Reviewed: https://review.opendev.org/c/openstack/octavia/+/957537 Committed: https://opendev.org/openstack/octavia/commit/cd20adc2f58103d8e78a11c221c650efed7a7754 Submitter: "Zuul (22348)" Branch: stable/2024.2
commit cd20adc2f58103d8e78a11c221c650efed7a7754 Author: Wesley Hershberger <[email protected]> Date: Fri Aug 8 10:11:27 2025 -0500 Reduce tune.ssl.cachesize for HTTPS terminating listeners 454cff5 introduced haproxy's `tune.ssl.cachesize` for TERMINATED_HTTPS listeners. During a reload of haproxy the old worker process stays running until the new worker process is ready. This means that two TLS session caches are allocated/held simultaneously during a reload of the service. For small Amphorae, this works fine. The default connection limit is 50000, which takes enough of a chunk out of the 50% allocation that there is enough wiggle room for the new haproxy worker to allocate its cache and coexist with the old worker for some time. However, for larger amphorae, the memory calculated for the session cache approaches 50%. haproxy allocates an additional 48 bytes for each 200 byte chunk, so the total memory allocated exceeds 50% of the available memory, triggering the OOM-killer on haproxy reload. Out of an abundance of caution this also reduces the proportion of memory Octavia considers "available" for the TLS session cache from 1/2 to 2/5. Closes-Bug: #2119987 Change-Id: I91b6907c3e3e456860f7274153e0ecf030e0519e Signed-off-by: Wesley Hershberger <[email protected]> (cherry picked from commit 6b51d75b0cb4cbff64ad717bfdf0fbc9486e26bc) (cherry picked from commit f17744640da168d5a4e3211731d8be8a5ffaaee7) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2119987 Title: haproxy reload triggers OOM-killer for TERMINATED_HTTPS loadbalancers To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/2119987/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
