Re: Followup on today lists.ovirt.org http outage
--=-eP3k5LV4Tp5Zr27AX3vY
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Le mardi 17 juin 2014 =C3=A0 15:55 +0200, Ewoud Kohl van Wijngaarden a
=C3=A9crit :
On Tue, Jun 17, 2014 at 03:47:14PM +0200, Michael Scherer wrote:
> Brian pinged me on a failure on lists.ovirt.org around 13h15 UTC. After
> scratching my head for a while ( since everything was running fine,
> despites regular Out of memory on the server ), it turned out to be a
> user trying to get the iso with a download accelerator. I first added
> more server, but without luck.
>=20
> So as I am more of the kind "shoot first, ask later", I did kill the
> connexion with iptables, then limit it with iptables ( but with some
> side effect ), then installed mod_limitipconn to limit to 10 tcp
> connexion per IP.=20
=20
I'm all in favor of this. Maybe we should mention we have mirrors with
MUCH more bandwith in our README.
Or maybe we do not need to tell that to people and use a redirector ?
( like mirrorbrain, etc ).
Even if a solution that requires no maintainance is maybe a better
solution for now.
> in short :
> - yum install mod_limitipconn
> - add=20
> <IfModule mod_limitipconn.c>
> MaxConnPerIP 10
> </IfModule>
> to /etc/httpd/conf.d/resources.ovirt.org.conf
>=20
> I guess we should add this in some puppet module somewhere ?
=20
We should, but the whole apache config isn't puppetized yet. I've been
slacking on that because we want to move away from that server, but
maybe we should bite the bullet and do it on the current server.
Yep, and I think it would be easier to move away from the server if it
is in puppet :)
--=20
Michael Scherer
Open Source and Standards, Sysadmin
--=-eP3k5LV4Tp5Zr27AX3vY
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJToE0CAAoJEE89Wa+PrSK9C34P/0MxCNC5y/FEffxjMQcIrbaY
pxOZv4PYYHvPds6ZZHIaAMCAUY08g0uN8zfbz3fhIW18SmXomcaKm3C5dUyPLRjR
1TsZL6jHN+cB0uVlBhrJ1J7BHxetd7HMCBh1ggPEs7+jOUE70zDGTJKhyinfZRnC
HF89eXNfwBni9Dra1fMlj0QoktBttzbo0KWUgvVQULzWpabusV9QgEA9+1uGMNcU
EaKaC51wdcloX+Oru8oY/wNd50dwwqOGuRUWrVQ0zO4HU8ykx59PYdt597rA31VZ
FfXy2eGxsxgQJGV8fcz6g0abk3CI7wEn+q/3UJNGv5MD4lC/vR1owYgsNH/tQ/3L
gKQxdsBKZuiS8IhCym6um4pug/NIgfdUbwMQTRZ83qCoMFYGC8GxQd+rutmk+UMe
Bz6V83UrlEcjrCJv+iFbRuEyHxkxpfMFDpReKGfvQkQrzhiHUhwrsg79PXwp9MXj
doS8mXznLYJlsBa6jnti1DUncMln8Vec9KR76MztWq3R10yYhOT7g6BWVu2d930E
i8pCGcxII0YtvzVZmfoiVGqeAugGGTM27e0q5BByMtSdOpqFhmwf+lgL2vS91xxf
CHE1VmbZ4kAjJBCYlKHy+onx74REVBvezUb8wYMN4Pv0/WH4M68DJ6/ETXlJuhYF
dxtYtF9fC+52c14Xovhx
=bhkS
-----END PGP SIGNATURE-----
--=-eP3k5LV4Tp5Zr27AX3vY--
Attachments:
- attachment.bin (multipart/signed — 2.8 KB)