Add registration admission control for httpd#495
Draft
pablomh wants to merge 1 commit intotheforeman:masterfrom
Draft
Add registration admission control for httpd#495pablomh wants to merge 1 commit intotheforeman:masterfrom
pablomh wants to merge 1 commit intotheforeman:masterfrom
Conversation
Limit concurrent registration connections to Puma for /rhsm and /register endpoints via an Apache balancer pool. When httpd_registration_admission_max > 0, requests beyond that limit are queued by Apache instead of overwhelming Puma during bursts. Disabled by default (httpd_registration_admission_max: 0). Tuning profiles set values based on puma_workers * threads * 5: medium=300, large=600, extra-large=1200, extra-extra-large=2400. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
pablomh
force-pushed
the
httpd-registration-admission-control
branch
from
810d3cf to
e022b55
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add registration admission control for
/rhsmand/registerendpoints via an Apachemod_proxy_balancerpool. Whenhttpd_registration_admission_max > 0, requests beyond that limit are queued by Apache instead of overwhelming Puma during registration bursts.Builds on top of #483 (MPM event module configuration).
Problem
Under high-concurrency registration (e.g., 912+ simultaneous hosts), all requests arrive at Puma simultaneously, creating a deep backlog where tail hosts exceed subscription-manager's 180s timeout. Without admission control, pass rates drop sharply above 760 concurrent.
Solution
A
<Proxy balancer://foreman-registration>block with amax=limit on theBalancerMemberdirective limits how many registration requests reach Puma concurrently. Excess requests are held in Apache's event loop (non-blocking) until a slot opens.The balancer block is injected conditionally in both
foreman-ssl-vhost.conf.j2andforeman-vhost.conf.j2before the catch-allProxyPass /, so/rhsmand/registermatch first while all other traffic (Web UI, API, Pulp) is unaffected.Configuration
Disabled by default (
httpd_registration_admission_max: 0). Tuning profiles set values based onpuma_workers * threads * 5:Results (16-CPU large Satellite)
Note
A similar mechanism could be implemented for foreman-installer deployments via
puppet-foremanusing the existingforeman::config::apache::fragmentmechanism.How to test
foremanctl deploy --tuning largegrep foreman-registration /etc/httpd/conf.d/foreman-ssl.confhttpd -t