Search squid archive

Re: Re: Re: Re: squid_kerb_auth High CPU load.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Not sure how to give you the figures of req/sec but this morning when i
flicked it over there would have been max 15 people using it for normal
browsing.

following is my krb5.conf incase i am missing something or doing
something wrong.

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = MULAWA.INTERNAL
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
 default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5

[realms]

 MULAWA.INTERNAL = {
  kdc = dc-hbt-01.mulawa.internal
  kdc = dc-hbt-02.mualwa.internal
 }

[domain_realm]
 mulawa.internal = MULAWA.internal
 .mulawa.internal = MULAWA.internal




On Thu, 2012-04-19 at 23:36 +0100, Markus Moeller wrote:
> How many request/sec does your squid serve ? I would not expect it to be 
> that much higher then with NTLM.
> 
> Markus
> 
> "Simon Dwyer" <mail@xxxxxxxxxx> wrote in message 
> news:1334870417.2408.38.camel@xxxxxxxxxxxxxxxxxxxx...
> > Moved my production over to kerberos this morning with the correct
> > export for kerberos and this is whats happening
> >
> > 20711 squid     20   0 32212 3748 1732 R 34.3  0.1   0:04.42
> > squid_kerb_auth
> > 20716 squid     20   0 32200 3748 1732 R 34.3  0.1   0:08.41
> > squid_kerb_auth
> > 20712 squid     20   0 30544 2196 1732 S 20.6  0.1   0:28.23
> > squid_kerb_auth
> >
> > They are just the top 3 processes.
> >
> > When i am not using kerberos authentication my cpu is hardly touched.
> >
> > Any insight would be awesome.
> >
> > Simon
> >
> > On Thu, 2012-04-19 at 16:03 +1000, Simon Dwyer wrote:
> >> Hi Markus,
> >>
> >> I have actually got this now setup on a second machine.
> >>
> >> When i put in the export the HTTP_23 does not appear anymore which i am
> >> expecting.
> >>
> >> I will double check this in production tomorrow morning and see how i
> >> go.
> >>
> >> Simon
> >>
> >> On Thu, 2012-04-19 at 15:49 +1000, Simon Dwyer wrote:
> >> > Hi Markus,
> >> >
> >> > I do have a
> >> >
> >> > -rw-------. 1 squid squid    92907 Apr 19 08:21 HTTP_23
> >> >
> >> > which may have been the last time i tried to run it this morning.
> >> >
> >> > I wont be able to try it again till tomorrow morning to see if it
> >> > modifies it
> >> >
> >> > Cheers,
> >> >
> >> > Simon
> >> >
> >> > On Thu, 2012-04-19 at 06:44 +0100, Markus Moeller wrote:
> >> > > Hi Simon,
> >> > >
> >> > >   Unfortunately I do not have a production environment to give you 
> >> > > average
> >> > > usage numbers.
> >> > >
> >> > >   Can you check that you don't have a file in /var/tmp like (or at 
> >> > > least is
> >> > > not modified):
> >> > >
> >> > > -rw------- 1 squid nogroup 603 Apr  7 01:13 
> >> > > /var/tmp/opensuse12--HTTP-044_31
> >> > >
> >> > >   This is the replay cache if not disabled.
> >> > >
> >> > > Markus
> >> > >
> >> > > "Simon Dwyer" <mail@xxxxxxxxxx> wrote in message
> >> > > news:1334813176.2408.29.camel@xxxxxxxxxxxxxxxxxxxx...
> >> > > > Hi Markus,
> >> > > >
> >> > > > This is in the /etc/init.d/squid
> >> > > >
> >> > > > if [ -f /etc/sysconfig/squid ]; then
> >> > > >        . /etc/sysconfig/squid
> >> > > > fi
> >> > > >
> >> > > > What should the cpu usage be of each squid_kerb_auth process when 
> >> > > > used?
> >> > > >
> >> > > > Cheers,
> >> > > >
> >> > > > Simon
> >> > > >
> >> > > > On Thu, 2012-04-19 at 06:15 +0100, Markus Moeller wrote:
> >> > > >> Are you sure /etc/sysconfig/squid is sourced by the squid startup 
> >> > > >> script
> >> > > >> ?
> >> > > >> Markus
> >> > > >>
> >> > > >> "Simon Dwyer" <mail@xxxxxxxxxx> wrote in message
> >> > > >> news:1334789097.2408.17.camel@xxxxxxxxxxxxxxxxxxxx...
> >> > > >> > Hi all,
> >> > > >> >
> >> > > >> > I have got kerberos working and moved it to production but then 
> >> > > >> > the
> >> > > >> > server started smashing its cpu.  It seems that the 
> >> > > >> > squid_kerb_auth
> >> > > >> > processes are killing the cpu.
> >> > > >> >
> >> > > >> > I have the following in my config.
> >> > > >> >
> >> > > >> > /etc/sysconfig/squid/
> >> > > >> >
> >> > > >> > KRB5RCACHETYPE=none
> >> > > >> > export KRB5RCACHETYPE
> >> > > >> >
> >> > > >> > /etc/squid/squid.conf
> >> > > >> >
> >> > > >> > auth_param negotiate program  /usr/bin/negotiate_wrapper
> >> > > >> > --kerberos /usr/lib64/squid/squid_kerb_auth -i -r -s 
> >> > > >> > GSS_C_NO_NAME
> >> > > >> > --ntlm /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> >> > > >> > --domain=DOMAIN.EXAMPLE
> >> > > >> > auth_param negotiate children 30
> >> > > >> > auth_param negotiate keep_alive on
> >> > > >> >
> >> > > >> > From what i have read the first part should fix the high cpu 
> >> > > >> > issue but
> >> > > >> > it doesnt seem to help.
> >> > > >> >
> >> > > >> > More the case i am having trouble getting that variable active.
> >> > > >> >
> >> > > >> > Anyone else come up on this?
> >> > > >> >
> >> > > >> > Simon
> >> > > >> >
> >> > > >> >
> >> > > >>
> >> > > >>
> >> > > >
> >> > > >
> >> > > >
> >> > >
> >> > >
> >> >
> >> >
> >>
> >>
> >
> >
> > 
> 
> 




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux