On Tue, Jun 17, 2014 at 03:47:14PM +0200, Michael Scherer wrote:
Brian pinged me on a failure on lists.ovirt.org around 13h15 UTC. After scratching my head for a while ( since everything was running fine, despites regular Out of memory on the server ), it turned out to be a user trying to get the iso with a download accelerator. I first added more server, but without luck.
So as I am more of the kind "shoot first, ask later", I did kill the connexion with iptables, then limit it with iptables ( but with some side effect ), then installed mod_limitipconn to limit to 10 tcp connexion per IP.
I'm all in favor of this. Maybe we should mention we have mirrors with MUCH more bandwith in our README.
in short : - yum install mod_limitipconn - add <IfModule mod_limitipconn.c> MaxConnPerIP 10 </IfModule> to /etc/httpd/conf.d/resources.ovirt.org.conf
I guess we should add this in some puppet module somewhere ?
We should, but the whole apache config isn't puppetized yet. I've been slacking on that because we want to move away from that server, but maybe we should bite the bullet and do it on the current server.