Re: [1.8] tune.ssl.cachesize

2017-11-28 Thread Willy Tarreau 
On Tue, Nov 28, 2017 at 11:17:31AM +0100, William Lallemand wrote:
> Thanks for the report, the bug was elsewhere, in fact the shctx was 
> initialized
> for each ssl bind.
> 
> Patch attached.

Applied, thanks.

Willy

Re: [1.8] tune.ssl.cachesize

2017-11-28 Thread Maciej Zdeb 
Hi William,

Thank you very much, I've applied your patch and it fixed issue:

ps aux | grep hap
USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME COMMAND
haproxy  37601  0.1  0.5 2509548 165352 ?  Ss   11:35   0:00
/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -D -



2017-11-28 11:17 GMT+01:00 William Lallemand :

> Hi,
>
> On Tue, Nov 28, 2017 at 09:08:59AM +0100, Maciej Zdeb wrote:
> > Hi Willy,
> >
> > Thanks for your response. In change
> > http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=
> 4f45bb9c461f462290b77bf2511badb7a4453c0a
> > William made shctx more generic. Right now it's calculated:
> >
> > shctx = (struct shared_context *)mmap(NULL, sizeof(struct
> shared_context) +
> > extra + (maxblocks * (sizeof(struct shared_block) + blocksize)),
> >
> > before it was:
> >
> > shctx = (struct shared_context *)mmap(NULL, sizeof(struct
> > shared_context)+(size*sizeof(struct shared_block)),
> >
> > Still, William is the best person to ask. :-)
> >
>
> Thanks for the report, the bug was elsewhere, in fact the shctx was
> initialized
> for each ssl bind.
>
> Patch attached.
>
> --
> William Lallemand
>

Re: [1.8] tune.ssl.cachesize

2017-11-28 Thread Maciej Zdeb 
Hi Willy,

Thanks for your response. In change
http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=4f45bb9c461f462290b77bf2511badb7a4453c0a
William made shctx more generic. Right now it's calculated:

shctx = (struct shared_context *)mmap(NULL, sizeof(struct shared_context) +
extra + (maxblocks * (sizeof(struct shared_block) + blocksize)),

before it was:

shctx = (struct shared_context *)mmap(NULL, sizeof(struct
shared_context)+(size*sizeof(struct shared_block)),

Still, William is the best person to ask. :-)

2017-11-28 7:38 GMT+01:00 Willy Tarreau :

> Hi Maciej,
>
> On Mon, Nov 27, 2017 at 09:15:22AM +0100, Maciej Zdeb wrote:
> > Hi,
> >
> > Thank you for your hard work on HAProxy 1.8 - great job!
> >
> > I tried to update haproxy from 1.7 on our r machine to 1.8 version
> > however stumbled upon problem with tune.ssl.cachesize directive.
> >
> > In 1.7.3 with tune.ssl.cachesize = 1000:
> >
> > ps aux | grep haproxy
> > USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME COMMAND
> > haproxy  43863  0.1  0.0 2327496 13052 ?  Ss   08:54   0:00
> > /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -D
> >
> > Note VSZ is 2327496.
> >
> > In 1.8.0 with tune.ssl.cachesize = 1000:
> > [ALERT] 330/085923 (30585) : Unable to allocate SSL session cache.
> >
> > In 1.8.0 with tune.ssl.cachesize = 300:
> > ps aux | grep haprox
> > USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME COMMAND
> > haproxy  34539  0.0  0.4 30342220 163784 ? Ss   09:01   0:00
> > /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -D -p /var/run/haproxy.pid
> >
> > Note VSZ is 30342220.
> >
> > In docs i don't see any related change:
> > http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#3.2-tune.
> > ssl.cachesize
> > http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#3.2-tune.
> > ssl.cachesize
> >
> > What is the proper way to calculate ssl cachesize in 1.8? Is it bug or
> docs
> > need update?
>
> Wow, multiplied by 15! It looks like each entry now takes 3kB instead
> of 200 bytes, maybe something has changed with the default block size.
> CCing William for advice.
>
> Thanks,
> Willy
>

Re: [1.8] tune.ssl.cachesize

2017-11-27 Thread Willy Tarreau 
Hi Maciej,

On Mon, Nov 27, 2017 at 09:15:22AM +0100, Maciej Zdeb wrote:
> Hi,
> 
> Thank you for your hard work on HAProxy 1.8 - great job!
> 
> I tried to update haproxy from 1.7 on our r machine to 1.8 version
> however stumbled upon problem with tune.ssl.cachesize directive.
> 
> In 1.7.3 with tune.ssl.cachesize = 1000:
> 
> ps aux | grep haproxy
> USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME COMMAND
> haproxy  43863  0.1  0.0 2327496 13052 ?  Ss   08:54   0:00
> /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -D
> 
> Note VSZ is 2327496.
> 
> In 1.8.0 with tune.ssl.cachesize = 1000:
> [ALERT] 330/085923 (30585) : Unable to allocate SSL session cache.
> 
> In 1.8.0 with tune.ssl.cachesize = 300:
> ps aux | grep haprox
> USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME COMMAND
> haproxy  34539  0.0  0.4 30342220 163784 ? Ss   09:01   0:00
> /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -D -p /var/run/haproxy.pid
> 
> Note VSZ is 30342220.
> 
> In docs i don't see any related change:
> http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#3.2-tune.
> ssl.cachesize
> http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#3.2-tune.
> ssl.cachesize
> 
> What is the proper way to calculate ssl cachesize in 1.8? Is it bug or docs
> need update?

Wow, multiplied by 15! It looks like each entry now takes 3kB instead
of 200 bytes, maybe something has changed with the default block size.
CCing William for advice.

Thanks,
Willy

[1.8] tune.ssl.cachesize

2017-11-27 Thread Maciej Zdeb 
Hi,

Thank you for your hard work on HAProxy 1.8 - great job!

I tried to update haproxy from 1.7 on our r machine to 1.8 version
however stumbled upon problem with tune.ssl.cachesize directive.

In 1.7.3 with tune.ssl.cachesize = 1000:

ps aux | grep haproxy
USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME COMMAND
haproxy  43863  0.1  0.0 2327496 13052 ?  Ss   08:54   0:00
/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -D

Note VSZ is 2327496.

In 1.8.0 with tune.ssl.cachesize = 1000:
[ALERT] 330/085923 (30585) : Unable to allocate SSL session cache.

In 1.8.0 with tune.ssl.cachesize = 300:
ps aux | grep haprox
USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME COMMAND
haproxy  34539  0.0  0.4 30342220 163784 ? Ss   09:01   0:00
/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -D -p /var/run/haproxy.pid

Note VSZ is 30342220.

In docs i don't see any related change:
http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#3.2-tune.
ssl.cachesize
http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#3.2-tune.
ssl.cachesize

What is the proper way to calculate ssl cachesize in 1.8? Is it bug or docs
need update?