Symas OpenLDAP Knowledge Base

Configuring Core Dumps

Checking Core Dump Permission

On most Unix/Linux systems, the creation of core dumps by non-admin/root users is disabled.

Core file creation is controlled by the ulimit command. A few things to note about ulimit are:

Default ulimit settings are default shell profiles and/or the /etc/security/limits.conf file (depending on the system).

Any change to a ulimit setting during a login session are valid only for the login session and will not apply to new or parallel sessions. Permanent changes must be made to the user/global login profile or limits.conf file.

There are two types of limits: soft and hard. Soft limits are the maximum ulimit values that may be set for a user. Hard limits are the maximum ulimit values allowed system-wide and cannot be overridden by the user.

When the ulimit command is used, the limits that are listed or set are for that login process only. Ulimit cannot be used to list or update the limits for other system/user processes.

In the following example, the ulimit command is used to check the hard and soft limits for core files:

Checking Soft & Hard Ulimits for Core Files

This checks the soft limit of a core file size

    userHome: ~> ulimit -Sc 
    0

This checks the hard limit of a core file size

    userHome: ~> ulimit -Hc 
    unlimited

There are three values that may be used for the core file setting in ulimit:

  • Value
  • Function
  • 0 Setting the value to zero disables the creation of core files
  • N Setting the value to any number above zero will be the maximum size in blocks. Core files that are greater than N blocks will be truncated which renders the core file useless for troubleshooting.
  • unlimited There are no restrictions to the size of the core file. The full core file will be created, however, if the size of the core file is greater than the amount of available disk space, the filesystem may be filled causing further issues.

Enabling Core Dumps

Disk Space Warning

Depending on the size of the LDAP database, core dumps can be extremely large. Before enabling core dumps, make sure that your server has enough disk space to accommodate the core file.

RHEL 6+ and CentOS 6+ Users

Core files may be handled differently in RHEL & CentOS 6+ by the abrtd daemon, which causes core dumps to be automatically deleted. See Preventing Core Dump Deletion for more information and instructions.

In order for core dumps to be taken, the ulimit core size needs to be set to “unlimited” before slapd is started. The best way to do this is to add the ulimit command to the start of your /opt/symas/etc/openldap/symas-openldap.conf file:

Enabling Cores in symas-openldap.conf

Symas OpenLDAP Configuration file

Copyright (c) 2015 Symas Corporation. All Rights Reserved.

This file contains configuration information for Symas OpenLDAP.

Refer to the comments just before each variable to determine proper

settings.

Set ulimit to allow core dumps

    ulimit -c unlimited

RUN_SLAPD - Control the ldap server daemon.

A value of Y will cause the ldap server daemon to be started.

Any other value will prevent it from being started.

RUN_SLAPD=Y

Creating Core Dumps in Linux

CREATE A CORE DUMP WITH KILLING slapd

If the process is still running and you need to kill it, send the slapd process a SIGQUIT signal:

Core Dump With kill

Get the slapd process ID

user@host> ps -C slapd

PID TTY TIME CMD

23348 ? 15:35:33 slapd

Kill the process with a SIGQUIT signal

user@host> kill -3 23348

After you kill the process, there should be a file with the name “core” in it in your current working directory.

CREATE A CORE DUMP WITHOUT KILLING slapd

If you need a core dump but don’t want or need to kill slapd, you can obtain the core dump by using the gcore utility. This will create a core without disturbing the slapd process. The gcore utility is not installed by default on some systems.

To obtain a core with gore, get the process id of slapd, then call gcore:

Core Dump With gcore

Get the slapd process ID

user@host> ps -C slapd

PID TTY TIME CMD

23348 ? 15:35:33 slapd

Run gcore with the slapd process id

user@host> gcore 23348

The resulting core file should be in your current working directory and should have the id of the process that was dumped in the filename

Preventing Core Dump Deletion

After a slapd crash, the core dump generated is deleted automatically by abrtd on RHEL 6+, CentOS6+

The OpenGPGCheck setting in /etc/abrt/abrt-action-save-package-data.conf is set to “yes” (this is the default setting). When set to “yes”, abrtd will only process packages that are signed with a GPG key located in /etc/abrt/gpg_keys. Any core that isn’t generated from a signed package is automatically deleted.

Solution

Change the value for the OpenGPGCheck to “no”.

Open /etc/abrt/abrt-action-save-package-data.conf in a text editor with root privileges.

Change the value of OpenGPGCheck to “no”.

Save the changes and close the editor

It is not necessary to restart the abrt daemon or slapd for the change to go in to effect.