Update notes for 2018-02-07

2024-07-01 02:23:51 +02:00 · 2018-02-08 00:55:28 +02:00 · 2018-02-08 00:55:28 +02:00 · 5e4dab0002
commit 5e4dab0002
parent 69cbd6169b
3 changed files with 223 additions and 8 deletions
--- a/content/post/2018-02.md
+++ b/content/post/2018-02.md
@ -198,3 +198,105 @@ $ psql -c 'select * from pg_stat_activity' | grep dspaceWeb | grep -c "idle in t
 Wed Feb 07 15:01:54 UTC 2018 | Query:containerItem:91917 AND type:2
 Exception in thread "http-bio-127.0.0.1-8081-exec-58" java.lang.OutOfMemoryError: Java heap space
 ```
+
+- I'm trying to find a way to determine what was using all those Tomcat sessions, but parsing the DSpace log is hard because some IPs are IPv6, which contain colons!
+- Looking at the first crash this morning around 11, I see these IPv4 addresses making requests around 10 and 11AM:
+
+```
+$ grep -E '^2018-02-07 (10|11)' dspace.log.2018-02-07 | grep -o -E 'ip_addr=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort -n | uniq -c | sort -n | tail -n 20
+     34 ip_addr=46.229.168.67
+     34 ip_addr=46.229.168.73
+     37 ip_addr=46.229.168.76
+     40 ip_addr=34.232.65.41
+     41 ip_addr=46.229.168.71
+     44 ip_addr=197.210.168.174
+     55 ip_addr=181.137.2.214
+     55 ip_addr=213.55.99.121
+     58 ip_addr=46.229.168.65
+     64 ip_addr=66.249.66.91
+     67 ip_addr=66.249.66.90
+     71 ip_addr=207.46.13.54
+     78 ip_addr=130.82.1.40
+    104 ip_addr=40.77.167.36
+    151 ip_addr=68.180.228.157
+    174 ip_addr=207.46.13.135
+    194 ip_addr=54.83.138.123
+    198 ip_addr=40.77.167.62
+    210 ip_addr=207.46.13.71
+    214 ip_addr=104.196.152.243
+```
+
+- These IPs made thousands of sessions today:
+
+```
+$ grep 104.196.152.243 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+530
+$ grep 207.46.13.71 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+859
+$ grep 40.77.167.62 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+610
+$ grep 54.83.138.123 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+8
+$ grep 207.46.13.135 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+826
+$ grep 68.180.228.157 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+727
+$ grep 40.77.167.36 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+181
+$ grep 130.82.1.40 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+24
+$ grep 207.46.13.54 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+166
+$ grep 46.229.168 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+992
+
+```
+
+- Let's investigate who these IPs belong to:
+  - 104.196.152.243 is CIAT, which is already marked as a bot via nginx!
+  - 207.46.13.71 is Bing, which is already marked as a bot in Tomcat's Crawler Session Manager Valve!
+  - 40.77.167.62 is Bing, which is already marked as a bot in Tomcat's Crawler Session Manager Valve!
+  - 207.46.13.135 is Bing, which is already marked as a bot in Tomcat's Crawler Session Manager Valve!
+  - 68.180.228.157 is Yahoo, which is already marked as a bot in Tomcat's Crawler Session Manager Valve!
+  - 40.77.167.36 is Bing, which is already marked as a bot in Tomcat's Crawler Session Manager Valve!
+  - 207.46.13.54 is Bing, which is already marked as a bot in Tomcat's Crawler Session Manager Valve!
+  - 46.229.168.x is Semrush, which is already marked as a bot in Tomcat's Crawler Session Manager Valve!
+- Nice, so these are all known bots that are already crammed into one session by Tomcat's Crawler Session Manager Valve.
+- What in the actual fuck, why is our load doing this? It's gotta be something fucked up with the database pool being "busy" but everything is fucking idle
+- One that I should probably add in nginx is 54.83.138.123, which is apparently the following user agent:
+
+```
+BUbiNG (+http://law.di.unimi.it/BUbiNG.html)
+```
+
+- This one makes two thousand requests per day or so recently:
+
+```
+# grep -c BUbiNG /var/log/nginx/access.log /var/log/nginx/access.log.1
+/var/log/nginx/access.log:1925
+/var/log/nginx/access.log.1:2029
+```
+
+- And they have 30 IPs, so fuck that shit I'm going to add them to the Tomcat Crawler Session Manager Valve nowwww
+- Lots of discussions on the dspace-tech mailing list over the last few years about leaky transactions being a known problem with DSpace
+- Helix84 recommends restarting PostgreSQL instead of Tomcat because it restarts quicker
+- This is how the connections looked when it crashed this afternoon:
+
+```
+$ psql -c 'select * from pg_stat_activity' | grep -o -E '(dspaceWeb|dspaceApi|dspaceCli)' | sort | uniq -c
+      5 dspaceApi
+    290 dspaceWeb
+```
+
+- This is how it is right now:
+
+```
+$ psql -c 'select * from pg_stat_activity' | grep -o -E '(dspaceWeb|dspaceApi|dspaceCli)' | sort | uniq -c
+      5 dspaceApi
+      5 dspaceWeb
+```
+
+- So is this just some fucked up XMLUI database leaking?
+- I notice there is an issue (that I've probably noticed before) on the Jira tracker about this that was fixed in DSpace 5.7: https://jira.duraspace.org/browse/DS-3551
+- I seriously doubt this leaking shit is fixed for sure, but I'm gonna cherry-pick all those commits and try them on DSpace Test and probably even CGSpace because I'm fed up with this shit
+- If I do, I need to remember to remove them when I rebase `5_x-prod` on top of the latest upstream 5.x branch later
--- a/public/2018-02/index.html
+++ b/public/2018-02/index.html
@ -23,7 +23,7 @@ I copied the logic in the jmx_tomcat_dbpools provided by Ubuntu&rsquo;s munin-pl

 <meta property="article:published_time" content="2018-02-01T16:28:54&#43;02:00"/>

-<meta property="article:modified_time" content="2018-02-07T18:33:26&#43;02:00"/>
+<meta property="article:modified_time" content="2018-02-07T18:34:39&#43;02:00"/>



@ -57,9 +57,9 @@ I copied the logic in the jmx_tomcat_dbpools provided by Ubuntu&rsquo;s munin-pl
  "@type": "BlogPosting",
  "headline": "February, 2018",
  "url": "https://alanorth.github.io/cgspace-notes/2018-02/",
-  "wordCount": "1363",
+  "wordCount": "2087",
  "datePublished": "2018-02-01T16:28:54&#43;02:00",
-  "dateModified": "2018-02-07T18:33:26&#43;02:00",
+  "dateModified": "2018-02-07T18:34:39&#43;02:00",
  "author": {
    "@type": "Person",
    "name": "Alan Orth"
@ -341,6 +341,119 @@ $ psql -c 'select * from pg_stat_activity' | grep dspaceWeb | grep -c &quot;idle
 Exception in thread &quot;http-bio-127.0.0.1-8081-exec-58&quot; java.lang.OutOfMemoryError: Java heap space
 </code></pre>

+<ul>
+<li>I&rsquo;m trying to find a way to determine what was using all those Tomcat sessions, but parsing the DSpace log is hard because some IPs are IPv6, which contain colons!</li>
+<li>Looking at the first crash this morning around 11, I see these IPv4 addresses making requests around 10 and 11AM:</li>
+</ul>
+
+<pre><code>$ grep -E '^2018-02-07 (10|11)' dspace.log.2018-02-07 | grep -o -E 'ip_addr=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort -n | uniq -c | sort -n | tail -n 20
+     34 ip_addr=46.229.168.67
+     34 ip_addr=46.229.168.73
+     37 ip_addr=46.229.168.76
+     40 ip_addr=34.232.65.41
+     41 ip_addr=46.229.168.71
+     44 ip_addr=197.210.168.174
+     55 ip_addr=181.137.2.214
+     55 ip_addr=213.55.99.121
+     58 ip_addr=46.229.168.65
+     64 ip_addr=66.249.66.91
+     67 ip_addr=66.249.66.90
+     71 ip_addr=207.46.13.54
+     78 ip_addr=130.82.1.40
+    104 ip_addr=40.77.167.36
+    151 ip_addr=68.180.228.157
+    174 ip_addr=207.46.13.135
+    194 ip_addr=54.83.138.123
+    198 ip_addr=40.77.167.62
+    210 ip_addr=207.46.13.71
+    214 ip_addr=104.196.152.243
+</code></pre>
+
+<ul>
+<li>These IPs made thousands of sessions today:</li>
+</ul>
+
+<pre><code>$ grep 104.196.152.243 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+530
+$ grep 207.46.13.71 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+859
+$ grep 40.77.167.62 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+610
+$ grep 54.83.138.123 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+8
+$ grep 207.46.13.135 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+826
+$ grep 68.180.228.157 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+727
+$ grep 40.77.167.36 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+181
+$ grep 130.82.1.40 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+24
+$ grep 207.46.13.54 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+166
+$ grep 46.229.168 dspace.log.2018-02-07 | grep -o -E 'session_id=[A-Z0-9]{32}' | sort -n | uniq | wc -l
+992
+
+</code></pre>
+
+<ul>
+<li>Let&rsquo;s investigate who these IPs belong to:
+
+<ul>
+<li>104.196.152.243 is CIAT, which is already marked as a bot via nginx!</li>
+<li>207.46.13.71 is Bing, which is already marked as a bot in Tomcat&rsquo;s Crawler Session Manager Valve!</li>
+<li>40.77.167.62 is Bing, which is already marked as a bot in Tomcat&rsquo;s Crawler Session Manager Valve!</li>
+<li>207.46.13.135 is Bing, which is already marked as a bot in Tomcat&rsquo;s Crawler Session Manager Valve!</li>
+<li>68.180.228.157 is Yahoo, which is already marked as a bot in Tomcat&rsquo;s Crawler Session Manager Valve!</li>
+<li>40.77.167.36 is Bing, which is already marked as a bot in Tomcat&rsquo;s Crawler Session Manager Valve!</li>
+<li>207.46.13.54 is Bing, which is already marked as a bot in Tomcat&rsquo;s Crawler Session Manager Valve!</li>
+<li>46.229.168.x is Semrush, which is already marked as a bot in Tomcat&rsquo;s Crawler Session Manager Valve!</li>
+</ul></li>
+<li>Nice, so these are all known bots that are already crammed into one session by Tomcat&rsquo;s Crawler Session Manager Valve.</li>
+<li>What in the actual fuck, why is our load doing this? It&rsquo;s gotta be something fucked up with the database pool being &ldquo;busy&rdquo; but everything is fucking idle</li>
+<li>One that I should probably add in nginx is 54.83.138.123, which is apparently the following user agent:</li>
+</ul>
+
+<pre><code>BUbiNG (+http://law.di.unimi.it/BUbiNG.html)
+</code></pre>
+
+<ul>
+<li>This one makes two thousand requests per day or so recently:</li>
+</ul>
+
+<pre><code># grep -c BUbiNG /var/log/nginx/access.log /var/log/nginx/access.log.1
+/var/log/nginx/access.log:1925
+/var/log/nginx/access.log.1:2029
+</code></pre>
+
+<ul>
+<li>And they have 30 IPs, so fuck that shit I&rsquo;m going to add them to the Tomcat Crawler Session Manager Valve nowwww</li>
+<li>Lots of discussions on the dspace-tech mailing list over the last few years about leaky transactions being a known problem with DSpace</li>
+<li>Helix84 recommends restarting PostgreSQL instead of Tomcat because it restarts quicker</li>
+<li>This is how the connections looked when it crashed this afternoon:</li>
+</ul>
+
+<pre><code>$ psql -c 'select * from pg_stat_activity' | grep -o -E '(dspaceWeb|dspaceApi|dspaceCli)' | sort | uniq -c
+      5 dspaceApi
+    290 dspaceWeb
+</code></pre>
+
+<ul>
+<li>This is how it is right now:</li>
+</ul>
+
+<pre><code>$ psql -c 'select * from pg_stat_activity' | grep -o -E '(dspaceWeb|dspaceApi|dspaceCli)' | sort | uniq -c
+      5 dspaceApi
+      5 dspaceWeb
+</code></pre>
+
+<ul>
+<li>So is this just some fucked up XMLUI database leaking?</li>
+<li>I notice there is an issue (that I&rsquo;ve probably noticed before) on the Jira tracker about this that was fixed in DSpace 5.7: <a href="https://jira.duraspace.org/browse/DS-3551">https://jira.duraspace.org/browse/DS-3551</a></li>
+<li>I seriously doubt this leaking shit is fixed for sure, but I&rsquo;m gonna cherry-pick all those commits and try them on DSpace Test and probably even CGSpace because I&rsquo;m fed up with this shit</li>
+<li>If I do, I need to remember to remove them when I rebase <code>5_x-prod</code> on top of the latest upstream 5.x branch later</li>
+</ul>
+
  

  
--- a/public/sitemap.xml
+++ b/public/sitemap.xml
@ -4,7 +4,7 @@
  
  <url>
    <loc>https://alanorth.github.io/cgspace-notes/2018-02/</loc>
-    <lastmod>2018-02-07T18:33:26+02:00</lastmod>
+    <lastmod>2018-02-07T18:34:39+02:00</lastmod>
  </url>
  
  <url>
@ -149,7 +149,7 @@
  
  <url>
    <loc>https://alanorth.github.io/cgspace-notes/</loc>
-    <lastmod>2018-02-07T18:33:26+02:00</lastmod>
+    <lastmod>2018-02-07T18:34:39+02:00</lastmod>
    <priority>0</priority>
  </url>
  
@ -160,7 +160,7 @@
  
  <url>
    <loc>https://alanorth.github.io/cgspace-notes/tags/notes/</loc>
-    <lastmod>2018-02-07T18:33:26+02:00</lastmod>
+    <lastmod>2018-02-07T18:34:39+02:00</lastmod>
    <priority>0</priority>
  </url>
  
@ -172,13 +172,13 @@
  
  <url>
    <loc>https://alanorth.github.io/cgspace-notes/post/</loc>
-    <lastmod>2018-02-07T18:33:26+02:00</lastmod>
+    <lastmod>2018-02-07T18:34:39+02:00</lastmod>
    <priority>0</priority>
  </url>
  
  <url>
    <loc>https://alanorth.github.io/cgspace-notes/tags/</loc>
-    <lastmod>2018-02-07T18:33:26+02:00</lastmod>
+    <lastmod>2018-02-07T18:34:39+02:00</lastmod>
    <priority>0</priority>
  </url>