Learn more about these different git repos.
Other Git URLs
The attached patch adds support for a connection idle timer in sssd_nss which upon firing will check for and terminate idle connections. The motivation for this is to prevent sssd_nss from running out of file descriptors when a large number of long lived processes keep open connections to sssd_nss. The symptom can readily observed by running lsof on sssd_nss and counting the number instances of
/var/lib/sssd/pipes/nss. Without the patch, we found sssd_nss becomes unresponsive on a number of our hosts with long lived connections such as imap servers. We have encountered the problem in both RHEL 5 & 6 running sssd 1.5.1.
The patch adds an idle_timeout parameter to sssd.conf with a default value of zero that preserves the current behavior of not expiring any connections. Expiry is only done when this parameter is set to a value greater than zero.
Patch to implement idle connection expiry
Please see review comments on https://fedorahosted.org/pipermail/sssd-devel/2012-May/009941.html
Please subscribe there and send updated patches to the sssd-devel list. You can subscribe at https://fedorahosted.org/mailman/listinfo/sssd-devel
Also, it's preferred to have you send git-formatted patches. Please take a look at https://fedorahosted.org/sssd/wiki/DevelTutorials for tips on how to get started.
Thank you very much for your contribution, we just need to massage it a bit before we get it included.
milestone: NEEDS_TRIAGE => SSSD 1.9.0 beta 3
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=827036
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=827036 827036]
Attached are 3 patches which address the concerns raised with our original patch. Please note these patches have only received basic testing so far and are undergoing further validation. The patch breakdown is as follows.
This patch fixes a bug where the returned errno value was that of close(2)
instead of the previous operation's.
This patch modifies the client destructor to log a message on close(2) failure.
This is the core idle connection expiry patch. The major change of note is the elimination of
signal mask manipulation to deal with SIGPIPE. We now use send(2) with MSG_NOSIGNAL instead of
write(2) as in the original code to prevent SIGPIPE from being raised. SIGPIPE has to be dealt with
because we found in our testing on RHEL 6 for instance, `crond' would die due to SIGPIPE if we did
not protect against it.
We have also incorporated all your other coding as well as style suggestions in the patch.
owner: somebody => sgallagh
status: new => assigned
milestone: SSSD 1.9.0 beta 5 => SSSD 1.9.0 beta 3
patch: 0 => 1
resolution: => fixed
status: assigned => closed
Metadata Update from @sgoel:
- Issue assigned to sgallagh
- Issue set to the milestone: SSSD 1.9.0 beta 3
to comment on this ticket.