Extreme memory usage

[KamilR]

I've noticed Plesk 10 has a very high memory usage compared to 9. I have a TON of /usr/bin/sw-engine-cgi -c /opt/psa/admin/conf/php.ini -d auto_prepend_file=auth.php3 -u psaadm processes eating almost 8GB of memory, with server uptime of about 5h. There is certainly something wrong here. I cannot restart the whole server just to free some memory.

 

[kaizer]

I also noticed that, but according to Linux experts that is normal. Linux adjusts memoryuse automatically

 

[KamilR]

No, this is not normal. Plesk 10 is spawning numerous sw-engine-cgi processes which eat all of system memory. I noticed this only happens when someone is doing something (anything) in the panel. Without enetering the panel, the memory consumption is normal (about the same as Plesk 9).
In other words - something is broken in the panel itself.

 

[IgorG]

The problem can be caused by sw-engine-cgi processes that were not finishing properly and were stock-piling in the system. Plesk web-server does not forcedly finish such processes by default, so you can modify configuration of Plesk web-server to forcedly limit number of these processes and finish those processes that were not used anymore.
Changes should be applied to configuration files /etc/sw-cp-server/applications.d/plesk.conf and /etc/sw-cp-server/applications.d/sso-cpserver.conf -- every parameter 'max-procs' and 'min-procs' should be set to value '2':

"max-procs" => 2,
"min-procs" => 2,
# "max-procs" => 1,
# "min-procs" => 0,

Try it. I hope it will help.

 

[KamilR]

Thanks, I wil try that. Should something be restarted after the change?

 

[IgorG]

Yes, restart whole Plesk just in case with

/etc/init.d/psa stopall
/etc/init.d/psa start

 

[KamilR]

After the change and restart:

ps aux | grep sw-engine-cgi | wc -l
81

I think those are left form before the change. Can I safely killall them?

 

[IgorG]

Try to restart sw-cp-server

 

[KamilR]

/etc/init.d/sw-cp-server restart
Restarting SWsoft control panels server... stale pidfile. ok
client1:/home/krojew# ps aux | grep sw-engine-cgi | wc -l
97

Seems to be getting worse.

 

[atomicturtle]

Are you using a kernel with grsecurity by any chance?

 

[KamilR]

Yes, I am.

 

[atomicturtle]

Thats why, there are a number of things the plesk daemon wants access to that it will prevent. We fixed this in the ASL kernels by implementing those security controls in a different way.

 

[KamilR]

So the question is - how to fix it? I've observed no such behavior with Plesk 9.

 

[IgorG]

http://kb.odin.com/en/234:

2) in case Parallels Plesk Panel is installed on the hardware server, the kernel updates are recommended, though it is so if there are only vendor's repositories configured. Otherwise if the custom repositories provide new kernels, this is better to have kernel updated from the vendor repository manually. The reason is simple: the major troubles cause kernels with GRSecurity patches applied. Plesk is not designed to work in such configurations.

 

[KamilR]

Well, I have 2.6.34 kernel on Debian 5 from OVH, which is a Plesk reseller (and even provides preconfigured Plesk serevers) and there never were any problem like this, until I upgraded the panel to 10.

 

[atomicturtle]

I actually sent the fixes to OVH a long long time ago but they never responded. This has effected Plesk since version 9, so we had to add the same changes into the ASL kernel to support it.

There are a number of changes you'd need to make in the way you build the kernel, this is from memory so bare with me in case I miss something. The first is that the plesk daemon needs access to /proc. Disabling the security control completely is not recommended, so you need to make exceptions for just that user. You will also need to disable the textrelocation checks, and the harden ptrace controls for the plesk daemon (plesk detects this as a reverse engineering attempt, which is bad. Since we're actually making it easier to reverse engineer it by turning this off!).

 

[KamilR]

I had to reinstall Plesk and there is no max-procs and min-procs in plesk.conf. What should I add?