Service sizing

The memory available to services in the appliance is configured according to the recommended configuration (8 CPU cores, 16 GB RAM) and it is not necessary to change it. However, in case of an increased load, you may need to add or redistribute the allotted memory.

Default setting

By default, the memory is allocated to services in this way:

Service	Name of the service	Maximum memory (default)	Note
CzechIdM	iam-czechidm.service	6 GB
Database for CzechIdM	iam-czechidm-db.service	3 GB
CAS	iam-cas.service	1 GB
Directory server (LDAP)	iam-directory-server.service	1 GB	expected amount; no hard limit
Web proxy (NGINX)	iam-web-proxy.service	1 GB	expected amount; no hard limit
operating system	-	1 GB	expected amount; no hard limit
others	-	2 GB	backups and other scheduled tasks, safety margin for other services, etc.

Service

Name of the service

Maximum memory (default)

Note

CzechIdM

iam-czechidm.service

6 GB

Database for CzechIdM

iam-czechidm-db.service

3 GB

CAS

iam-cas.service

1 GB

Directory server (LDAP)

iam-directory-server.service

1 GB

expected amount; no hard limit

Web proxy (NGINX)

iam-web-proxy.service

1 GB

expected amount; no hard limit

operating system

1 GB

expected amount; no hard limit

others

2 GB

backups and other scheduled tasks, safety margin for other services, etc.

This configuration is entirely sufficient for standard use with thousands of identities and hundreds of active users who visit CzechIdM. If the expected load is higher, however, more memory for the appliance and services may be needed.

Changing the default settings

The maximum available memory limit can be raised only for some services (CzechIdM, CzechIdM database, CAS). Other services do not have any hard limit for memory consumption.

CzechIdM

If you want to add memory to the CzechIdM service, use to tool nano or vim to edit the configuration file located in /data/registry/node-active-config/docker-compose-czechidm.yml.

Find the variable:

- JAVA_XMX=6144M

Rewrite the value 6144M to a desired amount of available memory, e.g., 8192M:

- JAVA_XMX=8192M

Then restart the service using the command systemctl restart iam-czechidm.service.

IdM database

If you want to add memory to the CzechIdM database service, use to tool nano or vim to edit the configuration file located in /data/registry/node-active-config/docker-compose-czechidm-db.yml.

The sizing configuration for PostgreSQL is complex. To help you with configuration, you can use this calculator.

Find the file part:

command:
      # 3GB memory, 2xCPU, 200 connections, SSD, webapp
      - '-cmax_connections=200'
      - '-cshared_buffers=768MB'
      - '-ceffective_cache_size=2304MB'
      - '-cmaintenance_work_mem=192MB'
      - '-ccheckpoint_completion_target=0.7'
      - '-cwal_buffers=16MB'
      - '-cdefault_statistics_target=100'
      - '-crandom_page_cost=1.1'
      - '-ceffective_io_concurrency=200'
      - '-cwork_mem=3932kB'
      - '-cmin_wal_size=1GB'
      - '-cmax_wal_size=4GB'
      - '-cmax_worker_processes=2'
      - '-cmax_parallel_workers_per_gather=1'
      - '-cmax_parallel_workers=2'
      - '-cmax_parallel_maintenance_workers=1'

If you want to increase the available memory from the default 3 GB to 4 GB (while keeping the same amount of CPU cores, connections a using an SSD drive) enter this information into the calculator. It will give you configuration values:

max_connections = 200
shared_buffers = 1GB
effective_cache_size = 3GB
maintenance_work_mem = 256MB
checkpoint_completion_target = 0.9
wal_buffers = 16MB
default_statistics_target = 100
random_page_cost = 1.1
effective_io_concurrency = 200
work_mem = 5242kB
min_wal_size = 1GB
max_wal_size = 4GB
max_worker_processes = 2
max_parallel_workers_per_gather = 1

In the /data/registry/node-active-config/docker-compose-czechidm-db.yml file, change the values in the following way:

command:
      # 4GB memory, 2xCPU, 200 connections, SSD, webapp
      - '-cmax_connections=200'
      - '-cshared_buffers=1GB'
      - '-ceffective_cache_size=3GB'
      - '-cmaintenance_work_mem=256MB'
      - '-ccheckpoint_completion_target=0.9'
      - '-cwal_buffers=16MB'
      - '-cdefault_statistics_target=100'
      - '-crandom_page_cost=1.1'
      - '-ceffective_io_concurrency=200'
      - '-cwork_mem=5242kB'
      - '-cmin_wal_size=1GB'
      - '-cmax_wal_size=4GB'
      - '-cmax_worker_processes=2'
      - '-cmax_parallel_workers_per_gather=1'
      - '-cmax_parallel_workers=2'
      - '-cmax_parallel_maintenance_workers=1'

Then restart the service using the command systemctl restart iam-czechidm-db.service.

CAS

If you want to add memory to the CAS service, use to tool nano or vim to edit the configuration file located in /data/registry/node-active-config/docker-compose-cas.yml.

Find the variable:

- JAVA_XMX=1024M

Rewrite the value 1024M to a desired amount of available memory, e. g., 2048M:

- JAVA_XMX=2048M

Then restart the service using the command systemctl restart iam-cas.service.