2.2. Operating System Requirements

2.2. Operating System Requirements

Directory Server is supported on these operating systems: Red Hat Enterprise Linux 4 and 5 (x86 and x86_64), HP-UX 11i (IA 64), and Sun Solaris 9 (sparc 64-bit). The specific operating system requirements and kernel settings, patches, and libraries are listed for each.

Along with meeting the required operating system patches and platforms, system settings, like the number of file descriptors and TCP information, should be reconfigured to optimize the Directory Server performance.

Directory Server includes a tool, dsktune, which simplifies configuring your system settings. This section describes what settings to change on the machine on which Directory Server is installed.

2.2.1. Using dsktune

After the packages for Directory Server are installed there is tool called dsktune which can scan a system to check for required and installed patches, memory, system configuration, and other settings required by Directory Server. The dsktune utility even returns information required for tuning the host server's kernel parameters.

NOTE

The setup program also runs dsktune, reports the findings, and asks you if you want to continue with the setup procedure every time a Directory Server instance is configured.

Red Hat recommends running dsktune before beginning to set up the Directory Server instances so that you can properly configure your kernel settings and install any missing patches. On Red Hat Enterprise Linux and Solaris, the dsktune utility is in the /usr/bin directory; on HP-UX, it is in /opt/dirsrv/bin. To run it, simply use the appropriate command:

/usr/bin/dsktune

Red Hat Directory Server system tuning analysis version 10-AUGUST-2007.

NOTICE : System is i686-unknown-linux2.6.9-34.EL (1 processor).

WARNING: 1011MB of physical memory is available on the system. 
1024MB is recommended for best performance on large production system.

NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds
(120 minutes).  This may cause temporary server congestion from lost
client connections.

WARNING: There are only 1024 file descriptors (hard limit) available, which
limit the number of simultaneous connections.

WARNING: There are only 1024 file descriptors (soft limit) available, which
limit the number of simultaneous connections.

NOTE

dsktune is run every time the Directory Server configuration script, setup-ds-admin, is run.

2.2.2. Red Hat Enterprise Linux 4 and 5

Directory Server is supported on two versions of Red Hat Enterprise Linux:

  • Red Hat Enterprise Linux 4 AS and ES on x86 and x86_64 platforms

  • Red Hat Enterprise Linux 5 Server on x86 and x86_64 platforms

NOTE

Red Hat Directory Server is also supported running on a virtual guest on Red Hat Enterprise Linux Virtualization Server 5.

Both Red Hat Enterprise Linux versions 4 and 5 on 32-bit and 64-bit platforms have the same system requirements, as listed in Table 2.2, “Red Hat Enterprise Linux Operating System and Hardware Requirements”. The patches required are listed in Section 2.2.2.1, “Red Hat Enterprise Linux Patches”, and the recommended system configuration changes are described in Section 2.2.2.2, “Red Hat Enterprise Linux System Configuration”.

Criteria Requirements
Operating System Red Hat Enterprise Linux 4 or 5 with the latest patches and upgrades
CPU Type Pentium 3 or higher; 500MHz or higher
Memory/RAM
256 MB minimum
Up to the system limit (on 32 bit systems, typically 3 GB RAM or 4 GB RAM with hugemem kernel) for large environments
Hard Disk
200 MB of disk space minimum for a typical deployment
2 GB minimum for larger environments
4 GB minimum for very large environments (more than a million entries)
Other To run the Directory Server using port numbers less than 1024, such as the default port 389, you must setup and start the Directory Server as root, but it is not necessary to run the Directory Server as root.
Table 2.2. Red Hat Enterprise Linux Operating System and Hardware Requirements

2.2.2.1. Red Hat Enterprise Linux Patches

The default kernel and glibc versions for Red Hat Enterprise Linux 4 and 5 are the only required versions for the Red Hat Directory Server host machine. If the machine has a single CPU, the kernel must be presented in the form kernel-x.x.x.x. If the machine has multiple CPUs, the kernel must be presented the form kernel-smp-x.x.x.x. To determine the components running on the machine, run rpm -qa.

Run the dsktune utility to see if you need to install any other patches. dsktune helps verify whether the appropriate patches are installed on the system and provides useful information for tuning your kernel parameters for best performance. For information on dsktune, see Section 2.2.1, “Using dsktune”.

Criteria Requirements
Operating System
Red Hat Enterprise Linux 4 AS and ES (x86 and x86_64)
Red Hat Enterprise Linux 5 Server (x86 and x86_64)
Required Filesystem ext3
Table 2.3. System Versions

2.2.2.2. Red Hat Enterprise Linux System Configuration

After verifying the system's kernel and glibc configuration and installing any required modules and patches, fine-tune the Red Hat Enterprise Linux system to work with Directory Server. For the best performance, configure the host server before configuring the Directory Server instance by running the setup-ds-admin.pl script.

2.2.2.2.1. Perl Prerequisites

For Red Hat Enterprise Linux systems, use the Perl version that is installed with the operating system in /usr/bin/perl for both 32-bit and 64-bit versions of Red Hat Directory Server.

2.2.2.2.2. File Descriptors

Editing the number of file descriptors on the Linux system can help Directory Server access files more efficiently. Editing the maximum number of file descriptors the kernel can allocate can also improve file access speeds.

  1. First, check the current limit for file descriptors:

    cat /proc/sys/fs/file-max
    
  2. If the setting is lower than 64000, edit the /etc/sysctl.conf file, and reset the fs.file-max parameter:

    fs.file-max = 64000
    
  3. Then increase the maximum number of open files on the system by editing the /etc/security/limits.conf configuration file. Add the following entry:

    *        -        nofile        8192
    
  4. Edit the /etc/pam.d/system-auth, and add this entry:

    session required /lib/security/$ISA/pam_limits.so
    
  5. Reboot the Linux machine to apply the changes.

2.2.2.2.3. DNS Requirements

It is very important that DNS and reverse DNS be working correctly on the host machine, especially if you are using TLS/SSL or Kerberos with Directory Server.

Configure the DNS resolver and the NIS domain name by the modifying the /etc/resolv.conf, /etc/nsswitch.conf, and /etc/netconfig files, and set the DNS resolver for name resolution.

Edit the /etc/defaultdomain file to include the NIS domain name. This ensures that the fully-qualified host and domain names used for the Directory Server resolve to a valid IP address and that that IP address resolves back to the correct hostname.

Reboot the Red Hat Enterprise Linux machine to apply these changes.

2.2.3. HP-UX 11i

Directory Server runs on HP-UX version 11i only; earlier HP-UX versions are not supported. Directory Server runs on a 64-bit HP-UX 11i environment as a 64-bit process.

Table 2.4, “HP-UX 11i” lists the hardware requirements. Section 2.2.3.1, “HP-UX Patches” lists the required patches, and the recommended system configurations are in Section 2.2.3.2, “HP-UX System Configuration”.

Criteria Requirements
Operating System HP-UX 11i with the latest patches and upgrades
CPU Type HP 9000 architecture with an Itanium CPU
Memory/RAM
256 MB minimum
1 GB RAM for large environments
Hard Disk
300 MB of disk space minimum for a typical deployment
2 GB minimum for larger environments
4 GB minimum for very large environments (more than a million entries)

You must use the largefile command to configure database files larger than 2 GB.

Other To run the Directory Server using port numbers less than 1024, such as the default port 389, you must setup and start the Directory Server as root, but it is not necessary to run the Directory Server as root.
Table 2.4. HP-UX 11i

2.2.3.1. HP-UX Patches

The HP-UX 11i host must have the correct packages and dependencies installed to run Directory Server. The patch list changes daily, so check the HP site regularly to ensure you have the latest releases:

The first package to install is the PHSS_30966: ld(1) and linker tools cumulative patch. The other required patches are listed in Table 2.5, “HP-UX 11i Patches”. Run the dsktune utility to see if you need to install any other patches. dsktune helps verify whether the appropriate patches are installed on the system and provides useful information for tuning your kernel parameters for best performance. For information on dsktune, see Section 2.2.1, “Using dsktune”.

Criteria Requirements
GOLDAPPS11i B.11.11.0406.5 Gold Applications Patches for HP-UX 11i v1, June 2004
GOLDBASE11i B.11.11.0406.5 Gold Base Patches for HP-UX 11i v1, June 2004
GOLDQPK11i HP-UX 11i Quality Pack patch from June 2004 or later
Table 2.5. HP-UX 11i Patches

2.2.3.2. HP-UX System Configuration

Before setting up Directory Server, tune your HP-UX system so Directory Server can access the respective kernel parameters. To tune HP-UX systems, enable large file support, set the TIME_WAIT value, and modify kernel parameters.

2.2.3.2.1. Perl Prerequisites

On HP-UX, Red Hat Directory Server uses the Perl version installed with the operating system in /opt/perl_64/bin/perl. Contact Hewlett-Packard support if this Perl version is not installed.

2.2.3.2.2. Kernel Parameters

The parameters to edit and the recommended values are listed in Table 2.6, “HP-UX 11i Kernel Parameters”.

Parameter Setting
maxfiles 1024
nkthread 1328
max_thread_proc 512
maxuser 64
maxuprc 512
nproc 750
Table 2.6. HP-UX 11i Kernel Parameters

2.2.3.2.3. TIME_WAIT Setting

Normally, client applications that shut down correctly cause the socket to linger in a TIME_WAIT state. Verify that the TIME_WAIT entry is set to a reasonable duration. For example:

ndd -set /dev/tcp tcp_time_wait_interval 60000

This limits the socket TIME_WAIT state to 60 seconds.

2.2.3.2.4. Large File Support

To run Directory Server on HP-UX, you must enable large file support.

  1. Unmount the filesystem using the umount command.

    umount /export
    
  2. Create the large filesystem.

    fsadm -F vxfs -o largefiles /dev/vg01/rexport
    
  3. Remount the filesystem.

    /usr/sbin/mount -F vxfs -o largefiles /dev/vg01/export
    
2.2.3.2.5. DNS Requirements

It is very important that DNS and reverse DNS be working correctly on the host machine, especially if you are using TLS/SSL or Kerberos with Directory Server.

Configure the DNS resolver and the NIS domain name by the modifying the /etc/resolv.conf, /etc/nsswitch.conf, and /etc/netconfig files, and set the DNS resolver for name resolution.

Edit the /etc/defaultdomain file to include the NIS domain name. This ensures that the fully-qualified host and domain names used for the Directory Server resolve to a valid IP address and that that IP address resolves back to the correct hostname.

Then, reboot the HP-UX machine to apply these changes.

2.2.4. Sun Solaris 9

Directory Server on Solaris 9 requires an UltraSPARC (SPARC v9) processor, which 64-bit applications as well as high-performance and multi-processor systems. Earlier SPARC processors are not supported. Use the isainfo command to verify that the system has support for sparc9. Verify the system's kernel configuration, install the appropriate modules and patches, and then fine-tune the system to work with Sun Solaris 9.

The system requirements are listed in Table 2.7, “Sun Solaris sparcv9”. The required patches are listed in Section 2.2.4.1, “Solaris Patches”, and the recommended configuration changes are described in Section 2.2.4.2, “Solaris System Configuration”.

Criteria Requirements
Operating System Solaris 9 with the latest patches and upgrades
CPU Type UltraSparc-IIi SPARC v9 300MHz or faster (64-bit)
Memory/RAM
256 MB minimum
1 GB RAM for large environments
Hard Disk
200 MB of disk space minimum for a typical deployment
2 GB minimum for larger environments
4 GB minimum for very large environments (more than a million entries)

You must use the largefile command to configure database files larger than 2 GB.

Other To run the Directory Server using port numbers less than 1024, such as the default port 389, you must setup and start the Directory Server as root, but it is not necessary to run the Directory Server as root.
Table 2.7. Sun Solaris sparcv9

2.2.4.1. Solaris Patches

The patches required to run the Directory Server on Solaris 9 are listed in Table 2.8, “Sun Solaris Patches”. Run the dsktune utility to see if you need to install any other patches. dsktune helps verify whether the appropriate patches are installed on the system and provides useful information for tuning your kernel parameters for best performance. For information on dsktune, see Section 2.2.1, “Using dsktune”.

Patch ID Description
112998-03 SunOS 5.9: patch /usr/sbin/syslogd
112875-01 SunOS 5.9: patch /usr/lib/netsvc/rwall/rpc.rwalld
113146-04 SunOS 5.9: Apache Security Patch
113068-05 SunOS 5.9: hpc3130 patch
112963-14 SunOS 5.9: linker patch
113273-08 SunOS 5.9: /usr/lib/ssh/sshd patch
112233-12 SunOS 5.9: Kernel patch
112964-08 SunOS 5.9: /usr/bin/ksh patch
112808 CDE1.5: Tooltalk patch
113279-01 SunOS 5.9: klmmod patch
113278-07 SunOS 5.9: NFS Daemon patch
113023 SunOS 5.9: Broken preremove scripts from S9 ALC packages
112601-09 SunOS 5.9: PGX32 Graphics
113923-02 X11 6.6.1: security font server patch
112817-18 SunOS 5.9: Sun Gigaswift Ethernet 1.0 driver patch
113718-02 SunOS 5.9: usr/lib/utmp_udate patch
114135-01 SunOS 5.9: at utility patch
112834-04 SunOS 5.9: patch scsi
112907-03 SunOS 5.9: libgss patch
113319 SunOS 5.9: libnsl nispasswd
112785-43 SunOS 5.9: Xsun patch
112970-07 SunOS 5.9: patch libresolv
112951-09 SunOS 5.9: patchadd and patchrm patch
113277-24 SunOS 5.9: st, sd, and ssd patch
113579-06 SunOS 5.9: ypserv/ypxfrd patch
112908-14 SunOS 5.9: krb5 shared object patch
113073-14 SunOS 5.9: ufs and fsck patch
Table 2.8. Sun Solaris Patches

2.2.4.2. Solaris System Configuration

After installing any required patches or modules, tune the Solaris system to work with Directory Server. There are three areas that may need modified for optimum Directory Server performance: the TCP service, DNS/NIS service, and the file descriptors.

2.2.4.2.1. Perl Prerequisites

On Solaris systems, Red Hat Directory Server is installed with a Perl package, RHATperlx, that must be used. This package contains a 64-bit version of Perl 5.8. It is not possible to use the Perl version installed in /usr/bin/perl on Solaris because it is 32 bit and will not work with Directory Server's 64-bit components.

2.2.4.2.2. TCP Tuning

Edit the Solaris TCP configuration Directory Server can access local system ports better. If tuned properly, this may enhance network connection speeds. The maximum achievable throughput for a single TCP connection is determined by several factors, including the maximum bandwidth on the slowest link on the path, bit errors that limit connections, and the total round-trip time.

The configuration that must be edited is in the /dev/tcp directory. Reset the following parameters:

  • tcp_time_wait_interval determines the time (in milliseconds) that a TCP connection remains in a kernel's table after being closed. If its value is above 30000 (or 30 seconds) and the directory is being used in a LAN, MAN, or other network connection, reduce the value by modifying the /etc/init.d/inetinit file:

    ndd -set /dev/tcp tcp_time_wait_interval 30000
    
  • The tcp_conn_req_max_q0 and tcp_conn_req_max_q parameters control the connection's maximum backlog that gets accepted by the kernel. If a directory is used by a large number of client hosts simultaneously, increase these values by at least 1024. Edit the /etc/init.d/inetinit file:

    ndd -set /dev/tcp tcp_conn_req_max_q0 1024 
    ndd -set /dev/tcp tcp_conn_req_max_q 1024
    
  • The tcp_keepalive_interval setting determines the duration (in seconds) between the keepalive packets sent for each open TCP connection. Edit this setting to remove client connections that disconnect from the network.

  • Check the tcp_rexmit_interval_initial parameter value for server maintenance testing on a high speed LAN, MAN, or other network connection. For wide area networks, you do not have to change the tcp_rexmit_interval_initial value.

  • The tcp_smallest_anon_port setting determines the number of simultaneous server connections. If you increase the rlim_fd_max value to over 4096, you must decrease the tcp_smallest_anon_port value in the /etc/init.d/inetinit file.

    ndd -set /dev/tcp tcp_smallest_anon_port 8192
    
  • Reboot the Solaris machine to apply these changes.

2.2.4.2.3. DNS and NIS Requirements

It is very important that DNS and reverse DNS be working correctly on the host machine, especially if you are using TLS/SSL or Kerberos with Directory Server.

Configure the DNS resolver and the NIS domain name by the modifying the /etc/resolv.conf, /etc/nsswitch.conf, and /etc/netconfig files, and set the DNS resolver for name resolution.

Edit the /etc/defaultdomain file to include the NIS domain name. This ensures that the fully-qualified host and domain names used for the Directory Server resolve to a valid IP address and that that IP address resolves back to the correct hostname.

Then, reboot the Solaris machine to apply these changes.

2.2.4.2.4. File Descriptors

For a large deployment or to support a large number of concurrent connections, increase the number of file descriptors available for the Directory Server. This requires accessing the system-wide maximum file descriptor table. The governing parameter, rlim_fd_max, is in the /etc/system file. By default, if this parameter is not present, the allowed maximum value is 1024. You can increase this to 4096 by adding the line, set rlim_fd_max=4096 to the /etc/system file.

Reboot the Solaris machine to apply these changes.

To determine the soft limit for file descriptors, run the command ulimit -n. You can also use the dsktune utility to determine the file descriptor hard and soft limits, as described in Section 2.2.1, “Using dsktune”.


Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.