[OpenSIPS-Users] Long reload time for mi tls_reload for 200 tls/ssl certs

Brett Nemeroff brett at nemeroff.com
Wed May 8 17:58:48 UTC 2024


Just offering my experience here. I have, without a doubt,
noticed intensive logging brings a highly performant server to its knees.

Disable ALL logging. Watch disk IO and confirm it's disabled. Try it again.
Just an easy thing to try.

-Brett


On Wed, May 8, 2024 at 7:17 AM Bogdan-Andrei Iancu <bogdan at opensips.org>
wrote:

> Hi,
>
> There is only one trap, ideally you should try to get several during the
> reload time.
>
> Still, the trap you did shows opensips doing some logging (dumping to
> syslog) while reloading - could you check how intensive this logging is and
> eventually to try to disable it (increase the log level of opensips lower
> than INFO) to see if there is any impact?
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>   https://www.opensips-solutions.com
>   https://www.siphub.com
>
> On 08.05.2024 14:10, Denys Pozniak wrote:
>
> Hello!
>
> If possible, please check log:
>
> https://github.com/denyspozniak/opensips_tls_debug/blob/main/gdb_opensips_20240508_115956
>
>
> ср, 8 мая 2024 г. в 08:55, Bogdan-Andrei Iancu <bogdan at opensips.org>:
>
>> Hi Denys.
>>
>> That is rather weird, 250 certificates in 1 min. I assume it is not a DB
>> issue (considering the db_text backend), so can you try to do multiple
>> sequential "opensips-cli -x trap" to try to understand what is going on ?
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>>   https://www.opensips-solutions.com
>>   https://www.siphub.com
>>
>> On 02.05.2024 11:41, Denys Pozniak wrote:
>>
>> Hello!
>>
>> There is a task to divide a single tls/ssl letsencrypt certificate for
>> white labels into specific ones.
>> I entered about ~250 certificates into db_text, but as it turned out, for
>> OpenSIPS this is a rather complex operation to load them and takes about 1
>> minute and a heavy CPU load is noticeable.
>>
>> I would appreciate any advice on how to avoid this.
>>
>> # wc -l dbtext/tls_mgm
>> 253 dbtext/tls_mgm
>>
>> # time opensips-cli -x mi tls_reload
>> "OK"
>> real 0m52.034s
>> user 0m1.419s
>> sys 0m0.433s
>>
>> # time systemctl restart opensips
>> real    0m58.198s
>> user    0m0.024s
>> sys     0m0.055s
>>
>> # opensips -V
>> version: opensips 3.4.4 (x86_64/linux)
>> flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC,
>> Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
>> MAX_URI_SIZE 1024, BUF_SIZE 65535
>> poll method support: poll, epoll, sigio_rt, select.
>> git revision: 036d02961
>>
>> --
>>
>> BR,
>> Denys Pozniak
>>
>>
>>
>> _______________________________________________
>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>
> --
>
> BR,
> Denys Pozniak
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20240508/80cf8824/attachment.html>


More information about the Users mailing list