Increased processes and RAM Consumption

20 posts / 0 new
Last post
#1 Sat, 04/09/2011 - 18:20
zahir

Increased processes and RAM Consumption

We upgraded to the latest virtualmin packages today and ever since, the processes and RAM consumption have increased.

These are the processes running.

anacron mdmonitor mcstrans xe-linux-distribution atop webmin
usermin lvm2-monitor syslog atd
sshd lm_sensors kudzu
acpid
avahi-daemon isdn
iscsid
saslauthd iscsi rpcidmapd rpcgssd restorecond irqbalance readahead_early crond
rawdevices iptables proftpd ip6tables postfix portmap pcscd
httpd
cpuspeed ntpd
autofs
nfslock haldaemon gpm network firstboot netfs
auditd
named
mysqld
/etc/rc.d/rc.local microcode_ctl messagebus

We used to run about 96 processes with 210 mb ram usage max, we're now at 120 w/ 280 mb ram.

Thanks guys

Sat, 04/09/2011 - 18:25
andreychek

Howdy,

Those are all packages provided by your distro, not by Virtualmin... Virtualmin just aids in making them easy to install :-)

Today, CentOS 5.6 came out. So if you upgraded all your packages, that may mean you've upgraded from CentOS 5.5 to 5.6.

And then, CentOS is made by folks who take the source packages from RedHat, recompile them, and distribute them.

So, it's not surprising that the next version of a distro would use more RAM than the previous one. But if you're unhappy with it, you'd have to take that up with the folks at RedHat :-)

-Eric

Sat, 04/09/2011 - 18:41
andreychek

Well, all I can offer is that the amount of RAM processes take up isn't a constant :-) It may be a web app requiring more resources, BIND might have grown, or any of the system updates could have caused some additional RAM usage.

Also, if one of your sites saw some traffic, Apache would need to spawn additional processes to handle that load. That could can certainly account for what you're seeing.

And any incoming email will run procmail, and a spam and virus scanning process, amongst other things.

There's a lot of possible causes for a difference of 70MB of RAM and 25 processes, that's not considered a particularly large change. My own server just jumped 10 processes in the last 2 minutes.

So, I wouldn't be particularly concerned about that :-)

-Eric

Sat, 04/09/2011 - 20:12
andreychek

I suspect the issue is one of two things --

  1. Virtualmin is reading it the values wrong. But that seems odd, it's unlikely it would just make numbers up :-)

  2. There are two sections in the httpd.conf that deal with processes and limits -- one is for Apache's worker mode, and the the other is for Prefork mode. However, both sections look really similar. Is it possible that you're looking at the wrong section in your httpd.conf? If you're using Apache's Prefork, be sure to look at the section the begins with "IfModule mpm_prefork_module".

    -Eric

Sat, 04/09/2011 - 22:14
andreychek

Howdy,

You can read about what exactly KeepAlive does here:

http://httpd.apache.org/docs/1.3/mod/core.html#keepalive

KeepAlive is enabled by default, and would reduce the number of Apache processes needed to serve any given website.

As far as Max Requests goes -- there's no set answer, it all depends on the needs of your web apps :-)

That option simply controls how many requests a given Apache process is allowed to serve before it's killed off and another process is started.

-Eric

Sun, 04/10/2011 - 05:48
zahir

We running a social networking site. Decent traffic, we've now enabled

KeepAlive = On MaxKeepAliveRequests = 100 KeepAliveTimeout = 5

and the prefork settings at... StartServers 2 MinSpareServers 1 MaxSpareServers 5 MaxRequestsPerChild 4000 ServerLimit 256 MaxClients 256

Sound fine?

Sun, 04/10/2011 - 06:07
zahir

We running a social networking site. Decent traffic, we've now enabled

KeepAlive = On MaxKeepAliveRequests = 100 KeepAliveTimeout = 5

and the prefork settings at... StartServers 2 MinSpareServers 1 MaxSpareServers 5 MaxRequestsPerChild 4000 ServerLimit 256 MaxClients 256

Sound fine?

Sun, 04/10/2011 - 09:39
andreychek

I'm not sure the section you're editing in the Apache config is the one for the Prefork mode... if you search in the config, there should be two different "MaxClients" settings -- one for Prefork, one for Worker.

Do you see two settings for MaxClients in your config? There should be some sort of description above it that tells whether that group is for Prefork or Worker mode.

From there, the only thing I'd be concerned about is how high MaxClients is set. You need to look at how much RAM one Apache process consumes. Once you figure that out -- you need to make sure that if MaxClients is reached, that you'll still have RAM left over in your server. If not, you need to lower MaxClients :-)

If one Apache process takes 30MB of RAM, and MaxClients is set to 50, that means you need 1.5 GB of RAM to support that configuration.

So, review how much RAM one Apache process takes, and modify your MaxClients accordingly. I'm not sure how much RAM you have -- but folks running on a VPS with low amounts of memory will often need to set MaxClients well under 50.

-Eric

Sun, 04/10/2011 - 15:58
andreychek

So what you're saying is that with 256 max clients, theres no way our server would be able to handle the load with only 752 mb ram if each httpd process takes about 35 mb?

Yup, it's just figuring out some math there... if each process takes 35MB, and you have 752MB of RAM, that means you can handle 21 simultaneous Apache processes (MaxClients) -- if absolutely nothing else is running.

Being as other processes are sure to be running, you'd need to account for those when determining your MaxClients.

-Eric

Mon, 04/11/2011 - 09:21
zahir

Hey

Any idea why our CPU usage is so high on index_cpu.cgi? Is the because of the config mentioned above?

8841 root 11.0 % /usr/libexec/webmin/proc/index_cpu.cgi 1859 mysql 2.9 % /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-f ... 7660 apache 0.3 % /usr/sbin/httpd 7497 apache 0.1 % /usr/sbin/httpd 8830 apache 0.1 % /usr/sbin/httpd

Mon, 04/11/2011 - 09:33
andreychek

It's unlikely to be related to anything we've talked about so far... my guess is that someone's just doing something in the Virtualmin/Webmin GUI, and it's an active process that's doing something.

-Eric

Mon, 04/11/2011 - 09:39
zahir

Could this be a security problem? We got a warning in virtualmin that the index_cpu.cgi was trying to be accessed remotely and that we should visit Webmin > Webmin Configuration > Trusted Referrers and check Trust links from unknown referrers

Mon, 04/11/2011 - 09:44
andreychek

You can look in /var/webmin/miniserv.log to see what all has been going on in Webmin, as well as what IP address they're coming from.

-Eric

Mon, 04/11/2011 - 10:36
zahir

Can we secure it from external/anonymous access?

Mon, 04/11/2011 - 10:49
andreychek

Pages within Webmin should all require a valid username and password, screens wouldn't be available anonymously.

-Eric

Mon, 04/11/2011 - 15:59
zahir

Thanks a lot Erik. I really appreciate the help. :)

Are there any tips I can follow on securing CentOS running Virtualmin?

Mon, 04/11/2011 - 16:06
zahir

We seem to have a webmin user called anonymous, should we delete?

Mon, 04/11/2011 - 16:39
andreychek

Are there any tips I can follow on securing CentOS running Virtualmin?

A typical Linux installation starts off fairly secure, but there's some security tips/thoughts here in this FAQ:

http://www.virtualmin.com/documentation/security/faq

We seem to have a webmin user called anonymous, should we delete?

You can review if there's a password set for that user in Webmin -> Webmin -> Webmin Users -> Anonymous. There isn't by default, it's not normally something to worry about.

-Eric

Mon, 04/11/2011 - 17:00
zahir

Thanks man, do modsecurity,denyhosts and rootkit actually help?

Mon, 04/11/2011 - 17:07
andreychek

do modsecurity,denyhosts and rootkit actually help?

Sure, if used properly, they can help in adding additional layers of security to your server :-)

Topic locked