curl | furoom

AWS SDKを使用しているとslabが肥大化していく現象

NSS_SDB_USE_CACHE=yesが利用できるのが、nss3.16以上とあるが、

nss-softokn-3.14.3-12.el6 という情報もあるため、確認

https://bugzilla.redhat.com/show_bug.cgi?id=1044666

http://tama1029hq.hatenablog.com/entry/2016/12/12/105353

—

Amazon Linux

[root@freeserver ec2-user]# rpm -qa | grep nss-softokn
nss-softokn-3.16.2.3-14.2.38.amzn1.x86_64
nss-softokn-freebl-3.16.2.3-14.2.38.amzn1.x86_64
[root@freeserver ec2-user]# curl -V
curl 7.47.1 (x86_64-redhat-linux-gnu) libcurl/7.47.1 NSS/3.21 Basic ECC zlib/1.2.8 libidn/1.18 libpsl/0.6.2 (+libicu/50.1.2) libssh2/1.4.2
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets PSL

[root@freeserver ec2-user]# rpm -qa | grep nss-softokn

nss-softokn-3.16.2.3-14.2.38.amzn1.x86_64

nss-softokn-freebl-3.16.2.3-14.2.38.amzn1.x86_64

[root@freeserver ec2-user]# curl -V

curl 7.47.1 (x86_64-redhat-linux-gnu) libcurl/7.47.1 NSS/3.21 Basic ECC zlib/1.2.8 libidn/1.18 libpsl/0.6.2 (+libicu/50.1.2) libssh2/1.4.2

Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp

Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets PSL

この場合、NSS/3.21が有効なのだろうか。

[root@freeserver ec2-user]# strace -fc -e trace=access curl -s https://www.google.co.jp/ > /dev/null
Process 29754 attached
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
100.00    0.000008           0      5383      5378 access
------ ----------- ----------- --------- --------- ----------------
100.00    0.000008                  5383      5378 total
[root@freeserver ec2-user]# NSS_SDB_USE_CACHE=yes strace -fc -e trace=access curl -s https://www.google.co.jp/ > /dev/null
Process 29780 attached
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
  0.00    0.000000           0        17        14 access
------ ----------- ----------- --------- --------- ----------------
100.00    0.000000                    17        14 total
[root@freeserver ec2-user]# yum list nss-softokn

[root@freeserver ec2-user]# strace -fc -e trace=access curl -s https://www.google.co.jp/ > /dev/null

Process 29754 attached

% time seconds usecs/call calls errors syscall

------ ----------- ----------- --------- --------- ----------------

100.00 0.000008 0 5383 5378 access

------ ----------- ----------- --------- --------- ----------------

100.00 0.000008 5383 5378 total

[root@freeserver ec2-user]# NSS_SDB_USE_CACHE=yes strace -fc -e trace=access curl -s https://www.google.co.jp/ > /dev/null

Process 29780 attached

% time seconds usecs/call calls errors syscall

------ ----------- ----------- --------- --------- ----------------

0.00 0.000000 0 17 14 access

------ ----------- ----------- --------- --------- ----------------

100.00 0.000000 17 14 total

[root@freeserver ec2-user]# yum list nss-softokn

→効いている。

—

さくら（CentOS release 6.6 (Final)）

[nilesflow@dev ~]$ cat /etc/redhat-release
CentOS release 6.6 (Final)
[nilesflow@dev ~]$ rpm -qa | grep nss-softokn
nss-softokn-3.14.3-18.el6_6.x86_64
nss-softokn-freebl-3.14.3-18.el6_6.x86_64
[nilesflow@dev ~]$ curl -V
curl 7.46.0 (x86_64-pc-linux-gnu) libcurl/7.46.0 OpenSSL/1.0.1e zlib/1.2.3 libidn/1.18
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz UnixSockets

[nilesflow@dev ~]$ cat /etc/redhat-release

CentOS release 6.6 (Final)

[nilesflow@dev ~]$ rpm -qa | grep nss-softokn

nss-softokn-3.14.3-18.el6_6.x86_64

nss-softokn-freebl-3.14.3-18.el6_6.x86_64

[nilesflow@dev ~]$ curl -V

curl 7.46.0 (x86_64-pc-linux-gnu) libcurl/7.46.0 OpenSSL/1.0.1e zlib/1.2.3 libidn/1.18

Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp

Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz UnixSockets

[nilesflow@dev ~]$ strace -fc -e trace=access curl 'https://www.google.com' > /dev/null
Process 3673 attached
Process 3673 detached
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 12028    0 12028    0     0  84852      0 --:--:-- --:--:-- --:--:-- 87795
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
  -nan    0.000000           0         3         2 access
------ ----------- ----------- --------- --------- ----------------
100.00    0.000000                     3         2 total

[nilesflow@dev ~]$ strace -fc -e trace=access curl 'https://www.google.com' > /dev/null

Process 3673 attached

Process 3673 detached

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

100 12028 0 12028 0 0 84852 0 --:--:-- --:--:-- --:--:-- 87795

% time seconds usecs/call calls errors syscall

------ ----------- ----------- --------- --------- ----------------

-nan 0.000000 0 3 2 access

------ ----------- ----------- --------- --------- ----------------

100.00 0.000000 3 2 total

→再現しない

—

CentOS6.9（Amazonマーケットプレイス）

[centos@ip-172-31-16-82 ~]$ cat /etc/redhat-release
CentOS release 6.9 (Final)
[centos@ip-172-31-16-82 ~]$ rpm -qa | grep nss-softokn
nss-softokn-freebl-3.14.3-23.3.el6_8.x86_64
nss-softokn-3.14.3-23.3.el6_8.x86_64
[centos@ip-172-31-16-82 ~]$ curl -V
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

[centos@ip-172-31-16-82 ~]$ cat /etc/redhat-release

CentOS release 6.9 (Final)

[centos@ip-172-31-16-82 ~]$ rpm -qa | grep nss-softokn

nss-softokn-freebl-3.14.3-23.3.el6_8.x86_64

nss-softokn-3.14.3-23.3.el6_8.x86_64

[centos@ip-172-31-16-82 ~]$ curl -V

curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2

Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp

Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

[centos@ip-172-31-16-82 ~]$ strace -fc -e trace=access curl -s https://www.google.co.jp/ > /dev/null
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
100.00    0.000072           0      1811      1808 access
------ ----------- ----------- --------- --------- ----------------
100.00    0.000072                  1811      1808 total
[centos@ip-172-31-16-82 ~]$ NSS_SDB_USE_CACHE=yes  strace -fc -e trace=access curl -s https://www.google.co.jp/ > /dev/null
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
  0.00    0.000000           0        24        21 access
------ ----------- ----------- --------- --------- ----------------
100.00    0.000000                    24        21 total

[centos@ip-172-31-16-82 ~]$ strace -fc -e trace=access curl -s https://www.google.co.jp/ > /dev/null

% time seconds usecs/call calls errors syscall

------ ----------- ----------- --------- --------- ----------------

100.00 0.000072 0 1811 1808 access

------ ----------- ----------- --------- --------- ----------------

100.00 0.000072 1811 1808 total

[centos@ip-172-31-16-82 ~]$ NSS_SDB_USE_CACHE=yes strace -fc -e trace=access curl -s https://www.google.co.jp/ > /dev/null

% time seconds usecs/call calls errors syscall

------ ----------- ----------- --------- --------- ----------------

0.00 0.000000 0 24 21 access

------ ----------- ----------- --------- --------- ----------------

100.00 0.000000 24 21 total

→効いている

CURLOPT_RESOLVE

動的ドメイン解決したかったが、5.6でも7.0betaでも使えない。

PHP Notice: Use of undefined constant CURLOPT_RESOLVE – assumed ‘CURLOPT_RESOLVE’ in /home/nilesflow/php/dynamic-host-curl/request.php on line 9

Notice: Use of undefined constant CURLOPT_RESOLVE – assumed ‘CURLOPT_RESOLVE’ in /home/nilesflow/php/dynamic-host-curl/request.php on line 9
PHP Warning: curl_setopt() expects parameter 2 to be long, string given in /home/nilesflow/php/dynamic-host-curl/request.php on line 9

Warning: curl_setopt() expects parameter 2 to be long, string given in /home/nilesflow/php/dynamic-host-curl/request.php on line 9

追加されてない？と思ったが、

http://stackoverflow.com/questions/24351152/how-to-manually-resolve-hosts-in-https-connections-in-php

https://bugs.php.net/bug.php?id=63488&edit=3

ChangeLogはある。

http://www.php.net/ChangeLog-5.php#5.5.0

ソースを見ると、libcurlのバージョンに

#if LIBCURL_VERSION_NUM >= 0x071503 /* Available since 7.21.3 */
REGISTER_CURL_CONSTANT(CURLAUTH_ONLY);
REGISTER_CURL_CONSTANT(CURLOPT_RESOLVE);
#endif

yuminstallだと、7.19までしか入らない

libcurl-7.19.7-46.el6-x86_64

libcurlを更新

wget http://www.execve.net/curl/curl-7.46.0.tar.bz2

tar xf curl-7.46.0.tar.bz2

cd curl-7.46.0

./configure –enable-libcurl-option

make

make install

phpをリビルド

cd /usr/local/src/php-5.6.12

./configure 前と同じオプション

make

make install

furoom

タグアーカイブ:curl

slab増大とcurlのNSS_SDB_USE_CACHE対策の効果確認

php curl CURLOPT_RESOLVE