Luis Daniel Lucio Quiroz wrote:
Le mardi 6 octobre 2009 18:57:34, Amos Jeffries a écrit :
On Tue, 6 Oct 2009 17:57:24 -0500, Luis Daniel Lucio Quiroz
<luis.daniel.lucio@xxxxxxxxx> wrote:
Hi Squids,
Using Squid 3.0.19 we're having problems adding one more ACL. Our
configuration has about 2000 http_access and about 2500 acl's.
Now, adding one more acl, or even modifying a file pointed by an acl such
as
acl myacl dstregexp "myfile", our squid is slowing to much.
Symtopms:
- squid -k pharse, OK
- squid -k reconfigure, squid slows. cache.log says squid is reloading
but
it
is too slow, squid process begins to uses about 99% of cpu. No "dying"
message
at log.
I wonder to know if there is a maximun in squid acl, https, regexp.
No defined limits as such. It's just long lists/trees that need to be
walked over individually on each use and built on reconfigure.
The http_access list get walked once per request. Each ACL (mostly trees,
some lists) get walked once per test. How fast or slow really depends on
what types of ACL and what order you place them in http_access.
Why do you have so many?
Amos
So many,
see my debug here http://pastebin.com/f197606fa
from lines 58-62, helpers delay too much. This is not a little machine, it is
8 cpus amd @3.2Ghz, 64 bits, with 64 GB in RAM.
If we remove any ACL we've added, this does not occur.
I see only three (3) ACL in that trace.
The lines you point at for delay are helpers booting up, not related to
ACL directly.
The reported problem might have something to do with it:
digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
LDAP looking for and failing to find something it's configured to check
of is likely to take a while. Or maybe that means the LDAP backend is
not available at the startup time. Both problems equally as bad.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19
Current Beta Squid 3.1.0.14