Re: [squid-users] Odd behaivoir from Luis Daniel Lucio Quiroz on 2009-10-09 (squid-users)

From: Luis Daniel Lucio Quiroz <luis.daniel.lucio_at_gmail.com>
Date: Fri, 9 Oct 2009 11:41:08 -0500

Le mercredi 7 octobre 2009 04:55:00, Amos Jeffries a écrit :
> Luis Daniel Lucio Quiroz wrote:
> > Le mardi 6 octobre 2009 18:57:34, Amos Jeffries a écrit :
> >> On Tue, 6 Oct 2009 17:57:24 -0500, Luis Daniel Lucio Quiroz
> >>
> >> <luis.daniel.lucio_at_gmail.com> wrote:
> >>> Hi Squids,
> >>>
> >>> Using Squid 3.0.19 we're having problems adding one more ACL. Our
> >>> configuration has about 2000 http_access and about 2500 acl's.
> >>>
> >>> Now, adding one more acl, or even modifying a file pointed by an acl
> >>> such as
> >>> acl myacl dstregexp "myfile", our squid is slowing to much.
> >>>
> >>> Symtopms:
> >>> - squid -k pharse, OK
> >>> - squid -k reconfigure, squid slows. cache.log says squid is reloading
> >>
> >> but
> >>
> >>> it
> >>> is too slow, squid process begins to uses about 99% of cpu. No "dying"
> >>> message
> >>> at log.
> >>>
> >>> I wonder to know if there is a maximun in squid acl, https, regexp.
> >>
> >> No defined limits as such. It's just long lists/trees that need to be
> >> walked over individually on each use and built on reconfigure.
> >>
> >> The http_access list get walked once per request. Each ACL (mostly
> >> trees, some lists) get walked once per test. How fast or slow really
> >> depends on what types of ACL and what order you place them in
> >> http_access.
> >>
> >> Why do you have so many?
> >>
> >> Amos
> >
> > So many,
> > see my debug here http://pastebin.com/f197606fa
> > from lines 58-62, helpers delay too much. This is not a little machine,
> > it is 8 cpus amd @3.2Ghz, 64 bits, with 64 GB in RAM.
> > If we remove any ACL we've added, this does not occur.
>
> I see only three (3) ACL in that trace.
>
> The lines you point at for delay are helpers booting up, not related to
> ACL directly.
>
> The reported problem might have something to do with it:
> digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
>
> LDAP looking for and failing to find something it's configured to check
> of is likely to take a while. Or maybe that means the LDAP backend is
> not available at the startup time. Both problems equally as bad.
>
> Amos
>
I did http://bugs.squid-cache.org/show_bug.cgi?id=2796 with all information I
have
Received on Fri Oct 09 2009 - 16:41:19 MDT

This archive was generated by hypermail 2.2.0 : Fri Oct 09 2009 - 12:00:02 MDT