Browse code
Tune apache connections for tls proxy
We are seeing connection errors to the proxy occasionally. These errors
do not result in a logged http request or error to the backends,
resulting in a theory that the proxy itself may just not be able to
handle the number of connections. More than double the total number of
connections that will be accepted by the proxy in an attempt to fix
this.
Change-Id: Iefa6c43451dd1f95927528d2ce0003c84248847f
Related-bug: 1630664
Clark Boylan authored on 2016/11/30 03:43:05Showing 2 changed files
| ... | ... |
@@ -29,15 +29,20 @@ APACHE_GROUP=${APACHE_GROUP:-$(id -gn $APACHE_USER)}
|
| 29 | 29 |
|
| 30 | 30 |
|
| 31 | 31 |
# Set up apache name and configuration directory |
| 32 |
+# Note that APACHE_CONF_DIR is really more accurately apache's vhost |
|
| 33 |
+# configuration dir but we can't just change this because public interfaces. |
|
| 32 | 34 |
if is_ubuntu; then |
| 33 | 35 |
APACHE_NAME=apache2 |
| 34 | 36 |
APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/sites-available}
|
| 37 |
+ APACHE_SETTINGS_DIR=${APACHE_SETTINGS_DIR:-/etc/$APACHE_NAME/conf-enabled}
|
|
| 35 | 38 |
elif is_fedora; then |
| 36 | 39 |
APACHE_NAME=httpd |
| 37 | 40 |
APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/conf.d}
|
| 41 |
+ APACHE_SETTINGS_DIR=${APACHE_SETTINGS_DIR:-/etc/$APACHE_NAME/conf.d}
|
|
| 38 | 42 |
elif is_suse; then |
| 39 | 43 |
APACHE_NAME=apache2 |
| 40 | 44 |
APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/vhosts.d}
|
| 45 |
+ APACHE_SETTINGS_DIR=${APACHE_SETTINGS_DIR:-/etc/$APACHE_NAME/conf.d}
|
|
| 41 | 46 |
fi |
| 42 | 47 |
APACHE_LOG_DIR="/var/log/${APACHE_NAME}"
|
| 43 | 48 |
|
| ... | ... |
@@ -442,6 +442,52 @@ function enable_mod_ssl {
|
| 442 | 442 |
# Proxy Functions |
| 443 | 443 |
# =============== |
| 444 | 444 |
|
| 445 |
+function tune_apache_connections {
|
|
| 446 |
+ local tuning_file=$APACHE_SETTINGS_DIR/connection-tuning.conf |
|
| 447 |
+ if ! [ -f $tuning_file ] ; then |
|
| 448 |
+ sudo bash -c "cat > $tuning_file" << EOF |
|
| 449 |
+# worker MPM |
|
| 450 |
+# StartServers: initial number of server processes to start |
|
| 451 |
+# MinSpareThreads: minimum number of worker threads which are kept spare |
|
| 452 |
+# MaxSpareThreads: maximum number of worker threads which are kept spare |
|
| 453 |
+# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a |
|
| 454 |
+# graceful restart. ThreadLimit can only be changed by stopping |
|
| 455 |
+# and starting Apache. |
|
| 456 |
+# ThreadsPerChild: constant number of worker threads in each server process |
|
| 457 |
+# MaxClients: maximum number of simultaneous client connections |
|
| 458 |
+# MaxRequestsPerChild: maximum number of requests a server process serves |
|
| 459 |
+# |
|
| 460 |
+# The apache defaults are too conservative if we want reliable tempest |
|
| 461 |
+# testing. Bump these values up from ~400 max clients to 1024 max clients. |
|
| 462 |
+<IfModule mpm_worker_module> |
|
| 463 |
+# Note that the next three conf values must be changed together. |
|
| 464 |
+# MaxClients = ServerLimit * ThreadsPerChild |
|
| 465 |
+ServerLimit 32 |
|
| 466 |
+ThreadsPerChild 32 |
|
| 467 |
+MaxClients 1024 |
|
| 468 |
+StartServers 3 |
|
| 469 |
+MinSpareThreads 96 |
|
| 470 |
+MaxSpareThreads 192 |
|
| 471 |
+ThreadLimit 64 |
|
| 472 |
+MaxRequestsPerChild 0 |
|
| 473 |
+</IfModule> |
|
| 474 |
+<IfModule mpm_event_module> |
|
| 475 |
+# Note that the next three conf values must be changed together. |
|
| 476 |
+# MaxClients = ServerLimit * ThreadsPerChild |
|
| 477 |
+ServerLimit 32 |
|
| 478 |
+ThreadsPerChild 32 |
|
| 479 |
+MaxClients 1024 |
|
| 480 |
+StartServers 3 |
|
| 481 |
+MinSpareThreads 96 |
|
| 482 |
+MaxSpareThreads 192 |
|
| 483 |
+ThreadLimit 64 |
|
| 484 |
+MaxRequestsPerChild 0 |
|
| 485 |
+</IfModule> |
|
| 486 |
+EOF |
|
| 487 |
+ restart_apache_server |
|
| 488 |
+ fi |
|
| 489 |
+} |
|
| 490 |
+ |
|
| 445 | 491 |
# Starts the TLS proxy for the given IP/ports |
| 446 | 492 |
# start_tls_proxy front-host front-port back-host back-port |
| 447 | 493 |
function start_tls_proxy {
|
| ... | ... |
@@ -451,6 +497,8 @@ function start_tls_proxy {
|
| 451 | 451 |
local b_host=$4 |
| 452 | 452 |
local b_port=$5 |
| 453 | 453 |
|
| 454 |
+ tune_apache_connections |
|
| 455 |
+ |
|
| 454 | 456 |
local config_file |
| 455 | 457 |
config_file=$(apache_site_config_for $b_service) |
| 456 | 458 |
local listen_string |