Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 1175 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

7.402 CPU eaten by Pluto

nausica
Hello,

Since I moved to 7.4** I got my CPU at 100% all the time. I did a top via SSH and I got the commande pluto by root eating my CPU by 96-99%. 

I have a cluster of 220 and the slave one is 3% CPU.

Some lights would be wonderfull.

Thanks


This thread was automatically locked due to age.
  • 0
    What are you seeing in the IPsec log?
  • 0 in reply to BAlfson
    Here are the logs :

    2009:05:31-20:52:38 ulysse-1 pluto[6181]: Pluto is now Master
    2009:05:31-20:52:39 ulysse-1 pluto[6181]: "S_REF_RppjMNrPVz_0" #1: initiating Main Mode
    2009:05:31-20:52:39 ulysse-1 pluto[6181]: "S_REF_ddcCqdHpIz_0" #2: initiating Main Mode
    2009:05:31-20:54:56 (none)-7 ipsec_starter[4516]: Starting strongSwan 4.2.3 IPsec [starter]...
    2009:05:31-20:54:57 (none)-7 ipsec_starter[4527]: IP address or index of physical interface changed -> reinit of ipsec interface
    2009:05:31-20:54:57 (none)-7 pluto[4531]: Starting Pluto (strongSwan Version 4.2.3 THREADS LIBLDAP VENDORID CISCO_QUIRKS)
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   including NAT-Traversal patch (Version 0.6c)
    2009:05:31-20:54:57 (none)-7 pluto[4531]: ike_alg: Activating OAKLEY_AES_CBC encryption: Ok
    2009:05:31-20:54:57 (none)-7 pluto[4531]: ike_alg: Activating OAKLEY_BLOWFISH_CBC encryption: Ok
    2009:05:31-20:54:57 (none)-7 pluto[4531]: ike_alg: Activating OAKLEY_SERPENT_CBC encryption: Ok
    2009:05:31-20:54:57 (none)-7 pluto[4531]: ike_alg: Activating OAKLEY_SHA2_256 hash: Ok
    2009:05:31-20:54:57 (none)-7 pluto[4531]: ike_alg: Activating OAKLEY_SHA2_384 hash: Ok
    2009:05:31-20:54:57 (none)-7 pluto[4531]: ike_alg: Activating OAKLEY_SHA2_512 hash: Ok
    2009:05:31-20:54:57 (none)-7 pluto[4531]: ike_alg: Activating OAKLEY_TWOFISH_CBC encryption: Ok
    2009:05:31-20:54:57 (none)-7 pluto[4531]: ike_alg: Activating OAKLEY_TWOFISH_CBC_SSH encryption: Ok
    2009:05:31-20:54:57 (none)-7 pluto[4531]: Testing registered IKE encryption algorithms:
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   OAKLEY_DES_CBC self-test not available
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   OAKLEY_BLOWFISH_CBC self-test not available
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   OAKLEY_3DES_CBC self-test not available
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   OAKLEY_AES_CBC self-test not available
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   OAKLEY_SERPENT_CBC self-test not available
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   OAKLEY_TWOFISH_CBC self-test not available
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   OAKLEY_TWOFISH_CBC_SSH self-test not available
    2009:05:31-20:54:57 (none)-7 pluto[4531]: Testing registered IKE hash algorithms:
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   OAKLEY_MD5 hash self-test passed
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   OAKLEY_MD5 hmac self-test passed
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   OAKLEY_SHA hash self-test passed
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   OAKLEY_SHA hmac self-test passed
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   OAKLEY_SHA2_256 hash self-test passed
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   OAKLEY_SHA2_256 hmac self-test passed
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   OAKLEY_SHA2_384 hash self-test passed
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   OAKLEY_SHA2_384 hmac self-test passed
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   OAKLEY_SHA2_512 hash self-test passed
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   OAKLEY_SHA2_512 hmac self-test passed
    2009:05:31-20:54:57 (none)-7 pluto[4531]: All crypto self-tests passed
    2009:05:31-20:54:57 (none)-7 pluto[4531]: Using KLIPS IPsec interface code
    2009:05:31-20:54:57 (none)-7 pluto[4531]: HA system enabled and listen on interface eth3
    2009:05:31-20:54:57 (none)-7 pluto[4531]: Changing to directory '/etc/ipsec.d/cacerts'
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   loaded CA cert file 'REF_LHDMisXTsk.pem' (2922 bytes)
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   loaded CA cert file 'REF_EXCPAHjLkp.pem' (1238 bytes)
    2009:05:31-20:54:57 (none)-7 pluto[4531]: Changing to directory '/etc/ipsec.d/aacerts'
    2009:05:31-20:54:57 (none)-7 pluto[4531]: Changing to directory '/etc/ipsec.d/ocspcerts'
    2009:05:31-20:54:57 (none)-7 pluto[4531]: Changing to directory '/etc/ipsec.d/crls'
    2009:05:31-20:54:57 (none)-7 pluto[4531]: HA System active! Switch to Master mode to listen for IKE messages
    2009:05:31-20:54:57 (none)-7 pluto[4531]: adding interface ipsec0/eth1 62.193.49.84:500
    2009:05:31-20:54:57 (none)-7 pluto[4531]: adding interface ipsec0/eth1 62.193.49.84:4500
    2009:05:31-20:54:57 (none)-7 pluto[4531]: loading secrets from "/etc/ipsec.secrets"
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   loaded private key file '/etc/ipsec.d/private/REF_RALKDgxOCb.pem' (887 bytes)
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   loaded private key file '/etc/ipsec.d/private/REF_RALKDgxOCb.pem' (887 bytes)
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   loaded shared key for 0.0.0.0 62.193.49.84 
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   loaded shared key for 0.0.0.0 62.193.49.84 
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   loaded host cert file '/etc/ipsec.d/hostcerts/x509cert.pem' (3602 bytes)
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   loaded host cert file '/etc/ipsec.d/hostcerts/REF_jGnMcUDOTI_32623dd7.pem' (1834 bytes)
    2009:05:31-20:54:57 (none)-7 pluto[4531]: added connection description "S_REF_ddcCqdHpIz_0"
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   loaded host cert file '/etc/ipsec.d/hostcerts/x509cert.pem' (3602 bytes)
    2009:05:31-20:54:57 (none)-7 pluto[4531]:   loaded host cert file '/etc/ipsec.d/hostcerts/REF_CchyNAXAgm_71f75392.pem' (3602 bytes)
    2009:05:31-20:54:57 (none)-7 pluto[4531]: added connection description "S_REF_RppjMNrPVz_0"
    2009:05:31-20:54:57 (none)-7 pluto[4531]: added connection description "S_REF_UBrlLYqeIB_0"
    2009:05:31-20:54:57 (none)-7 pluto[4531]: added connection description "S_REF_UBrlLYqeIB_1"
    2009:05:31-20:54:57 (none)-7 pluto[4531]: Pluto is now Slave
    2009:05:31-20:54:57 (none)-7 xl2tpd[4543]: This binary does not support kernel L2TP.
    2009:05:31-20:54:57 (none)-7 xl2tpd[4545]: xl2tpd version xl2tpd-1.1.12 started on (none) PID:4545
    2009:05:31-20:54:57 (none)-7 xl2tpd[4545]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
    2009:05:31-20:54:57 (none)-7 xl2tpd[4545]: Forked by Scott Balmos and David Stipp, (C) 2001
    2009:05:31-20:54:57 (none)-7 xl2tpd[4545]: Inherited by Jeff McAdams, (C) 2002
    2009:05:31-20:54:57 (none)-7 xl2tpd[4545]: Forked again by Xelerance (Xelerance -) (C) 2006
    2009:05:31-20:54:57 (none)-7 xl2tpd[4545]: Listening on IP address 0.0.0.0, port 1701
  • 0 in reply to nausica
    At first glance, I don't see the problem.  Those lines are from last night - was the problem happenning then?

    Cheers - Bob
  • 0 in reply to BAlfson
    It's the same for the last three days and my move to 7.402. The local system is 100% and the node 1 is 3%. If I reboot the system, still the same.
  • 0 in reply to nausica
    If I were you, I'd submit a support request to Astaro.
  • 0 in reply to BAlfson
    OK. Thanks for your help BAlfson.