[35992] in Kerberos
Re: The mysterious death of kprop when running incremental propagtion
daemon@ATHENA.MIT.EDU (William Clark)
Wed Apr 2 17:57:27 2014
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: William Clark <majorgearhead@gmail.com>
In-Reply-To: <533A097A.2040404@mit.edu>
Date: Wed, 2 Apr 2014 17:57:05 -0400
Message-Id: <132A6354-29D7-41FF-A364-C942E529F5D9@gmail.com>
To: Greg Hudson <ghudson@mit.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="windows-1252"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
I am in a rock and a hard place. I must use CentOS upstream packages, however their upstream latest is 10.10.3. I see one of the bugs fixed was an issue where a full propagation doesn’t complete all the way but kprop thinks its fine. I think this may be what I am hitting. Wondering if there is any tuning I could do to mitigate this while I wait for later packages. My only other option is to go back to traditional propagation.
Right now my slaves have this config:
iprop_master_ulogsize = 1000
iprop_slave_poll = 2m
Additionally like I shared before, I am running the following every 10 mins '/usr/sbin/kdb5_util dump'
I wonder if upping the ulog size would allow more time before a full prop is called for those times my server is ultra busy. My thinking is this may be happening during full prop which happens because the server was busy for a period of time.
Any thoughts would be helpful.
William Clark
On Mar 31, 2014, at 8:34 PM, Greg Hudson <ghudson@MIT.EDU> wrote:
> On 03/31/2014 05:44 PM, William Clark wrote:
>> Running the following from CentOS upstream:
>> krb5-server-1.10.3-10.el6_4.6.x86_64
>>
>> I am not adverse to going with the latest stable MIT version if it will
>> help in this.
>
> I think testing 1.12.1 would be worthwhile. I don't know of any
> specific bugs in 1.10 which could lead to a SIGABRT, but there are
> numerous iprop and locking improvements which went into 1.11 and 1.12
> but were too invasive to backport to 1.10.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
