Cfengine Help: cf-serverd seem to leak memory in 3.1.4.

[no-reply]

Forum: Cfengine Help
Subject: cf-serverd seem to leak memory in 3.1.4.
Author: berntjernberg
Link to topic: https://cfengine.com/forum/read.php?3,21655,21655#msg-21655

Hi,

My policy server runs RHEL 5.6 and the Cfengine 3.1.4 rpm. I have have 141 
Solaris 10 clients connecting.
I deployed an upgrade of a software containing about 10 Solaris packages 
contained in a tar-file of 47MB.

When the bundle decides the software needs updating the software is removed via 
en external wrapper.
The 47MB-tar-file is downloaded and the wrapper unpacks it and install the 
packages.

The memory usage of the cf-serverd quickly increased to about 96% and lot of 
swap was used as well.
I noticed that I had a bug (me bad) which led to Cfengine removing/downloading 
tar-file/installing every fifteen
minute. When my bug was corrected the memory usage leveled out on 90% and 
overnight it dropped to
80% but never below. If I restart the cf-serverd now when this "big" upgrade is 
done the memory usage is
0.1%.

I have iptables protecting the policy server so I have to investigate if this 
disturbs normal operation.
I just wanted to raise a flag on this as 3.1.5 is in the making.
 
I have 4GB of RAM and two CPU's on the policy-server. 

This is cf-serverd code.



#
# Common accesslist.
#
bundle common s
{
    vars:
        # List here that we grant access to on the server.
        "connect_acl" slist => {
                               "10..*",
                               };

        # Which keys should we trust.
        "trustkeysfrom_acl" slist => {
                                     "10..*",
                                     };
}

#
# Server settings.
#
body server control 
{
    denybadclocks         => "true";
    allowconnects         => { "127.0.0.1", "::1", @(s.connect_acl) };
    allowusers            => { "root","cfengine" };
    maxconnections        => "1000";
    logallconnections     => "true";

    # Uncomment this when you intend to install new hosts.
    #trustkeysfrom         => { "127.0.0.1" , "::1", @(s.trustkeysfrom_acl) };

    # Uncomment to disable DNS-verify.
    #skipverify            => { @(s.connect_acl), "127.0.0.1" , "::1" };
}

#
# Assign access to local directories on policy host.
#
bundle server access_rules()
{
    access:
        policy_host::
            "$(g.dir_repository)"
                handle => "grant_access_repository",
                comment => "Grant access to the repository",
                admit   => { ".*$(g.domain)", @(s.acl) };   
}



_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine