Aw: Lots of messages "[ssl:warn] Resource deadlock avoided: AH02026: Failed to acquire SSL session cache lock"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reading
https://httpd.apache.org/docs/2.4/en/mod/core.html#mutex

I guess, expected behaviour of active directive

Mutex file:${APACHE_LOCK_DIR} default

would be
Mutex fnctl:${APACHE_LOCK_DIR} default

?
Maybe it's worth a try to add the line

Mutex fnctl:${APACHE_LOCK_DIR} ssl-cache

and look if
/var/lock/apache2/ssl-cache
gets created and the 

"AH02026: Failed to acquire SSL session cache lock" messages disappear?

But we need to test that on our standby server after upgrading that to Apache 2.4 which will be done in 10 days or so.


> Gesendet: Dienstag, 08. März 2016 um 16:44 Uhr
> Von: "hildegard meier" <daku8938@xxxxxx>
> An: users@xxxxxxxxxxxxxxxx
> Betreff:  Lots of messages "[ssl:warn] Resource deadlock avoided: AH02026: Failed to acquire SSL session cache lock"
>
> OS:
> Ubuntu 14.04 LTS
> 
> Kernel:
> 3.13.0-79-generic x86_64
> 
> Apache:
> 2.4.7-1ubuntu4.5
> 
> The Host has just been release-upgraded (with Ubuntu do-release-upgrade command) From Ubuntu 12.04 LTS
> 
> All Apache config files are the new ones, old configuration entries have been adopted to the new config files manually.
> 
> Issue:
> Most of the 74 vHosts are working fine. But on two vHosts there is coming the following message nearly every minute:
> 
> [Tue Mar 08 16:08:18.596653 2016] [ssl:warn] [pid 8339:tid 140182179256064] (35)Resource deadlock avoided: AH02026: Failed to acquire SSL session cache lock
> [Tue Mar 08 16:08:20.791623 2016] [ssl:warn] [pid 8849:tid 140182112114432] (35)Resource deadlock avoided: AH02026: Failed to acquire SSL session cache lock
> [Tue Mar 08 16:08:54.230004 2016] [ssl:warn] [pid 8849:tid 140182162470656] (35)Resource deadlock avoided: AH02026: Failed to acquire SSL session cache lock
> [Tue Mar 08 16:13:28.180687 2016] [ssl:warn] [pid 10595:tid 140182095329024] (35)Resource deadlock avoided: AH02026: Failed to acquire SSL session cache lock
> 
> But we are not aware of any impact of this. Server generally working fine (has some traffic- 700 established AJP proxy connections, 200 busy worker threads, 100 Requests/s, 300 KB/s).
> 
> I did not find much about that message. Only official:
> 
> AH02026: Failed to acquire SSL session cache lock"  ./modules/ssl/ssl_engine_mutex.c:92
> (source: https://wiki.apache.org/httpd/ListOfErrors)
> 
> We use mpm worker:
> 
> /etc/apache2/mods-enabled/mpm_worker.conf
> <IfModule mpm_worker_module>
>     StartServers            2
>     MinSpareThreads         25
>     MaxSpareThreads         75
>     ThreadLimit             64
>     ThreadsPerChild         35
>     MaxRequestWorkers       560
>     MaxConnectionsPerChild  10000
> </IfModule>
> 
> 
> /etc/apache2/mods-enabled/ssl.conf
> <IfModule mod_ssl.c>
>         SSLRandomSeed startup builtin
>         SSLRandomSeed startup file:/dev/urandom 512
>         SSLRandomSeed connect builtin
>         SSLRandomSeed connect file:/dev/urandom 512
> 
>         AddType application/x-x509-ca-cert .crt
>         AddType application/x-pkcs7-crl .crl
> 
>         SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
> 
>         SSLSessionCache         shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
>         SSLSessionCacheTimeout  300
> 
>         SSLCipherSuite HIGH:MEDIUM:!ADH:!MD5:!RC4
> 
>         SSLProtocol all -SSLv3
> 
> </IfModule>
> 
> socache_shmcb.load
> is loaded (via symlink /etc/apache2/mods-enabled)
> 
> 
> /etc/apache2/apache2.conf
> Mutex file:${APACHE_LOCK_DIR} default
> 
> 
> /etc/apache2/envvars
> export APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
> export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
> export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
> 
> file
> /var/run/apache2/apache2.pid
> exists and contains the proper PID of apache process.
> 
> But there is no "ssl_scache":
> 
> ls -al /var/run/apache2/
> total 4
> drwxr-xr-x  2 root     root  80 Mar  8 12:54 .
> drwxr-xr-x 18 root     root 680 Mar  8 13:18 ..
> -rw-r--r--  1 root     root   5 Mar  8 12:54 apache2.pid
> srwx------  1 www-data root   0 Mar  8 12:54 cgisock.1425
> 
> But according to apache status page, SSL cache is working:
> 
> SSL/TLS Session Cache Status:
> cache type: SHMCB, shared memory: 512000 bytes, current entries: 463
> subcaches: 32, indexes per subcache: 88
> time left on oldest entries' objects: avg: 26 seconds, (range: 0...71)
> index usage: 16%, cache usage: 20%
> total entries stored since starting: 27271
> total entries replaced since starting: 0
> total entries expired since starting: 22693
> total (pre-expiry) entries scrolled out of the cache: 0
> total retrieves since starting: 224953 hit, 14045 miss
> total removes since starting: 0 hit, 0 miss
> 
> 
> There is also nothing in /var/lock/apache2:
> 
> ls -al /var/lock/apache2/
> total 0
> drwxr-xr-x 2 www-data root 40 Mar  8 12:54 .
> drwxrwxrwt 3 root     root 60 Mar  4 17:35 ..
> 
> I would expect that there would be files with the names of the mutex type, according to
> 
> "With the file-based mechanisms fcntl and flock, the path, if provided, is a directory where the lock file will be created [...] The basename of the file will be the mutex type"
> (source: https://httpd.apache.org/docs/2.4/en/mod/core.html#mutex)
> 
> Could someone please tell if that is ok that there is neither a ssl_scache file nor mutex type named mutex files ?
> 
> What can I do to get rid of the "AH02026: Failed to acquire SSL session cache lock" messages?
> 
> What is the meaning of the message?
> 
> Thanks very much.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux