httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hildegard Meier" <daku8...@gmx.de>
Subject Aw: [users@httpd] Lots of messages "[ssl:warn] Resource deadlock avoided: AH02026: Failed to acquire SSL session cache lock"
Date Thu, 10 Mar 2016 10:09:32 GMT
Reading
https://httpd.apache.org/docs/2.4/en/mod/core.html#mutex

I guess, expected behaviour of active directive

Mutex file:${APACHE_LOCK_DIR} default

would be
Mutex fnctl:${APACHE_LOCK_DIR} default

?
Maybe it's worth a try to add the line

Mutex fnctl:${APACHE_LOCK_DIR} ssl-cache

and look if
/var/lock/apache2/ssl-cache
gets created and the 

"AH02026: Failed to acquire SSL session cache lock" messages disappear?

But we need to test that on our standby server after upgrading that to Apache 2.4 which will
be done in 10 days or so.


> Gesendet: Dienstag, 08. März 2016 um 16:44 Uhr
> Von: "hildegard meier" <daku8938@gmx.de>
> An: users@httpd.apache.org
> Betreff: [users@httpd] Lots of messages "[ssl:warn] Resource deadlock avoided: AH02026:
Failed to acquire SSL session cache lock"
>
> OS:
> Ubuntu 14.04 LTS
> 
> Kernel:
> 3.13.0-79-generic x86_64
> 
> Apache:
> 2.4.7-1ubuntu4.5
> 
> The Host has just been release-upgraded (with Ubuntu do-release-upgrade command) From
Ubuntu 12.04 LTS
> 
> All Apache config files are the new ones, old configuration entries have been adopted
to the new config files manually.
> 
> Issue:
> Most of the 74 vHosts are working fine. But on two vHosts there is coming the following
message nearly every minute:
> 
> [Tue Mar 08 16:08:18.596653 2016] [ssl:warn] [pid 8339:tid 140182179256064] (35)Resource
deadlock avoided: AH02026: Failed to acquire SSL session cache lock
> [Tue Mar 08 16:08:20.791623 2016] [ssl:warn] [pid 8849:tid 140182112114432] (35)Resource
deadlock avoided: AH02026: Failed to acquire SSL session cache lock
> [Tue Mar 08 16:08:54.230004 2016] [ssl:warn] [pid 8849:tid 140182162470656] (35)Resource
deadlock avoided: AH02026: Failed to acquire SSL session cache lock
> [Tue Mar 08 16:13:28.180687 2016] [ssl:warn] [pid 10595:tid 140182095329024] (35)Resource
deadlock avoided: AH02026: Failed to acquire SSL session cache lock
> 
> But we are not aware of any impact of this. Server generally working fine (has some traffic-
700 established AJP proxy connections, 200 busy worker threads, 100 Requests/s, 300 KB/s).
> 
> I did not find much about that message. Only official:
> 
> AH02026: Failed to acquire SSL session cache lock"  ./modules/ssl/ssl_engine_mutex.c:92
> (source: https://wiki.apache.org/httpd/ListOfErrors)
> 
> We use mpm worker:
> 
> /etc/apache2/mods-enabled/mpm_worker.conf
> <IfModule mpm_worker_module>
>     StartServers            2
>     MinSpareThreads         25
>     MaxSpareThreads         75
>     ThreadLimit             64
>     ThreadsPerChild         35
>     MaxRequestWorkers       560
>     MaxConnectionsPerChild  10000
> </IfModule>
> 
> 
> /etc/apache2/mods-enabled/ssl.conf
> <IfModule mod_ssl.c>
>         SSLRandomSeed startup builtin
>         SSLRandomSeed startup file:/dev/urandom 512
>         SSLRandomSeed connect builtin
>         SSLRandomSeed connect file:/dev/urandom 512
> 
>         AddType application/x-x509-ca-cert .crt
>         AddType application/x-pkcs7-crl .crl
> 
>         SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
> 
>         SSLSessionCache         shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
>         SSLSessionCacheTimeout  300
> 
>         SSLCipherSuite HIGH:MEDIUM:!ADH:!MD5:!RC4
> 
>         SSLProtocol all -SSLv3
> 
> </IfModule>
> 
> socache_shmcb.load
> is loaded (via symlink /etc/apache2/mods-enabled)
> 
> 
> /etc/apache2/apache2.conf
> Mutex file:${APACHE_LOCK_DIR} default
> 
> 
> /etc/apache2/envvars
> export APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
> export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
> export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
> 
> file
> /var/run/apache2/apache2.pid
> exists and contains the proper PID of apache process.
> 
> But there is no "ssl_scache":
> 
> ls -al /var/run/apache2/
> total 4
> drwxr-xr-x  2 root     root  80 Mar  8 12:54 .
> drwxr-xr-x 18 root     root 680 Mar  8 13:18 ..
> -rw-r--r--  1 root     root   5 Mar  8 12:54 apache2.pid
> srwx------  1 www-data root   0 Mar  8 12:54 cgisock.1425
> 
> But according to apache status page, SSL cache is working:
> 
> SSL/TLS Session Cache Status:
> cache type: SHMCB, shared memory: 512000 bytes, current entries: 463
> subcaches: 32, indexes per subcache: 88
> time left on oldest entries' objects: avg: 26 seconds, (range: 0...71)
> index usage: 16%, cache usage: 20%
> total entries stored since starting: 27271
> total entries replaced since starting: 0
> total entries expired since starting: 22693
> total (pre-expiry) entries scrolled out of the cache: 0
> total retrieves since starting: 224953 hit, 14045 miss
> total removes since starting: 0 hit, 0 miss
> 
> 
> There is also nothing in /var/lock/apache2:
> 
> ls -al /var/lock/apache2/
> total 0
> drwxr-xr-x 2 www-data root 40 Mar  8 12:54 .
> drwxrwxrwt 3 root     root 60 Mar  4 17:35 ..
> 
> I would expect that there would be files with the names of the mutex type, according
to
> 
> "With the file-based mechanisms fcntl and flock, the path, if provided, is a directory
where the lock file will be created [...] The basename of the file will be the mutex type"
> (source: https://httpd.apache.org/docs/2.4/en/mod/core.html#mutex)
> 
> Could someone please tell if that is ok that there is neither a ssl_scache file nor mutex
type named mutex files ?
> 
> What can I do to get rid of the "AH02026: Failed to acquire SSL session cache lock" messages?
> 
> What is the meaning of the message?
> 
> Thanks very much.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message