Followup on today lists.ovirt.org http outage
Michael Scherer
mscherer at redhat.com
Tue Jun 17 14:48:24 UTC 2014
Le mardi 17 juin 2014 à 16:03 +0200, Sandro Bonazzola a écrit :
> Il 17/06/2014 15:47, Michael Scherer ha scritto:
> > Hi,
> >
> > Brian pinged me on a failure on lists.ovirt.org around 13h15 UTC. After
> > scratching my head for a while ( since everything was running fine,
> > despites regular Out of memory on the server ), it turned out to be a
> > user trying to get the iso with a download accelerator. I first added
> > more server, but without luck.
> >
> > So as I am more of the kind "shoot first, ask later", I did kill the
> > connexion with iptables, then limit it with iptables ( but with some
> > side effect ), then installed mod_limitipconn to limit to 10 tcp
> > connexion per IP.
> >
> > in short :
> > - yum install mod_limitipconn
> > - add
> > <IfModule mod_limitipconn.c>
> > MaxConnPerIP 10
> > </IfModule>
> > to /etc/httpd/conf.d/resources.ovirt.org.conf
> >
> > I guess we should add this in some puppet module somewhere ?
>
> Maybe also limit bandwidth per IP?
For now, the issue was more the ressources used serverside ( ie, 1 httpd
slot per request ). Limit per IP could make sense, I didn't look at a
supported apache module. Seems there is mod_bw for that.
--
Michael Scherer
Open Source and Standards, Sysadmin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ovirt.org/pipermail/infra/attachments/20140617/1354b675/attachment.sig>
More information about the Infra
mailing list