investigate High Cpu Utilization on Primary/Secondary GWs

Document ID : KB000100369
Last Modified Date : 06/06/2018
Show Technical Document Details
Issue:
Long running multiple BASH commands consuming CPU, how is this appliance calling this daily?
 
root     15328  0.0  0.0 177260  2744 ?        S    May15   0:00 /usr/bin/sudo su - ssgconfig
root     15332  0.0  0.0 151208  1676 ?        S    May15   0:00  \_ su - ssgconfig
502      15333  4.5  0.0 108852  2364 ?        S    May15 500:06      \_ -bash
502      16723  0.0  0.0 108852  1352 ?        S    23:46   0:00          \_ -bash
502      16724  1.0  0.0 167472  3064 ?        R    23:46   0:00              \_ rpm -q --qf %{VERSION}\n ssg
 
It appears that a process is spawned by root and does a “sudo su – ssgconfig”, which opens a bash shell and periodically runs “rpm –q –qf %{VERSION} \n ssg”.  The first bash shell has a very long execution time; which we believe is the cause of the high CPU utilization.
 
Cause:
When ssgconfig user disconnects without sending TERM or INT signal then the bash script still runs but the stdin comes from </dev/null
With that the menu :
     source /opt/SecureSpan/Platform/bin/configuser_profile_menu.sh
loops endlessly, taking up CPU mostly getting the Gateway version via “rpm” command to print the menu title.  Over time, as more users login and disconnected, more CPU is taken and machine gets slower and slower.
pstree -p  (or ps -efwww) shows that up most clearly;

where we can see :
        |-su(44597)---bash(48908)---bash(47367)---rpm(47368)
        |-su(111261)---bash(111698)---bash(47362)---rpm(47363)
(our user ssh’s to the gw machine as an external user using ssh key to access, then does su – ssgconfig , then when ssh finishes it does not send signal to child process, so leaves the ssgconfig bash shell running with input from /dev/null).

 
Resolution:
Solution:
The issue will be addressed in defect DE357001
 
Work around:
Edit : /opt/SecureSpan/Platform/bin/configuser_profile_menu.sh
Find the main menu, search for the rpm command, then change:
- read choice
+ read choice || doLogout
 
Example:
 
From:
       while [ "$isPatchListMenuValid" != "y" ]
       do
           clear
              echo "Welcome to the CA API Gateway - $(rpm -q --qf '%{VERSION}\n' ssg)"
              echo "running on $(cat /etc/redhat-release)"
       .
       .
       .
              echo -n "Please make a selection: "
              read choice
To:
       while [ "$isPatchListMenuValid" != "y" ]
       do
           clear
              echo "Welcome to the CA API Gateway - $(rpm -q --qf '%{VERSION}\n' ssg)"
              echo "running on $(cat /etc/redhat-release)"
       .
       .
       .
              echo -n "Please make a selection: "
              read choice || doLogout