openldap 连接数设置

openldap 连接数的 default 为 1024, 但有时我们有需要, 需要改变, 如改为 8192

before

未修改之前, 我们看到 limit 的 限制在于 Max open files.
对于 进程 pid: 45002 , /proc/45002/limits 就是 45002 这个进程的限制。

  1. [root@localhost ~]# cat /usr/lib/systemd/system/slapd.service
  2. [Unit]
  3. Description=OpenLDAP Server Daemon
  4. After=syslog.target network-online.target
  5. Documentation=man:slapd
  6. Documentation=man:slapd-config
  7. Documentation=man:slapd-hdb
  8. Documentation=man:slapd-mdb
  9. Documentation=file:///usr/share/doc/openldap-servers/guide.html
  11. [Service]
  12. Type=forking
  13. Environment="SLAPD_URLS=ldap:/// ldapi:/// ldaps:///" "SLAPD_OPTIONS="
  14. EnvironmentFile=/etc/sysconfig/slapd
  15. ExecStartPre=/usr/libexec/openldap/check-config.sh
  16. ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS
  18. [Install]
  19. WantedBy=multi-user.target
  20. Alias=openldap.service
  22. [root@localhost ~]# ps -ef | grep slapd
  23. ldap      45002      1  0 17:06 ?        00:00:00 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:/// ldaps:/// -f /etc/openldap/slapd.conf
  24. root      45028  44768  0 17:07 pts/1    00:00:00 grep --color=auto slapd
  26. [root@localhost ~]# cat /proc/45002/limits
  27. Limit                     Soft Limit           Hard Limit           Units
  28. Max cpu time              unlimited            unlimited            seconds
  29. Max file size             unlimited            unlimited            bytes
  30. Max data size             unlimited            unlimited            bytes
  31. Max stack size            8388608              unlimited            bytes
  32. Max core file size        unlimited            unlimited            bytes
  33. Max resident set          unlimited            unlimited            bytes
  34. Max processes             3059                 3059                 processes
  35. Max open files            1024                 4096                 files
  36. Max locked memory         16777216             16777216             bytes
  37. Max address space         unlimited            unlimited            bytes
  38. Max file locks            unlimited            unlimited            locks
  39. Max pending signals       3059                 3059                 signals
  40. Max msgqueue size         819200               819200               bytes
  41. Max nice priority         0                    0
  42. Max realtime priority     0                    0
  43. Max realtime timeout      unlimited            unlimited            us
  44. [root@localhost ~]#

设置

/usr/lib/systemd/system/slapd.service 设置 LimitNOFILE=9000

  1. [root@localhost ~]# vim /usr/lib/systemd/system/slapd.service
  2. [root@localhost ~]# cat /usr/lib/systemd/system/slapd.service
  3. [Unit]
  4. Description=OpenLDAP Server Daemon
  5. After=syslog.target network-online.target
  6. Documentation=man:slapd
  7. Documentation=man:slapd-config
  8. Documentation=man:slapd-hdb
  9. Documentation=man:slapd-mdb
  10. Documentation=file:///usr/share/doc/openldap-servers/guide.html
  12. [Service]
  13. Type=forking
  14. Environment="SLAPD_URLS=ldap:/// ldapi:/// ldaps:///" "SLAPD_OPTIONS="
  15. EnvironmentFile=/etc/sysconfig/slapd
  16. ExecStartPre=/usr/libexec/openldap/check-config.sh
  17. ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS
  18. LimitNOFILE=9000
  20. [Install]
  21. WantedBy=multi-user.target
  22. Alias=openldap.service

after

systemctl daemon-reload; systemctl restart slapd 使之生效后,再次查看
可以看到 Max open files 已经为 9000.

  1. [root@localhost ~]# systemctl daemon-reload;systemctl restart slapd
  2. [root@localhost ~]# ps -ef | grep slapd
  3. ldap      45113      1  0 17:10 ?        00:00:00 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:/// ldaps:/// -f /etc/openldap/slapd.conf
  4. root      45117  44768  0 17:11 pts/1    00:00:00 grep --color=auto slapd
  5. [root@localhost ~]# cat /proc/45113/limits
  6. Limit                     Soft Limit           Hard Limit           Units
  7. Max cpu time              unlimited            unlimited            seconds
  8. Max file size             unlimited            unlimited            bytes
  9. Max data size             unlimited            unlimited            bytes
  10. Max stack size            8388608              unlimited            bytes
  11. Max core file size        unlimited            unlimited            bytes
  12. Max resident set          unlimited            unlimited            bytes
  13. Max processes             3059                 3059                 processes
  14. Max open files            9000                 9000                 files
  15. Max locked memory         16777216             16777216             bytes
  16. Max address space         unlimited            unlimited            bytes
  17. Max file locks            unlimited            unlimited            locks
  18. Max pending signals       3059                 3059                 signals
  19. Max msgqueue size         819200               819200               bytes
  20. Max nice priority         0                    0
  21. Max realtime priority     0                    0
  22. Max realtime timeout      unlimited            unlimited            us
  23. [root@localhost ~]#

测试方法:

已知 nslcd 去连接 openLDAP-servers
nslcd 配置文件 /etc/nslcd.conf 设置 threads 2000; 这样理论上 nslcd 就能与 openLDAP-server 发起多个连接。 我们设置 多台 这样的 nslcd;同时发起连接。 便能去测试。

同理,当你把 openLDAP-servers 的连接数调小之后, 也可以用类似来测试。
/etc/nslcd.confthreads NUM 参数说明

Specifies the number of threads to start that can handle requests and perform LDAP queries. Each thread opens a separate connection to the LDAP server. The default is to start 5 threads.

  1. [root@localhost etc]# cat /etc/nslcd.conf |grep -v '#'
  2. threads 2000
  3. uid nslcd
  4. gid ldap
  5. uri ldap://192.168.116.130/
  6. base  dc=sys,dc=com
  7. ssl no
  8. rootpwmoddn uid=admin,dc=sys,dc=com
  9. binddn cn=test1,ou=it,dc=sys,dc=com
  10. bindpw {SSHA}bQW6OAIjvpyOXYZltN9RzMJCnjhfJpAR

查看连接数 命令。

netstat -anlp |grep "192.168.116.130:389"| grep 'ESTABLISHED' |wc -l

192.168.116.130:389 为 server ip.
效果:

slapd_connection_pressure_test.png

备注

关于一些疑问: 一开始我们看官网 以为需要修改 FD_SETSIZE 这个东西,测试之后发现问题不在这。
https://www.openldap.org/faq/data/cache/1126.html
https://www.openldap.org/faq/data/cache/1127.html

后来 设置 LimitNOFILE 发现这是有效的。 还请查验。