Bug#465865: ssl-cert taking too long to install
30 minutes already, and I'm sure my processors would rather have something else to do. This is today's release from testing. # apt-get Setting up ssl-cert (1.0.16) ... # ps axf 1984 ttyp2S 0:09 | \_ /usr/bin/dpkg --status-fd 14 --configure ssl-cert postfix 1985 ttyp2S 0:01 | \_ /usr/bin/perl -w /usr/share/debconf/frontend /var/lib/dpkg/info/ssl-cert.postinst configure 1991 ttyp2S 0:00 | \_ /bin/sh -e /var/lib/dpkg/info/ssl-cert.postinst configure 1993 ttyp2S 0:00 | \_ /bin/bash -e /usr/sbin/make-ssl-cert generate-default-snakeoil 1997 ttyp2R 31:52 | \_ openssl req -config /tmp/tmp.o03KzO -new -x509 -days 3650 -nodes -out /etc/ssl/certs/ssl-cert-snakeoil.pem -keyout /etc/ssl/private/ssl-cert-snakeoil.key # uname -a Linux char 2.6.24.3 #1 SMP Sun Mar 2 01:06:59 EST 2008 i686 GNU/Linux # strace -p 1997 read(4, \372\371\335\374E\373\306\251w}\231\262\262\345\373\337..., 4096) = 4096 read(4, Uc1\347\r\357WC\237{\373\35\333\177 \213\323\340\345l..., 4096) = 4096 read(4, \204\22\2537e\301\350\347\0066\tB7\246s\345\322\276`\212..., 4096) = 4096 # continues... There must be some way to gracefully abort this, especially since, aside from SSH, I don't care about having SSL support on this machine. Colin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#465865: ssl-cert taking too long to install
Colin Wetherbee wrote: 1993 ttyp2S 0:00 | \_ /bin/bash -e /usr/sbin/make-ssl-cert generate-default-snakeoil 1997 ttyp2R 31:52 | \_ openssl req -config /tmp/tmp.o03KzO -new -x509 -days 3650 -nodes -out /etc/ssl/certs/ssl-cert-snakeoil.pem -keyout /etc/ssl/private/ssl-cert-snakeoil.key My work-around: Between the 'else' and the 'fi' near the bottom of /usr/sbin/make-ssl-cert, comment everything out and add the following line. touch /etc/ssl/private/ssl-cert-snakeoil.key It seems to work well enough so far. At least ssl-cert shows as being installed, so apt-get can get along with installing other packages. What is the purpose of generating this snakeoil certificate, anyway? Colin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#421557: Bug#399776,#421557: Apache2 memory leak
Colin Wetherbee wrote: Stefan Fritsch wrote: I think I have a fix for some of the memory leaks. You can find patched packages for etch at: I installed the patched packages yesterday, and they've been running for over 24 hours without any problems. I'm hesitant to declare the problem fixed, however, since they're running on a low-traffic mod_perl development server. Tomorrow, I think I'll install them on my personal web server, which handles much more traffic. It was one of the servers affected by the bug in the first place. I installed Stefan's new packages [0] on the same server for which I initially posted a complaint in bug #421557 [1], using the same MaxClients and MaxRequestsPerChild settings I had at the time [2]. According to that initial bug report [1], my server would be taken down by apache2 in 12 hours. I am pleased to report that, after about 40 hours, my apache2 processes are still using a reasonable amount of memory and have not caused any slow-down on the server. Thanks for the fix, Stefan. It seems to work! Colin [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421557#45 [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421557#10 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421557#20 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#399776: ,#421557: Apache2 memory leak
Stefan Fritsch wrote: I think I have a fix for some of the memory leaks. You can find patched packages for etch at: I installed the patched packages yesterday, and they've been running for over 24 hours without any problems. I'm hesitant to declare the problem fixed, however, since they're running on a low-traffic mod_perl development server. Tomorrow, I think I'll install them on my personal web server, which handles much more traffic. It was one of the servers affected by the bug in the first place. I'll let you know what I discover (or, hopefully, don't discover!). Colin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#421557: apache2: memory leak addendum
Stefan Fritsch wrote: I have seen some other reports indicating that the php5 in Debian etch leaks memory. If your php scripts work with php4, you could try replacing php5 with php4. I would be interested if that improves the situation. As much as I would like to try that, I'm afraid one of my PHP applications requires php5. I look forward to reading whether someone else is able to try this. Colin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#421557: apache2: memory leak addendum
Stefan Fritsch wrote: Try setting MaxRequestsPerChild to 1000, causing each apache process to be restartet after 1000 requests (the 0 in your settings means unlimited). If that doesn't help, you may want to try 250 or 100. This will reduce your performance, but it is probably still better than the memory leak. I changed MaxRequestsPerChild to 500. As expected, the processes restart before they take the system down, but that's only after each process reaches about 25% RAM consumption. Just a quick snapshot of my current 'top' output: PID USER NI VIRT RES SHR S %CPU %MEMTIME+ P COMMAND 3740 www-data 0 258m 221m 4544 S0 22.0 1:13.73 0 apache2 6696 www-data 0 123m 107m 4968 S0 10.6 0:30.94 0 apache2 6705 www-data 0 122m 105m 4976 S0 10.5 0:30.23 0 apache2 6697 www-data 0 119m 103m 4972 S0 10.2 1:09.11 0 apache2 6694 www-data 0 115m 99m 4976 S0 9.8 0:27.32 0 apache2 8339 www-data 0 53016 35m 4960 S0 3.5 0:06.63 0 apache2 8387 www-data 0 52416 34m 4840 S0 3.5 0:06.20 1 apache2 Thanks for the suggestion. This is a good work-around until the leak is fixed. Colin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#421557: apache2: memory leak addendum
Since upgrading apache2 to 2.2.3-4 last week, I have had to restart Apache numerous times because it will grow in memory size and eventually slow my server severely. The only way to regain control is to be physically at the terminal and (very slowly) login as root and restart apache2. With 2.3 GB of memory (RAM + swap), seven apache2 processes will take my system down in about 12 hours. This is 'top' from two hours after restarting apache2: PID USER NI VIRT RES SHR S %CPU %MEMTIME+ P COMMAND 13227 www-data 0 118m 103m 4912 S0 10.3 0:24.72 0 apache2 13228 www-data 0 117m 102m 4976 S0 10.2 0:24.84 0 apache2 13226 www-data 0 117m 102m 4872 S0 10.1 0:24.03 0 apache2 13221 www-data 0 115m 100m 4972 S0 10.0 0:24.32 0 apache2 13225 www-data 0 114m 100m 4972 S0 9.9 0:24.06 0 apache2 13223 www-data 0 113m 98m 4980 S0 9.8 0:26.18 0 apache2 13222 www-data 0 112m 97m 4940 S0 9.6 0:23.12 1 apache2 Other possibly useful stuff: Apache/2.2.3 (Debian) PHP/5.2.0-10+lenny1 mod_ssl/2.2.3 OpenSSL/0.9.8e mod_perl/2.0.2 Perl/v5.8.8 Server at iron.denterprises.org Port 80 Version: 2.2.3-4 Thanks. Colin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#421557: apache2: memory leak addendum
Stefan Fritsch wrote: On Mittwoch, 27. Juni 2007, Colin Wetherbee wrote: Since upgrading apache2 to 2.2.3-4 last week, I have had to restart Apache numerous times because it will grow in memory size and eventually slow my server severely. Can you please also post the complete list of enabled modules (ls /etc/apache2/mods-enabled). ^ [EMAIL PROTECTED]:~$ ls /etc/apache2/mods-enabled | sed -e 's/\..*$//' | uniq alias auth_basic authn_default authn_file authz_default authz_groupfile authz_host authz_user autoindex cgi dir env mime mime_magic negotiation perl php5 rewrite setenvif ssl status If you have mod_deflate enabled, can you check whether disabling it improves the situation? mod_deflate is not enabled. As a workaround, you might want to look at MaxRequestsPerChild and/or MaxChilds These are my current settings: StartServers 3 MinSpareServers 3 MaxSpareServers 7 MaxClients 75 MaxRequestsPerChild 0 How would you suggest I change them? Thanks! Colin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]