Resolved Apache reload/graceful restart causes Apache segfault

[Pascal_Netenvie]

Hi Guys,

it seems i get the same problem here on a server with Debian 8.3‬ and Plesk version: 12.5.30 Update #25.

Every morning at 6.40 (log rotation time) Apache fall down ...
In log i have this line :
[core:notice] [pid 23483] AH00060: seg fault or similar nasty error detected in the parent process

I tried solution said by Giorgio in post #14 and i will keep you in touch tomorrow.

But if it is that i wonder why this error is still uncorrected ?

One more question : We don't have strace on our server, is it a linux standard ?

 

[websight]

That's 'funny', I have the exact same problem since yesterday. This morning, it happend for the second time. Same config (Debian 8.3, Plesk 12.5.30 Update #24). I've made the modification and will report back.

Did you just install this server, or was it already running a while?

Regarding strace: I think it depends on the distro. Debian never has it installed by default (at least not with the default package installation options selected).

 

[Pascal_Netenvie]

Hey,
This server is brand new (11 march) and i only installed 2 websites.
The workaround is ok. No Problem this morning.

It should come from an apache module, according to this article : http://blog.kavoori.com/2015-03-21/apache-crash-with-seg-fault.html
Personnaly i have enabled 2 apache modules after install (filter and expires) but perhaps they were already enabled (i've done it by command line).

Plesk should have a look at this problem.

 

[websight]

My server is also quite new (23 feb). What license are you running on? Trial or full license? I changed to a full license two weeks ago, because my trial would have expired yesterday (the same day the problems started...)
First I thought it was related, because I didn't change anything Apache related on the machine. But now it seems like it's unrelated after all.

I have mod_security enabled, but I enabled it a few days after installation. So it's peculiar that I didn't have problems before.

 

[Pascal_Netenvie]

I have a full licence (10 domains).
But it seems that there is a log rotation for modsecurity and apache at same time so it should be that.

 

[websight]

And now it hits me: I haven't had any log entries in mod_security until yesterday. That's why I didn't have any problems before with the same config. I suspect a new site is triggering mod_security.

 

[dmdotin]

@websight is restart workaround was good ??

i got same problem in Centos7 plesk 12.5

 

[sho]

I had the same problem (CentOS 7, Plesk 12.5).
It started when I installed mod_security.

As far as I understand, it occurs at logrotation, because both
/etc/logrotate.d/httpd
/etc/logrotate.d/mod_security
contain a line for httpd reload.
Apparently, they happen simultaneously and cause the 'seg fault' error of apache.

Replacing 'reload' with 'restart' solved the problem.

That seems to have solved the problem for me. Thanks!

 

[juanisrael]

[QU

In the last week I did not mention a segfault. So it seems to be a valid workaround..

thank you so much guy this helped me to correct my problem
OTE="Chris1, post: 789724, member: 169790"]Here is my /etc/logrotate.d/httpd file:

/var/log/httpd/*log {
  missingok
  notifempty
  sharedscripts
  delaycompress
  postrotate
  /bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
  endscript
}

How can I find out exactly when my log rotation happens?

I performed a test log rotation with /usr/sbin/logrotate -v -f /etc/logrotate.d/httpd > /var/log/test_logrotate.log 2>&1 and have this in my Apache error log:

[Mon Nov 02 10:29:03.972014 2015] [:notice] [pid 233851:tid 139854254241856] mod_hostinglimits: use Min UID 10000
[Mon Nov 02 10:29:03.972108 2015] [:notice] [pid 233851:tid 139854254241856] mod_hostinglimits: use filter for LVE exit
[Mon Nov 02 10:29:03.972117 2015] [:notice] [pid 233851:tid 139854254241856] mod_hostinglimits: version 1.0-23. LVE mechanism enabled
[Mon Nov 02 10:29:03.972131 2015] [:notice] [pid 233851:tid 139854254241856] mod_hostinglimits: found apr extention version 3
[Mon Nov 02 10:29:03.972143 2015] [:notice] [pid 233851:tid 139854254241856] mod_hostinglimits: apr_lve_environment_init_group_minuid check ok
[Mon Nov 02 10:29:03.985627 2015] [auth_digest:notice] [pid 233851:tid 139854254241856] AH01757: generating secret for digest authentication ...
[Mon Nov 02 10:29:03.986877 2015] [lbmethod_heartbeat:notice] [pid 233851:tid 139854254241856] AH02282: No slotmem from mod_heartmonitor
[Mon Nov 02 10:29:04.038777 2015] [ssl:warn] [pid 233851:tid 139854254241856] AH01909: RSA certificate configured for roundcube.webmail:443 does NOT include an ID which matches the server name
[Mon Nov 02 10:29:04.039111 2015] [ssl:warn] [pid 233851:tid 139854254241856] AH01909: RSA certificate configured for lists:443 does NOT include an ID which matches the server name
[Mon Nov 02 10:29:04.039578 2015] [ssl:warn] [pid 233851:tid 139854254241856] AH01909: RSA certificate configured for default-43_229_61_136:443 does NOT include an ID which matches the server name
[Mon Nov 02 10:29:04.039881 2015] [ssl:warn] [pid 233851:tid 139854254241856] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Mon Nov 02 10:29:04.060470 2015] [mpm_event:notice] [pid 233851:tid 139854254241856] AH00489: Apache/2.4.6 () OpenSSL/1.0.1e-fips Apache mod_fcgid/2.3.9 mod_perl/2.0.9-dev Perl/v5.16.3 configured -- resuming normal operations
[Mon Nov 02 10:29:04.060628 2015] [core:notice] [pid 233851:tid 139854254241856] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

This is the output of the log rotation task:

reading config file /etc/logrotate.d/httpd

Handling 1 logs

rotating pattern: /var/log/httpd/*log  forced from command line (no old logs will be kept)
empty log files are not rotated, old logs are removed
considering log /var/log/httpd/access_log
  log needs rotating
considering log /var/log/httpd/audit_log
  log does not need rotating
considering log /var/log/httpd/error_log
  log needs rotating
considering log /var/log/httpd/ssl_access_log
  log does not need rotating
considering log /var/log/httpd/ssl_error_log
  log does not need rotating
considering log /var/log/httpd/ssl_request_log
  log does not need rotating
considering log /var/log/httpd/suexec_log
  log needs rotating
rotating log /var/log/httpd/access_log, log->rotateCount is 0
dateext suffix '-20151102'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
renaming /var/log/httpd/access_log.1 to /var/log/httpd/access_log.2 (rotatecount 1, logstart 1, i 1),
old log /var/log/httpd/access_log.1 does not exist
renaming /var/log/httpd/access_log.0 to /var/log/httpd/access_log.1 (rotatecount 1, logstart 1, i 0),
old log /var/log/httpd/access_log.0 does not exist
log /var/log/httpd/access_log.2 doesn't exist -- won't try to dispose of it
rotating log /var/log/httpd/error_log, log->rotateCount is 0
dateext suffix '-20151102'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
renaming /var/log/httpd/error_log.1 to /var/log/httpd/error_log.2 (rotatecount 1, logstart 1, i 1),
old log /var/log/httpd/error_log.1 does not exist
renaming /var/log/httpd/error_log.0 to /var/log/httpd/error_log.1 (rotatecount 1, logstart 1, i 0),
old log /var/log/httpd/error_log.0 does not exist
log /var/log/httpd/error_log.2 doesn't exist -- won't try to dispose of it
rotating log /var/log/httpd/suexec_log, log->rotateCount is 0
dateext suffix '-20151102'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
renaming /var/log/httpd/suexec_log.1 to /var/log/httpd/suexec_log.2 (rotatecount 1, logstart 1, i 1),
old log /var/log/httpd/suexec_log.1 does not exist
renaming /var/log/httpd/suexec_log.0 to /var/log/httpd/suexec_log.1 (rotatecount 1, logstart 1, i 0),
old log /var/log/httpd/suexec_log.0 does not exist
log /var/log/httpd/suexec_log.2 doesn't exist -- won't try to dispose of it
renaming /var/log/httpd/access_log to /var/log/httpd/access_log.1
disposeName will be /var/log/httpd/access_log.1
renaming /var/log/httpd/error_log to /var/log/httpd/error_log.1
disposeName will be /var/log/httpd/error_log.1
renaming /var/log/httpd/suexec_log to /var/log/httpd/suexec_log.1
disposeName will be /var/log/httpd/suexec_log.1
running postrotate script
removing old log /var/log/httpd/access_log.1
removing old log /var/log/httpd/error_log.1
removing old log /var/log/httpd/suexec_log.1

So far I haven't been able to replicate the fault.

What does strace do? I might need to schedule a maintenance window for the last test as it will mean switching off Apache completely.[/QUOTE]

 

[Ales]

@juanisrael, there is something wrong with the quotes in your post, so it's not quite clear if you're having issues and what they are.

As for the log rotation, the exact time depends on your OS defaults and whether you've made any configuration changes. E.g. for CentOS 7, that would be determined by /etc/anacrontab, /etc/logrotate.conf, /etc/cron.{d|daily|hourly|monthly|weekly} (especially note the /etc/cron.daily/logrotate) and, naturally, by the file in /etc/logrotate.d itself.

Looking at the date and time of the old log files (for Apache, refer to /var/log/httpd) will give you a quick insight about what's going on...