Page 1 of 2
MaxClients Problem
Posted: 2010-06-12 20:45
by neon
Hallo,
ich hab die letzten 2 Tage das Problem das bei meinem Apache die MaxClients nach ca. 30sec. erreicht werden. Die Besucherzahl ist nicht sonderlich gestiegen. Leider habe ich was den Apache angeht nur sehr wenig Erfahrung und weis einfach nichtmehr weiter und hoffe hier kann mir jemand die passenden Tipps geben.
Der Server hat 8GB Ram und einen i7 920 Quad-Core, Leistung sollte also ausreichend vorhanden sein. Die Besucherzahlen liegt zur Spitzenzeit bei ca. 4000 - 5000 am tag.
Meine apache conf sieht wie folgt aus (habe hier im Forum schon ein einige Themen durchgelesen und das ein oder andere Versucht, leider führte nichts zu erfolg. Deswegen poste ich meine zuvorige Einstellung und die derzeit Aktive:
Bevor ich etwas geändert habe:
Code: Select all
ServerRoot "/etc/apache2"
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
#<IfModule !mpm_winnt.c>
#<IfModule !mpm_netware.c>
LockFile /var/lock/apache2/accept.lock
#</IfModule>
#</IfModule>
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive Off
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 50
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 2
##
## Server-Pool Size Regulation (MPM specific)
##
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_prefork_module>
StartServers 100
MinSpareServers 100
MaxSpareServers 100
MaxClients 100
MaxRequestsPerChild 8000
</IfModule>
#<IfModule mpm_itk_module>
# StartServers 100
# MinSpareServers 100
# MaxSpareServers 100
# MaxClients 100
# MaxRequestsPerChild 8000
#</IfModule>
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
StartServers 50
MinSpareThreads 100
MaxSpareThreads 200
ThreadLimit 300
ThreadsPerChild 50
MaxClients 250
MaxRequestsPerChild 8000
</IfModule>
# event MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_event_module>
StartServers 100
MaxClients 250
MinSpareThreads 100
MaxSpareThreads 200
ThreadLimit 300
ThreadsPerChild 50
MaxRequestsPerChild 50
</IfModule>
# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog /var/log/apache2/error.log
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
# Include module configuration:
Include /etc/apache2/mods-enabled/*.load
Include /etc/apache2/mods-enabled/*.conf
# Include all the user configurations:
Include /etc/apache2/httpd.conf
# Include ports listing
Include /etc/apache2/ports.conf
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
#
# Define an access log for VirtualHosts that don't define their own logfile
CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
Include /etc/apache2/conf.d/
# Include the virtual host configurations:
Include /etc/apache2/sites-enabled/
Bei der derzeitig aktivierten Version habe ich das prefork modul auf folgendes geändert:
Code: Select all
ServerLimit 750
StartServers 50
MinSpareServers 50
MaxSpareServers 250
MaxClients 750
MaxRequestsPerChild 5000
Mit dieser Konfiguration kommt die MaxClients Fehlermeldung erst nach ca. 10min..
Ich habe leider auch keine Ahnung wie ich den Apache abfrage was sein derzeitiger Status ist und wie viele anfragen er gerade abarbeiten muss etc..
Edit: laut IPTraf sind über 80.000 TCP Connections offen, ist das normal? Diese steigen auch rasant an...
Grüße
Steffen
Re: MaxClients Problem
Posted: 2010-06-13 10:58
by dotme
Den Status der Worker-Threads kannst Du per
mod_status einsehen.
Hast Du schon mal die Auslastung von CPU, RAM, IO (Netzwerk & Festplatten) geprüft?
Re: MaxClients Problem
Posted: 2010-06-13 11:45
by Joe User
Schuss ins Blaue: Deine my.cnf bitte.
Re: MaxClients Problem
Posted: 2010-06-13 11:51
by neon
Jetzt läuft der Server recht stabil weshalb ein TOP gerade wenig Aussagekraft hat.
Hier meine my.cnf:
Code: Select all
#
# The MySQL database server configuration file.
#
# You can copy this to one of:
# - "/etc/mysql/my.cnf" to set global options,
# - "~/.my.cnf" to set user-specific options.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
# This will be passed to all mysql clients
# It has been reported that passwords should be enclosed with ticks/quotes
# escpecially if they contain "#" chars...
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
# Here is entries for some specific programs
# The following values assume you have at least 32M ram
# This was formally known as [safe_mysqld]. Both versions are currently parsed.
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
[mysqld]
#
# * Basic Settings
#
#
# * IMPORTANT
# If you make changes to these settings and your system uses apparmor, you may
# also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
#
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
#
# * Fine Tuning
#
key_buffer = 16M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam-recover = BACKUP
#max_connections = 100
table_cache = 768
#thread_concurrency = 10
#
# * Query Cache Configuration
#
query_cache_limit = 1M
query_cache_size = 16M
table_definition_cache = 768
tmp_table_size = 32M
max_heap_table_size = 32M
read_buffer_size = 256K
open_files_limit = 2048
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
# As of 5.1 you can enable the log at runtime!
#general_log_file = /var/log/mysql/mysql.log
#general_log = 1
#
# Error logging goes to syslog due to /etc/mysql/conf.d/mysqld_safe_syslog.cnf.
#
# Here you can see queries with especially long duration
log_slow_queries = /var/log/mysql/mysql-slow.log
long_query_time = 2
#log-queries-not-using-indexes
#
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
# other settings you may need to change.
#server-id = 1
#log_bin = /var/log/mysql/mysql-bin.log
expire_logs_days = 10
max_binlog_size = 100M
#binlog_do_db = include_database_name
#binlog_ignore_db = include_database_name
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
#
# * Security Features
#
# Read the manual, too, if you want chroot!
# chroot = /var/lib/mysql/
#
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
#
# ssl-ca=/etc/mysql/cacert.pem
# ssl-cert=/etc/mysql/server-cert.pem
# ssl-key=/etc/mysql/server-key.pem
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
[mysql]
#no-auto-rehash # faster start of mysql but no tab completition
[isamchk]
key_buffer = 16M
#
# * IMPORTANT: Additional settings that can override those from this file!
# The files must end with '.cnf', otherwise they'll be ignored.
#
!includedir /etc/mysql/conf.d/
Und hier noch eine Munin-Statistik. Läuft allerdings erst seit gestern Abend.
http://data.mainflow.de/filessl/e0fbced ... 83d9e6.pdf
Re: MaxClients Problem
Posted: 2010-06-13 12:03
by neon
Ja ist auch meine Befürchtung bezüglich DOS-Attacke. Gibt es Anzeichen wie ich diese am besten erkenne (SSH-Zugang lief zu jederzeit flüssig) und was ich in dem moment tun kann? Heute Abend wird die Last wieder größer sein dann melde ich mich nochmals. Ich habe persönlich auch das Gefühl das die 750 Prozesse deutlich überdimensioniert sind für das was auf dem Server passiert.
Vielen Dank schonmal für die Hilfe!
Re: MaxClients Problem
Posted: 2010-06-13 12:24
by Joe User
Diese my.cnf sollte schonmal etwas angenehmer sein:
Code: Select all
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysql]
prompt = \u@\h [\d]>\_
no_auto_rehash
[mysqldump]
max_allowed_packet = 32M
quote_names
quick
[isamchk]
key_buffer_size = 256M
[myisamchk]
key_buffer_size = 256M
[mysqld]
user = mysql
port = 3306
bind_address = 127.0.0.1
socket = /var/run/mysqld/mysqld.sock
pid-file = /var/run/mysqld/mysqld.pid
slow_query_log = /var/log/mysql/mysql-slow.log
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /var/tmp
log_bin = /var/log/mysql/mysql-bin.log
server_id = 1
back_log = 50
sync_binlog = 1
binlog_cache_size = 1M
max_binlog_size = 100M
expire_logs_days = 7
safe_user_create = 1
delay_key_write = ALL
myisam_recover = FORCE,BACKUP
key_buffer_size = 256M
record_buffer = 2M
join_buffer_size = 2M
sort_buffer_size = 2M
read_buffer_size = 2M
read_rnd_buffer_size = 8M
myisam_sort_buffer_size = 64M
max_allowed_packet = 32M
max_heap_table_size = 64M
tmp_table_size = 64M
table_cache = 768
query_cache_type = 1
query_cache_size = 256M
query_cache_limit = 16M
thread_concurrency = 8
thread_cache_size = 24
max_connections = 100
ft_max_word_len = 20
ft_min_word_len = 3
long_query_time = 2
local_infile = 0
log_warnings = 2
log_queries_not_using_indexes
log_long_format
skip_locking
skip_external_locking
skip-character-set-client-handshake
[mysqlhotcopy]
interactive_timeout
!includedir /etc/mysql/conf.d/
Apache-MPM setzen wir erstmal auf die Default-Werte zurück, die sind oft ausreichend:
Code: Select all
Timeout 300
KeepAlive On
KeepAliveTimeout 2
MaxKeepAliveRequests 100
<IfModule mpm_prefork_module>
StartServers 10
MinSpareServers 10
MaxSpareServers 10
MaxClients 200
MaxRequestsPerChild 500
</IfModule>
<IfModule mpm_worker_module>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 500
</IfModule>
Danach Apache, MySQL und alle Dienste die auf MySQL zugreifen neu starten.
Nach circa zwei bis sechs Stunden bitte ein Update zur Auslastung posten, danke.
Re: MaxClients Problem
Posted: 2010-06-13 14:34
by neon
OK habe deine Config-Vorschläge mal so übernommen aber die 100 mysql-connections auf die 50 herabgesetzt. Seitdem ich das server_status modul aktiviert habe zeichnet munin allerdings keine Apache-Prozesse mehr auf, kann das daran liegen?
Edit: mit dem Munin hab ich schon gefunden.
Serverstatus mit den neuen Config-Dateien:
Code: Select all
Server Version: Apache/2.2.12 (Ubuntu) PHP/5.2.10-2ubuntu6.4 with Suhosin-Patch
Server Built: Mar 9 2010 22:11:44
Current Time: Sunday, 13-Jun-2010 14:35:48 CEST
Restart Time: Sunday, 13-Jun-2010 14:32:38 CEST
Parent Server Generation: 0
Server uptime: 3 minutes 9 seconds
19 requests currently being processed, 12 idle workers
..__WC.CC___C__C.CC_C.C_.C..C_CK..C..C_...KC_K..................
................................................................
................................................................
................................................................
Scoreboard Key:
"_" Waiting for Connection, "S" Starting up, "R" Reading Request,
"W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
"C" Closing connection, "L" Logging, "G" Gracefully finishing,
"I" Idle cleanup of worker, "." Open slot with no current process
PID Key:
10371 in state: _ , 10391 in state: _ , 10373 in state: W
10374 in state: C , 10562 in state: C , 10245 in state: C
10574 in state: _ , 10392 in state: _ , 10379 in state: _
10380 in state: C , 10575 in state: _ , 10252 in state: _
10393 in state: C , 10383 in state: C , 10580 in state: C
10578 in state: _ , 10331 in state: C , 10286 in state: C
10563 in state: _ , 10394 in state: C , 10387 in state: C
10395 in state: _ , 10268 in state: C , 10269 in state: K
10390 in state: C , 10398 in state: C , 10399 in state: _
10401 in state: K , 10322 in state: C , 10402 in state: _
10403 in state: K ,
Top:
Code: Select all
top - 14:36:06 up 21:25, 1 user, load average: 0.39, 0.49, 0.54
Tasks: 209 total, 1 running, 208 sleeping, 0 stopped, 0 zombie
Cpu(s): 3.4%us, 0.8%sy, 0.0%ni, 95.6%id, 0.2%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 8188044k total, 2952480k used, 5235564k free, 226048k buffers
Swap: 4200888k total, 0k used, 4200888k free, 2076780k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
8667 mysql 20 0 725m 160m 7284 S 17 2.0 1:23.65 mysqld
10597 www-data 20 0 260m 15m 7164 S 3 0.2 0:00.09 apache2
10592 www-data 20 0 260m 15m 7508 S 3 0.2 0:00.08 apache2
10596 www-data 20 0 260m 14m 6584 S 3 0.2 0:00.08 apache2
10374 www-data 20 0 261m 20m 10m S 2 0.3 0:00.28 apache2
10245 www-data 20 0 260m 20m 12m S 1 0.3 0:00.58 apache2
10394 www-data 20 0 260m 18m 9.9m S 1 0.2 0:00.51 apache2
10403 www-data 20 0 259m 21m 14m S 1 0.3 0:00.37 apache2
10586 www-data 20 0 258m 8680 2716 S 1 0.1 0:00.03 apache2
10587 www-data 20 0 260m 16m 8124 S 1 0.2 0:00.13 apache2
10589 www-data 20 0 258m 8664 2716 S 1 0.1 0:00.03 apache2
10252 www-data 20 0 261m 20m 11m S 1 0.3 0:00.39 apache2
10580 www-data 20 0 260m 16m 8068 S 1 0.2 0:00.13 apache2
10583 www-data 20 0 261m 16m 7928 S 1 0.2 0:00.22 apache2
416 root 15 -5 0 0 0 S 0 0.0 0:05.21 md2_raid1
10234 root 20 0 257m 11m 5812 S 0 0.1 0:00.09 apache2
10367 root 20 0 19252 1444 992 R 0 0.0 0:00.31 top
10383 www-data 20 0 260m 16m 8216 S 0 0.2 0:00.35 apache2
10391 www-data 20 0 261m 21m 12m S 0 0.3 0:00.25 apache2
10575 www-data 20 0 260m 16m 8688 S 0 0.2 0:00.25 apache2
10585 www-data 20 0 260m 16m 8076 S 0 0.2 0:00.10 apache2
10601 www-data 20 0 257m 6140 528 S 0 0.1 0:00.01 apache2
1 root 20 0 19316 1708 1192 S 0 0.0 0:01.43 init
2 root 15 -5 0 0 0 S 0 0.0 0:00.00 kthreadd
3 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/0
4 root 15 -5 0 0 0 S 0 0.0 0:03.16 ksoftirqd/0
5 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/0
6 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/1
7 root 15 -5 0 0 0 S 0 0.0 0:00.98 ksoftirqd/1
8 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/1
9 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/2
10 root 15 -5 0 0 0 S 0 0.0 3:58.22 ksoftirqd/2
11 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/2
12 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/3
13 root 15 -5 0 0 0 S 0 0.0 0:06.94 ksoftirqd/3
14 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/3
15 root RT -5 0 0 0 S 0 0.0 0:00.02 migration/4
16 root 15 -5 0 0 0 S 0 0.0 0:00.00 ksoftirqd/4
17 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/4
18 root RT -5 0 0 0 S 0 0.0 0:00.07 migration/5
19 root 15 -5 0 0 0 S 0 0.0 0:00.04 ksoftirqd/5
20 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/5
21 root RT -5 0 0 0 S 0 0.0 0:00.03 migration/6
22 root 15 -5 0 0 0 S 0 0.0 0:00.04 ksoftirqd/6
23 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/6
24 root RT -5 0 0 0 S 0 0.0 0:00.06 migration/7
25 root 15 -5 0 0 0 S 0 0.0 0:00.01 ksoftirqd/7
26 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/7
27 root 15 -5 0 0 0 S 0 0.0 0:00.01 events/0
28 root 15 -5 0 0 0 S 0 0.0 0:00.00 events/1
29 root 15 -5 0 0 0 S 0 0.0 0:00.04 events/2
30 root 15 -5 0 0 0 S 0 0.0 0:00.05 events/3
31 root 15 -5 0 0 0 S 0 0.0 0:00.00 events/4
32 root 15 -5 0 0 0 S 0 0.0 0:00.00 events/5
33 root 15 -5 0 0 0 S 0 0.0 0:00.00 events/6
Re: MaxClients Problem
Posted: 2010-06-13 20:04
by neon
So jetzt sind die anfragen wieder gestiegen und munin kann wohl nichtsmehr aufzeichen, die Seite ist auch so gut wie nichtmehr erreichbar:
TOP:
Code: Select all
top - 20:02:24 up 1 day, 2:51, 1 user, load average: 0.15, 0.15, 0.11
Tasks: 367 total, 1 running, 366 sleeping, 0 stopped, 0 zombie
Cpu(s): 6.1%us, 1.8%sy, 0.0%ni, 91.4%id, 0.2%wa, 0.1%hi, 0.4%si, 0.0%st
Mem: 8188044k total, 3708356k used, 4479688k free, 264728k buffers
Swap: 4200888k total, 0k used, 4200888k free, 2394608k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
8667 mysql 20 0 885m 325m 7408 S 47 4.1 66:29.79 mysqld
6922 www-data 20 0 260m 16m 7932 S 7 0.2 0:00.28 apache2
6611 www-data 20 0 260m 16m 7772 S 3 0.2 0:00.10 apache2
6933 www-data 20 0 260m 15m 7516 S 3 0.2 0:00.10 apache2
7101 www-data 20 0 257m 6560 648 S 1 0.1 0:00.02 apache2
10 root 15 -5 0 0 0 S 0 0.0 5:04.48 ksoftirqd/2
1589 postgres 20 0 98336 1648 604 S 0 0.0 0:04.75 postgres
7080 root 20 0 19376 1560 992 R 0 0.0 0:00.06 top
7097 www-data 20 0 257m 6912 980 S 0 0.1 0:00.01 apache2
7098 www-data 20 0 257m 6560 648 S 0 0.1 0:00.01 apache2
1 root 20 0 19316 1708 1192 S 0 0.0 0:01.44 init
2 root 15 -5 0 0 0 S 0 0.0 0:00.00 kthreadd
3 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/0
4 root 15 -5 0 0 0 S 0 0.0 0:04.79 ksoftirqd/0
5 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/0
6 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/1
7 root 15 -5 0 0 0 S 0 0.0 0:01.00 ksoftirqd/1
8 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/1
9 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/2
11 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/2
12 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/3
13 root 15 -5 0 0 0 S 0 0.0 0:09.22 ksoftirqd/3
14 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/3
15 root RT -5 0 0 0 S 0 0.0 0:00.03 migration/4
16 root 15 -5 0 0 0 S 0 0.0 0:00.00 ksoftirqd/4
17 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/4
18 root RT -5 0 0 0 S 0 0.0 0:00.08 migration/5
19 root 15 -5 0 0 0 S 0 0.0 0:00.04 ksoftirqd/5
20 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/5
21 root RT -5 0 0 0 S 0 0.0 0:00.05 migration/6
22 root 15 -5 0 0 0 S 0 0.0 0:00.05 ksoftirqd/6
23 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/6
24 root RT -5 0 0 0 S 0 0.0 0:00.07 migration/7
25 root 15 -5 0 0 0 S 0 0.0 0:00.01 ksoftirqd/7
26 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/7
27 root 15 -5 0 0 0 S 0 0.0 0:00.01 events/0
28 root 15 -5 0 0 0 S 0 0.0 0:00.00 events/1
29 root 15 -5 0 0 0 S 0 0.0 0:00.06 events/2
30 root 15 -5 0 0 0 S 0 0.0 0:00.05 events/3
31 root 15 -5 0 0 0 S 0 0.0 0:00.00 events/4
32 root 15 -5 0 0 0 S 0 0.0 0:00.00 events/5
33 root 15 -5 0 0 0 S 0 0.0 0:00.00 events/6
34 root 15 -5 0 0 0 S 0 0.0 0:00.01 events/7
35 root 15 -5 0 0 0 S 0 0.0 0:00.00 cpuset
36 root 15 -5 0 0 0 S 0 0.0 0:00.00 khelper
37 root 15 -5 0 0 0 S 0 0.0 0:00.00 netns
38 root 15 -5 0 0 0 S 0 0.0 0:00.00 async/mgr
39 root 15 -5 0 0 0 S 0 0.0 0:00.00 kintegrityd/0
40 root 15 -5 0 0 0 S 0 0.0 0:00.00 kintegrityd/1
41 root 15 -5 0 0 0 S 0 0.0 0:00.00 kintegrityd/2
42 root 15 -5 0 0 0 S 0 0.0 0:00.00 kintegrityd/3
43 root 15 -5 0 0 0 S 0 0.0 0:00.00 kintegrityd/4
44 root 15 -5 0 0 0 S 0 0.0 0:00.00 kintegrityd/5
Server Status:
Code: Select all
Server Version: Apache/2.2.12 (Ubuntu) PHP/5.2.10-2ubuntu6.4 with Suhosin-Patch
Server Built: Mar 9 2010 22:11:44
Current Time: Sunday, 13-Jun-2010 20:03:23 CEST
Restart Time: Sunday, 13-Jun-2010 14:51:30 CEST
Parent Server Generation: 1
Server uptime: 5 hours 11 minutes 53 seconds
Total accesses: 266760 - Total Traffic: 3.2 GB
CPU Usage: u8.91 s3.52 cu.01 cs0 - .0665% CPU load
14.3 requests/sec - 180.3 kB/second - 12.6 kB/request
200 requests currently being processed, 0 idle workers
RRRWRRRRRRRRRRRRRRRRRRRRRKRRRRRRRRRRRWRRRRRRRRKKRRRRRRRRRRKRRRRR
KRRRRRRRRRRRRRKRRRRRRRRRRRRRRKRRRRRRRRRRRRRRKRRRRRKRRRRRRRKRRRRR
RRKRRRRRRRRRRRKRRRRKRRRRRRRRRRRRKRRRRRRRRRRRRRRRRWRRRRRRRRKRRRRR
RRKRRRRR........................................................
Scoreboard Key:
"_" Waiting for Connection, "S" Starting up, "R" Reading Request,
"W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
"C" Closing connection, "L" Logging, "G" Gracefully finishing,
"I" Idle cleanup of worker, "." Open slot with no current process
Und hiervon gibt es auch etliche:
Code: Select all
1-0 7306 0/1/1 R 0.04 6 65 0.0 0.00 0.00 ? ? ..reading..
Munin:
http://data.mainflow.de/filessl/0c22453 ... 97ee7c.pdf
Habe jetzt nochmals auf die alte config gewechselt mit den hohen Einstellungen damit die Seite wenigstens wieder erreichbar ist, server status:
Code: Select all
Server Version: Apache/2.2.12 (Ubuntu) PHP/5.2.10-2ubuntu6.4 with Suhosin-Patch
Server Built: Mar 9 2010 22:11:44
Current Time: Sunday, 13-Jun-2010 20:10:02 CEST
Restart Time: Sunday, 13-Jun-2010 20:07:25 CEST
Parent Server Generation: 0
Server uptime: 2 minutes 37 seconds
Total accesses: 3294 - Total Traffic: 43.7 MB
CPU Usage: u27.85 s23.12 cu0 cs0 - 32.5% CPU load
21 requests/sec - 285.2 kB/second - 13.6 kB/request
726 requests currently being processed, 24 idle workers
CRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
_RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRCRRR
RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRRRRRRRRRCRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRRRR_RRRRRRRRRRRRRRRRRRRRRRRCRRRRRRRRRRRRRRRRRRR
RRRRR_RRRRRRRRRWRRRRRRRRRRRRRRRRRRRRRRRRRRRRRWRRRRRRRRRRRRRWRRRR
RRRRRRRRRRRRRRRRRRRRRCRRRRRRRRRRRWRRRCRRRRRRRRRR_RRCRRRRRRRRRRRR
RRRRRRRRRRRRRRRRCRRRRRRRCRRRRRRRRRRRRRRRRRRWRRRRRRRRRRRRRRRRRRRR
RRRRRRRCRRRRRRRRRRRRRRRRRRRRRRRRRRRRR_RRRR_RRRRR_RRRRRRRRRRRRRRR
RR_RRRWRR_RRRRRRRRR_R_R_RCRRRRRRRRRRRRRRRWWRRRRRRR_RRRRR__RRRRRR
CRRR_RCR_R_CR_RRR_RRRRR_RRRCR__RRR_RRRRRRRRCRR
Re: MaxClients Problem
Posted: 2010-06-13 20:25
by Joe User
OK, dann bitte MySQLs max_connections auf 100 und Apache auf
Code: Select all
<IfModule mpm_prefork_module>
StartServers 20
MinSpareServers 10
MaxSpareServers 25
MaxClients 500
MaxRequestsPerChild 500
</IfModule>
setzen.
Re: MaxClients Problem
Posted: 2010-06-13 20:33
by neon
Danke für die schnelle Antwort. Habe die Einstellungen vorgenommen und warte nun mal ein wenig ab. Was bedeuten diese "Reading" ausgaben bzw. kann hier nun von einem DOS ausgegangen werden?
Re: MaxClients Problem
Posted: 2010-06-13 20:40
by neon
Code: Select all
Server Version: Apache/2.2.12 (Ubuntu) PHP/5.2.10-2ubuntu6.4 with Suhosin-Patch
Server Built: Mar 9 2010 22:11:44
Current Time: Sunday, 13-Jun-2010 20:39:46 CEST
Restart Time: Sunday, 13-Jun-2010 20:30:39 CEST
Parent Server Generation: 0
Server uptime: 9 minutes 7 seconds
Total accesses: 7258 - Total Traffic: 92.2 MB
CPU Usage: u15.44 s10.7 cu0 cs0 - 4.78% CPU load
13.3 requests/sec - 172.6 kB/second - 13.0 kB/request
493 requests currently being processed, 0 idle workers
RRRRRRKRRR.RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRCRRRRRRRRRRRRR
RRRRRCRRRRRRRRRRRRRRRRRRRRRRRCCRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
RRRRRRCRRRRRR..RCRRRRRRRRRRRRRRRRRRRRRRRRRRRRCRRRRRRRRRRRRKRRKRR
RRCRRRRRRRRRRRRRRCRRRRRRRRRRRRRCRRRRRRRRRRRRRCRRRRRRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRRRWRRRRRRRRRRRRRRRRRRRRRRRRRRRR.RRRRRRRRRRRRRRR
RRRR.RRRRRRRRRRRRRRRRRRRRKRRRRRRRRRRCRRRRRRRKRR.RRRRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRCRRR.RRRRCRRRRRRCCRRRRRKRRRRRKRRRRRRRRRRRRRRRRR
RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRCRRRRRRRRRRRRKRKRR
Code: Select all
top - 20:40:16 up 1 day, 3:29, 1 user, load average: 0.29, 1.15, 1.47
Tasks: 660 total, 9 running, 646 sleeping, 0 stopped, 5 zombie
Cpu(s): 1.9%us, 1.3%sy, 0.0%ni, 93.6%id, 0.2%wa, 1.0%hi, 2.1%si, 0.0%st
Mem: 8188044k total, 3832376k used, 4355668k free, 265056k buffers
Swap: 4200888k total, 0k used, 4200888k free, 2426164k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
11652 mysql 20 0 743m 159m 7252 S 8 2.0 1:30.67 mysqld
15750 www-data 20 0 259m 14m 7088 S 4 0.2 0:00.11 apache2
15444 www-data 20 0 259m 13m 6264 S 1 0.2 0:00.06 apache2
15295 root 20 0 19536 1824 992 R 1 0.0 0:00.52 top
15449 www-data 20 0 258m 11m 5132 S 1 0.1 0:00.04 apache2
15090 www-data 20 0 0 0 0 Z 1 0.0 0:00.08 apache2 <defunct>
15309 www-data 20 0 257m 6800 1116 S 1 0.1 0:00.05 apache2
15311 www-data 20 0 257m 6812 1120 S 1 0.1 0:00.10 apache2
15453 www-data 20 0 259m 11m 5232 S 1 0.1 0:00.04 apache2
15457 www-data 20 0 258m 8008 2260 S 1 0.1 0:00.03 apache2
15570 www-data 20 0 258m 11m 5136 S 1 0.1 0:00.05 apache2
15752 www-data 20 0 257m 6296 664 R 1 0.1 0:00.02 apache2
15755 www-data 20 0 257m 6288 656 S 1 0.1 0:00.02 apache2
15760 www-data 20 0 257m 6292 660 S 1 0.1 0:00.02 apache2
11126 root 20 0 257m 11m 5880 S 0 0.1 0:01.13 apache2
11408 www-data 20 0 0 0 0 Z 0 0.0 0:00.04 apache2 <defunct>
13805 www-data 20 0 0 0 0 Z 0 0.0 0:00.20 apache2 <defunct>
14248 www-data 20 0 257m 6292 660 S 0 0.1 0:00.01 apache2
15257 www-data 20 0 258m 11m 5148 R 0 0.1 0:00.04 apache2
15266 www-data 20 0 258m 11m 5140 R 0 0.1 0:00.07 apache2
15281 www-data 20 0 261m 16m 7744 S 0 0.2 0:00.13 apache2
15289 www-data 20 0 257m 6288 656 S 0 0.1 0:00.02 apache2
15346 www-data 20 0 0 0 0 Z 0 0.0 0:00.05 apache2 <defunct>
15359 www-data 20 0 0 0 0 Z 0 0.0 0:00.04 apache2 <defunct>
15399 www-data 20 0 261m 16m 7732 S 0 0.2 0:00.15 apache2
15404 www-data 20 0 257m 6292 660 S 0 0.1 0:00.02 apache2
15408 www-data 20 0 261m 16m 7728 S 0 0.2 0:00.12 apache2
15410 www-data 20 0 257m 6292 660 S 0 0.1 0:00.02 apache2
15434 www-data 20 0 257m 6648 988 S 0 0.1 0:00.02 apache2
15441 www-data 20 0 257m 6292 660 S 0 0.1 0:00.03 apache2
15462 www-data 20 0 258m 7092 1232 S 0 0.1 0:00.04 apache2
15478 www-data 20 0 257m 6288 656 S 0 0.1 0:00.03 apache2
15680 www-data 20 0 257m 6816 1124 S 0 0.1 0:00.01 apache2
15714 www-data 20 0 257m 6288 656 S 0 0.1 0:00.03 apache2
15729 www-data 20 0 257m 6292 660 R 0 0.1 0:00.02 apache2
15741 www-data 20 0 257m 6292 660 S 0 0.1 0:00.01 apache2
15754 www-data 20 0 257m 6288 656 S 0 0.1 0:00.01 apache2
15757 www-data 20 0 257m 6292 660 S 0 0.1 0:00.01 apache2
15758 www-data 20 0 257m 6288 656 S 0 0.1 0:00.01 apache2
1 root 20 0 19316 1708 1192 S 0 0.0 0:01.44 init
2 root 15 -5 0 0 0 S 0 0.0 0:00.00 kthreadd
3 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/0
4 root 15 -5 0 0 0 S 0 0.0 0:04.92 ksoftirqd/0
5 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/0
6 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/1
7 root 15 -5 0 0 0 S 0 0.0 0:01.03 ksoftirqd/1
8 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/1
9 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/2
10 root 15 -5 0 0 0 S 0 0.0 5:09.54 ksoftirqd/2
11 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/2
12 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/3
13 root 15 -5 0 0 0 S 0 0.0 0:09.49 ksoftirqd/3
14 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/3
Munin protokoliert den apache nichtmehr.
Re: MaxClients Problem
Posted: 2010-06-13 21:55
by neon
Also Max_used_connections liegt bei 13. Das sollte also kein Problem darstellen. Der Apache ist ist in der aktuellsten version was das apt-get hergibt, spiele eigentlich jeden Tag die updates ein.
Woran erkenne ich genau ob es eine slowloris Attacke ist? Was kann man dagegen unternehmen außer auf einen anderen Server zu wechseln? Linux komme ich so zwar ganz gut zurecht aber gerade bei solchen dingen habe ich leider keine Ahnung wo ich ansetzen muss um überhaupt zu erkennen was genau vor geht.
Edit: o.k. was man gegen slowloris machen kann habe ich gefunden, nun müsste ich nur sicher gehen das es sich dabei auch darum handelt. Mich würde eure meinung dazu auch interessieren:
http://mod-qos.sourceforge.net/
http://www.howtoforge.com/how-to-defend ... bian-lenny
PS: mir fällt gerade auf das ich es noch nicht explizit erwähnt habe, hier noch ein uname -a:
Linux 2.6.31-22-server #60-Ubuntu SMP Thu May 27 03:42:09 UTC 2010 x86_64 GNU/Linux
Von der Prozessorlast sieht soweit eigentlich auch noch ganz gut aus das noch Resourcen verfügbar sein sollten, hier nochmals ein aktuelles top:
Code: Select all
top - 21:56:22 up 1 day, 4:45, 2 users, load average: 1.12, 0.67, 0.66
Tasks: 455 total, 1 running, 452 sleeping, 0 stopped, 2 zombie
Cpu(s): 1.4%us, 2.2%sy, 0.0%ni, 90.8%id, 2.6%wa, 1.7%hi, 1.3%si, 0.0%st
Mem: 8188044k total, 3599800k used, 4588244k free, 265636k buffers
Swap: 4200888k total, 0k used, 4200888k free, 2477056k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
30411 www-data 20 0 260m 16m 8048 S 4 0.2 0:00.11 apache2
30271 www-data 20 0 258m 12m 6080 S 1 0.2 0:00.07 apache2
30330 www-data 20 0 258m 11m 4792 S 1 0.1 0:00.06 apache2
30374 www-data 20 0 258m 7316 1192 S 1 0.1 0:00.03 apache2
11652 mysql 20 0 813m 205m 7416 S 1 2.6 13:44.53 mysqld
30162 www-data 20 0 0 0 0 Z 1 0.0 0:00.07 apache2 <defunct>
30202 root 20 0 19400 1636 992 R 1 0.0 0:00.18 top
30210 www-data 20 0 257m 6288 656 S 1 0.1 0:00.07 apache2
30246 www-data 20 0 257m 6288 656 S 1 0.1 0:00.03 apache2
30250 www-data 20 0 258m 6884 1060 S 1 0.1 0:00.05 apache2
30259 www-data 20 0 261m 16m 7684 S 1 0.2 0:00.14 apache2
30426 www-data 20 0 257m 6288 656 S 1 0.1 0:00.02 apache2
28761 www-data 20 0 257m 6512 868 S 0 0.1 0:00.02 apache2
28768 www-data 20 0 257m 6288 656 S 0 0.1 0:00.07 apache2
30198 www-data 20 0 259m 11m 5228 S 0 0.1 0:00.05 apache2
30206 www-data 20 0 257m 6288 656 S 0 0.1 0:00.03 apache2
30213 www-data 20 0 258m 8660 2708 S 0 0.1 0:00.06 apache2
30225 www-data 20 0 257m 6808 1116 S 0 0.1 0:00.05 apache2
30233 www-data 20 0 257m 6288 656 S 0 0.1 0:00.03 apache2
30238 www-data 20 0 257m 6808 1116 S 0 0.1 0:00.02 apache2
30240 www-data 20 0 257m 6648 988 S 0 0.1 0:00.03 apache2
30255 www-data 20 0 257m 6288 656 S 0 0.1 0:00.05 apache2
30257 www-data 20 0 257m 6288 656 S 0 0.1 0:00.05 apache2
30260 www-data 20 0 258m 11m 5144 S 0 0.1 0:00.02 apache2
30263 www-data 20 0 257m 6288 656 S 0 0.1 0:00.04 apache2
30267 www-data 20 0 258m 11m 5136 S 0 0.1 0:00.05 apache2
30270 www-data 20 0 0 0 0 Z 0 0.0 0:00.17 apache2 <defunct>
30282 www-data 20 0 257m 6288 656 S 0 0.1 0:00.04 apache2
30284 www-data 20 0 258m 8652 2720 S 0 0.1 0:00.09 apache2
30290 www-data 20 0 257m 6288 656 S 0 0.1 0:00.02 apache2
30293 www-data 20 0 257m 6808 1116 S 0 0.1 0:00.02 apache2
30299 www-data 20 0 257m 6288 656 S 0 0.1 0:00.03 apache2
30306 www-data 20 0 257m 6288 656 S 0 0.1 0:00.03 apache2
30317 www-data 20 0 257m 6288 656 S 0 0.1 0:00.04 apache2
30326 www-data 20 0 257m 6288 656 S 0 0.1 0:00.02 apache2
30327 www-data 20 0 258m 6844 1136 S 0 0.1 0:00.01 apache2
30342 www-data 20 0 257m 6288 656 S 0 0.1 0:00.02 apache2
30352 www-data 20 0 260m 15m 7440 S 0 0.2 0:00.13 apache2
30357 www-data 20 0 257m 6288 656 S 0 0.1 0:00.01 apache2
30359 www-data 20 0 258m 11m 5104 S 0 0.1 0:00.04 apache2
30360 www-data 20 0 257m 6288 656 S 0 0.1 0:00.01 apache2
30362 www-data 20 0 257m 6288 656 S 0 0.1 0:00.02 apache2
30367 www-data 20 0 258m 11m 5132 S 0 0.1 0:00.04 apache2
30370 www-data 20 0 258m 6836 1128 S 0 0.1 0:00.03 apache2
30375 www-data 20 0 257m 6288 656 S 0 0.1 0:00.04 apache2
30381 www-data 20 0 257m 6292 660 S 0 0.1 0:00.02 apache2
30385 www-data 20 0 257m 6292 660 S 0 0.1 0:00.02 apache2
30391 www-data 20 0 257m 6292 660 S 0 0.1 0:00.01 apache2
30393 www-data 20 0 257m 6292 660 S 0 0.1 0:00.02 apache2
30395 www-data 20 0 257m 6288 656 S 0 0.1 0:00.02 apache2
30401 www-data 20 0 258m 11m 4792 S 0 0.1 0:00.03 apache2
30403 www-data 20 0 257m 6288 656 S 0 0.1 0:00.01 apache2
30408 www-data 20 0 257m 6292 660 S 0 0.1 0:00.01 apache2
Re: MaxClients Problem
Posted: 2010-06-13 23:00
by Joe User
OK, dann können die MySQL max_connections wieder auf 25-50 runter.
Was für eine Applikation läuft denn da überhaupt?
Welche Apache-Module werden geladen und welche werden zwingend benötigt?
Sind SYN_COOKIES aktiviert? Läuft irgendeine Art von "Firewall" beziehungsweise Paketfiltert?
Re: MaxClients Problem
Posted: 2010-06-13 23:11
by neon
Die MySQL-Connections habe ich wieder nach unten geregelt, werde dann die MaxClients erhöhen wenn es sein muss. Wie ist das da bezüglich Ram kann man grob sagen wie viel Ram ein Client benötigt oder ist das auch von den MaxRequestsPerChild abhängig?
Als Applikation läuft derzeit ein vBulletin-Forum und noch eine recht alte Version von xt:commerce die ich im moment leider nicht updaten kann (ende des Jahres wird auf ein anderes System gewechselt, so lange muss man damit leider noch leben). Wir haben am Freitag gerade ein recht umfangreiches update eingespielt dass die Konkurenz des Kunden wohl nicht so sehr freut. Ich gehe deswegen davon aus das jemand der Mitbewerber für das ganze verantwortlich ist, mit Sicherheit sagen kann man das natürlich nicht.
SYN_COOKIES sagt mir schon nichts, deswegen gehe ich nicht davon aus das es aktiviert ist. Firewall oder Packetfilter läuft auch nicht. Was wäre da zu empfehlen und zu beachten?
Möchte mich hier auch nochmals herzlichst bedanken, wirklich ein super Support was ihr mir hier gibt. Werde die Tage auch etwas spenden, ich hoffe das kommt den richtigen zu gute ;)
Re: MaxClients Problem
Posted: 2010-06-14 00:08
by dotme
Wenn Du kein SSL und mod_php fährst kannst Du ja mal das mpm_event und mod_reqtimeout des aktuellen Apaches 2.2.x probieren. Das sollte laaaangsaaaammme Anfragen gut in den Griff kriegen.
Waren die R-Clients auf viele unterschiedliche IP-Adressen verteilt?
Re: MaxClients Problem
Posted: 2010-06-14 13:03
by neon
@ dotme: danke werde die 2 module mal testen. Gerade läuft die Attacke wieder nicht, beim nächsten mal mache ich einen TCP-Dump. In dem server_status wurde leider keine IP angezeigt, schätze mal das ich das dann erst mit dem tcp-dump herausbekommen.
SYN_Cookies werde ich auch aktivieren.
Re: MaxClients Problem
Posted: 2010-06-14 13:15
by neon
wie kann ich denn erkennen ob die syn-cookies aktiviert sind? In /proc/sys/net/ipv4/tcp_syncookies steht eine 1, habe etliche Beiträge gefunden wo geschrieben wurde das so die Syn-Cookies aktiviert werden. Würde das ganze trotzdem gerne überprüfen.
Was wäre alles bei dem TCP-Dump wichtig? Genügt ein tcpdump -i eth0 '(tcp port 80)' ?
Re: MaxClients Problem
Posted: 2010-06-14 13:22
by Joe User
Wenn dort nach einem Reboot eine 1 steht und der Kernel SYN_COOKIES unterstützt, sind die SYN_COOKIES aktiviert.
Re: MaxClients Problem
Posted: 2011-02-05 16:39
by neon
Hallo,
ich hole das Thema nochmals nach oben. Die letzten Tage habe ich wieder einiges Probleme und weis mal wieder nicht weiter. Nach einiger Zeit springen die Apache Prozesse auf 300, manchmal 500 einfach hoch, dann bekomme ich ein MySQL MaxClients Fehler und der Server hängt extrem, ich bekomme auf der Konsole nicht mals ein top angezeigt und das einzige was mit bleibt ist ein reboot.
Hier mal die aktuelle Muninseite:
http://data.mainflow.de/filessl/0b6c643 ... 0c61d7.png
Im server-status habe ich extrem viele options requests von localhost / 127.0.01.
Ich weis gerade nicht so wirklich wo ich ansetzen soll um das Problem zu finden und zu beheben und hoffe hier wieder einige gute Tipps zu bekommen. Vielen Dank dafür schon mal.
Top nach Serverneustart:
Code: Select all
top - 16:49:40 up 22 min, 1 user, load average: 3.38, 2.91, 2.38
Tasks: 256 total, 1 running, 255 sleeping, 0 stopped, 0 zombie
Cpu(s): 6.9%us, 1.3%sy, 0.0%ni, 82.3%id, 9.5%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 8188036k total, 1735404k used, 6452632k free, 140648k buffers
Swap: 4200888k total, 0k used, 4200888k free, 416780k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1385 mysql 20 0 1021m 175m 7268 S 30 2.2 3:08.54 mysqld
3585 www-data 20 0 238m 15m 3852 S 4 0.2 0:00.83 apache2
3266 www-data 20 0 242m 16m 4504 S 4 0.2 0:04.00 apache2
3536 www-data 20 0 239m 16m 3868 S 4 0.2 0:00.72 apache2
3639 www-data 20 0 238m 15m 3628 S 4 0.2 0:00.13 apache2
3252 www-data 20 0 243m 17m 4592 S 3 0.2 0:05.05 apache2
3632 www-data 20 0 238m 15m 3608 S 3 0.2 0:00.57 apache2
3526 www-data 20 0 241m 19m 3712 S 3 0.2 0:01.57 apache2
3535 www-data 20 0 239m 16m 3788 S 1 0.2 0:01.01 apache2
3609 www-data 20 0 239m 16m 3704 S 1 0.2 0:00.58 apache2
3659 www-data 20 0 238m 15m 3704 S 1 0.2 0:00.61 apache2
3647 www-data 20 0 234m 12m 3356 S 1 0.2 0:00.13 apache2
3657 www-data 20 0 237m 14m 3684 S 1 0.2 0:00.16 apache2
3400 www-data 20 0 238m 16m 3880 S 0 0.2 0:03.38 apache2
3586 www-data 20 0 239m 16m 3912 S 0 0.2 0:00.86 apache2
3619 root 20 0 19256 1456 992 R 0 0.0 0:00.20 top
1 root 20 0 19308 1672 1192 S 0 0.0 0:01.45 init
2 root 15 -5 0 0 0 S 0 0.0 0:00.00 kthreadd
3 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/0
4 root 15 -5 0 0 0 S 0 0.0 0:00.00 ksoftirqd/0
5 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/0
6 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/1
7 root 15 -5 0 0 0 S 0 0.0 0:00.00 ksoftirqd/1
8 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/1
9 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/2
10 root 15 -5 0 0 0 S 0 0.0 0:00.01 ksoftirqd/2
11 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/2
12 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/3
13 root 15 -5 0 0 0 S 0 0.0 0:00.00 ksoftirqd/3
14 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/3
15 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/4
16 root 15 -5 0 0 0 S 0 0.0 0:00.00 ksoftirqd/4
17 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/4
18 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/5
19 root 15 -5 0 0 0 S 0 0.0 0:00.00 ksoftirqd/5
20 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/5
21 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/6
22 root 15 -5 0 0 0 S 0 0.0 0:00.00 ksoftirqd/6
23 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/6
24 root RT -5 0 0 0 S 0 0.0 0:00.00 migration/7
25 root 15 -5 0 0 0 S 0 0.0 0:00.00 ksoftirqd/7
26 root RT -5 0 0 0 S 0 0.0 0:00.00 watchdog/7
27 root 15 -5 0 0 0 S 0 0.0 0:00.00 events/0
28 root 15 -5 0 0 0 S 0 0.0 0:00.00 events/1
29 root 15 -5 0 0 0 S 0 0.0 0:00.00 events/2
30 root 15 -5 0 0 0 S 0 0.0 0:00.00 events/3
31 root 15 -5 0 0 0 S 0 0.0 0:00.00 events/4
32 root 15 -5 0 0 0 S 0 0.0 0:00.00 events/5
33 root 15 -5 0 0 0 S 0 0.0 0:00.00 events/6
34 root 15 -5 0 0 0 S 0 0.0 0:00.00 events/7
35 root 15 -5 0 0 0 S 0 0.0 0:00.00 cpuset
Der MySQL Server pendelt immer zwischen 25 und 75% Auslastung.
Grüße
Steffen
Re: MaxClients Problem
Posted: 2011-02-05 17:17
by Joe User
Welche Module lädt Dein Apache und benötigst Du sie alle? Ich frage, da Dein Apache überdurchschnittlich viel Speicher reserviert.
Wie sehen die Requests von localhost konkret aus?
Abschliessend bitte nochmal die aktuellen Konfigurationen des eingesetzten Apache-MPM und von MySQL, danke.
Re: MaxClients Problem
Posted: 2011-02-05 17:32
by neon
Hier die Module:
Code: Select all
/etc/apache2/mods-enabled # ls -l
total 0
lrwxrwxrwx 1 root root 28 2010-01-18 09:31 alias.conf -> ../mods-available/alias.conf
lrwxrwxrwx 1 root root 28 2010-01-18 09:31 alias.load -> ../mods-available/alias.load
lrwxrwxrwx 1 root root 33 2010-01-18 09:31 auth_basic.load -> ../mods-available/auth_basic.load
lrwxrwxrwx 1 root root 33 2010-01-18 09:31 authn_file.load -> ../mods-available/authn_file.load
lrwxrwxrwx 1 root root 36 2010-01-18 09:31 authz_default.load -> ../mods-available/authz_default.load
lrwxrwxrwx 1 root root 38 2010-01-18 09:31 authz_groupfile.load -> ../mods-available/authz_groupfile.load
lrwxrwxrwx 1 root root 33 2010-01-18 09:31 authz_host.load -> ../mods-available/authz_host.load
lrwxrwxrwx 1 root root 33 2010-01-18 09:31 authz_user.load -> ../mods-available/authz_user.load
lrwxrwxrwx 1 root root 32 2010-01-18 09:31 autoindex.conf -> ../mods-available/autoindex.conf
lrwxrwxrwx 1 root root 32 2010-01-18 09:31 autoindex.load -> ../mods-available/autoindex.load
lrwxrwxrwx 1 root root 28 2010-06-14 22:17 cache.load -> ../mods-available/cache.load
lrwxrwxrwx 1 root root 26 2010-01-18 09:31 cgi.load -> ../mods-available/cgi.load
lrwxrwxrwx 1 root root 30 2010-01-18 09:31 deflate.conf -> ../mods-available/deflate.conf
lrwxrwxrwx 1 root root 30 2010-01-18 09:31 deflate.load -> ../mods-available/deflate.load
lrwxrwxrwx 1 root root 26 2010-01-18 09:31 dir.conf -> ../mods-available/dir.conf
lrwxrwxrwx 1 root root 26 2010-01-18 09:31 dir.load -> ../mods-available/dir.load
lrwxrwxrwx 1 root root 33 2010-06-14 22:18 disk_cache.conf -> ../mods-available/disk_cache.conf
lrwxrwxrwx 1 root root 33 2010-06-14 22:18 disk_cache.load -> ../mods-available/disk_cache.load
lrwxrwxrwx 1 root root 26 2010-01-18 09:31 env.load -> ../mods-available/env.load
lrwxrwxrwx 1 root root 30 2010-04-23 18:40 expires.load -> ../mods-available/expires.load
lrwxrwxrwx 1 root root 27 2010-01-18 09:31 mime.conf -> ../mods-available/mime.conf
lrwxrwxrwx 1 root root 27 2010-01-18 09:31 mime.load -> ../mods-available/mime.load
lrwxrwxrwx 1 root root 34 2010-01-18 09:31 negotiation.conf -> ../mods-available/negotiation.conf
lrwxrwxrwx 1 root root 34 2010-01-18 09:31 negotiation.load -> ../mods-available/negotiation.load
lrwxrwxrwx 1 root root 27 2010-01-18 09:31 php5.conf -> ../mods-available/php5.conf
lrwxrwxrwx 1 root root 27 2010-01-18 09:31 php5.load -> ../mods-available/php5.load
lrwxrwxrwx 1 root root 30 2010-01-19 22:25 rewrite.load -> ../mods-available/rewrite.load
lrwxrwxrwx 1 root root 31 2010-01-18 09:31 setenvif.conf -> ../mods-available/setenvif.conf
lrwxrwxrwx 1 root root 31 2010-01-18 09:31 setenvif.load -> ../mods-available/setenvif.load
lrwxrwxrwx 1 root root 29 2010-01-18 09:31 status.conf -> ../mods-available/status.conf
lrwxrwxrwx 1 root root 29 2010-01-18 09:31 status.load -> ../mods-available/status.load
MPM Config
Code: Select all
<IfModule mpm_prefork_module>
ServerLimit 500
StartServers 20
MinSpareServers 10
MaxSpareServers 25
MaxClients 500
MaxRequestsPerChild 500
</IfModule>
<IfModule mpm_worker_module>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 500
</IfModule>
<IfModule mpm_event_module>
StartServers 100
MaxClients 250
MinSpareThreads 100
MaxSpareThreads 200
ThreadLimit 300
ThreadsPerChild 50
MaxRequestsPerChild 50
</IfModule>
Komplette Apache Config:
Code: Select all
#
# Based upon the NCSA server configuration files originally by Rob McCool.
#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.2/ for detailed information about
# the directives.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
# whole (the 'global environment').
# 2. Directives that define the parameters of the 'main' or 'default' server,
# which responds to requests that aren't handled by a virtual host.
# These directives also provide default values for the settings
# of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
# different IP addresses or hostnames and have them handled by the
# same Apache server process.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "/var/log/apache2/foo.log"
# with ServerRoot set to "" will be interpreted by the
# server as "//var/log/apache2/foo.log".
#
### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation (available
# at <URL:http://httpd.apache.org/docs-2.1/mod/mpm_common.html#lockfile>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
ServerRoot "/etc/apache2"
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
#<IfModule !mpm_winnt.c>
#<IfModule !mpm_netware.c>
LockFile /var/lock/apache2/accept.lock
#</IfModule>
#</IfModule>
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 60
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5
##
## Server-Pool Size Regulation (MPM specific)
##
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_prefork_module>
ServerLimit 500
StartServers 20
MinSpareServers 10
MaxSpareServers 25
MaxClients 500
MaxRequestsPerChild 500
</IfModule>
#<IfModule mpm_itk_module>
# StartServers 100
# MinSpareServers 100
# MaxSpareServers 100
# MaxClients 100
# MaxRequestsPerChild 8000
#</IfModule>
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 500
</IfModule>
# event MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_event_module>
StartServers 100
MaxClients 250
MinSpareThreads 100
MaxSpareThreads 200
ThreadLimit 300
ThreadsPerChild 50
MaxRequestsPerChild 50
</IfModule>
# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog /var/log/apache2/error.log
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
# Include module configuration:
Include /etc/apache2/mods-enabled/*.load
Include /etc/apache2/mods-enabled/*.conf
# Include all the user configurations:
Include /etc/apache2/httpd.conf
# Include ports listing
Include /etc/apache2/ports.conf
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
#
# Define an access log for VirtualHosts that don't define their own logfile
CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
Include /etc/apache2/conf.d/
# Include the virtual host configurations:
Include /etc/apache2/sites-enabled/
MySQL:
Code: Select all
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysql]
prompt = \u@\h [\d]>\_
no_auto_rehash
[mysqldump]
max_allowed_packet = 32M
quote_names
quick
[isamchk]
key_buffer_size = 256M
[myisamchk]
key_buffer_size = 256M
[mysqld]
user = mysql
port = 3306
bind_address = 127.0.0.1
socket = /var/run/mysqld/mysqld.sock
pid-file = /var/run/mysqld/mysqld.pid
slow_query_log = /var/log/mysql/mysql-slow.log
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /var/tmp
log_bin = /var/log/mysql/mysql-bin.log
server_id = 1
back_log = 50
sync_binlog = 1
binlog_cache_size = 1M
max_binlog_size = 100M
expire_logs_days = 7
safe_user_create = 1
delay_key_write = ALL
myisam_recover = FORCE,BACKUP
key_buffer_size = 256M
record_buffer = 2M
join_buffer_size = 2M
sort_buffer_size = 2M
read_buffer_size = 2M
read_rnd_buffer_size = 8M
myisam_sort_buffer_size = 64M
max_allowed_packet = 32M
max_heap_table_size = 64M
tmp_table_size = 64M
table_cache = 768
query_cache_type = 1
query_cache_size = 256M
query_cache_limit = 16M
thread_concurrency = 8
thread_cache_size = 24
max_connections = 150
ft_max_word_len = 20
ft_min_word_len = 3
long_query_time = 2
local_infile = 0
log_warnings = 2
log_queries_not_using_indexes
log_long_format
skip_locking
skip_external_locking
skip-character-set-client-handshake
[mysqlhotcopy]
interactive_timeout
!includedir /etc/mysql/conf.d/
Im moment tauchen die Option Requests "leider" nicht auf, sobald wieder welche da sind poste ich diese hier.
Vielen Dank,
Steffen
Re: MaxClients Problem
Posted: 2011-02-05 17:51
by Joe User
Versuche es mal mit folgenden Werten für Apache:
Code: Select all
Timeout 30
KeepAlive On
KeepAliveTimeout 2
MaxKeepAliveRequests 32
<IfModule mpm_prefork_module>
ServerLimit 256
StartServers 64
MinSpareServers 4
MaxSpareServers 8
MaxClients 256
MaxRequestsPerChild 500
</IfModule>
Die Apache Logs (access.log/error.log) sind unauffällig?
Die Ausgaben von mysqltuner.pl und tuning-primer.sh sind in diesem Zusammenhang nun ebenfalls interessant.
Re: MaxClients Problem
Posted: 2011-02-05 18:28
by neon
In der Access Log sind ausergewöhnlich viele:
Code: Select all
127.0.0.1 - - [05/Feb/2011:16:20:10 +0100] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.2.12 (Ubuntu) (internal dummy connection)"
127.0.0.1 - - [05/Feb/2011:16:20:11 +0100] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.2.12 (Ubuntu) (internal dummy connection)"
127.0.0.1 - - [05/Feb/2011:16:20:12 +0100] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.2.12 (Ubuntu) (internal dummy connection)"
127.0.0.1 - - [05/Feb/2011:16:20:13 +0100] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.2.12 (Ubuntu) (internal dummy connection)"
127.0.0.1 - - [05/Feb/2011:16:20:14 +0100] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.2.12 (Ubuntu) (internal dummy connection)"
127.0.0.1 - - [05/Feb/2011:16:20:15 +0100] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.2.12 (Ubuntu) (internal dummy connection)"
um genau zu sein so gut wie ein kompletter monitor nur mit diesen und dazwischen mal vereinzelt ein normaler request.
in der error log fällt mir auf anhieb nur dieser auf, aber die datei ist winzig. Ich glaube auch nicht das dies groß von Bedeutung ist:
Code: Select all
[eAccelerator] This build of "eAccelerator" was compiled for PHP version 5.2.10-2ubuntu6.4. Rebuild it for your PHP version (5.2.10-2ubuntu6.7) or download precompiled binaries.
[Sat Feb 05 16:27:48 2011] [notice] Apache/2.2.12 (Ubuntu) PHP/5.2.10-2ubuntu6.7 with Suhosin-Patch configured -- resuming normal operations
mysqltuner.pl
Code: Select all
>> MySQLTuner 1.0.1 - Major Hayden <major@mhtx.net>
>> Bug reports, feature requests, and downloads at http://mysqltuner.com/
>> Run with '--help' for additional options and output filtering
-------- General Statistics --------------------------------------------------
[--] Skipped version check for MySQLTuner script
[OK] Currently running supported MySQL version 5.1.37-1ubuntu5.5-log
[OK] Operating on 64-bit architecture
-------- Storage Engine Statistics -------------------------------------------
[--] Status: -Archive -BDB -Federated +InnoDB -ISAM -NDBCluster
[--] Data in MyISAM tables: 899M (Tables: 1146)
[--] Data in InnoDB tables: 5M (Tables: 270)
[--] Data in MEMORY tables: 3M (Tables: 8)
[!!] Total fragmented tables: 368
-------- Performance Metrics -------------------------------------------------
[--] Up for: 1h 57m 30s (7M q [1K qps], 21K conn, TX: 3B, RX: 1B)
[--] Reads / Writes: 83% / 17%
[--] Total buffers: 586.0M global + 14.2M per thread (150 max threads)
[OK] Maximum possible memory usage: 2.7G (34% of installed RAM)
[OK] Slow queries: 5% (388K/7M)
[OK] Highest usage of available connections: 12% (18/150)
[OK] Key buffer size / total MyISAM indexes: 256.0M/607.6M
[OK] Key buffer hit rate: 100.0% (72M cached / 15K reads)
[OK] Query cache efficiency: 92.8% (6M cached / 7M selects)
[OK] Query cache prunes per day: 0
[OK] Sorts requiring temporary tables: 0% (24 temp sorts / 26K sorts)
[!!] Joins performed without indexes: 4205
[OK] Temporary tables created on disk: 24% (4K on disk / 19K total)
[OK] Thread cache hit rate: 99% (18 created / 21K connections)
[!!] Table cache hit rate: 8% (768 open / 8K opened)
[OK] Open file limit used: 78% (1K/1K)
[OK] Table locks acquired immediately: 97% (738K immediate / 758K locks)
[OK] InnoDB data size / buffer pool: 5.8M/8.0M
-------- Recommendations -----------------------------------------------------
General recommendations:
Run OPTIMIZE TABLE to defragment tables for better performance
MySQL started within last 24 hours - recommendations may be inaccurate
Enable the slow query log to troubleshoot bad queries
Adjust your join queries to always utilize indexes
Increase table_cache gradually to avoid file descriptor limits
Variables to adjust:
join_buffer_size (> 2.0M, or always use indexes with joins)
table_cache (> 768)
tuning-primer.sh
Code: Select all
-- MYSQL PERFORMANCE TUNING PRIMER --
- By: Matthew Montgomery -
MySQL Version 5.1.37-1ubuntu5.5-log x86_64
Uptime = 0 days 2 hrs 0 min 12 sec
Avg. qps = 1024
Total Questions = 7390055
Threads Connected = 1
Warning: Server has not been running for at least 48hrs.
It may not be safe to use these recommendations
To find out more information on how each of these
runtime variables effects performance visit:
http://dev.mysql.com/doc/refman/5.1/en/server-system-variables.html
Visit http://www.mysql.com/products/enterprise/advisors.html
for info about MySQL's Enterprise Monitoring and Advisory Service
SLOW QUERIES
The slow query log is NOT enabled.
Current long_query_time = 2.000000 sec.
You have 394581 out of 7390076 that take longer than 2.000000 sec. to complete
Your long_query_time seems to be fine
BINARY UPDATE LOG
The binary update log is enabled
WORKER THREADS
Current thread_cache_size = 24
Current threads_cached = 17
Current threads_per_sec = 0
Historic threads_per_sec = 0
Your thread_cache_size is fine
MAX CONNECTIONS
Current max_connections = 150
Current threads_connected = 1
Historic max_used_connections = 18
The number of used connections is 12% of the configured maximum.
Your max_connections variable seems to be fine.
INNODB STATUS
Current InnoDB index space = 9 M
Current InnoDB data space = 5 M
Current InnoDB buffer pool free = 0 %
Current innodb_buffer_pool_size = 8 M
Depending on how much space your innodb indexes take up it may be safe
to increase this value to up to 2 / 3 of total system memory
MEMORY USAGE
Max Memory Ever Allocated : 796 M
Configured Max Per-thread Buffers : 2.23 G
Configured Max Global Buffers : 522 M
Configured Max Memory Limit : 2.74 G
Physical Memory : 7.80 G
Max memory limit seem to be within acceptable norms
KEY BUFFER
Current MyISAM index space = 607 M
Current key_buffer_size = 256 M
Key cache miss rate is 1 : 4279
Key buffer free ratio = 81 %
Your key_buffer_size seems to be fine
QUERY CACHE
Query cache is enabled
Current query_cache_size = 256 M
Current query_cache_used = 48 M
Current query_cache_limit = 16 M
Current Query cache Memory fill ratio = 18.85 %
Current query_cache_min_res_unit = 4 K
Your query_cache_size seems to be too high.
Perhaps you can use these resources elsewhere
MySQL won't cache query results that are larger than query_cache_limit in size
SORT OPERATIONS
Current sort_buffer_size = 2 M
Current read_rnd_buffer_size = 8 M
Sort buffer seems to be fine
JOINS
Current join_buffer_size = 2.00 M
You have had 4305 queries where a join could not use an index properly
You should enable "log-queries-not-using-indexes"
Then look for non indexed joins in the slow query log.
If you are unable to optimize your queries you may want to increase your
join_buffer_size to accommodate larger joins in one pass.
Note! This script will still suggest raising the join_buffer_size when
ANY joins not using indexes are found.
OPEN FILES LIMIT
Current open_files_limit = 1696 files
The open_files_limit should typically be set to at least 2x-3x
that of table_cache if you have heavy MyISAM usage.
You currently have open more than 75% of your open_files_limit
You should set a higher value for open_files_limit in my.cnf
TABLE CACHE
Current table_open_cache = 768 tables
Current table_definition_cache = 256 tables
You have a total of 1447 tables
You have 768 open tables.
Current table_cache hit rate is 4%
, while 100% of your table cache is in use
You should probably increase your table_cache
You should probably increase your table_definition_cache value.
TEMP TABLES
Current max_heap_table_size = 64 M
Current tmp_table_size = 64 M
Of 15139 temp tables, 24% were created on disk
Created disk tmp tables ratio seems fine
TABLE SCANS
Current read_buffer_size = 2 M
Current table scan ratio = 1267 : 1
read_buffer_size seems to be fine
TABLE LOCKING
Current Lock Wait ratio = 1 : 37
You may benefit from selective use of InnoDB.
If you have long running SELECT's against MyISAM tables and perform
frequent updates consider setting 'low_priority_updates=1'
If you have a high concurrency of inserts on Dynamic row-length tables
consider setting 'concurrent_insert=2'.
Die mpm Werte übernehme ich nun von dir.
Re: MaxClients Problem
Posted: 2011-02-05 19:49
by Joe User
Hier noch eine überarbeitete my.cnf:
Code: Select all
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysql]
prompt = \u@\h [\d]>\_
no_auto_rehash
[mysqldump]
max_allowed_packet = 32M
quote_names
quick
[isamchk]
key_buffer_size = 256M
[myisamchk]
key_buffer_size = 256M
[mysqld]
user = mysql
port = 3306
bind-address = 127.0.0.1
socket = /var/run/mysqld/mysqld.sock
pid-file = /var/run/mysqld/mysqld.pid
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /var/tmp
log-bin = /var/log/mysql/mysql-bin.log
server-id = 1
back_log = 50
sync_binlog = 1
binlog_cache_size = 1M
max_binlog_size = 100M
binlog-format = MIXED
expire_logs_days = 7
slow-query-log = 1
slow-query-log-file = /var/log/mysql/mysql-slow.log
safe-user-create = 1
delay-key-write = ALL
myisam-recover = FORCE,BACKUP
key_buffer_size = 768M
join_buffer_size = 2M
sort_buffer_size = 2M
read_buffer_size = 2M
read_rnd_buffer_size = 8M
myisam_sort_buffer_size = 64M
max_allowed_packet = 32M
max_heap_table_size = 64M
tmp_table_size = 64M
table_cache = 2048
table_definition_cache = 2048
open_files_limit = 8192
query_cache_type = 1
query_cache_size = 128M
query_cache_limit = 16M
thread_concurrency = 8
thread_cache_size = 24
max_connections = 100
ft_max_word_len = 20
ft_min_word_len = 3
long_query_time = 3
local-infile = 0
log-warnings = 2
log-slave-updates
log-queries-not-using-indexes
skip-locking
skip-external-locking
skip-character-set-client-handshake
[mysqlhotcopy]
interactive_timeout
# !includedir /etc/mysql/conf.d/
Re: MaxClients Problem
Posted: 2011-02-05 19:56
by neon
Vielen Dank!. Habe ich nun mal eingestellt und melde mich wieder wenn das ganze mal etwas länger online war.