jailkit problems

hi,

i know i've posted about problems with jailkit before, and i've just scrapped a test migration because i thought all the jailkit stuff was broken.

we'll i've just gone through and created a new vm from scratch and installed everything according to the ubuntu 18.04 apache perfect server guide.
although with some changes.
1. i removed the aws kernel and replaced it with a linux-image-generic ( the aws kernel doesn't support quota's )
2. i've used the ondrej repository for the php installations
3. (4 and 5 are all related. to increase max number of open files) i've set pam_limits.so as required in common-session and comon-session-noninteractive
4. set fs.file-max = 9999999999999999999 and fs.nr_open = 99999999999999999 in /etc/security/limits.conf
5. added the following to /etc/sysctl.conf:

* soft nofile 1569325055
* soft nproc 1569325055
root soft nofile 1569325055
root soft nproc 1569325055
* hard nofile 1569325055
* hard nproc 1569325055
root hard nofile 1569325055
root hard nproc 1569325055


jailkit is version 2.19, with nothing changed from the perfecct server guide.

after installing ispconfig 3.1.13, i created a test account, assigned a domain, and created a test website (test.com)
everything up to this point seems to be working without any problems.

i then try to add an jailkit ssh user to this website. i originally thought that again, it's just completely broken, and not going to create the fiiles, but on closer inspection, it seems to be working. just incredibly slowly, and lsof and jk_init are taking all the cpu resources.

root 29760 99.5 0.0 13616 1088 ? R 14:21 0:37 /usr/bin/lsof -wnlP -i TCP:2006
root 28665 0.0 0.1 13312 3104 ? S 14:02 0:00 sh -c /usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh /var/www/clients/client1/web1 'basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh' 2>/dev/null
root 28666 0.0 0.1 13312 3148 ? S 14:02 0:00 /bin/bash /usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh /var/www/clients/client1/web1 basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh
root 28668 0.0 0.4 31112 8784 ? S 14:02 0:00 /usr/bin/python /usr/sbin/jk_init -f -k -c /etc/jailkit/jk_init.ini -j /var/www/clients/client1/web1 basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh
root 29455 99.4 0.2 30084 5788 ? R 14:16 6:40 /usr/bin/python /usr/sbin/jk_init -f -k -c /etc/jailkit/jk_init.ini -j /var/www/clients/client1/web1 basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh

top - 14:50:03 up 1:14, 3 users, load average: 2.00, 2.01, 2.00
Tasks: 164 total, 3 running, 123 sleeping, 0 stopped, 0 zombie
%Cpu(s): 43.9 us, 56.1 sy, 0.0 ni, 0.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 2002252 total, 212588 free, 1138956 used, 650708 buff/cache
KiB Swap: 0 total, 0 free, 0 used. 669792 avail Mem

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
30656 root 20 0 30084 5788 1572 R 97.0 0.3 5:19.82 jk_init
30632 root 20 0 13616 1012 908 R 96.7 0.1 6:40.82 lsof
2348 mysql 20 0 680132 92208 16636 S 0.3 4.6 0:05.45 mysqld
26524 ispconf+ 20 0 550112 23376 13160 S 0.3 1.2 0:07.66 php

it is createhg the folders/files, just very slowly, jailkit ssh user was requested at around 14:00.
drwxr-xr-x 2 root root 4096 Dec 12 14:00 ssl
drwx--x--- 2 web1 client1 4096 Dec 12 14:00 webdav
drwxrwx--- 2 web1 client1 4096 Dec 12 14:00 tmp
drwx--x--- 2 web1 client1 4096 Dec 12 14:00 private
drwxr-xr-x 2 web1 client1 4096 Dec 12 14:00 cgi-bin
drwx--x--x 4 web1 client1 4096 Dec 12 14:00 web
drwxr-xr-x 2 root root 4096 Dec 12 14:00 log
drwxr-xr-x 2 root root 4096 Dec 12 14:02 home
drwxr-xr-x 3 root root 4096 Dec 12 14:02 lib
drwxr-xr-x 2 root root 4096 Dec 12 14:09 lib64

as of 15:06, the home folder is still empty, the lib folder contains the folder x86_64-linux-gnu, which contains:

-rw-r--r-- 2 root root 31680 Apr 16 2018 librt-2.27.so
-rw-r--r-- 2 root root 101168 Apr 16 2018 libresolv-2.27.so
-rwxr-xr-x 2 root root 144976 Apr 16 2018 libpthread-2.27.so
-rw-r--r-- 2 root root 55736 Apr 16 2018 libnss_nisplus-2.27.so
-rw-r--r-- 2 root root 47576 Apr 16 2018 libnss_nis-2.27.so
-rw-r--r-- 2 root root 22880 Apr 16 2018 libnss_hesiod-2.27.so
-rw-r--r-- 2 root root 47568 Apr 16 2018 libnss_files-2.27.so
-rw-r--r-- 2 root root 26936 Apr 16 2018 libnss_dns-2.27.so
-rw-r--r-- 2 root root 39744 Apr 16 2018 libnss_compat-2.27.so
-rw-r--r-- 2 root root 97176 Apr 16 2018 libnsl-2.27.so
-rwxr-xr-x 2 root root 2030544 Apr 16 2018 libc-2.27.so
-rwxr-xr-x 2 root root 170960 Apr 16 2018 ld-2.27.so
-rw-r--r-- 2 root root 258040 Nov 15 20:45 libnss_systemd.so.2
lrwxrwxrwx 1 root root 18 Dec 12 14:02 libnss_nis.so.2 -> libnss_nis-2.27.so
lrwxrwxrwx 1 root root 20 Dec 12 14:09 libnss_files.so.2 -> libnss_files-2.27.so
lrwxrwxrwx 1 root root 14 Dec 12 14:09 libnsl.so.1 -> libnsl-2.27.so
lrwxrwxrwx 1 root root 12 Dec 12 14:09 libc.so.6 -> libc-2.27.so
lrwxrwxrwx 1 root root 21 Dec 12 14:16 libnss_hesiod.so.2 -> libnss_hesiod-2.27.so
lrwxrwxrwx 1 root root 17 Dec 12 14:23 libresolv.so.2 -> libresolv-2.27.so
lrwxrwxrwx 1 root root 21 Dec 12 14:30 libnss_compat.so.2 -> libnss_compat-2.27.so
lrwxrwxrwx 1 root root 22 Dec 12 14:44 libnss_nisplus.so.2 -> libnss_nisplus-2.27.so
lrwxrwxrwx 1 root root 13 Dec 12 15:06 librt.so.1 -> librt-2.27.so
lrwxrwxrwx 1 root root 18 Dec 12 15:06 libpthread.so.0 -> libpthread-2.27.so
lrwxrwxrwx 1 root root 18 Dec 12 15:06 libnss_dns.so.2 -> libnss_dns-2.27.so


any ideas on why it would be taking so long? and how to fix it?

in the meantime i'm going to recreate a vm without removing the aws kernel. and one without changing the fille limits, see if i can narrow it down to one of those.

 

at the moment, i think that lsof is either causing the slowness, or is slow becuase of the number of open files. if i run an strace on the lsof process, i get loads of responses about bad file descriptors.
so i'm assuming it's something to do with the 3,4 and 5 changes i made. i can't see using the ondrej repo causing this problem.
and i definitely hope it's not removing the aws kernel, it took long enough to find out how to get quota's working on aws. don't want to lose them again.
about to retest it to hopefully confirm it.

 

ok, it's definitely 1 of ( or a combination of) the changes 3, 4 and 5 in the original post.
just tested with a new install with the linux-image-generic kernel and the ondrej repo. and the jailkit user and all the folders were done in seconds. not tested with a migration on it yet, which is where i noticed the problem first, but don't expect any problems with it.