Page MenuHomePhabricator
Create Task
Maniphest T130593

investigate slapd memory leak
Closed, ResolvedPublic
Actions

Description

it looks like slapd / openldap regularly leaks memory on seaborgium / serpens, and one of the causes for T130446: Unable to SSH onto tools-login.wmflabs.org

2016-03-22-111610_430x290_scrot.png (290×430 px, 22 KB)
2016-03-22-111559_430x292_scrot.png (292×430 px, 23 KB)

Details

ProjectBranchLines +/-Subject
operations/puppetproduction+7 -0labs: restart slapd if it uses > 50% of memory
Customize query in gerrit

Related Objects
Search...

Event Timeline

fgiunchedi created this task.Mar 22 2016, 11:19 AM
MoritzMuehlenhoff added a comment.Mar 22 2016, 11:37 AM

There's a similar report for openldap 2.4.40 at http://www.openldap.org/lists/openldap-technical/201504/msg00005.html

There are three memory leak fixes related to syncrepl/syncprov made in openldap 2.4.41, which might cause these:
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8035
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8038
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8039

MoritzMuehlenhoff added a comment.Mar 22 2016, 7:03 PM

Moving to a backport of 2.4.41 is probably the better solution, though.

MoritzMuehlenhoff claimed this task.Mar 22 2016, 7:17 PM
Andrew added a comment.Apr 21 2016, 1:47 AM

Seaborgium went OOM briefly just now and threw some errors.

Dzahn added a subscriber: Dzahn.Apr 21 2016, 1:54 AM

seems like we had one again today. serpens and seaborgium were reported by Icinga as having various issues. then serpens recoverd itself. seaborgium showed puppet errors. so i ran puppet to check and:

seaborgium puppet-agent[6631]: Could not run command from postrun_command: Cannot allocate memory - fork(2)

i restarted slapd and that apparently fixed it

MoritzMuehlenhoff added a comment.Apr 29 2016, 11:49 AM

I'll build a backport of 2.4.41.

Stashbot added a subscriber: Stashbot.May 2 2016, 9:58 AM

Mentioned in SAL [2016-05-02T09:58:44Z] <moritzm> uploaded openldap 2.4.41+wmf1 for jessie-wikimedia to carbon (T130593)

MoritzMuehlenhoff added a subtask: T120919: Add openldap/labs servers to backup.May 20 2016, 8:10 AM
zhuyifei1999 added a subscriber: zhuyifei1999.May 20 2016, 8:15 AM
MoritzMuehlenhoff added a comment.Jun 10 2016, 8:58 AM

I have tested the 2.4.41 packages in vagrant with a syncrepl setup and seems fine. Update will happen next week, not really something for a Friday...

MoritzMuehlenhoff closed subtask T120919: Add openldap/labs servers to backup as Resolved.Jul 11 2016, 2:41 PM
Stashbot added a comment.Jul 17 2016, 10:31 AM

Mentioned in SAL [2016-07-17T10:31:13Z] <godog> restart slapd on serpens - T130593

Stashbot added a comment.Jul 19 2016, 9:10 AM

Mentioned in SAL [2016-07-19T09:10:29Z] <godog> upgrade slapd to 2.4.41+dfsg-1+wmf1 on serpens - T130593

fgiunchedi added a comment.Jul 19 2016, 9:14 AM

freshly restarted slapd

openldap 16378  1.8  1.2 466556 52048 ?        Ssl  09:10   0:03 /usr/sbin/slapd -h ldap:/// ldaps:/// ldapi:/// -g openldap -u openldap -f /etc/ldap/slapd.conf
fgiunchedi added a comment.Jul 21 2016, 9:04 AM

serpens still shows some memory growth, possibly not fixed yet

screenshot_kTxpIK.png (292×422 px, 22 KB)

chasemp added a comment.Jul 23 2016, 3:51 AM

I had to reboot seaborgium today as it froze up and took out ldap with it.

!log gnt-instance reboot seaborgium.wikimedia.org

I would say...definitely something is still up, and the really confusing thing is that the presence of serpens does not stop a sea of cascading failure.

fgiunchedi added a comment.Jul 25 2016, 9:20 AM

indeed, looks like serpens started leaking memory even with an updated slapd, and as soon as it took over from seaborgium.

yuvipanda removed MoritzMuehlenhoff as the assignee of this task.Jul 25 2016, 3:42 PM
yuvipanda raised the priority of this task from Medium to High.

(moving to high since this caused a couple more outages)

yuvipanda added a comment.Jul 25 2016, 3:42 PM

Have we considered giving it more RAM?

MoritzMuehlenhoff added a comment.Jul 25 2016, 3:51 PM
In T130593#2492252, @yuvipanda wrote:

Have we considered giving it more RAM?

Won't help much, only stretching the interval until it OOMs at some point again.

gerritbot added a subscriber: gerritbot.Jul 25 2016, 4:50 PM

Change 300902 had a related patch set uploaded (by Dzahn):
labs: restart slapd once a week

https://gerrit.wikimedia.org/r/300902

Dzahn mentioned this in rOPUP15c98050c0af: labs: restart slapd once a week.Jul 25 2016, 4:56 PM
Dzahn mentioned this in rOPUPe39a2ff8299b: labs: restart slapd once a week.
yuvipanda created subtask T141277: Investigate failover failure of LDAP servers.Jul 25 2016, 5:00 PM
Dzahn mentioned this in rOPUP271a984f2e8b: labs: restart slapd once a week.Jul 25 2016, 5:01 PM
Dzahn mentioned this in rOPUPb87a74c353db: labs: restart slapd once a week.Jul 25 2016, 5:06 PM
Dzahn mentioned this in rOPUPec9221ecaf35: labs: restart slapd once a week.Jul 25 2016, 5:50 PM
Dzahn mentioned this in rOPUPb4c6e707f5f7: labs: restart slapd once a week.Jul 28 2016, 7:28 PM
Dzahn mentioned this in rOPUP04b307d0295c: labs: restart slapd if it uses > 50% of memory.Jul 28 2016, 7:49 PM
Dzahn mentioned this in rOPUPf3c48b7d9f68: labs: restart slapd if it uses > 50% of memory.Aug 3 2016, 12:55 AM
Dzahn mentioned this in rOPUP118026978723: labs: restart slapd if it uses > 50% of memory.Aug 3 2016, 5:04 PM
gerritbot added a comment.Aug 3 2016, 5:08 PM

Change 300902 merged by Andrew Bogott:
labs: restart slapd if it uses > 50% of memory

https://gerrit.wikimedia.org/r/300902

Dzahn added a comment.Aug 3 2016, 6:13 PM

crons have been created on serpens and seaborgium. they will check once an hour (at a random minute so they are never restarted at the same time) if more than 50% of memory is used and restart the service with systemctl if that is the case.

at the time of merging seaborgium was at about 46% and serpens at about 26%. i restarted slapd on seaborgium manually once and it went down to like 1% (!sic). Serpens i left as it was, so that will reach the 50% first.

[seaborgium:~] $ sudo crontab -u root -l | grep slap
# Puppet Name: restart_slapd
30 * * * * /bin/ps -C slapd -o pmem= | awk '{sum+=$1} END { if (sum <= 50.0) exit 1  }' && /bin/systemctl restart slapd >/dev/null 2>/dev/null

[serpens:~] $ sudo crontab -u root -l | grep slap
# Puppet Name: restart_slapd
49 * * * * /bin/ps -C slapd -o pmem= | awk '{sum+=$1} END { if (sum <= 50.0) exit 1  }' && /bin/systemctl restart slapd >/dev/null 2>/dev/null
Dzahn added a comment.Aug 3 2016, 6:14 PM
[seaborgium:~] $ /bin/ps -C slapd -o pmem=
 3.5

[serpens:~] $ /bin/ps -C slapd -o pmem=
27.1
chasemp mentioned this in T151310: create-dbusers service failing on labstore1004.Nov 22 2016, 2:28 PM
Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 6:43 PM
akosiaris closed this task as Resolved.Jun 30 2017, 8:51 AM
akosiaris claimed this task.
akosiaris added a subscriber: akosiaris.

I am guessing this works fine ? Since then we 've had 0 troubles if I am not mistaken. I am resolving, feel free to reopen

akosiaris mentioned this in T141277: Investigate failover failure of LDAP servers.Jun 30 2017, 8:51 AM
akosiaris closed subtask T141277: Investigate failover failure of LDAP servers as Resolved.
Andrew added a comment.Jun 30 2017, 2:28 PM

Yep, no problems in ages. Thanks for the bug cleanup.

chasemp reopened this task as Open.Jun 30 2017, 6:04 PM

I don't think this should be closed as long as this stuff exists:

modules/role/manifests/openldap/labs.pp

# restart slapd if it uses more than 50% of memory (T130593)
cron { 'restart_slapd':
    ensure  => present,
    minute  => fqdn_rand(60, $title),
    command => "/bin/ps -C slapd -o pmem= | awk '{sum+=\$1} END { if (sum <= 50.0) exit 1 }' \
    && /bin/systemctl restart slapd >/dev/null 2>/dev/null",
}
MoritzMuehlenhoff added a comment.Jul 3 2017, 8:32 AM

Yeah, that's correct, the underlying memory leak isn't fixed, only hidden by the restarts. This is likely still unfixed in stretch, there's nothing in the 2.4.41-2.4.44 changelog which points to a fix.

akosiaris removed akosiaris as the assignee of this task.Dec 19 2017, 10:28 AM
Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 8:34 PM
Bstorm added a subtask: T217280: LDAP server running out of memory frequently and disrupting Cloud VPS clients.Mar 6 2019, 3:19 PM
Bstorm mentioned this in T217280: LDAP server running out of memory frequently and disrupting Cloud VPS clients.
jbond added a subtask: T217758: prometheus-openldap-exporter: Request.write called on a request after Request.finish was called.Mar 6 2019, 6:27 PM
MoritzMuehlenhoff added a subscriber: GTirloni.Mar 12 2019, 8:31 AM

@GTirloni upgraded OpenLDAP on serpens to 2.4.47, but that doesn't change the memory leak.

GTirloni removed a subscriber: GTirloni.Mar 21 2019, 9:06 PM
GTirloni edited projects, added cloud-services-team (Kanban); removed Cloud-Services.Mar 24 2019, 10:30 AM
GTirloni added a project: LDAP.
aborrero closed subtask T217280: LDAP server running out of memory frequently and disrupting Cloud VPS clients as Resolved.Jul 2 2019, 8:33 AM
Bstorm moved this task from Inbox to Graveyard on the cloud-services-team (Kanban) board.Feb 25 2020, 5:46 PM
Marostegui added a subscriber: Marostegui.May 25 2021, 9:39 AM

@MoritzMuehlenhoff do you happen to know if this is still happening or we can close this?

akosiaris closed this task as Resolved.Aug 20 2021, 9:01 AM
akosiaris claimed this task.

I am just gonna re-resolve this. We haven't worked on it in 4 years, it's clearly not a priority. Should we decided to visit it again, we can always reopen

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL