setsebool httpd_can_sendmail takes forever

[Robert Vasile]

i know that the setsebool -P httpd_can_sendmail on command is supposed to take longer on slow machines, since it recompiles all the rules

yet, i'm running this command on an f1-micro instance and it keeps going for 24h+ now. is this normal?

[Jesse Scherer (Google Cloud Support)]

24+ hours does seem excessive. setsebool is notoriously slow -- see this question and related bug, but it should be taking a few seconds of CPU time, not hours.

Is this happening repeatedly, or is this a case where you ran the command yesterday and it still hasn't completed? Can you connect to the machine in a new session? If so, is setsebool still running? If so, how much CPU time has it consumed?

[Evan Anderson]

One other thought -- in addition to saturating CPU, it's possible that you're saturating your disk IOs, particularly if you're doing other activity and using a 10GB disk-based PD.

What does top show for your CPU usage?

--
© 2014 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/bea3e8c0-7466-4009-a39c-f53597891931%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Evan Anderson <arg...@google.com>

[Robert Vasile]

it did run for more then 24h, most of the time at > 100% CPU, then it got killed

i must be doing something wrong, but i cannot figure what

both apache and sendmail are installed and configured, running just fine

is there any special package that needs to be installed with either apache or sendmail so setsebool wil execute in seconds, as you're saying it's normal?

[Robert Vasile]

here you go, just for fun :)

[Robert Vasile]

o a fresh new f1-micro, running the command fails, makes the system running out of memory and it get killed in seconds

does this mean one cant setsebool -P httpd_can_sendmail on on an f1-micro ?! 

[Anthony Voellm]

One trick you can use is to boot the disk on a bigger machine, run your config, and boot it on a micro.  This way you get more CPU just for the time you need it.

--

© 2014 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/e637e44a-f486-4e04-88b3-ee8a0487c00e%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--