[squid-users] tuning squid memory (aka avoiding the reaper)
Aaron Turner
synfinatic at gmail.com
Tue Oct 10 00:04:41 UTC 2017
So more testing. I haven't found the line in the info:mem logs which
is the red flag, but additional testing proves that the memleak has
something to do with ssl bumping. Once I turn that off, the memory
leaks stop.
this was the ssl related config options:
http_port 10.0.0.1:3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=400MB cert=/etc/squid/ssl_cert/myCA.pem
sslflags=NO_DEFAULT_CA
http_port localhost:3128
ssl_bump bump all
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4MB
sslcrtd_children 32 startup=2 idle=2
sslproxy_session_cache_size 100 MB
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all morality. "Something cannot emerge from nothing,"
he said. This is profound thinking if you understand how unstable
"the truth" can be. -- Frank Herbert, Dune
On Wed, Oct 4, 2017 at 10:53 AM, Alex Rousskov
<rousskov at measurement-factory.com> wrote:
> On 10/02/2017 09:37 PM, Aaron Turner wrote:
>> So it's leaking memory and not tracking it?
>
>
> That combination (or, to be more precise, its implication) is possible
> but relatively unlikely in your specific case -- when GBs are leaked,
> there is usually something tracked related to those GBs. Please note
> that what Squid _tracks_ may not amount to GBs of RAM! For example,
> Squid can track a tiny object that is included in every large untracked
> leaked object.
>
> A frequent leak often manifests itself in mgr:mem snapshots as a nearly
> always increasing counter of alive associated objects. If you take one
> snapshot every 30 minutes or so, then you may be able to identify
> suspects by comparing same-object alive counters across 5-10 snapshots.
> Sorry, I do not have the time to do that for the snapshots you have
> shared (and you probably need a different collection of snapshots to
> make this search more productive).
>
> Alex.
>
>
>> On Mon, Oct 2, 2017 at 8:25 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>>> On 03/10/17 04:39, Aaron Turner wrote:
>>>>
>>>> Anyone see anything useful?
>>>
>>>
>>> The numbers in those reports all seem reasonable to me. Nothing is showing
>>> up with GB of RAM used.
More information about the squid-users
mailing list