05-05-2009
MaxClients -defines how many simultaneous requests can be served.
Any connection requests from browsers that come in after that will be queued. Default hard limit of 256.
IT Is ok to set high for static content, but bad for rendered pages.
MaxSpareServers
MinSpareServers
StartServers
ServerLimit
Thrashing -where the system is just swapping pages from physical memory to virtual memory (on disk), and vice versa, without doing any real work.
Apache processes with modules (mod_perl, mod_python, mod_php) can easily be 21MB per process.Can improve with PHP op-cache/accelerator, then you can make each Apache process take as little as 12MB.
-this is where one_liner for RSS*sort processes by mem usage
# ps auwxx --sort rss
# icps "semiphores"
-if apache is high mem usage, check MaxRequestsPerChild and keepalives
Last edited by incredible; 05-05-2009 at 02:52 AM..
9 More Discussions You Might Find Interesting
1. SuSE
Hi All,
Is there a max number of slabs that can be used per kernel module? I'm having a tough time finding out that kind of information, but the array 'node_zonelists' (mmzone.h) has a size of 5. I just want to avoid buffer overruns and other bad stuff.
Cheers,
Brendan (4 Replies)
Discussion started by: Brendan Kennedy
4 Replies
2. UNIX for Advanced & Expert Users
Hi all,
How can I get the list of all Threads and the Total count of threads under a particular process ?
Do suggest !!
Awaiting for the replies !!
Thanks
Varun:b: (2 Replies)
Discussion started by: varungupta
2 Replies
3. Linux
Hi everyone,
I need to see some VM manager performance/behavior information on some Linux boxes regarding pages scanned/activation of the paging algorithm in order to get an idea if a given server needs more memory and is actually paging. In Aix servers, by using the vmstat cmd you... (1 Reply)
Discussion started by: jcpetela
1 Replies
4. UNIX for Advanced & Expert Users
I write kernel module with kernel threads using
linux/kthread.h on 2.6.* kernel
I tried to passing data between two kernel threads
with data argument of kthread_run( fun, data , NAME );
but this is not work I dont know why. I tried many possibility
and nothing works.
So I thought that... (0 Replies)
Discussion started by: marcintom
0 Replies
5. Solaris
Hi gurus
Could anybody tell me which file is read by kernel to set its default system kernal parameters values in solaris. Here I am not taking about /etc/system file which is used to load kernal modules or to change any default system kernal parameter value
Is it /dev/kmem file or something... (1 Reply)
Discussion started by: girish.batra
1 Replies
6. Programming
Using pthreads is there a way to determine how many threads are waiting on a locked resource? I mean, once a shared resource is protected using e.g. pthread_rwlock_t or pthread_mutex_t one thread grabs the lock and other threads will go to sleep waiting for the resource to be available again. Is... (0 Replies)
Discussion started by: muggu
0 Replies
7. AIX
Hi All,
bash-3.2# ps -eaf | grep mkdev
root 4378752 1548526 0 03:27:04 - 0:00 /usr/sbin/mkdev -c disk -s vscsi -t xyz -l virtualdev
bash-3.2#
Here we are trying to create a virtual device using mkdev and the device is already populated in the namespace and the corresponding ODMs... (1 Reply)
Discussion started by: Muppana Prasad
1 Replies
8. Linux
Hi everyone,
I am trying to prevent the ehci_hcd kernel module to load at boot time.
Here's what I've tried so far:
1) Add the following line to /etc/modprobe.d/blacklist.conf (as suggested here):
2) Blacklisted the module by adding the following string to
3) Tried to blacklist the module... (0 Replies)
Discussion started by: gacanepa
0 Replies
9. Linux
I m checking idle time using vmstat, below are the results
var=$(ssh wmtmgr@$hostname vmstat | tail -1 | awk '{print $15}')
89
and now im subtracting 89 with 100 & im getting expected results
expr 100 - $var
11
Now How can I get the result 11 in one line code? (4 Replies)
Discussion started by: sam@sam
4 Replies
LEARN ABOUT DEBIAN
mod_apparmor
MOD_APPARMOR(8) AppArmor MOD_APPARMOR(8)
NAME
mod_apparmor - fine-grained AppArmor confinement for Apache
DESCRIPTION
An AppArmor profile applies to an executable program; if a portion of the program needs different access permissions than other portions,
the program can "change hats" via aa_change_hat(2) to a different role, also known as a subprofile. The mod_apparmor Apache module uses
the aa_change_hat(2) mechanism to offer more fine-grained confinement of dynamic elements within Apache such as individual php and perl
scripts, while still allowing the performance benefits of using mod_php and mod_perl.
To use mod_apparmor with Apache, ensure that mod_apparmor is configured to be loaded into Apache, either via a2enmod, yast or manual
editing of the apache2(8)/httpd(8) configuration files, and restart Apache. Make sure that apparmor is also functioning.
Once mod_apparmor is loaded within Apache, all requests to Apache will cause mod_apparmor to attempt to change into a hat named by the URI
(e.g. /app/some.cgi). If no such hat is found, it will fall back to attempting to use the hat DEFAULT_URI; if that also does not exist, it
will fall back to using the global Apache profile. Most static web pages can simply make use of the DEFAULT_URI hat.
Additionally, before any requests come in to Apache, mod_apparmor will attempt to change hat into the HANDLING_UNTRUSTED_INPUT hat.
mod_apparmor will attempt to use this hat while Apache is doing the initial parsing of a given http request, before its given to a specific
handler (like mod_php) for processing.
Because defining hats for every URI/URL often becomes tedious, mod_apparmor provides the AAHatName and AADefaultHatName Apache
configuration options.
AAHatName
AAHatName allows you to specify a hat to be used for a given Apache <Directory>, <DirectoryMatch>, <Location> or <LocationMatch>
directive (see the Apache documenation for more details). Note that mod_apparmor behavior can become confused if <Directory*> and
<Location*> directives are intermingled and it is recommended to use one type of directive. If the hat specified by AAHatName does not
exist in the Apache profile, then it falls back to the behavior described above.
AADefaultHatName
AADefaultHatName allows you to specify a default hat to be used for virtual hosts and other Apache server directives, so that you can
have different defaults for different virtual hosts. This can be overridden by the AAHatName directive and is checked for only if there
isn't a matching AAHatName or hat named by the URI. If the AADefaultHatName hat does not exist, it falls back to the DEFAULT_URI hat if
it exists (as described above).
URI REQUEST SUMMARY
When profiling with mod_apparmor, it is helpful to keep the following order of operations in mind:
On each URI request, mod_apparmor will first aa_change_hat(2) into ^HANDLING_UNTRUSTED_INPUT, if it exists.
Then, after performing the initial parsing of the request, mod_apparmor will:
1. try to aa_change_hat(2) into a matching AAHatName hat if it exists and applies, otherwise it will
2. try to aa_change_hat(2) into the URI itself, otherwise it will
3. try to aa_change_hat(2) into an AADefaultHatName hat if it has been defined for the server/vhost, otherwise it will
4. try to aa_change_hat(2) into the DEFAULT_URI hat, if it exists, otherwise it will
5. fall back to the global Apache policy
BUGS
mod_apparmor() currently only supports apache2, and has only been tested with the prefork MPM configuration -- threaded configurations of
Apache may not work correctly.
There are likely other bugs lurking about; if you find any, please report them at <http://https://bugs.launchpad.net/apparmor/+filebug>.
SEE ALSO
apparmor(7), subdomain.conf(5), apparmor_parser(8), aa_change_hat(2) and <http://wiki.apparmor.net>.
AppArmor 2.7.103 2012-06-28 MOD_APPARMOR(8)