Re: Followup on today lists.ovirt.org http outage
On Tue, Jun 17, 2014 at 03:47:14PM +0200, Michael Scherer wrote:
Brian pinged me on a failure on lists.ovirt.org around 13h15 UTC.
After
scratching my head for a while ( since everything was running fine,
despites regular Out of memory on the server ), it turned out to be a
user trying to get the iso with a download accelerator. I first added
more server, but without luck.
So as I am more of the kind "shoot first, ask later", I did kill the
connexion with iptables, then limit it with iptables ( but with some
side effect ), then installed mod_limitipconn to limit to 10 tcp
connexion per IP.
I'm all in favor of this. Maybe we should mention we have mirrors with
MUCH more bandwith in our README.
in short :
- yum install mod_limitipconn
- add
<IfModule mod_limitipconn.c>
MaxConnPerIP 10
</IfModule>
to /etc/httpd/conf.d/resources.ovirt.org.conf
I guess we should add this in some puppet module somewhere ?
We should, but the whole apache config isn't puppetized yet. I've been
slacking on that because we want to move away from that server, but
maybe we should bite the bullet and do it on the current server.