Had a closer look at the server and here is the cpuinfo
[root_at_wp-proxy tmp]# cat /proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 15
model : 37
model name : AMD Opteron(tm) Processor 244
stepping : 1
cpu MHz : 1791.758
cache size : 1024 KB
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat
pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt lm 3dnowext
3dnow up rep_good extd_apicid pni lahf_lm
bogomips : 3583.51
TLB size : 1024 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management: ts fid vid ttp
I am thinking that it just might be underpowered to do all the kerberos
work. When running squid with just ntlm it sits around 20% use.
Might have to ask for a faster server.
On Fri, 2012-04-20 at 07:20 +1000, Simon Dwyer wrote:
> Moved my production over to kerberos this morning with the correct
> export for kerberos and this is whats happening
>
> 20711 squid 20 0 32212 3748 1732 R 34.3 0.1 0:04.42
> squid_kerb_auth
> 20716 squid 20 0 32200 3748 1732 R 34.3 0.1 0:08.41
> squid_kerb_auth
> 20712 squid 20 0 30544 2196 1732 S 20.6 0.1 0:28.23
> squid_kerb_auth
>
> They are just the top 3 processes.
>
> When i am not using kerberos authentication my cpu is hardly touched.
>
> Any insight would be awesome.
>
> Simon
>
> On Thu, 2012-04-19 at 16:03 +1000, Simon Dwyer wrote:
> > Hi Markus,
> >
> > I have actually got this now setup on a second machine.
> >
> > When i put in the export the HTTP_23 does not appear anymore which i am
> > expecting.
> >
> > I will double check this in production tomorrow morning and see how i
> > go.
> >
> > Simon
> >
> > On Thu, 2012-04-19 at 15:49 +1000, Simon Dwyer wrote:
> > > Hi Markus,
> > >
> > > I do have a
> > >
> > > -rw-------. 1 squid squid 92907 Apr 19 08:21 HTTP_23
> > >
> > > which may have been the last time i tried to run it this morning.
> > >
> > > I wont be able to try it again till tomorrow morning to see if it
> > > modifies it
> > >
> > > Cheers,
> > >
> > > Simon
> > >
> > > On Thu, 2012-04-19 at 06:44 +0100, Markus Moeller wrote:
> > > > Hi Simon,
> > > >
> > > > Unfortunately I do not have a production environment to give you average
> > > > usage numbers.
> > > >
> > > > Can you check that you don't have a file in /var/tmp like (or at least is
> > > > not modified):
> > > >
> > > > -rw------- 1 squid nogroup 603 Apr 7 01:13 /var/tmp/opensuse12--HTTP-044_31
> > > >
> > > > This is the replay cache if not disabled.
> > > >
> > > > Markus
> > > >
> > > > "Simon Dwyer" <mail_at_simmyd.net> wrote in message
> > > > news:1334813176.2408.29.camel_at_sdwyer.federalit.net...
> > > > > Hi Markus,
> > > > >
> > > > > This is in the /etc/init.d/squid
> > > > >
> > > > > if [ -f /etc/sysconfig/squid ]; then
> > > > > . /etc/sysconfig/squid
> > > > > fi
> > > > >
> > > > > What should the cpu usage be of each squid_kerb_auth process when used?
> > > > >
> > > > > Cheers,
> > > > >
> > > > > Simon
> > > > >
> > > > > On Thu, 2012-04-19 at 06:15 +0100, Markus Moeller wrote:
> > > > >> Are you sure /etc/sysconfig/squid is sourced by the squid startup script
> > > > >> ?
> > > > >> Markus
> > > > >>
> > > > >> "Simon Dwyer" <mail_at_simmyd.net> wrote in message
> > > > >> news:1334789097.2408.17.camel_at_sdwyer.federalit.net...
> > > > >> > Hi all,
> > > > >> >
> > > > >> > I have got kerberos working and moved it to production but then the
> > > > >> > server started smashing its cpu. It seems that the squid_kerb_auth
> > > > >> > processes are killing the cpu.
> > > > >> >
> > > > >> > I have the following in my config.
> > > > >> >
> > > > >> > /etc/sysconfig/squid/
> > > > >> >
> > > > >> > KRB5RCACHETYPE=none
> > > > >> > export KRB5RCACHETYPE
> > > > >> >
> > > > >> > /etc/squid/squid.conf
> > > > >> >
> > > > >> > auth_param negotiate program /usr/bin/negotiate_wrapper
> > > > >> > --kerberos /usr/lib64/squid/squid_kerb_auth -i -r -s GSS_C_NO_NAME
> > > > >> > --ntlm /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> > > > >> > --domain=DOMAIN.EXAMPLE
> > > > >> > auth_param negotiate children 30
> > > > >> > auth_param negotiate keep_alive on
> > > > >> >
> > > > >> > From what i have read the first part should fix the high cpu issue but
> > > > >> > it doesnt seem to help.
> > > > >> >
> > > > >> > More the case i am having trouble getting that variable active.
> > > > >> >
> > > > >> > Anyone else come up on this?
> > > > >> >
> > > > >> > Simon
> > > > >> >
> > > > >> >
> > > > >>
> > > > >>
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Received on Thu Apr 19 2012 - 22:10:42 MDT
This archive was generated by hypermail 2.2.0 : Fri Apr 20 2012 - 12:00:04 MDT