IdP 2.2.1 (with ECP) and long transactions

Cantor, Scott cantor.2 at osu.edu
Thu Jul 12 20:57:31 EDT 2012


On 7/12/12 8:26 PM, "Derek Yuen" <derek.yuen at mail.utoronto.ca> wrote:
>
>We have two modern Linux servers -- 2 cores, 4GB memory. We can easily
>add more if necessary. Between the two IdPs, we're handling between 1-1.5
>million logins per day; we expect to handle more come September.

Ok. That's "a lot". I just wanted to make sure it was justified. Some
people, due to old information, tend to think it can't handle even a tiny
load, so it's worth asking.

>At the time of the problems, we did not see any contention for CPU or
>memory resources. 
>From what we see (from sar data), cpu utilization was nearly zero and
>memory usage was unremarkable.

Clearly it's hung up on I/O somewhere, or deadlocked.

>The only evidence we have are generic broken pipe entries in catalina.log.

I really think that's nothing, just clients timing out.

>Investigating the back-end pieces was a second path we were about to look
>at -- we were hoping to buy some time in stabilizing the system first by
>increasing the child capacity.

That¹s not going to work. If the bottleneck is somewhere else, all you do
is make it worse.

>At this point, could you kindly advise us as to how we should approach
>investigating the backend pieces from the IdP's perspective?

No idea, I know nothing about your back end. I don't use remote data
sources as primary tools, I cache data locally. When you can't trust your
remote sources, you don't have much choice.

I know very little about performance tuning. I over-size my systems, and
so far it's avoided me having any need to care how to tune anything. Time
is expensive and hardware is cheap. But you have idle servers locked up,
so buying capacity won't help you. Something's fundamentally wrong.

-- Scott



More information about the users mailing list