pcscd daemon is enabled after reboot
-
I can't even locate the area in the interface to enable/configure PC/SC Smart Card daemon.
Why is this running without being configured?Edit: This is on 2.5.2.
I have another 2.5.2 instance running (both are virtual) and it is not present on the other VM. -
-
See below , for a patch that disables pcsd
https://redmine.pfsense.org/issues/11933#note-7I just applied it yesterday , and "rebooted" to get it active
https://forum.netgate.com/post/1023915/Bingo
-
So, rarely used service with a bad memory leak can just start up on it's own?
I'll chase down the fix to disable it, but after a box running that long just has a new service start up?Aside from the memory leak, services starting unprompted/unconfigured is not something to be concerned about?
-
It's disabled by default in 22.01/2.6. See: https://redmine.pfsense.org/issues/11933
Steve
-
@makowner said in pcscd daemon is enabled after reboot:
services starting unprompted/unconfigured
Check to see if the router booted. The service was enabled by default but if stopped, no it shouldn't even be able to start on its own. We have a dozen or two routers with it stopped that haven't started up again...I had updated them to 21.05.x in late summer and "knowing" 21.09 was coming soon I lazily just stopped the service instead of installing the patch for pcscd.
Another option would be the service watchdog package but that would have to have been installed.
-
Hi guys, I know some of us are battling a fanthom. But here is a solution that I think will work for most of us, STOP PCSCD from the shell command, then apply the patch by Jimp through system patches or through the shell command, either will work, I have tried both.
Restart the pfsense box, your memory while it will not max out might be still high as in my case. What you want to do next is go to system logs and change compression from bzip to none, if you are running pfsense on ZFS since you are using and encrypted file system it is not necessary to encrypt an already encrypted file. Now I'm at 17% of my 8gig memory and not spiking. I am running pfblocker and atleast 15-20 blocklist, in python mode.The only thing I have left to figure out which you guys may help me to figure out is the high temperature been running at 70 degree celsius for a while, running intel chip.
-
@nattygreg said in pcscd daemon is enabled after reboot:
if you are running pfsense on ZFS since you are using and encrypted file system it is not necessary to encrypt an already encrypted file.
Are you sure that ZFS is setup to do encryption ?
I don't think mine is (default ZFS install).That said , if your physical access to the box is reasonable , i don't see a need for encrypting the pfSense disk(s).
The only thing I have left to figure out which you guys may help me to figure out is the high temperature been running at 70 degree celsius for a while, running intel chip.
High temp is usually a result of high cpu usage/load.
/Bingo
-
@bingo600 I think nattygreg meant compression. See note:
https://docs.netgate.com/pfsense/en/latest/releases/22-01_2-6-0.html#general
Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
Upvote š helpful posts! -
@steveits said in pcscd daemon is enabled after reboot:
@bingo600 I think nattygreg meant compression. See note:
https://docs.netgate.com/pfsense/en/latest/releases/22-01_2-6-0.html#general
I had a suspicion that he meant compression, since he mentioned bzip.
But he wrote encryption.But according to this:
It is only during log rotating that the log is compressed.
And IMHO that would only mean extra memory usage during rotating.If you are really tight on memory, it might save you some memory during the compress, but as mentioned :
It will be CPU Cycles during the log compression , that is the "Big winner" here.
I can't see the real relation to "saving/freeing memory" , in disabling log compression
/Bingo
-
It's possible to run an encrypted filesystem but the biggest problem with doing so is you nede to enter the decryption key at every boot. Obviously that's a significant issue on a firewall, especially if it's remote!
Steve
-
@bingo600 yes it says so in the pfsense documentation
-
@steveits yes Steve compression of log files
-
@nattygreg said in pcscd daemon is enabled after reboot:
@bingo600 yes it says so in the pfsense documentation
What does it say in the documentation ??
What are we talking about here ?
-
@bingo600 that ZFS install of pfsense is already compress so there is no need to compress the logs again, unbound for me was using 7775M until I turn off bzip, now unbound uses 703M. And my memory usage is hovering at 15-17% and this is with pfblocker running around 20. Blocklist in python mode.
With the installed patch for pcscd, it prevents it from starting up after a reboot.
Still have one issue- maybe u can help with my i5-240M embedded cpu in my 1u still Carrieās a temperature of 68-70 degrees Celsius.
I have two exhaust fans from notua running in it and the regular fan on the cpu
-
@nattygreg said in pcscd daemon is enabled after reboot:
@bingo600 that ZFS install of pfsense is already compress so there is no need to compress the logs again, unbound for me was using 7775M until I turn off bzip, now unbound uses 703M.
So you are telling me that log rotating with bzip2 consumes 7GB of Ram ?
That would clearly be an issue i would report to Netgate.
-
@bingo600 when I check they are aware, these are the work around until itās fix in 2.6 CE, when I was in 2.4.5 I never had these issue, but because Iām a phenatic for making sure my home is secured I upgraded and wish I hadnāt but I can not see my self going backward so we search and find solution until the release of 2.6. Those fixes that I suggest has brought my memory usage down.
Iām running 2.5.2 CE
-
@bingo600 said in pcscd daemon is enabled after reboot:
you are telling me that log rotating with bzip2 consumes 7GB of Ram
I don't know about 7 GB RAM usage but I've run into slower-CPU routers with half a dozen bzip processes running, using CPU, I/O, and RAM. It's noticeable when the CPU gets maxed out.
@nattygreg said in pcscd daemon is enabled after reboot:
these are the work around until itās fix in 2.6 CE
Technically the release notes I linked say they will disable log compression on new installations with ZFS, not that they will change the setting on existing routers.
pcscd will however be optional by default.
-
@steveits said in pcscd daemon is enabled after reboot:
I don't know about 7 GB RAM usage but I've run into slower-CPU routers with half a dozen bzip processes running, using CPU, I/O, and RAM. It's noticeable when the CPU gets maxed out.
Hmmm ...
Since they mention bzip2 log rotate in the docs , i would have expected it to be a rare occurrence. But if the CPU (or disk) is constrained, i can see the compression taking some time. I think my logs on my linux server are rotated every 24 hr's.
/Bingo
-
Generally if you see that it's because something is massively spamming the log file in question. That's what happens if you kill pcscd while ipsec is running. The log file reaches it's maximum size and is compressed/rotated faster than the system can do it.
Steve
