kpropd on replica core dumping at start! (was Re: iprop_iprop_replica_poll=2m default...)

Tareq Alrashid tareq at qerat.com
Thu Feb 20 10:19:46 EST 2020 

RHEL 7.7 

2am all of a sudden all my replicas kpropd process crashed with a core dump. Nothing has changed!  

systemctl status kprop.service 

kprop.service: main process exited, code=dumped, status=6/ABRT
Feb 20 09:35:13 kerb-replica systemd[1]: Unit kprop.service entered failed state.
Feb 20 09:35:13 kerb-replica systemd[1]: kprop.service failed.


kdc.conf on replica
      ….
	iprop_port           = 754
        iprop_slave_poll     = 3s
    }

Any ideas would be most appreciate, as we are in the weeds now looking at what has happened.  

Thank you in advance

Tareq

> On Jan 12, 2020, at 9:45 PM, TAREQ ALRASHID <tareq at qerat.com> wrote:
> 
> Since my last message, I came across the documentation part were it mentions the iprop_slave_poll. 
> We’re running Kerberos 5 release 1.15.1! - Will make the proper change and the test results should make more sense!
> 
> Thanks Greg.
> 
> 
> 
>> On Jan 12, 2020, at 5:54 PM, Greg Hudson <ghudson at mit.edu> wrote:
>> 
>> On 1/10/20 8:22 PM, Tareq Alrashid wrote:
>>> Maybe I am missing something but changing the kdc.conf to any value...
>>> 
>>> iprop_replica_poll=1s 
>>> or even...
>>> iprop_replica_poll   = 0.016666666666667m
>>> (for 1s= 1/60min!)
>>> 
>>> Based on tailing the kadmind.log, it is showing the replica polling
>>> every 2m!?
>> 
>> If you are running a release prior to 1.17, you need to use the old name
>> .  (The old name still works in 1.17 as well.)
>> 
>> Also make sure to set the value on the machine running kpropd (not the
>> master KDC where kadmind is run), and to restart kpropd.
>> 
>> I don't think the delta time format supports floating point values, but
>> "1s" or just "1" should work.
>> 
>>> Final question if there is any negative impact for having replicas poll at often as one second or maybe it is best to be at higher numbers of seconds?
>> Polling every second will cause a little bit of work on the replica and
>> the master KDC each second, and use a little bit of network traffic.
>> With today's computers and networks it's probably going to have much impact.
>

More information about the Kerberos mailing list