Re: Cyrus tweaks (slow on roundcube)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andre,

Thanks for the info!! Two questions since sasl is still new to me:

1) How many processes should I have running? Is there an option somewhere to adjust this or see it?

2) I installed havaged, but the process instantly crashes and tells me a sub system is locked when I try to restart it. Any ideas on that? (On centos 6)


Thanks again!

- Paul

On Sep 11, 2015, at 2:59 PM, Andre Felipe Machado <andremachado@xxxxxxxxxxxxxxxx> wrote:

Hello,

By your numbers it seems that your machine is able to generate random numbers at good speed. But the problem is WHEN and HOW OFTEN.

Afaik, the linux kernel waits too long to trigger the process to generate random numbers and fast paced process spawning or ssl connections could deplete pool before the process is triggered again.

This is the problem that haveged could solve. Triggering a random numbers generation at a higher threshold and at higher frequency.

http://blog-ftweedal.rhcloud.com/2014/05/more-entropy-with-haveged/

Well, it is only ONE of possible causes of your problem. Unfortunately one obscure and difficult to identify because it does not generate errors, crashes or logs. Simply slowness.

Had you checked disk latency? Does your servers have enough sasl processes?

We use Debian and did not find haveged installation issues, so you will have to search a bit more about your running errors.

Regards.

Andre Felipe

http://www.techforce.com.br

 

Paul Bronson <signaldeveloper@xxxxxxxxx> wrote ..

Guys,
 
I ran cat /dev/urandom | rngtest -c 1000
 
and got:
 
rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 998
rngtest: FIPS 140-2 failures: 2
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 1
rngtest: FIPS 140-2(2001-10-10) Long run: 1
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=22.980; avg=501.129; max=19073.486)Mibits/s
rngtest: FIPS tests speed: (min=98.317; avg=121.603; max=131.541)Mibits/s
rngtest: Program run time: 198018 microseconds
 
 
Does this look bad to you considering all of my slow SASL auths? (no haveged is on at this point.. available entropy is between 131 - 160... pool size is default 4096.
 
I also tried installing haveged, which worked fine, but as soon as I started the service it said something like process dead, sub sys locked... ? Sorry, entropy is fairly new to me.
 
 

On Thu, Sep 10, 2015 at 5:24 PM, <signaldeveloper@xxxxxxxxx> wrote:
Andre,

Really? What should it be? I was curious and checked.. Entropy on some of my other big time production servers for email is only about 200) and its lightning fast?

- Paul

> On Sep 10, 2015, at 5:00 PM, Andre Felipe Machado <andremachado@xxxxxxxxxxxxxxxx> wrote:
>
> Hello,
> Entropy of 158 is way too low for production servers. And this *MAY* cause weird
> slowness without logging any  errors.
> You could install "haveged" and configure for max threshold levels on production
> servers.
> https://packages.debian.org/search?keywords=haveged
>
> Regards.
>
> Andre Felipe
> http://www.techforce.com.br
>
>
>
> signaldeveloper@xxxxxxxxx wrote ..
&g! t;> Ru dy,
>>
>> Entropy is 158 I just looked. And as far as compiling against urandom, to be
> honest
>> I'm
>> not sure.
>>
>> - Paul
>>
>>
>>
>>
>>> On Sep 6, 2015, at 9:50 PM, Rudy Gevaert <Rudy.Gevaert@xxxxxxxx> wrote:
>>>
>>>
>>> Quoting signaldeveloper@xxxxxxxxx, Mon, 07 Sep 2015:
>>>
>>>> Hosts file is fine I checked that, thanks. Kolab uses 389 to
>>>> authenticate for everything, so Cyrus is using LDAP as you can see
>>>> above. I think the problem lies in the constant TLS logins into
>>>> Cyrus for every click:
>>>>
>>>> imap[2281]: login: localhost [::1] johndoe@xxxxxxxxxx PLAIN+TLS User
>>>> logged in
>>>> SESSIONID=<es1.domain.com-2281-1441500890-1-15740725055571902363>
>>>> Sep  5 20:54:51 es1 imap[2281]: USAGE johndoe@xxxxxxxxxx user:
>>>> 0.009998 sys: 0.006999
>>>>
>>>>
>>>> Again its only one user, on roundcube... I am afraid to put any more
>>>> users on it. There doesn't seem to be much of performance tweaks
>>>> with Cyrus around the web either...
>>>
>>> does your system have enough entropy?
>>>
>>> Is saslauthd compiled against /dev/urandom?
>>>
>>> Rudy
>>>
>>> --
>>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- ! -- -- -- -- -- --
>>> Rudy Gevaert                             e-mail: Rudy.Gevaert@xxxxxxxx
>>> Directie ICT, Afdeling Infrastructuur
>>> Groep Systemen                                      tel: +32 9 264 4750
>>> Universiteit Gent                                   fax: +32 9 264 4994
>>> Krijgslaan 281, gebouw S9, 9000 Gent, Belgie               www.UGent.be
>>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>>> > ;>>
>>> ----
>>> Cyrus Home Page: http://www.cyrusimap.org/
>>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>>> To Unsubscribe:
>>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>> ----
>> Cyrus Home Page: http://www.cyrusimap.org/
>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>> To Unsubscribe:
>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

 

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux