Cyrus tweaks (slow on roundcube)

Andre Felipe Machado andremachado at techforce.com.br
Fri Sep 11 14:59:40 EDT 2015



Hello, 

By your numbers it seems that your machine is able to generate random numbers at good speed. But the problem is WHEN and HOW OFTEN. 

Afaik, the linux kernel waits too long to trigger the process to generate random numbers and fast paced process spawning or ssl connections could deplete pool before the process is triggered again. 

This is the problem that haveged could solve. Triggering a random numbers generation at a higher threshold and at higher frequency. 

http://blog-ftweedal.rhcloud.com/2014/05/more-entropy-with-haveged/ 

Well, it is only ONE of possible causes of your problem. Unfortunately one obscure and difficult to identify because it does not generate errors, crashes or logs. Simply slowness. 

Had you checked disk latency? Does your servers have enough sasl processes? 

We use Debian and did not find haveged installation issues, so you will have to search a bit more about your running errors. 

Regards. 

Andre Felipe 

http://www.techforce.com.br 

  

Paul Bronson <signaldeveloper at gmail.com> wrote ..  Guys,   I ran cat /dev/urandom | rngtest -c 1000   and got:    rngtest: starting FIPS tests... rngtest: bits received from input: 20000032 rngtest: FIPS 140-2 successes: 998 rngtest: FIPS 140-2 failures: 2 rngtest: FIPS 140-2(2001-10-10) Monobit: 0 rngtest: FIPS 140-2(2001-10-10) Poker: 0 rngtest: FIPS 140-2(2001-10-10) Runs: 1 rngtest: FIPS 140-2(2001-10-10) Long run: 1 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=22.980; avg=501.129; max=19073.486)Mibits/s rngtest: FIPS tests speed: (min=98.317; avg=121.603; max=131.541)Mibits/s rngtest: Program run time: 198018 microseconds      Does this look bad to you considering all of my slow SASL auths? (no haveged is on at this point.. available entropy is between 131 - 160... pool size is default 4096.   I also tried installing haveged, which worked fine, but as soon as I started the service it said something like process dead, sub sys locked... ? So
 rry, entropy is fairly new to me.       On Thu, Sep 10, 2015 at 5:24 PM, <signaldeveloper at gmail.com> wrote: Andre,  Really? What should it be? I was curious and checked.. Entropy on some of my other big time production servers for email is only about 200) and its lightning fast?  - Paul    > On Sep 10, 2015, at 5:00 PM, Andre Felipe Machado <andremachado at techforce.com.br> wrote: > > Hello, > Entropy of 158 is way too low for production servers. And this *MAY* cause weird > slowness without logging any  errors. > You could install "haveged" and configure for max threshold levels on production > servers. > https://packages.debian.org/search?keywords=haveged > > Regards. > > Andre Felipe > http://www.techforce.com.br > > > > signaldeveloper at gmail.com wrote .. >> Rudy, >> >> Entropy is 158 I just looked. And as far as compiling against urandom, to be > honest >> I'm >> not sure. >> >> - Paul >> >> >> >> >>> On Sep 6, 2015, at 9:50 PM, Rudy Gevaert <Rudy.Gevaert at UGent.be> wrote: >>> >>> 
 >>> Quoting signaldeveloper at gmail.com, Mon, 07 Sep 2015: >>> >>>> Hosts file is fine I checked that, thanks. Kolab uses 389 to >>>> authenticate for everything, so Cyrus is using LDAP as you can see >>>> above. I think the problem lies in the constant TLS logins into >>>> Cyrus for every click: >>>> >>>> imap[2281]: login: localhost [::1] johndoe at domain.com PLAIN+TLS User >>>> logged in >>>> SESSIONID=<es1.domain.com-2281-1441500890-1-15740725055571902363> >>>> Sep  5 20:54:51 es1 imap[2281]: USAGE johndoe at domain.com user: >>>> 0.009998 sys: 0.006999 >>>> >>>> >>>> Again its only one user, on roundcube... I am afraid to put any more >>>> users on it. There doesn't seem to be much of performance tweaks >>>> with Cyrus around the web either... >>> >>> does your system have enough entropy? >>> >>> Is saslauthd compiled against /dev/urandom? >>> >>> Rudy >>> >>> -- >>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- >>> Rudy Gevaert                             e-
 mail: Rudy.Gevaert at UGent.be >>> Directie ICT, Afdeling Infrastructuur >>> Groep Systemen                                      tel: +32 9 264 4750 >>> Universiteit Gent                                   fax: +32 9 264 4994 >>> Krijgslaan 281, gebouw S9, 9000 Gent, Belgie               www.UGent.be >>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- >>> >>> >>> ---- >>> Cyrus Home Page: http://www.cyrusimap.org/ >>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >>> To Unsubscribe: >>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >> ---- >> Cyrus Home Page: http://www.cyrusimap.org/ >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> To Unsubscribe: >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > ---- > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyr
 us      

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20150911/c3506f1c/attachment-0001.html 


More information about the Info-cyrus mailing list