[35959] in Kerberos
The mysterious death of kprop when running incremental propagtion
daemon@ATHENA.MIT.EDU (William Clark)
Mon Mar 31 16:52:45 2014
From: William Clark <majorgearhead@gmail.com>
Message-Id: <261DDE93-1960-4062-9A28-7AE6F37AA113@gmail.com>
Date: Mon, 31 Mar 2014 16:52:27 -0400
To: kerberos@mit.edu
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
Content-Type: text/plain; charset="windows-1252"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Here is my setup as of now. I have a single master KDC, and 9 slave KDC’s. I have incremental propagation set up at 2m interval, and it works quite well for a little while. At some indeterminate time, KDC’s start getting really far out of sync and I notice that kprop has died on these servers with a SIG ABRT. Any attempt to restart kprop does not start it. The only way I have seen to restart it is to remove principal.ulog file on that mdc and then restart. It then runs just fine.
Couple of thoughts / contemplative questions:
- Could this potentially be FD related? I am not running out of FD’s at the time this happens though…
- Could this be load related. I am required to run 'kdb5_util dump' every 10 mins to gather data that is then audited. There are about 80k + principals in my DB, but the process takes less than 20 seconds. During this time I wonder if the principal DB is getting locked, and if this is causing kprop/kadmin to get in a very funny state. Is this even a viable concern?
Need some help on this before I am forced to go back to old propagation methods.
William Clark
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
