[Seaside] Goods connection limit
William E Harford
seaside at harford.org
Wed Sep 7 23:40:53 CEST 2005
My limit is currently 102346 and ulimit reports "unlimited".
I don't think that a problem.
I can telnet to the goods administration port fine and goods reports
it's status as well.
I should try and connect from another image to eliminate the possibility
that there is a problem with the goods drivers.
*sigh* I was hoping that this problem was something simple like I did
something stupid in the goods config file posted below.
memmgr.gc_background = 1 # enabled
memmgr.init_map_file_size=4096 # Kb
memmgr.init_index_file_size=4096 # Kb
memmgr.gc_init_timeout=60 # seconds
memmgr.gc_response_timeout=86400 # seconds
memmgr.gc_init_allocated=10000 # Kb
memmgr.gc_init_used=0 # Kb, 0 - unlimited
memmgr.gc_init_idle_period=0 # seconds (0 - disabled)
memmgr.gc_init_min_allocated=1024 # Kb
memmgr.gc_grey_set_threshold=1000000 # references
memmgr.max_data_file_size=0 # Kb (0 - unlimited)
memmgr.max_objects=0 # objects (0 - unlimited)
transmgr.logging_enabled=1 # enabled
transmgr.sync_log_writes=0 # enabled
transmgr.permanent_backup=0 # disabled
transmgr.max_log_size=100000 # Kb
transmgr.max_log_size_for_backup=1000000000 # Kb
transmgr.preallocated_log_size=4096 # Kb
transmgr.wait_timeout=600 # seconds
transmgr.retry_timeout=5 # seconds
transmgr.checkpoint_period=0 # seconds (0 - no checkpoint
transmgr.dynamic_reclustering_limit=0 # bytes (0 - disabled)
objmgr.lock_timeout=600 # seconds
poolmgr.page_pool_size=100000 # pages
server.cluster_size=512 # bytes
On Wed, 2005-09-07 at 17:09 -0400, David Shaffer wrote:
> I just ran the "wget" loop on one of my production apps (my development
> version of it, that is) that uses GOODS. No problems up to 850
> connections. Didn't try to go beyond that. I'm running on Gentoo
> linux. You? In linux, without some adjustments, processes are limited
> to 1024 open file descriptors. You can raise the limit by playing with
> some /proc file, sorry, I forget the details. Note that plain old
> "ulimit -n 9999" may make it seem like the limit was raised (ulimit -a
> report the larger limit) when in fact the kernel still imposes it. So,
> a DoS still wouldn't be very difficult. I've got to run but would like
> to see this discussion continue. I don't think limiting connections
> from one IP would work since many places proxy through a single IP. Our
> college, for example, appears as one IP to the outside world. Still, as
> long as the limit was high enough it might be better than nothing.
> William E Harford wrote:
> > I created a subclass of WASession to handle a connection to GOODS. It
> > allows my easy and almost transparent access to persistent storage.
> > This seams to be a very common way to handle GOODS with Seaside.
> > I have come across a problem in which I am not to sure there is a
> > perfect solution to. For some reason goods will only allow about 200
> > connections. After that my Seaside apps (the ones whose sessions have
> > not connected to the database) will lockup and wait for goods to allow
> > new connections; after some stale sessions have been unregistered.
> > We plan on servicing much more than 200 concurrent users so this is a
> > bit of a problem. Also to DOS a Seaside application that relies on
> > GOODS is trivial. A simple `while true; do wget
> > "http://bla.ca/seaside/bla"; done` will do it.
> > I tried initiating a GOODS connection at the start of a continuation
> > and ending it at the end of a continuation but this caused major
> > problems and crashed the image (understandable). Even if I could make
> > this work or is even possible I don't think this would be such a good
> > solution because I would loose the local cache (right?).
> > I am starting to think I have 2 distinct problems and it will require
> > 2 distinct solutions.
> > 1) Allowing > 1000 concurrent database connections.
> > I can't seam to find a way to tell goods to allow more than ~200
> > connections. I don't see any reason why GOODS can not allow thousands
> > or even tens of thousands (given enough fire power) of connections.
> > 2) Limit the ability for someone to DOS our applications. This could
> > be something as simple as limiting the number of connections from an
> > IP address.
> > Any ideas on how I could best handle this ?
> > Thanks
> > Will
> > --
> > William E Harford <seaside at harford.org <mailto:seaside at harford.org>>
> >Seaside mailing list
> >Seaside at lists.squeakfoundation.org
> Seaside mailing list
> Seaside at lists.squeakfoundation.org
William E Harford <seaside at harford.org>
More information about the Seaside