search

aws / amazon-ssm-agent

An agent to enable remote management of your EC2 instances, on-premises servers, or virtual machines (VMs).
https://aws.amazon.com/systems-manager/
Apache License 2.0
1.04k stars 322 forks source link

SSM AWS-RunPatchBaseline uses way too much RAM #402

Closed gwharton closed 1 month ago

gwharton commented 2 years ago

Running the AWS-RunPatchBaseline launches a python process that comsumes a huge amount of RAM. It renders a t3/t3a.nano instance practically useless for anything else but running the agent.

top - 09:10:08 up 1 day,  8:35,  1 user,  load average: 0.41, 0.47, 0.74
Tasks: 111 total,   2 running,  69 sleeping,   0 stopped,   0 zombie
%Cpu(s):  9.6 us,  6.4 sy,  0.0 ni, 38.3 id, 42.6 wa,  0.0 hi,  0.0 si,  3.2 st
KiB Mem :   472056 total,     7032 free,   442240 used,    22784 buff/cache
KiB Swap:  1048572 total,   630456 free,   418116 used.    17364 avail Mem 

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND                                                                                                                                                                                                   
 3448 root      20   0  812404 331836    828 R  21.9 70.3   0:07.99 python2.7

Just running the AWS-RunPatchBaseline command puts the machine into a death spiral of 100% CPU usage due to swapping

[ec2-user@infrastructure ~]$ amazon-ssm-agent --version
SSM Agent version: 3.1.192.0

amzn2-ami-hvm-2.0.20210721.2-x86_64-gp2

Is there anything that can be done to reduce the python footprint other than excluding any nano nodes from patch scanning?