Opened 8 months ago

Closed 5 months ago

Last modified 4 months ago

#3185 closed task (fixed)

Limit connection limit of moved trac instances

Reported by: robe Owned by: sac-tickets@…
Priority: normal Milestone: Sysadmin Contract 2024-I
Component: SysAdmin/Trac Keywords:
Cc:

Description

trac appears to be suffering from some bot attacks of late eating up connections.

I think many of these strk observed were to sites no longer used.

For now, I'm going to limit the number of connections of these defunct site databases to 5 connections max.

Change History (18)

comment:1 by robe, 8 months ago

Resolution: fixed
Status: newclosed

ran this

ALTER DATABASE trac_csmap WITH CONNECTION LIMIT = 5;
ALTER DATABASE trac_fdo WITH CONNECTION LIMIT = 5;
ALTER DATABASE trac_gdal WITH CONNECTION LIMIT = 5;
ALTER DATABASE trac_mapserver WITH CONNECTION LIMIT = 5;
ALTER DATABASE trac_qgis WITH CONNECTION LIMIT = 5;
ALTER DATABASE trac_metacrs WITH CONNECTION LIMIT = 5;
ALTER DATABASE trac_proj4j WITH CONNECTION LIMIT = 5;
ALTER DATABASE trac_proj4js WITH CONNECTION LIMIT = 5;
ALTER DATABASE trac_geos WITH CONNECTION LIMIT = 5;

there are others but will start with these. At the moment there seem to be no active connections and inactive connections are as follows:

SELECT datname, count(*) FROM pg_stat_activity GROUP BY datname;
    datname     | count
----------------+-------
                |     5
 gitea          |     2
 trac_qgis      |     5
 trac_mapguide  |     4
 postgres       |     1
 trac_osgeolive |     3
 trac_postgis   |    10
 trac_mapserver |     2
 trac_gdal      |     5
 trac_osgeo     |    13
 trac_grass     |     1
 trac_csmap     |     1
 trac_osgeo4w   |     2
(13 rows)

comment:2 by Jeff McKenna, 5 months ago

Resolution: fixed
Status: closedreopened

@robe would you mind increasing the connection limit for the 'trac_gdal' instance? (the BuildHints wiki pages are still actively maintained, read, and modified, by GDAL's packaging community - really, these old steps are a lifeline for packagers).

Almost every page load gives the error:

Unable to get database connection within 0 seconds. (OperationalError: FATAL: too many connections for database "trac_gdal" )

comment:3 by strk, 5 months ago

Should we use pgbouncer ? https://www.pgbouncer.org/

comment:4 by strk, 5 months ago

I've run this:

ALTER DATABASE trac_gdal WITH CONNECTION LIMIT = 10;

Is that enough, Jeff ?

comment:5 by strk, 5 months ago

Component: SysAdminSysAdmin/Trac

comment:6 by strk, 5 months ago

See #2176 for pooled database connections

comment:7 by strk, 5 months ago

Assuming raising to 10 was good enough.

comment:8 by strk, 5 months ago

Resolution: fixed
Status: reopenedclosed

comment:9 by Jeff McKenna, 5 months ago

thanks @strk 10 seems to work well. thanks again.

comment:10 by jng, 5 months ago

Resolution: fixed
Status: closedreopened

Hi,

I am getting errors like this on the MapGuide and FDO instances (replace trac_mapguide with trac_fdo where applicable)

Trac Error

TracError: Unable to check for upgrade of trac.db.api.DatabaseManager: TimeoutError: Unable to get database connection within 0 seconds. (OperationalError: FATAL:  too many connections for database "trac_mapguide"
)

I am actively maintaining wiki content and tickets on both instances and use the timeline feature heavily to monitor commits from Autodesk for merging and the above error is appearing way too frequently.

Could we get the limits increased on these 2 instances?

in reply to:  3 comment:11 by robe, 5 months ago

Resolution: fixed
Status: reopenedclosed

I've upped the limit of trac_fdo to 30. trac_mapguide I had already upped to 30 as part of #3244

Replying to strk:

Should we use pgbouncer ? https://www.pgbouncer.org/

Yah was thinking that and I thought I had added a ticket for this, but can't find it. Anyway I'll add one and detail my findings which sadly is not good.

comment:12 by Jeff McKenna, 5 months ago

Resolution: fixed
Status: closedreopened

@strk can you also up the limit for "trac_gdal" to 30? (the error is back).

comment:13 by strk, 5 months ago

Regina the ticket for pgbouncer is #2176 as written in comment:6

comment:14 by strk, 5 months ago

Resolution: fixed
Status: reopenedclosed

Jeff, limit raised to 30:

trac_gdal=# ALTER DATABASE trac_gdal WITH CONNECTION LIMIT = 30;
ALTER DATABASE

comment:15 by Jeff McKenna, 5 months ago

thanks again @strk, smooth, works well.

comment:16 by strk, 5 months ago

I've also raised trac_mapguide to 30 as the log was full of TimeoutErrors about it

in reply to:  16 comment:17 by robe, 5 months ago

Replying to strk:

I've also raised trac_mapguide to 30 as the log was full of TimeoutErrors about it

I had raised it already to 30 per #3244. Maybe we need to raise it more that 30 is not enough.

comment:18 by strk, 4 months ago

For the record, this is the query you can use to check current limit for databases:

select datname,datconnlimit from pg_database;

Note: See TracTickets for help on using tickets.