openldap 连接数设置

openldap 连接数的 default 为 1024, 但有时我们有需要, 需要改变, 如改为 8192

before

未修改之前, 我们看到 limit 的 限制在于 Max open files.
对于 进程 pid: 45002 , /proc/45002/limits 就是 45002 这个进程的限制。

  1. [root@localhost ~]# cat /usr/lib/systemd/system/slapd.service
  2. [Unit]
  3. Description=OpenLDAP Server Daemon
  4. After=syslog.target network-online.target
  5. Documentation=man:slapd
  6. Documentation=man:slapd-config
  7. Documentation=man:slapd-hdb
  8. Documentation=man:slapd-mdb
  9. Documentation=file:///usr/share/doc/openldap-servers/guide.html
  10. [Service]
  11. Type=forking
  12. Environment="SLAPD_URLS=ldap:/// ldapi:/// ldaps:///" "SLAPD_OPTIONS="
  13. EnvironmentFile=/etc/sysconfig/slapd
  14. ExecStartPre=/usr/libexec/openldap/check-config.sh
  15. ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS
  16. [Install]
  17. WantedBy=multi-user.target
  18. Alias=openldap.service
  19. [root@localhost ~]# ps -ef | grep slapd
  20. ldap 45002 1 0 17:06 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:/// ldaps:/// -f /etc/openldap/slapd.conf
  21. root 45028 44768 0 17:07 pts/1 00:00:00 grep --color=auto slapd
  22. [root@localhost ~]# cat /proc/45002/limits
  23. Limit Soft Limit Hard Limit Units
  24. Max cpu time unlimited unlimited seconds
  25. Max file size unlimited unlimited bytes
  26. Max data size unlimited unlimited bytes
  27. Max stack size 8388608 unlimited bytes
  28. Max core file size unlimited unlimited bytes
  29. Max resident set unlimited unlimited bytes
  30. Max processes 3059 3059 processes
  31. Max open files 1024 4096 files
  32. Max locked memory 16777216 16777216 bytes
  33. Max address space unlimited unlimited bytes
  34. Max file locks unlimited unlimited locks
  35. Max pending signals 3059 3059 signals
  36. Max msgqueue size 819200 819200 bytes
  37. Max nice priority 0 0
  38. Max realtime priority 0 0
  39. Max realtime timeout unlimited unlimited us
  40. [root@localhost ~]#

设置

/usr/lib/systemd/system/slapd.service 设置 LimitNOFILE=9000

  1. [root@localhost ~]# vim /usr/lib/systemd/system/slapd.service
  2. [root@localhost ~]# cat /usr/lib/systemd/system/slapd.service
  3. [Unit]
  4. Description=OpenLDAP Server Daemon
  5. After=syslog.target network-online.target
  6. Documentation=man:slapd
  7. Documentation=man:slapd-config
  8. Documentation=man:slapd-hdb
  9. Documentation=man:slapd-mdb
  10. Documentation=file:///usr/share/doc/openldap-servers/guide.html
  11. [Service]
  12. Type=forking
  13. Environment="SLAPD_URLS=ldap:/// ldapi:/// ldaps:///" "SLAPD_OPTIONS="
  14. EnvironmentFile=/etc/sysconfig/slapd
  15. ExecStartPre=/usr/libexec/openldap/check-config.sh
  16. ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS
  17. LimitNOFILE=9000
  18. [Install]
  19. WantedBy=multi-user.target
  20. Alias=openldap.service

after

systemctl daemon-reload; systemctl restart slapd 使之生效后,再次查看
可以看到 Max open files 已经为 9000.

  1. [root@localhost ~]# systemctl daemon-reload;systemctl restart slapd
  2. [root@localhost ~]# ps -ef | grep slapd
  3. ldap 45113 1 0 17:10 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:/// ldaps:/// -f /etc/openldap/slapd.conf
  4. root 45117 44768 0 17:11 pts/1 00:00:00 grep --color=auto slapd
  5. [root@localhost ~]# cat /proc/45113/limits
  6. Limit Soft Limit Hard Limit Units
  7. Max cpu time unlimited unlimited seconds
  8. Max file size unlimited unlimited bytes
  9. Max data size unlimited unlimited bytes
  10. Max stack size 8388608 unlimited bytes
  11. Max core file size unlimited unlimited bytes
  12. Max resident set unlimited unlimited bytes
  13. Max processes 3059 3059 processes
  14. Max open files 9000 9000 files
  15. Max locked memory 16777216 16777216 bytes
  16. Max address space unlimited unlimited bytes
  17. Max file locks unlimited unlimited locks
  18. Max pending signals 3059 3059 signals
  19. Max msgqueue size 819200 819200 bytes
  20. Max nice priority 0 0
  21. Max realtime priority 0 0
  22. Max realtime timeout unlimited unlimited us
  23. [root@localhost ~]#

测试方法:

已知 nslcd 去连接 openLDAP-servers
nslcd 配置文件 /etc/nslcd.conf 设置 threads 2000; 这样理论上 nslcd 就能与 openLDAP-server 发起多个连接。 我们设置 多台 这样的 nslcd;同时发起连接。 便能去测试。

同理,当你把 openLDAP-servers 的连接数调小之后, 也可以用类似来测试。
/etc/nslcd.confthreads NUM 参数说明

Specifies the number of threads to start that can handle requests and perform LDAP queries. Each thread opens a separate connection to the LDAP server. The default is to start 5 threads.

  1. [root@localhost etc]# cat /etc/nslcd.conf |grep -v '#'
  2. threads 2000
  3. uid nslcd
  4. gid ldap
  5. uri ldap://192.168.116.130/
  6. base dc=sys,dc=com
  7. ssl no
  8. rootpwmoddn uid=admin,dc=sys,dc=com
  9. binddn cn=test1,ou=it,dc=sys,dc=com
  10. bindpw {SSHA}bQW6OAIjvpyOXYZltN9RzMJCnjhfJpAR

查看连接数 命令。

netstat -anlp |grep "192.168.116.130:389"| grep 'ESTABLISHED' |wc -l

192.168.116.130:389 为 server ip.
效果:

slapd_connection_pressure_test.png

备注

关于一些疑问: 一开始我们看官网 以为需要修改 FD_SETSIZE 这个东西,测试之后发现问题不在这。
https://www.openldap.org/faq/data/cache/1126.html
https://www.openldap.org/faq/data/cache/1127.html

后来 设置 LimitNOFILE 发现这是有效的。 还请查验。