Luis Daniel Lucio Quiroz wrote:
> Le mardi 6 octobre 2009 18:57:34, Amos Jeffries a écrit :
>> On Tue, 6 Oct 2009 17:57:24 -0500, Luis Daniel Lucio Quiroz
>>
>> <luis.daniel.lucio_at_gmail.com> wrote:
>>> Hi Squids,
>>>
>>> Using Squid 3.0.19 we're having problems adding one more ACL. Our
>>> configuration has about 2000 http_access and about 2500 acl's.
>>>
>>> Now, adding one more acl, or even modifying a file pointed by an acl such
>>> as
>>> acl myacl dstregexp "myfile", our squid is slowing to much.
>>>
>>> Symtopms:
>>> - squid -k pharse, OK
>>> - squid -k reconfigure, squid slows. cache.log says squid is reloading
>> but
>>
>>> it
>>> is too slow, squid process begins to uses about 99% of cpu. No "dying"
>>> message
>>> at log.
>>>
>>> I wonder to know if there is a maximun in squid acl, https, regexp.
>> No defined limits as such. It's just long lists/trees that need to be
>> walked over individually on each use and built on reconfigure.
>>
>> The http_access list get walked once per request. Each ACL (mostly trees,
>> some lists) get walked once per test. How fast or slow really depends on
>> what types of ACL and what order you place them in http_access.
>>
>> Why do you have so many?
>>
>> Amos
>>
> So many,
> see my debug here http://pastebin.com/f197606fa
> from lines 58-62, helpers delay too much. This is not a little machine, it is
> 8 cpus amd @3.2Ghz, 64 bits, with 64 GB in RAM.
> If we remove any ACL we've added, this does not occur.
I see only three (3) ACL in that trace.
The lines you point at for delay are helpers booting up, not related to
ACL directly.
The reported problem might have something to do with it:
digest_pw_auth(LDAP_backend) WARNING, LDAP error 'No such object'
LDAP looking for and failing to find something it's configured to check
of is likely to take a while. Or maybe that means the LDAP backend is
not available at the startup time. Both problems equally as bad.
Amos
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.14Received on Wed Oct 07 2009 - 09:55:11 MDT
This archive was generated by hypermail 2.2.0 : Fri Oct 09 2009 - 12:00:02 MDT