Sunday, January 15, 2017

Increased processes and RAM Consumption

https://www.virtualmin.com/node/17803


Increased processes and RAM Consumption

20 posts / 0 new
Log in or register to post comments
Last post
#1Sat, 04/09/2011 - 18:20
zahir

Increased processes and RAM Consumption

We upgraded to the latest virtualmin packages today and ever since, the processes and RAM consumption have increased.
These are the processes running.
anacron mdmonitor mcstrans xe-linux-distribution atop webmin
usermin lvm2-monitor syslog atd
sshd lm_sensors kudzu
acpid
avahi-daemon isdn
iscsid
saslauthd iscsi rpcidmapd rpcgssd restorecond irqbalance readahead_early crond
rawdevices iptables proftpd ip6tables postfix portmap pcscd
httpd
cpuspeed ntpd
autofs
nfslock haldaemon gpm network firstboot netfs
auditd
named
mysqld
/etc/rc.d/rc.local microcode_ctl messagebus
We used to run about 96 processes with 210 mb ram usage max, we're now at 120 w/ 280 mb ram.
Thanks guys
Sat, 04/09/2011 - 18:25
andreychek
Howdy,
Those are all packages provided by your distro, not by Virtualmin... Virtualmin just aids in making them easy to install :-)
Today, CentOS 5.6 came out. So if you upgraded all your packages, that may mean you've upgraded from CentOS 5.5 to 5.6.
And then, CentOS is made by folks who take the source packages from RedHat, recompile them, and distribute them.
So, it's not surprising that the next version of a distro would use more RAM than the previous one. But if you're unhappy with it, you'd have to take that up with the folks at RedHat :-)
-Eric
Sat, 04/09/2011 - 18:41
andreychek
Well, all I can offer is that the amount of RAM processes take up isn't a constant :-) It may be a web app requiring more resources, BIND might have grown, or any of the system updates could have caused some additional RAM usage.
Also, if one of your sites saw some traffic, Apache would need to spawn additional processes to handle that load. That could can certainly account for what you're seeing.
And any incoming email will run procmail, and a spam and virus scanning process, amongst other things.
There's a lot of possible causes for a difference of 70MB of RAM and 25 processes, that's not considered a particularly large change. My own server just jumped 10 processes in the last 2 minutes.
So, I wouldn't be particularly concerned about that :-)
-Eric
Sat, 04/09/2011 - 20:12
andreychek
I suspect the issue is one of two things --
  1. Virtualmin is reading it the values wrong. But that seems odd, it's unlikely it would just make numbers up :-)
  2. There are two sections in the httpd.conf that deal with processes and limits -- one is for Apache's worker mode, and the the other is for Prefork mode. However, both sections look really similar. Is it possible that you're looking at the wrong section in your httpd.conf? If you're using Apache's Prefork, be sure to look at the section the begins with "IfModule mpm_prefork_module".
    -Eric
Sat, 04/09/2011 - 22:14
andreychek
Howdy,
You can read about what exactly KeepAlive does here:
KeepAlive is enabled by default, and would reduce the number of Apache processes needed to serve any given website.
As far as Max Requests goes -- there's no set answer, it all depends on the needs of your web apps :-)
That option simply controls how many requests a given Apache process is allowed to serve before it's killed off and another process is started.
-Eric
Sun, 04/10/2011 - 05:48
zahir
We running a social networking site. Decent traffic, we've now enabled
KeepAlive = On MaxKeepAliveRequests = 100 KeepAliveTimeout = 5
and the prefork settings at... StartServers 2 MinSpareServers 1 MaxSpareServers 5 MaxRequestsPerChild 4000 ServerLimit 256 MaxClients 256
Sound fine?
Sun, 04/10/2011 - 06:07
zahir
We running a social networking site. Decent traffic, we've now enabled
KeepAlive = On MaxKeepAliveRequests = 100 KeepAliveTimeout = 5
and the prefork settings at... StartServers 2 MinSpareServers 1 MaxSpareServers 5 MaxRequestsPerChild 4000 ServerLimit 256 MaxClients 256
Sound fine?
Sun, 04/10/2011 - 09:39
andreychek
I'm not sure the section you're editing in the Apache config is the one for the Prefork mode... if you search in the config, there should be two different "MaxClients" settings -- one for Prefork, one for Worker.
Do you see two settings for MaxClients in your config? There should be some sort of description above it that tells whether that group is for Prefork or Worker mode.
From there, the only thing I'd be concerned about is how high MaxClients is set. You need to look at how much RAM one Apache process consumes. Once you figure that out -- you need to make sure that if MaxClients is reached, that you'll still have RAM left over in your server. If not, you need to lower MaxClients :-)
If one Apache process takes 30MB of RAM, and MaxClients is set to 50, that means you need 1.5 GB of RAM to support that configuration.
So, review how much RAM one Apache process takes, and modify your MaxClients accordingly. I'm not sure how much RAM you have -- but folks running on a VPS with low amounts of memory will often need to set MaxClients well under 50.
-Eric
Sun, 04/10/2011 - 15:58
andreychek
So what you're saying is that with 256 max clients, theres no way our server would be able to handle the load with only 752 mb ram if each httpd process takes about 35 mb?
Yup, it's just figuring out some math there... if each process takes 35MB, and you have 752MB of RAM, that means you can handle 21 simultaneous Apache processes (MaxClients) -- if absolutely nothing else is running.
Being as other processes are sure to be running, you'd need to account for those when determining your MaxClients.
-Eric
Mon, 04/11/2011 - 09:21
zahir
Hey
Any idea why our CPU usage is so high on index_cpu.cgi? Is the because of the config mentioned above?
8841 root 11.0 % /usr/libexec/webmin/proc/index_cpu.cgi 1859 mysql 2.9 % /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-f ... 7660 apache 0.3 % /usr/sbin/httpd 7497 apache 0.1 % /usr/sbin/httpd 8830 apache 0.1 % /usr/sbin/httpd
Mon, 04/11/2011 - 09:33
andreychek
It's unlikely to be related to anything we've talked about so far... my guess is that someone's just doing something in the Virtualmin/Webmin GUI, and it's an active process that's doing something.
-Eric
Mon, 04/11/2011 - 09:39
zahir
Could this be a security problem? We got a warning in virtualmin that the index_cpu.cgi was trying to be accessed remotely and that we should visit Webmin > Webmin Configuration > Trusted Referrers and check Trust links from unknown referrers
Mon, 04/11/2011 - 09:44
andreychek
You can look in /var/webmin/miniserv.log to see what all has been going on in Webmin, as well as what IP address they're coming from.
-Eric
Mon, 04/11/2011 - 10:36
zahir
Can we secure it from external/anonymous access?
Mon, 04/11/2011 - 10:49
andreychek
Pages within Webmin should all require a valid username and password, screens wouldn't be available anonymously.
-Eric
Mon, 04/11/2011 - 15:59
zahir
Thanks a lot Erik. I really appreciate the help. :)
Are there any tips I can follow on securing CentOS running Virtualmin?
Mon, 04/11/2011 - 16:06
zahir
We seem to have a webmin user called anonymous, should we delete?
Mon, 04/11/2011 - 16:39
andreychek
Are there any tips I can follow on securing CentOS running Virtualmin?
A typical Linux installation starts off fairly secure, but there's some security tips/thoughts here in this FAQ:
We seem to have a webmin user called anonymous, should we delete?
You can review if there's a password set for that user in Webmin -> Webmin -> Webmin Users -> Anonymous. There isn't by default, it's not normally something to worry about.
-Eric
Mon, 04/11/2011 - 17:00
zahir
Thanks man, do modsecurity,denyhosts and rootkit actually help?
Mon, 04/11/2011 - 17:07
andreychek
do modsecurity,denyhosts and rootkit actually help?
Sure, if used properly, they can help in adding additional layers of security to your server :-)




Posted by at
Labels: