openldap 连接数设置
openldap 连接数的 default 为 1024, 但有时我们有需要, 需要改变, 如改为 8192
before
未修改之前, 我们看到 limit 的 限制在于 Max open files
.
对于 进程 pid: 45002 , /proc/45002/limits
就是 45002 这个进程的限制。
[root@localhost ~]# cat /usr/lib/systemd/system/slapd.service
[Unit]
Description=OpenLDAP Server Daemon
After=syslog.target network-online.target
Documentation=man:slapd
Documentation=man:slapd-config
Documentation=man:slapd-hdb
Documentation=man:slapd-mdb
Documentation=file:///usr/share/doc/openldap-servers/guide.html
[Service]
Type=forking
Environment="SLAPD_URLS=ldap:/// ldapi:/// ldaps:///" "SLAPD_OPTIONS="
EnvironmentFile=/etc/sysconfig/slapd
ExecStartPre=/usr/libexec/openldap/check-config.sh
ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS
[Install]
WantedBy=multi-user.target
Alias=openldap.service
[root@localhost ~]# ps -ef | grep slapd
ldap 45002 1 0 17:06 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:/// ldaps:/// -f /etc/openldap/slapd.conf
root 45028 44768 0 17:07 pts/1 00:00:00 grep --color=auto slapd
[root@localhost ~]# cat /proc/45002/limits
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size unlimited unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 3059 3059 processes
Max open files 1024 4096 files
Max locked memory 16777216 16777216 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 3059 3059 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
[root@localhost ~]#
设置
对 /usr/lib/systemd/system/slapd.service
设置 LimitNOFILE=9000
[root@localhost ~]# vim /usr/lib/systemd/system/slapd.service
[root@localhost ~]# cat /usr/lib/systemd/system/slapd.service
[Unit]
Description=OpenLDAP Server Daemon
After=syslog.target network-online.target
Documentation=man:slapd
Documentation=man:slapd-config
Documentation=man:slapd-hdb
Documentation=man:slapd-mdb
Documentation=file:///usr/share/doc/openldap-servers/guide.html
[Service]
Type=forking
Environment="SLAPD_URLS=ldap:/// ldapi:/// ldaps:///" "SLAPD_OPTIONS="
EnvironmentFile=/etc/sysconfig/slapd
ExecStartPre=/usr/libexec/openldap/check-config.sh
ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS
LimitNOFILE=9000
[Install]
WantedBy=multi-user.target
Alias=openldap.service
after
systemctl daemon-reload; systemctl restart slapd
使之生效后,再次查看
可以看到 Max open files
已经为 9000.
[root@localhost ~]# systemctl daemon-reload;systemctl restart slapd
[root@localhost ~]# ps -ef | grep slapd
ldap 45113 1 0 17:10 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:/// ldaps:/// -f /etc/openldap/slapd.conf
root 45117 44768 0 17:11 pts/1 00:00:00 grep --color=auto slapd
[root@localhost ~]# cat /proc/45113/limits
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size unlimited unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 3059 3059 processes
Max open files 9000 9000 files
Max locked memory 16777216 16777216 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 3059 3059 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
[root@localhost ~]#
测试方法:
已知 nslcd
去连接 openLDAP-servers
。
将 nslcd
配置文件 /etc/nslcd.conf
设置 threads 2000
; 这样理论上 nslcd 就能与 openLDAP-server 发起多个连接。 我们设置 多台 这样的 nslcd
;同时发起连接。 便能去测试。
同理,当你把 openLDAP-servers 的连接数调小之后, 也可以用类似来测试。/etc/nslcd.conf
中 threads NUM 参数说明
Specifies the number of threads to start that can handle requests and perform LDAP queries. Each thread opens a separate connection to the LDAP server. The default is to start 5 threads.
[root@localhost etc]# cat /etc/nslcd.conf |grep -v '#'
threads 2000
uid nslcd
gid ldap
uri ldap://192.168.116.130/
base dc=sys,dc=com
ssl no
rootpwmoddn uid=admin,dc=sys,dc=com
binddn cn=test1,ou=it,dc=sys,dc=com
bindpw {SSHA}bQW6OAIjvpyOXYZltN9RzMJCnjhfJpAR
查看连接数 命令。
netstat -anlp |grep "192.168.116.130:389"| grep 'ESTABLISHED' |wc -l
192.168.116.130:389 为 server ip.
效果:
备注
关于一些疑问: 一开始我们看官网 以为需要修改 FD_SETSIZE 这个东西,测试之后发现问题不在这。
https://www.openldap.org/faq/data/cache/1126.html
https://www.openldap.org/faq/data/cache/1127.html
后来 设置 LimitNOFILE 发现这是有效的。 还请查验。