Configure the number of concurrent jobs executed by the application
This procedure explains how to modify the number of asynchronous tasks run simultaneously by the Cyberwatch application.
Understanding the tasks queues in Cyberwatch
The execution of applications tasks is done asynchronously in order to improve performances and allow for parallelization of tasks.
Pending tasks are put in different waiting queues depending on the type of the task:
- the
cbw_api_client
queue is dedicated to synchronization tasks with the Cyberwatch central security database; - the
default
queue is for the tasks relative to the automatic actions of the software (scheduled reports, asset rules…); - the
servers
queue is relative to the scans results analyses of monitored assets; - other queues are named after the Cyberwatch nodes registered in the application, these tasks are exclusively executed by the corresponding scanners (for agentless connections for example).
Number of tasks concurrently running
By default, the application is able to execute:
- 6 concurrent tasks relative to the specific scanner for each Cyberwatch scanner;
- 4 concurrent tasks for the other queues mentioned (
cbw_api_client
,default
andservers
) for each Cyberwatch scanner.
These values can be modified through the application base configuration.
They are respectively defined by the value of environment variables SIDEKIQ_NODE_CONCURRENCY
and SIDEKIQ_CONCURRENCY
defined in the containers.
These tasks are respectively executed by the sidekiq_node
and sidekiq
services.
Adding sidekiq replicas
By default, sidekiq will only use one CPU for managing tasks.
Default value for the number of tasks (4) is generally enough in most configurations for sidekiq to use a whole CPU for running these tasks.
If there is a latency in the applications due to a slow execution of tasks, the first recommended approach is to allow sidekiq to use both CPU of the Cyberwatch server.
This will double the number of tasks that can be ran concurrently by the Cyberwatch scanner.
These modifications should only be done following the recommendation of a Cyberwatch engineer.
To apply these modifications, follow the procedure below:
Open the file
/etc/cyberwatch/config.env
and edit or add the following lines:# Number of Sidekiq replicas to start. CBW_SIDEKIQ_REPLICAS=1
Replace 1
with the desired number of replicas.
Restart Cyberwatch using the standard procedure:
sudo cyberwatch restart
Modifying the values of SIDEKIQ_CONCURRENCY
and SIDEKIQ_NODE_CONCURRENCY
It can be useful to modify these default values when the hardware configuration of the Cyberwatch scanner allows it.
These modifications will allow a bigger increase in the number of parallel tasks running concurrently and will ideally allow to remove or to reduce potential latencies in the Cyberwatch application.
These modifications should only be done following the recommendation of a Cyberwatch engineer.
To apply these modifications, follow the procedure below:
Create the file
/etc/cyberwatch/configs-enabled/99-sidekiq-concurrency.yml
using the following command:cat >> /etc/cyberwatch/configs-enabled/99-sidekiq-concurrency.yml <<EOL version: '3.7' services: sidekiq: environment: SIDEKIQ_CONCURRENCY: "\${SIDEKIQ_CONCURRENCY}" sidekiq_node: environment: SIDEKIQ_NODE_CONCURRENCY: "\${SIDEKIQ_NODE_CONCURRENCY}" EOL
Update the file
/etc/cyberwatch/containers.env
and add the following lines:SIDEKIQ_CONCURRENCY=N SIDEKIQ_NODE_CONCURRENCY=N
where the
N
variable should take the value of the number of concurrent tasks for each execution thread.Restart Cyberwatch using the standard procedure:
sudo cyberwatch restart