 - ? 00:14:52 ns-slapd
>>
>> Regards
>> Nick Johnson
>>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>   
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

Please refer to this bug 
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193043 for more 
information about the memory leak.  The original reporter said that the 
memory usage went down back to expected values after applying the new 
nspr/nss.  That bug also has instructions about how to checkout and 
build nspr/nss.

Nick Johnson wrote:
> Another "me too". We are running FDS 1.0.2 on RHEL4 with SSL.
Here is
> a crude measure showing the change after running a short soak test:
> $ ps -ely|grep ns-slapd
> S UID PID PPID C PRI NI RSS SZ WCHAN TTY TIME CMD
> S 389 19007 1 0 75 0 282044 220799 - ? 00:06:52 ns-slapd
> and later:
> S 389 19007 1 0 75 0 324100 231461 - ? 00:14:52 ns-slapd
>
> Regards
> Nick Johnson
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>