These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for Increased processes and RAM Consumption on the new forum.
We upgraded to the latest virtualmin packages today and ever since, the processes and RAM consumption have increased.
These are the processes running.
anacron
mdmonitor
mcstrans
xe-linux-distribution
atop
webmin
usermin
lvm2-monitor
syslog
atd
sshd
lm_sensors
kudzu
acpid
avahi-daemon
isdn
iscsid
saslauthd
iscsi
rpcidmapd
rpcgssd
restorecond
irqbalance
readahead_early
crond
rawdevices
iptables
proftpd
ip6tables
postfix
portmap
pcscd
httpd
cpuspeed
ntpd
autofs
nfslock
haldaemon
gpm
network
firstboot
netfs
auditd
named
mysqld
/etc/rc.d/rc.local
microcode_ctl
messagebus
We used to run about 96 processes with 210 mb ram usage max, we're now at 120 w/ 280 mb ram.
Thanks guys
Howdy,
Those are all packages provided by your distro, not by Virtualmin... Virtualmin just aids in making them easy to install :-)
Today, CentOS 5.6 came out. So if you upgraded all your packages, that may mean you've upgraded from CentOS 5.5 to 5.6.
And then, CentOS is made by folks who take the source packages from RedHat, recompile them, and distribute them.
So, it's not surprising that the next version of a distro would use more RAM than the previous one. But if you're unhappy with it, you'd have to take that up with the folks at RedHat :-)
-Eric
Well, all I can offer is that the amount of RAM processes take up isn't a constant :-) It may be a web app requiring more resources, BIND might have grown, or any of the system updates could have caused some additional RAM usage.
Also, if one of your sites saw some traffic, Apache would need to spawn additional processes to handle that load. That could can certainly account for what you're seeing.
And any incoming email will run procmail, and a spam and virus scanning process, amongst other things.
There's a lot of possible causes for a difference of 70MB of RAM and 25 processes, that's not considered a particularly large change. My own server just jumped 10 processes in the last 2 minutes.
So, I wouldn't be particularly concerned about that :-)
-Eric
I suspect the issue is one of two things --
Virtualmin is reading it the values wrong. But that seems odd, it's unlikely it would just make numbers up :-)
There are two sections in the httpd.conf that deal with processes and limits -- one is for Apache's worker mode, and the the other is for Prefork mode. However, both sections look really similar. Is it possible that you're looking at the wrong section in your httpd.conf? If you're using Apache's Prefork, be sure to look at the section the begins with "IfModule mpm_prefork_module".
-Eric
Howdy,
You can read about what exactly KeepAlive does here:
http://httpd.apache.org/docs/1.3/mod/core.html#keepalive
KeepAlive is enabled by default, and would reduce the number of Apache processes needed to serve any given website.
As far as Max Requests goes -- there's no set answer, it all depends on the needs of your web apps :-)
That option simply controls how many requests a given Apache process is allowed to serve before it's killed off and another process is started.
-Eric
We running a social networking site. Decent traffic, we've now enabled
KeepAlive = On MaxKeepAliveRequests = 100 KeepAliveTimeout = 5
and the prefork settings at... StartServers 2 MinSpareServers 1 MaxSpareServers 5 MaxRequestsPerChild 4000 ServerLimit 256 MaxClients 256
Sound fine?
We running a social networking site. Decent traffic, we've now enabled
KeepAlive = On MaxKeepAliveRequests = 100 KeepAliveTimeout = 5
and the prefork settings at... StartServers 2 MinSpareServers 1 MaxSpareServers 5 MaxRequestsPerChild 4000 ServerLimit 256 MaxClients 256
Sound fine?
I'm not sure the section you're editing in the Apache config is the one for the Prefork mode... if you search in the config, there should be two different "MaxClients" settings -- one for Prefork, one for Worker.
Do you see two settings for MaxClients in your config? There should be some sort of description above it that tells whether that group is for Prefork or Worker mode.
From there, the only thing I'd be concerned about is how high MaxClients is set. You need to look at how much RAM one Apache process consumes. Once you figure that out -- you need to make sure that if MaxClients is reached, that you'll still have RAM left over in your server. If not, you need to lower MaxClients :-)
If one Apache process takes 30MB of RAM, and MaxClients is set to 50, that means you need 1.5 GB of RAM to support that configuration.
So, review how much RAM one Apache process takes, and modify your MaxClients accordingly. I'm not sure how much RAM you have -- but folks running on a VPS with low amounts of memory will often need to set MaxClients well under 50.
-Eric
So what you're saying is that with 256 max clients, theres no way our server would be able to handle the load with only 752 mb ram if each httpd process takes about 35 mb?
Yup, it's just figuring out some math there... if each process takes 35MB, and you have 752MB of RAM, that means you can handle 21 simultaneous Apache processes (MaxClients) -- if absolutely nothing else is running.
Being as other processes are sure to be running, you'd need to account for those when determining your MaxClients.
-Eric
Hey
Any idea why our CPU usage is so high on index_cpu.cgi? Is the because of the config mentioned above?
8841 root 11.0 % /usr/libexec/webmin/proc/index_cpu.cgi 1859 mysql 2.9 % /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-f ... 7660 apache 0.3 % /usr/sbin/httpd 7497 apache 0.1 % /usr/sbin/httpd 8830 apache 0.1 % /usr/sbin/httpd
It's unlikely to be related to anything we've talked about so far... my guess is that someone's just doing something in the Virtualmin/Webmin GUI, and it's an active process that's doing something.
-Eric
Could this be a security problem? We got a warning in virtualmin that the index_cpu.cgi was trying to be accessed remotely and that we should visit Webmin > Webmin Configuration > Trusted Referrers and check Trust links from unknown referrers
You can look in /var/webmin/miniserv.log to see what all has been going on in Webmin, as well as what IP address they're coming from.
-Eric
Can we secure it from external/anonymous access?
Pages within Webmin should all require a valid username and password, screens wouldn't be available anonymously.
-Eric
Thanks a lot Erik. I really appreciate the help. :)
Are there any tips I can follow on securing CentOS running Virtualmin?
We seem to have a webmin user called anonymous, should we delete?
Are there any tips I can follow on securing CentOS running Virtualmin?
A typical Linux installation starts off fairly secure, but there's some security tips/thoughts here in this FAQ:
http://www.virtualmin.com/documentation/security/faq
We seem to have a webmin user called anonymous, should we delete?
You can review if there's a password set for that user in Webmin -> Webmin -> Webmin Users -> Anonymous. There isn't by default, it's not normally something to worry about.
-Eric
Thanks man, do modsecurity,denyhosts and rootkit actually help?
do modsecurity,denyhosts and rootkit actually help?
Sure, if used properly, they can help in adding additional layers of security to your server :-)