subversion 1.7 - Internal server error (HTTP 500) - user account gets locked out

[jackson <ja...@gmail.com>]

Hi Team,


We are using subversion 1.7 version and we are facing issues very often
when the users trying to commit or checkout they are getting HTTP 500 error
and the user is getting locked out.  The users are authenticated via LDAP.



At first we thought it was a server resource crunch issue and we increased
the server resources but still we are getting the same problem



Here is the current details



Subversion running on single server

Repos : 135

Disk Used : Around 500GB

CPU : 4

RAM : 24

Subversion Repo file system type : FSFS



Below is the apache settings



Timeout 60



KeepAlive Off

MaxKeepAliveRequests 100

KeepAliveTimeout 15



<IfModule prefork.c>

StartServers       8

MinSpareServers    5

MaxSpareServers   20

ServerLimit      256

MaxClients       256

MaxRequestsPerChild  4000

</IfModule>



<IfModule worker.c>

StartServers         4

MaxClients         300

MinSpareThreads     25

MaxSpareThreads     75

ThreadsPerChild     25

MaxRequestsPerChild  0

</IfModule>





We have around 100+ users accessing the repos and the CPU utilization is
normal as checked in sar report.



Any advice on the same.


Thanks & regards,

Jackson J

Re: subversion 1.7 - Internal server error (HTTP 500) - user account gets locked out

[Mark Phippard <ma...@gmail.com>]

On Fri, May 21, 2021 at 2:14 PM jackson <ja...@gmail.com> wrote:
>
> HI Mark ,
>
>   Thank you so much , i will enable the debug mode and do the testing and let you know once done.

I would suggest taking a look at the Apache error.log once you do as
it will grow very fast. The LDAP module logs a fair amount and
sometimes you get a sense where it is failing from the debug logs. If
it is possible to just put that module in debug logging it might help
keep the log size manageable.

It is probably mod_authnz_ldap (or whatever it is called) that is most relevant.

Mark

Re: subversion 1.7 - Internal server error (HTTP 500) - user account gets locked out

[jackson <ja...@gmail.com>]

HI Mark ,

  Thank you so much , i will enable the debug mode and do the testing and
let you know once done.

Thanks & Regards,
Jackson J

On Fri, May 21, 2021 at 11:35 PM Mark Phippard <ma...@gmail.com> wrote:

> On Fri, May 21, 2021 at 8:49 AM jackson <ja...@gmail.com> wrote:
> >
> > Hi Team,
> >
> > We are using subversion 1.7 version and we are facing issues very often
> when the users trying to commit or checkout they are getting HTTP 500 error
> and the user is getting locked out.  The users are authenticated via LDAP.
> >
> > At first we thought it was a server resource crunch issue and we
> increased the server resources but still we are getting the same problem
> >
> >
> > We have around 100+ users accessing the repos and the CPU utilization is
> normal as checked in sar report.
> >
> > Any advice on the same.
>
> If you are getting a 500 then often there will be something logged in
> the Apache error log, it might be helpful to see what error, if any is
> logged. If the errors are predictable and reproducible then setting
> Apache to log DEBUG can also help. This logs a lot though so it is
> only useful if the errors can be reproduced easily in a short amount
> of time.
>
> On the server, Subversion is not really involved in the authentication
> process. That is all handled by Apache and in this case the LDAP
> modules. The Apache httpd version will probably be more relevant than
> the Subversion version for fixes to these problems. I can recall a few
> problems where setting LDAPTimeout to a low value like 5-10 seconds
> can fix some problems. I do not remember these resulting in 500 errors
> though, I seem they were more hung connections.
>
> Maybe if something is logged in error.log it could lead to some
> solutions. From what you have provided so far though, it sounds like
> the solutions would be in Apache httpd fixes more than it would be
> Subversion.
>
> Mark
>

Re: subversion 1.7 - Internal server error (HTTP 500) - user account gets locked out

[Mark Phippard <ma...@gmail.com>]

On Fri, May 21, 2021 at 8:49 AM jackson <ja...@gmail.com> wrote:
>
> Hi Team,
>
> We are using subversion 1.7 version and we are facing issues very often when the users trying to commit or checkout they are getting HTTP 500 error and the user is getting locked out.  The users are authenticated via LDAP.
>
> At first we thought it was a server resource crunch issue and we increased the server resources but still we are getting the same problem
>
>
> We have around 100+ users accessing the repos and the CPU utilization is normal as checked in sar report.
>
> Any advice on the same.

If you are getting a 500 then often there will be something logged in
the Apache error log, it might be helpful to see what error, if any is
logged. If the errors are predictable and reproducible then setting
Apache to log DEBUG can also help. This logs a lot though so it is
only useful if the errors can be reproduced easily in a short amount
of time.

On the server, Subversion is not really involved in the authentication
process. That is all handled by Apache and in this case the LDAP
modules. The Apache httpd version will probably be more relevant than
the Subversion version for fixes to these problems. I can recall a few
problems where setting LDAPTimeout to a low value like 5-10 seconds
can fix some problems. I do not remember these resulting in 500 errors
though, I seem they were more hung connections.

Maybe if something is logged in error.log it could lead to some
solutions. From what you have provided so far though, it sounds like
the solutions would be in Apache httpd fixes more than it would be
Subversion.

Mark

Re: subversion 1.7 - Internal server error (HTTP 500) - user account gets locked out

[jackson <ja...@gmail.com>]

Hi Nathan,

    Yes, we are building a new subversion server with version 1.10.

We have been facing this issue for the past 3-4 months and  Meanwhile, is
there any performance tuning that can be done to fix this issue till the
migration is completed ?

Thanks & Regards,
Jackson J

On Fri, May 21, 2021 at 9:17 PM Nathan Hartman <ha...@gmail.com>
wrote:

> On Fri, May 21, 2021 at 8:48 AM jackson <ja...@gmail.com> wrote:
> > Hi Team,
> >
> > We are using subversion 1.7 version and we are facing issues very often
> when the users trying to commit or checkout they are getting HTTP 500 error
> and the user is getting locked out.  The users are authenticated via LDAP.
> >
> > At first we thought it was a server resource crunch issue and we
> increased the server resources but still we are getting the same problem
>
>
> Hello,
>
> Is this an issue that has begun recently or has this been an ongoing
> problem for a long time?
>
> I would like to point out that the 1.7 release line is somewhat old
> and has not been updated since late 2015. That by itself doesn't mean
> it is the cause of these issues, but if feasible it is probably a good
> idea to update to one of the currently supported release lines; the
> latest releases are 1.10.7 and 1.14.1.
>
> Thanks,
> Nathan
>

Re: subversion 1.7 - Internal server error (HTTP 500) - user account gets locked out

[Nathan Hartman <ha...@gmail.com>]

On Fri, May 21, 2021 at 8:48 AM jackson <ja...@gmail.com> wrote:
> Hi Team,
>
> We are using subversion 1.7 version and we are facing issues very often when the users trying to commit or checkout they are getting HTTP 500 error and the user is getting locked out.  The users are authenticated via LDAP.
>
> At first we thought it was a server resource crunch issue and we increased the server resources but still we are getting the same problem


Hello,

Is this an issue that has begun recently or has this been an ongoing
problem for a long time?

I would like to point out that the 1.7 release line is somewhat old
and has not been updated since late 2015. That by itself doesn't mean
it is the cause of these issues, but if feasible it is probably a good
idea to update to one of the currently supported release lines; the
latest releases are 1.10.7 and 1.14.1.

Thanks,
Nathan