SOLVED Load Averages slowly increase unless I disable CSF (Load Balanced AWS)

CBAWS

Registered
Dec 3, 2021
4
0
1
United States
cPanel Access Level
Root Administrator
We have been using cPanel and CSF on CentOS 7.9 for a long time with no issues. Load Averages are always <1

Due to CentOs being EOL, we are moving our installation to RHEL 7.9. There is not one but 2 instances (Load Balancing). Everything else is identical. WHM works first, but over time (few days after) it becomes a lot less responsive. Every day Load Averages go up by 10-20. Last time I checked all the numbers were around 150-160 range. I can see in the logs that these averages come to that point gradually. There is no one process pushing the server. As a matter of fact, top command in shell shows nothing special. As soon as I disable the CSF, these numbers start to come down. In an hour they are all like 0.01. I checked the CSF settings but I could not figure out why this is happening. In the logs I don't see anything alarming either. What other places I can check to find the possible cause of this? TIA.
 

CBAWS

Registered
Dec 3, 2021
4
0
1
United States
cPanel Access Level
Root Administrator
I finally figured it out. IP tables were showing bunch of AWS private IPs being blocked on EBS port (2049). Once the port/IP added to allowed list, everything started to work normal. I even enabled SELinux and ran hardening scripts with success. Thanks.
 

IndicHosts.net

Well-Known Member
Mar 11, 2006
74
28
168
Online
cPanel Access Level
Root Administrator
I finally figured it out. IP tables were showing bunch of AWS private IPs being blocked on EBS port (2049). Once the port/IP added to allowed list, everything started to work normal. I even enabled SELinux and ran hardening scripts with success. Thanks.
Why are you using CSF on the application nodes when you can use the EC2 firewall instead?
 

CBAWS

Registered
Dec 3, 2021
4
0
1
United States
cPanel Access Level
Root Administrator
Why are you using CSF on the application nodes when you can use the EC2 firewall instead?
Good question. While both overlaps in some areas I feel like CSF/LFD offers extra layer of security with IP tables, rules against injection attempts, login attempts from blacklisted IPs etc. Can any of these be done in AWS firewall? Curiously asking...
 

IndicHosts.net

Well-Known Member
Mar 11, 2006
74
28
168
Online
cPanel Access Level
Root Administrator
Good question. While both overlaps in some areas I feel like CSF/LFD offers extra layer of security with IP tables, rules against injection attempts, login attempts from blacklisted IPs etc. Can any of these be done in AWS firewall? Curiously asking...
The application server of an LBC should only have port 443 and maybe 80 open to the public. We do not have any public login interfaces on LBC application server.
AWS firewall actually does not have any impact on your CPU usage/credits and does a better job than CSF in production.