Jail is pausing . . Ideas please. . ?
wmoran at potentialtech.com
Sat Apr 7 13:16:29 UTC 2007
Troy Kocher <tkocher at mtadistributors.com> wrote:
> Currently I am having some strange issues with regard to a jail
> pausing, hoping someone here might have some ideas. .
> Here is my Usenet post. . :
> I am running FreeBSD 6.1-STABLE (SMP), and the the system seems to be
> pausing. System details:
> I have da0, da1, da2, da3, each 500GB, I'm also using GEOM_CONCAT to
> concatenation, amd64 SMP kernel, and 16GB of ram. Running 7 jails,
> primarily running apache, samba, postfix, pgsql.
> On what appears to be random occasions (usually several times in 5m)
> the system seems to pause. For instance, vipw takes >40s to respond,
> or the smbd which clients use for their mailbox.pst ignores requests
> from outlook to act on the file. Then moments later it is happy
> again, and begins working normally. I have been monitoring top while
> it happens and it appears like it is doing very little. . ie. .
> last pid: 75014; load averages: 0.00, 0.02,
> 0.07 up 203+07:20:57 15:24:53
> 246 processes: 1 running, 244 sleeping, 1 stopped
> CPU states: 0.0% user, 0.0% nice, 0.2% system, 0.1% interrupt,
> 99.7% idle
> Mem: 967M Active, 13G Inact, 320M Wired, 782M Cache, 214M Buf, 569M Free
> Swap: 4096M Total, 2504K Used, 4093M Free
> Tried running nice -20 vipw and it still took some time for it to
> run. Could it be a file locking issue?. .
> Any thoughts or ideas on further troubleshooting would really be
> Since that post it actually appears to only be happening in one jail
> called drzoe. The host system seems to be working properly during
> these slow downs
> Other things I've considered:
> 1) Is there an upper limit to the number of connections a NIC can
> support? Am I exceeding it? NiC & Switches aren't showing any packet
There's a limit to everything. What does "sockstat -4 | wc" give you?
I seriously doubt you're hitting any limit there, but it's possible.
> 2) Am I running out of IO, to and from the disks? Tried looking at
> iostat, but I'm exactly sure what a problem would look like. Seems
> like this wouldn't be jail specific
I prefer using systat to watch this behaviour as it happens. The
vmstat screen is particularly useful. See the man page.
> Give it seems to be limited to this jail it seems unlikely to be
> hardware. .
Based on your problems with vipw, it sounds like you have a lot of
processes contending for write access to the password file. The
next time you see the problem, execute "fstat /etc/master.passwd"
and see how many processes are accessing it and what they are.
(Don't get jailbrained. Execute fstat /etc/master.passwd from
within the jail, or execute fstat /path/to/jail/etc/master.passwd
from the host :)
> from rc.conf
> jail_list="droutward drinward database drzoe development drimage drmail"
> # Disaster recovery setup for drzoe
> jail_drzoe_exec_start="/bin/sh /etc/rc"
> jail_drzoe_exec_stop="/bin/sh /etc/rc.shutdown"
> [root at drzoe /]#pkg_info
> autoconf-2.59_2 Automatically configure source code on many Un*x
> bash-3.1.10_1 The GNU Project's Bourne Again SHell
> bsdpan-Filesys-Virtual-0.05 Filesys::Virtual - Perl extension to
> provide a framework fo
> bsdpan-Filesys-Virtual-Plain-0.08 Filesys::Virtual::Plain - A Plain
> virtual filesystem
> bsdpan-Net-DAV-Server-1.28 Net::DAV::Server - Provide a DAV Server
> cups-base-22.214.171.124_8 The Common UNIX Printing System: headers, libs,
> & daemons
> cvsup-without-gui-16.1h_2 General network file distribution system
> optimized for CVS
> elinks-0.11.1 Elinks - links text WWW browser with enhancements
> gettext-0.14.5_1 GNU gettext package
> gmake-3.81_1 GNU version of 'make' utility
> gnutls-1.2.9 GNU Transport Layer Security library
> help2man-1.36.4_1 Automatically generating simple manual pages from
> program o
> identify-0.7 Client side ident protocol daemon wrapper
> jbigkit-1.6 Lossless compression for bi-level images such as
> scanned pa
> jpeg-6b_3 IJG's jpeg compression utilities
> libgcrypt-1.2.2 "General purpose crypto library based on code
> used in GnuPG
> libgpg-error-1.1 Common error values for all GnuPG components
> libiconv-1.9.2_1 A character set conversion library
> m4-1.4.8_1 GNU m4
> netpbm-10.26.41 A toolkit for conversion of images between
> different format
> p5-Authen-PAM-0.14 A Perl interface to the PAM library
> p5-Net-SSLeay-1.30_1 Perl5 interface to SSL
> p5-gettext-1.05_1 Message handling functions
> pcre-6.6_1 Perl Compatible Regular Expressions library
> perl-5.8.7_2 Practical Extraction and Report Language
> pkgconfig-0.20 A utility to retrieve information about installed
> png-1.2.8_3 Library for manipulating PNG images
> popt-1.7 A getopt(3) like library with a number of
> enhancements, fro
> portaudit-0.5.10 Checks installed ports against a list of security
> postgresql-client-8.1.4 PostgreSQL database (client)
> proftpd-1.3.1.r2_3 Highly configurable ftp daemon
> rsync-2.6.7_1 A network file distribution/synchronization utility
> samba-2.2.12_2 A free SMB and CIFS client and server for UNIX
> tiff-3.8.0 Tools and library routines for working with TIFF
> unison-2.13.16_1 A user-level file synchronization tool
> usermin-1.220_1 Web-based interface for performing some user tasks
> vim-lite-7.0.66 Vi "workalike", with many additional features
> (Lite package
> webmin-1.290 Web-based interface for system administration for
> [root at drzoe /]# portaudit
> Affected package: gnutls-1.2.9
> Type of problem: gnutls -- RSA Signature Forgery Vulnerability.
> Reference: <http://www.FreeBSD.org/ports/portaudit/
> Affected package: samba-2.2.12_2
> Type of problem: samba -- integer overflow vulnerability.
> Reference: <http://www.FreeBSD.org/ports/portaudit/3b3676be-52e1-11d9-
> 2 problem(s) in your installed packages found.
> Any ideas you may have on troubleshooting or better yet what is
> causing it would be
> really appreciated.
> Troy Kocher
> MTA Distributors
> Scanned by IBM Email Security Management Services
> powered by MessageLabs.
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions