Reading
https://httpd.apache.org/docs/2.4/en/mod/core.html#mutex
I guess, expected behaviour of active directive
Mutex file:${APACHE_LOCK_DIR} default
would be
Mutex fnctl:${APACHE_LOCK_DIR} default
?
Maybe it's worth a try to add the line
Mutex fnctl:${APACHE_LOCK_DIR} ssl-cache
and look if
/var/lock/apache2/ssl-cache
gets created and the
"AH02026: Failed to acquire SSL session cache lock" messages disappear?
But we need to test that on our standby server after upgrading that to Apache
2.4 which will be done in 10 days or so.
> Gesendet: Dienstag, 08. März 2016 um 16:44 Uhr
> Von: "hildegard meier" <daku8...@gmx.de>
> An: users@httpd.apache.org
> Betreff: [users@httpd] Lots of messages "[ssl:warn] Resource deadlock
> avoided: AH02026: Failed to acquire SSL session cache lock"
>
> OS:
> Ubuntu 14.04 LTS
>
> Kernel:
> 3.13.0-79-generic x86_64
>
> Apache:
> 2.4.7-1ubuntu4.5
>
> The Host has just been release-upgraded (with Ubuntu do-release-upgrade
> command) From Ubuntu 12.04 LTS
>
> All Apache config files are the new ones, old configuration entries have been
> adopted to the new config files manually.
>
> Issue:
> Most of the 74 vHosts are working fine. But on two vHosts there is coming the
> following message nearly every minute:
>
> [Tue Mar 08 16:08:18.596653 2016] [ssl:warn] [pid 8339:tid 140182179256064]
> (35)Resource deadlock avoided: AH02026: Failed to acquire SSL session cache
> lock
> [Tue Mar 08 16:08:20.791623 2016] [ssl:warn] [pid 8849:tid 140182112114432]
> (35)Resource deadlock avoided: AH02026: Failed to acquire SSL session cache
> lock
> [Tue Mar 08 16:08:54.230004 2016] [ssl:warn] [pid 8849:tid 140182162470656]
> (35)Resource deadlock avoided: AH02026: Failed to acquire SSL session cache
> lock
> [Tue Mar 08 16:13:28.180687 2016] [ssl:warn] [pid 10595:tid 140182095329024]
> (35)Resource deadlock avoided: AH02026: Failed to acquire SSL session cache
> lock
>
> But we are not aware of any impact of this. Server generally working fine
> (has some traffic- 700 established AJP proxy connections, 200 busy worker
> threads, 100 Requests/s, 300 KB/s).
>
> I did not find much about that message. Only official:
>
> AH02026: Failed to acquire SSL session cache lock"
> ./modules/ssl/ssl_engine_mutex.c:92
> (source: https://wiki.apache.org/httpd/ListOfErrors)
>
> We use mpm worker:
>
> /etc/apache2/mods-enabled/mpm_worker.conf
> <IfModule mpm_worker_module>
> StartServers 2
> MinSpareThreads 25
> MaxSpareThreads 75
> ThreadLimit 64
> ThreadsPerChild 35
> MaxRequestWorkers 560
> MaxConnectionsPerChild 10000
> </IfModule>
>
>
> /etc/apache2/mods-enabled/ssl.conf
> <IfModule mod_ssl.c>
> SSLRandomSeed startup builtin
> SSLRandomSeed startup file:/dev/urandom 512
> SSLRandomSeed connect builtin
> SSLRandomSeed connect file:/dev/urandom 512
>
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl .crl
>
> SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
>
> SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
> SSLSessionCacheTimeout 300
>
> SSLCipherSuite HIGH:MEDIUM:!ADH:!MD5:!RC4
>
> SSLProtocol all -SSLv3
>
> </IfModule>
>
> socache_shmcb.load
> is loaded (via symlink /etc/apache2/mods-enabled)
>
>
> /etc/apache2/apache2.conf
> Mutex file:${APACHE_LOCK_DIR} default
>
>
> /etc/apache2/envvars
> export APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
> export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
> export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
>
> file
> /var/run/apache2/apache2.pid
> exists and contains the proper PID of apache process.
>
> But there is no "ssl_scache":
>
> ls -al /var/run/apache2/
> total 4
> drwxr-xr-x 2 root root 80 Mar 8 12:54 .
> drwxr-xr-x 18 root root 680 Mar 8 13:18 ..
> -rw-r--r-- 1 root root 5 Mar 8 12:54 apache2.pid
> srwx------ 1 www-data root 0 Mar 8 12:54 cgisock.1425
>
> But according to apache status page, SSL cache is working:
>
> SSL/TLS Session Cache Status:
> cache type: SHMCB, shared memory: 512000 bytes, current entries: 463
> subcaches: 32, indexes per subcache: 88
> time left on oldest entries' objects: avg: 26 seconds, (range: 0...71)
> index usage: 16%, cache usage: 20%
> total entries stored since starting: 27271
> total entries replaced since starting: 0
> total entries expired since starting: 22693
> total (pre-expiry) entries scrolled out of the cache: 0
> total retrieves since starting: 224953 hit, 14045 miss
> total removes since starting: 0 hit, 0 miss
>
>
> There is also nothing in /var/lock/apache2:
>
> ls -al /var/lock/apache2/
> total 0
> drwxr-xr-x 2 www-data root 40 Mar 8 12:54 .
> drwxrwxrwt 3 root root 60 Mar 4 17:35 ..
>
> I would expect that there would be files with the names of the mutex type,
> according to
>
> "With the file-based mechanisms fcntl and flock, the path, if provided, is a
> directory where the lock file will be created [...] The basename of the file
> will be the mutex type"
> (source: https://httpd.apache.org/docs/2.4/en/mod/core.html#mutex)
>
> Could someone please tell if that is ok that there is neither a ssl_scache
> file nor mutex type named mutex files ?
>
> What can I do to get rid of the "AH02026: Failed to acquire SSL session cache
> lock" messages?
>
> What is the meaning of the message?
>
> Thanks very much.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
