Memory consumption problems

Yes, sure. Why?
What happens when the swap space is filled? I had to kill the NS VM once because there were only 25MB swap space left and the system was near to halt. Game over.
By the way, it seems to me that NS7 has quite some bloatware on board compared to NS6. For example there are sssd and winbind services running and I don’t know what for. Those who do not intend to connect their NS gateway with the internal lan do not use this. But both packages are a dependancy for squid. That looks very strange to me.

NethServer is empty when you install it, so software installed is there because it’s a dependency or in the same yum group.

Can you show us your software installed output?

CentOS 7 has higher requirements compared to 6. Minimum disk space increased from 1 to 10 GB.
sssd handles user authentication (I’m simplifying).
squid can be configured to authenticate users.

That’s why. There is no purpose in authenticating to a pure firewall gateway.

http://docs.nethserver.org/en/latest/web_proxy.html

Authenticated users must enter a user name and password in order to navigate

Just if you are interested:
There is a systemvalue called swappiness. The lower the value, the lower the utilization of swap.
If set to 0, swap is disabled, but is not recomended. Default value is 60.

@mark_nl there is a memory plugin for cgp:

It is not enbaled by default.

2 Likes

Thanks, I’ll give it a try.
Where do I find the values for swappiness? Never heard about that.

I stumbled over it randomly.

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Performance_Tuning_Guide/s-memory-tunables.html

I just used goolge. :wink:

1 Like

@mark_nl Plugin works also on NS7:

1 Like

@flatspin Yes and soon by default:

It’s in the testing repository; they are fast! :heart_eyes:

2 Likes

Sorry for hijacking your post, I wanted to suggest to install collectd (Statistics) and manually add the memory plugin. I’ll guess its not something you like seen your concerns regarding memory usage.
A KISS way to inspect system’s RAM usage is to look at /proc/meminfo (cat /proc/meminfo). Don’t be deceived by “MemFree” this says nothing about available memory.

Further reading:

a simple ps -aux helps hunt down recourse hogs.

1 Like

Okay, collectd shows me how much memory is used. But even more interesting would be which service consumes how much memory or the most. Which service produces the continuous increase? Can anybody tell how I can see that?

My personal approach to get insight in resource usage is installing (in the shell) htop.

If I suspect a application of leaking i’ll run a little script once a day (cronjob)

something like this:
ps -aux | grep "sssd" >> /root/sssd.log
amusing i suspect sssd, (and don’t forget to remove the cornjob or sssd.log will flud your HD)

There are more sophisticates ways, I like to keep it simple en stupid. :slight_smile:

BTW: I don’t see the filling up off the swap on non of my test setups, including experiential arm (RPI)

1 Like

I strongly suggest atop

According to atop/htop it’s icap - clamd. It uses more than 30% of the total memory.
Does it make sense to have clamd running side by side with suricata?

it depends… I mean that if you need mail AV scanning and web traffic scanning… yes, you need it

Mail AV scanning is done by the internal mail server.
Web traffic scanning is the NS job.
I have amavisd (for mails), c-icap, clamd and suricata running. Isn’t that a bit much?

That’s correct. Clamd uses abot 1/2 a GB. I think the 1.5 GB ram is bit low. A real system would have more ram nowadays, wouldn’t it? :wink:

That may be true for Centos. Either Centos has a pretty big foot print or it has to do with the concept of being an all-in-one server. For a pure gateway 1 GB is enough, look at this screenshot.

comparing linux (centos) and, more precisely, NS, with pfsense (BSD) makes no sense at all