[squid-users] Squid, Kerberos and FireFox (Was: Re: leaking memory in squid 3.4.8 and 3.4.7.)
Victor Sudakov
sudakov at sibptus.tomsk.ru
Thu Oct 23 11:28:14 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Eliezer Croitoru wrote:
> > I don't know what's happening with squid but this kind of CPU
> > consumption is just not normal:
> >
>
> Victor are you using workers by any chance?
I doubt it. I have compiled it from the FreeBSD ports, there was no
"workers" option.
Here is what the binary says about itself:
Squid Cache: Version 3.4.8
configure options: '--with-default-user=squid' '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid/squid.pid' '--with-swapdir=/var/squid/cache/squid' '--enable-auth' '--enable-build-info' '--enable-loadable-modules' '--enable-removal-policies=lru heap' '--disable-epoll' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-translation' '--disable-arch-native' '--disable-eui' '--enable-cache-digests' '--enable-delay-pools' '--disable-ecap' '--disable-esi' '--disable-follow-x-forwarded-for' '--enable-htcp' '--disable-icap-client' '--disable-icmp' '--enable-ident-lookups' '--enable-ipv6' '--enable-kqueue' '--without-large-files' '--disable-http-violations' '--disable-snmp' '--disable-ssl' '--disable-ssl-crtd' '--disable-stacktraces' '--disable-ipf-transparent' '--disable-ipfw-transparent' '--disable-pf-transparent' '--without-nat-devpf' '--enable-forw-via-db' '--enable-wccp' '--enable-wccpv2' '--enable-auth-basic=DB MSNT MSNT-multi-domain NCSA PAM POP3 RADIUS fake getpwnam NIS' '--enable-auth-digest=file' '--enable-external-acl-helpers=file_userip time_quota unix_group' '--enable-auth-negotiate=kerberos wrapper' '--enable-auth-ntlm=fake smb_lm' '--enable-storeio=ufs aufs diskd' '--enable-disk-io=AIO Blocking IpcIo Mmapped DiskThreads DiskDaemon' '--enable-log-daemon-helpers=file' '--enable-url-rewrite-helpers=fake' '--enable-storeid-rewrite-helpers=file' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd9.3' 'build_alias=i386-portbld-freebsd9.3' 'CC=cc' 'CFLAGS=-O2 -pipe -fno-strict-aliasing' 'LDFLAGS= -pthread' 'LIBS=' 'CPPFLAGS=' 'CXX=c++' 'CXXFLAGS=-O2 -pipe -fno-strict-aliasing' 'CPP=cpp' --enable-ltdl-convenience
> If not then add another worker at a time to make sure that it's not an
> issue(and bump the VM CPUs into more then 2 to something like 4-6).
The problem does not seem to be in the squid itself. It's in the
authentication helpers or their interaction with the main squid
process. Disabling authentication solves the performance/CPU problem.
> It will lower the load only on one instance of squid.
> It can also mean that there is a degradation between old squid
> versions and new squid versions bumping the need for more CPU then before.
This is incredible that a virtual host with 1GB RAM would require so
many resources for running just squid. Why would a web cache for 200+
users be a CPU hog?
Should I perhaps increase the number of negotiate children?
- --
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUSOZOAAoJEA2k8lmbXsY0XSYH/1Ni3gkhl8vgV0sN5B37c7Iu
ytznAbfUJ7HZJLJjMsvCMQTJ79SdvxKJRv0st7cWQnGmT4os6WaqEPBCPTonT5ik
rxZxaKD8t6vcTxlLc4jqEZIHLE981u0yl5TMTAxN/LfzYvMTZt4EPmzWCB0Cy6OH
5jeUmOrcYqjK1VvTsZB4/dKDVPbxR+v5BHHilZYplkQarMjtdXemZB+Eca8wbWC/
CgbciYsaJl1RiuXW9VcLLxHO+6ZjDqjEO1hb5L1kx2tIm8attBdVr4Rcw6Cb7nX7
l2uQuptHr+3eAi/mPRHyAc9lgXtsXVsa3a3XM0nYeNbnGhJUh2XQwgBUitwy094=
=uH3e
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list