Re: [1.8] tune.ssl.cachesize
On Tue, Nov 28, 2017 at 11:17:31AM +0100, William Lallemand wrote: > Thanks for the report, the bug was elsewhere, in fact the shctx was > initialized > for each ssl bind. > > Patch attached. Applied, thanks. Willy
Re: [1.8] tune.ssl.cachesize
Hi William, Thank you very much, I've applied your patch and it fixed issue: ps aux | grep hap USER PID %CPU %MEMVSZ RSS TTY STAT START TIME COMMAND haproxy 37601 0.1 0.5 2509548 165352 ? Ss 11:35 0:00 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -D - 2017-11-28 11:17 GMT+01:00 William Lallemand: > Hi, > > On Tue, Nov 28, 2017 at 09:08:59AM +0100, Maciej Zdeb wrote: > > Hi Willy, > > > > Thanks for your response. In change > > http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h= > 4f45bb9c461f462290b77bf2511badb7a4453c0a > > William made shctx more generic. Right now it's calculated: > > > > shctx = (struct shared_context *)mmap(NULL, sizeof(struct > shared_context) + > > extra + (maxblocks * (sizeof(struct shared_block) + blocksize)), > > > > before it was: > > > > shctx = (struct shared_context *)mmap(NULL, sizeof(struct > > shared_context)+(size*sizeof(struct shared_block)), > > > > Still, William is the best person to ask. :-) > > > > Thanks for the report, the bug was elsewhere, in fact the shctx was > initialized > for each ssl bind. > > Patch attached. > > -- > William Lallemand >
Re: [1.8] tune.ssl.cachesize
Hi Willy, Thanks for your response. In change http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=4f45bb9c461f462290b77bf2511badb7a4453c0a William made shctx more generic. Right now it's calculated: shctx = (struct shared_context *)mmap(NULL, sizeof(struct shared_context) + extra + (maxblocks * (sizeof(struct shared_block) + blocksize)), before it was: shctx = (struct shared_context *)mmap(NULL, sizeof(struct shared_context)+(size*sizeof(struct shared_block)), Still, William is the best person to ask. :-) 2017-11-28 7:38 GMT+01:00 Willy Tarreau: > Hi Maciej, > > On Mon, Nov 27, 2017 at 09:15:22AM +0100, Maciej Zdeb wrote: > > Hi, > > > > Thank you for your hard work on HAProxy 1.8 - great job! > > > > I tried to update haproxy from 1.7 on our r machine to 1.8 version > > however stumbled upon problem with tune.ssl.cachesize directive. > > > > In 1.7.3 with tune.ssl.cachesize = 1000: > > > > ps aux | grep haproxy > > USER PID %CPU %MEMVSZ RSS TTY STAT START TIME COMMAND > > haproxy 43863 0.1 0.0 2327496 13052 ? Ss 08:54 0:00 > > /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -D > > > > Note VSZ is 2327496. > > > > In 1.8.0 with tune.ssl.cachesize = 1000: > > [ALERT] 330/085923 (30585) : Unable to allocate SSL session cache. > > > > In 1.8.0 with tune.ssl.cachesize = 300: > > ps aux | grep haprox > > USER PID %CPU %MEMVSZ RSS TTY STAT START TIME COMMAND > > haproxy 34539 0.0 0.4 30342220 163784 ? Ss 09:01 0:00 > > /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -D -p /var/run/haproxy.pid > > > > Note VSZ is 30342220. > > > > In docs i don't see any related change: > > http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#3.2-tune. > > ssl.cachesize > > http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#3.2-tune. > > ssl.cachesize > > > > What is the proper way to calculate ssl cachesize in 1.8? Is it bug or > docs > > need update? > > Wow, multiplied by 15! It looks like each entry now takes 3kB instead > of 200 bytes, maybe something has changed with the default block size. > CCing William for advice. > > Thanks, > Willy >
Re: [1.8] tune.ssl.cachesize
Hi Maciej, On Mon, Nov 27, 2017 at 09:15:22AM +0100, Maciej Zdeb wrote: > Hi, > > Thank you for your hard work on HAProxy 1.8 - great job! > > I tried to update haproxy from 1.7 on our r machine to 1.8 version > however stumbled upon problem with tune.ssl.cachesize directive. > > In 1.7.3 with tune.ssl.cachesize = 1000: > > ps aux | grep haproxy > USER PID %CPU %MEMVSZ RSS TTY STAT START TIME COMMAND > haproxy 43863 0.1 0.0 2327496 13052 ? Ss 08:54 0:00 > /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -D > > Note VSZ is 2327496. > > In 1.8.0 with tune.ssl.cachesize = 1000: > [ALERT] 330/085923 (30585) : Unable to allocate SSL session cache. > > In 1.8.0 with tune.ssl.cachesize = 300: > ps aux | grep haprox > USER PID %CPU %MEMVSZ RSS TTY STAT START TIME COMMAND > haproxy 34539 0.0 0.4 30342220 163784 ? Ss 09:01 0:00 > /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -D -p /var/run/haproxy.pid > > Note VSZ is 30342220. > > In docs i don't see any related change: > http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#3.2-tune. > ssl.cachesize > http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#3.2-tune. > ssl.cachesize > > What is the proper way to calculate ssl cachesize in 1.8? Is it bug or docs > need update? Wow, multiplied by 15! It looks like each entry now takes 3kB instead of 200 bytes, maybe something has changed with the default block size. CCing William for advice. Thanks, Willy
[1.8] tune.ssl.cachesize
Hi, Thank you for your hard work on HAProxy 1.8 - great job! I tried to update haproxy from 1.7 on our r machine to 1.8 version however stumbled upon problem with tune.ssl.cachesize directive. In 1.7.3 with tune.ssl.cachesize = 1000: ps aux | grep haproxy USER PID %CPU %MEMVSZ RSS TTY STAT START TIME COMMAND haproxy 43863 0.1 0.0 2327496 13052 ? Ss 08:54 0:00 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -D Note VSZ is 2327496. In 1.8.0 with tune.ssl.cachesize = 1000: [ALERT] 330/085923 (30585) : Unable to allocate SSL session cache. In 1.8.0 with tune.ssl.cachesize = 300: ps aux | grep haprox USER PID %CPU %MEMVSZ RSS TTY STAT START TIME COMMAND haproxy 34539 0.0 0.4 30342220 163784 ? Ss 09:01 0:00 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -D -p /var/run/haproxy.pid Note VSZ is 30342220. In docs i don't see any related change: http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#3.2-tune. ssl.cachesize http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#3.2-tune. ssl.cachesize What is the proper way to calculate ssl cachesize in 1.8? Is it bug or docs need update?