On 2/12/21 07:55, Jason Spashett wrote:
On Wed, 1 Dec 2021 at 18:29, Alex Rousskov
<rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
On 12/1/21 12:06 PM, David Touzeau wrote:
Hi
We used Squid 5.2 and we see that security_file_certgen consume I/O
Is there any way to put the ssldb in memory without need to mount a tmpfs ?
Yes, there are at least two other ways to reduce disk I/O related to
certificate generation:
1) Tell the official certificate generator helper not to cache the
generated certificates. See sslcrtd_program documentation for details.
2) Write your own certificate generator helper.
Alex.
We have found that the certificate helpers perform strictly worse with
the disk cache turned on, over approximately 3 processes. It is
something that perhaps one day, with luck, we may be able to
contribute something. The problems are the way in which the disk cache
is stored and accessed.
The "file" in the helper name means one file per object, which is quite
crude type of storage but very easy to implement as a proof of concept
helper.
As Alex mentioned there are a lot of optimizations that can still be
made (and bugs to fix) with the current helper code - and still not be
best possible performance still due to the "file" nature of storage and
relatively slow nature of disk I/O.
Improvements here and/or new helper implementations with better forms of
storage are welcome.
Cheers
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
