Hello all,
wondering if anyone has seen similar behaviour - sorry if already reported,
googling hasn't found much other than a somewhat similar older issue on APR
going to 100% CPU when idle due to a poll loop/timeout issue - however this
seems a bit different as this is only occurring with SSL;
Running (ESX Based):
Server version: Apache Tomcat/8.5.9
Server built: Dec 5 2016 20:18:12 UTC
Server number: 8.5.9.0
OS Name: Windows Server 2012 R2
OS Version: 6.3
Architecture: amd64
JVM Version: 1.8.0_112-b15
JVM Vendor: Oracle Corporation
Apache Tomcat Native library 1.2.10 using APR version 1.5.2.
APR capabilities: IPv6 [true], sendfile [true], accept filters [false],
random [true].
APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
OpenSSL successfully initialized (OpenSSL 1.0.2j 26 Sep 2016)
Server setup as 4 vCPU / 8GB mem
Problem:
After running load on the server (this is a QA system, so just load tests)
Tomcat goes to 70-100% CPU usage when it should be idle.
This only occurs when putting load on the SSL connectors w/APR. When
re-applying load (to SSL connector), the CPU usage drops to appropriate
levels for the load, but then returns to the higher idle CPU usage.
If applying load back to the non-SSL connector, CPU usage stays high
(higher than after a restart and sending to non-SSL connector first).
Performing the same load tests on non-SSL (still with APR), or non-APR
connectors CPU returns to idle after the load run is completed.
The load applied is 8 persistent connections, which send basic POST
requests, the service does some basic operations and responds, generally -
if not maxed out - in 1-2ms.
Even when using 1 connection, the CPU usage stays constant when the
requests stop.
Again this only occurs when using the SSL/APR connector, if using a non-APR
connector, or the APR-non-SSL connector it's fine.
It seems to be a problem with just how APR-SSL works or possibly OpenSSL ?
Not sure how to further isolate to see which one is the problem.
SSL Connector setup:
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150"
SSLEnabled="true"
maxKeepAliveRequests="-1">
<SSLHostConfig>
<Certificate
certificateFile="conf/localhost-rsa-cert.pem"
certificateKeyFile="conf/localhost-rsa-key.pem"
certificateKeyPassword="password"
type="RSA" />
</SSLHostConfig>
</Connector>
Non-SSL Connector:
<Connector port="8080"
protocol="org.apache.coyote.http11.Http11AprProtocol"
connectionTimeout="20000"
maxKeepAliveRequests="-1"
redirectPort="8443" >
</Connector>
Initializing ProtocolHandler ["http-apr-8080"]
Initializing ProtocolHandler ["https-openssl-apr-8443"]
