[OpenSIPS-Users] Long reload time for mi tls_reload for 200 tls/ssl certs
Denys Pozniak
denys.pozniak at gmail.com
Tue May 14 13:47:18 UTC 2024
Hello!
I disabled logging and added some resources to the virtual machine.
On a working OpenSIPS, I reloaded the tls several times and in parallel ran
a trap.
#opensips-cli -x mi tls_reload
#opensips-cli -x trap
If possible, please analyze it again, maybe you could find something
interesting:
https://github.com/denyspozniak/opensips_tls_debug/tree/main
Thanks in advance!
ср, 8 мая 2024 г. в 19:59, Brett Nemeroff <brett at nemeroff.com>:
> Just offering my experience here. I have, without a doubt,
> noticed intensive logging brings a highly performant server to its knees.
>
> Disable ALL logging. Watch disk IO and confirm it's disabled. Try it
> again. Just an easy thing to try.
>
> -Brett
>
>
> On Wed, May 8, 2024 at 7:17 AM Bogdan-Andrei Iancu <bogdan at opensips.org>
> wrote:
>
>> Hi,
>>
>> There is only one trap, ideally you should try to get several during the
>> reload time.
>>
>> Still, the trap you did shows opensips doing some logging (dumping to
>> syslog) while reloading - could you check how intensive this logging is and
>> eventually to try to disable it (increase the log level of opensips lower
>> than INFO) to see if there is any impact?
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>> https://www.opensips-solutions.com
>> https://www.siphub.com
>>
>> On 08.05.2024 14:10, Denys Pozniak wrote:
>>
>> Hello!
>>
>> If possible, please check log:
>>
>> https://github.com/denyspozniak/opensips_tls_debug/blob/main/gdb_opensips_20240508_115956
>>
>>
>> ср, 8 мая 2024 г. в 08:55, Bogdan-Andrei Iancu <bogdan at opensips.org>:
>>
>>> Hi Denys.
>>>
>>> That is rather weird, 250 certificates in 1 min. I assume it is not a DB
>>> issue (considering the db_text backend), so can you try to do multiple
>>> sequential "opensips-cli -x trap" to try to understand what is going on ?
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>>
>>> OpenSIPS Founder and Developer
>>> https://www.opensips-solutions.com
>>> https://www.siphub.com
>>>
>>> On 02.05.2024 11:41, Denys Pozniak wrote:
>>>
>>> Hello!
>>>
>>> There is a task to divide a single tls/ssl letsencrypt certificate for
>>> white labels into specific ones.
>>> I entered about ~250 certificates into db_text, but as it turned out,
>>> for OpenSIPS this is a rather complex operation to load them and takes
>>> about 1 minute and a heavy CPU load is noticeable.
>>>
>>> I would appreciate any advice on how to avoid this.
>>>
>>> # wc -l dbtext/tls_mgm
>>> 253 dbtext/tls_mgm
>>>
>>> # time opensips-cli -x mi tls_reload
>>> "OK"
>>> real 0m52.034s
>>> user 0m1.419s
>>> sys 0m0.433s
>>>
>>> # time systemctl restart opensips
>>> real 0m58.198s
>>> user 0m0.024s
>>> sys 0m0.055s
>>>
>>> # opensips -V
>>> version: opensips 3.4.4 (x86_64/linux)
>>> flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC,
>>> Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
>>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
>>> MAX_URI_SIZE 1024, BUF_SIZE 65535
>>> poll method support: poll, epoll, sigio_rt, select.
>>> git revision: 036d02961
>>>
>>> --
>>>
>>> BR,
>>> Denys Pozniak
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>
>>
>> --
>>
>> BR,
>> Denys Pozniak
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
--
BR,
Denys Pozniak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20240514/5172295f/attachment.html>
More information about the Users
mailing list