[Pacemaker] Cluster failure with mod_security using rotatelogs

Markus Schlup markus at schlup.net
Tue Oct 12 04:15:41 EDT 2010 

>-- Your mail regarding >> Re: [Pacemaker] Cluster failure with mod_security using rotatelogs <<
>
> On 10/11/2010 at 10:17 AM, Markus Schlup <markus at qbik.ch> wrote: 
> > Hi all
> >  
> > I'm running a cluster-based Apache reverse proxy with the mod_security  
> > module. I would like to rotate the logfiles with rotatelogs as follows: 
> >  
> > CustomLog "|/usr/sbin/rotatelogs -l /var/log/httpd/access_log.%Y-%m-%d  
> > 86400" common 
> >  
> > And especially the mod_security log with 
> >  
> > SecAuditLog  "|/usr/sbin/rotatelogs -l  
> > /var/log/httpd/modsec_audit_log.%Y-%m-%d 86400" 
> >  
> > As soon as I change the mod_security log to this (instead of just using  
> > "SecAuditLog /var/log/httpd/modsec_audit_log") the resource does not  
> > start anymore. 
> >  
> > When trying to debug and start the apache resource by hand with 
> >  
> > OCF_ROOT=/usr/lib/ocf OCF_RESKEY_configfile=/etc/httpd/conf/httpd.conf  
> > OCF_RESKEY_statusurl=http://localhost:80/server-status sh -x  
> > /usr/lib/ocf/resource.d/heartbeat/apache start 
> >  
> > it stops after 
> >  
> > ... 
> > + for p in '"$PORT"' '"$Port"' 80 
> > + CheckPort 80 
> > + ocf_is_decimal 80 
> > + case "$1" in 
> > + true 
> > + '[' 80 -gt 0 ']' 
> > + PORT=80 
> > + break 
> > + echo 127.0.0.1:80 
> > + grep : 
> > + '[' Xhttp://localhost:80/server-status = X ']' 
> > + test /etc/httpd/run/httpd.pid 
> > + : OK 
> > + case $COMMAND in 
> > + start_apache 
> > + silent_status 
> > + '[' -f /etc/httpd/run/httpd.pid ']' 
> > + : No pid file 
> > + false 
> > + ocf_run /usr/sbin/httpd -DSTATUS -f /etc/httpd/conf/httpd.conf 
> > ++ /usr/sbin/httpd -DSTATUS -f /etc/httpd/conf/httpd.conf 
> >  
> > The resource is in fact started but the command does not finish - so I  
> > guess that's the reason why the cluster fails in this setup ... strange  
> > enough using the rotatelogs directives for the Apache error and access  
> > logs is not an issue and works as expected. 
> >  
> > Does someone know how to fix that problem? 
> 
> I've not seen that before, but, just to rule out one possibility...  What
> happens if you just run:
> 
>   /usr/sbin/httpd -DSTATUS -f /etc/httpd/conf/httpd.conf
> 
> Does that ever return?  If no, I'd suggest apache is broken.  If yes,
> I'd start pointing my finger towards ocf_run or the RA.
> 
> HTH,
> 
> Tim
> 

Apache returns as expected.

Regards
Markus

More information about the Pacemaker mailing list