ASL v7 still really needs a gigabyte. I have managed to make 7.005 however go from using 600 megs of swap down to about 125 megs with a couple of simple tweaks. The high default swappiness setting plus squid being configured to cache in ram leads to the system digging hard into swap pushing up loads due to the system being i/o bound and under huge memory pressure from the system not releasing squid's cache memory back to the system for other tasks. Astaro really should consider making these tweaks standard fare into their product as the way it's setup by default makes astaro perform much slower and also increases the system requirements for their software package. I have over 10 pop3 accounts using prefetch and full a/v and anti-spam. I also use http proxy transparently and have it scanning for virii, content filtering, and anti-spyware. Once you have done these tweaks reboot the box and let it run for a few days.
Also in terms of how Linux uses memory..seeing 95% or more memory usage is not bad...it's actually a good thing. Any unused memory will be grabbed by Linux to cache often uses files into memory. The thing is with swappiness set so high once get into that cache the kernel is stubborn about releasing them. This also makes the squid cache nearly impossible to reclaim. The best gauge for performance is how much swap the machine is using..the more swap then you either have a process running away, a process just being a memory hog, the kernel mis configured, or simply not enough ram in the box. Luckily with astaro and 512 megs of ram you can greatly increase the memory efficiency of Astaro with the above tweaks. Astaro really does need a gigabyte minimum...i frankly would not spec any asl v 7.*** box with less than 2 gigabytes of main memory. the only reason i run with 512 is my firewall machine won't take anymore..[:)]
Maybe astaro can make this available inside the webadmin so users don't have to go as root to tune their systems?
First up is to change the system kernel's insane predilection to swap([SIZE=-1]at default it's 60)[/SIZE]:
*UPDATE* put vm.swappiness=0 in /etc/sysctl.conf
(thanks barryg...i'm still figuring out where the initscripts are..sysctl i' can't find right yet..)
[SIZE=-1]
Next for the big memory hog..squid..i am posting my modified /var/chroot-squid/etc/squid.conf. Don't modify squid.conf-default as that's the one that gets overwritten by squid.conf when the proxy fires up. So far this has reduced swap by a factor of nearly 6 and i also now have free memory for the system to grab as needed and not have to dig so hard into swap:
top - 16:28:40 up 1 day, 18:40, 1 user, load average: 0.19, 0.10, 0.23
Tasks: 89 total, 1 running, 86 sleeping, 0 stopped, 2 zombie
Cpu(s): 6.7%us, 1.8%sy, 0.0%ni, 91.5%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 515392k total, 495276k used, 20116k free, 6928k buffers
Swap: 1050832k total, 110152k used, 940680k free, 151872k cached
Free status:
total used free shared buffers cached
Mem: 515392 495236 20156 0 7088 151900
-/+ buffers/cache: 336248 179144
Swap: 1050832 110152 940680
# NETWORK OPTIONS
# -----------------------------------------------------------------------------
http_port 16497
icp_port 0
udp_incoming_address 127.0.0.1
read_timeout 5 minutes
error_directory /share/errors/Custom
#err_html_text []
# PARENT PROXY SETTINGS
# -----------------------------------------------------------------------------
#cache_peer parent 7 default no-query no-digest
#cache_peer parent 7 default no-query no-digest login=[]:[]
# CACHE AND LOGGING OPTIONS
# -----------------------------------------------------------------------------
cache_dir ufs /cache 1201 16 256
cache_access_log none
cache_log []
cache_store_log none
mime_table /etc/mime.conf
# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
# maximum_object_size_in_memory 25769 KB
# maximum_object_size 60 MB
# cache_mem 51539 KB
maximum_object_size_in_memory 0 KB
maximum_object_size 512 MB
cache_mem 0 KB
# cache_swap_low 75
# cache_swap_high 90
cache_replacement_policy heap lfuda
memory_replacement_policy heap lfuda
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# ACCESS CONTROLS
# -----------------------------------------------------------------------------
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl local_destination dst 127.0.0.0/255.0.0.0
acl CONNECT method CONNECT
acl HTTP_PORT port 80
acl Safe_ports port 80
acl Safe_ports port 443
acl Safe_ports port 389
acl Safe_ports port 8080
acl Safe_ports port 21
acl Safe_ports port 3840-4840
acl Safe_ports port 4444
acl LOCAL_NAME dstdomain hescominsoon.dyndns.org
acl LOCAL_PORT port 16497
acl localport port 8080
acl localif0 dst 192.168.255.1/255.255.255.255
http_access deny localif0 localport
acl localif1 dst 71.176.134.9/255.255.255.255
http_access deny localif1 localport
http_access deny local_destination !LOCAL_PORT
http_access allow LOCAL_NAME LOCAL_PORT
#no_cache deny all
http_access deny !Safe_ports
http_access deny CONNECT !Safe_ports
#[]http_access deny CONNECT HTTP_PORT
http_access deny !localhost
#never_direct allow all
#never_direct allow all
http_access allow all
http_reply_access allow all
icp_access deny all
cache_effective_user chroot
visible_hostname hescominsoon.dyndns.org
global_internal_static on
short_icon_urls on
#hostname_aliases passthrough.fw-notify.net
# ANONYMITY (HEADER) SETTINGS
# -----------------------------------------------------------------------------
#[]forwarded_for off
#[]header_access From deny all
#[]header_access Referer deny all
#[]header_access Server deny all
#[]header_access User-Agent deny all
#[]header_access Link deny all
header_access Via deny all
header_access X-Forwarded-For deny all
#[]header_access All allow all
#[]forwarded_for off
#[]header_access Allow allow all
#[]header_access Authorization allow all
#[]header_access WWW-Authenticate allow all
#[]header_access Cache-Control allow all
#[]header_access Content-Encoding allow all
#[]header_access Content-Length allow all
#[]header_access Content-Type allow all
#[]header_access Date allow all
#[]header_access Expires allow all
#[]header_access Host allow all
#[]header_access If-Modified-Since allow all
#[]header_access Last-Modified allow all
#[]header_access Location allow all
#[]header_access Pragma allow all
#[]header_access Accept allow all
#[]header_access Accept-Charset allow all
#[]header_access Accept-Encoding allow all
#[]header_access Accept-Language allow all
#[]header_access Content-Language allow all
#[]header_access Mime-Version allow all
#[]header_access Retry-After allow all
#[]header_access Title allow all
#[]header_access Connection allow all
#[]header_access Proxy-Connection allow all
#[]header_access All deny all
# MISC SETTINGS
# -----------------------------------------------------------------------------
coredump_dir /cache
ie_refresh on
# request_body_max_size 0 MB
[/SIZE]
This thread was automatically locked due to age.
