[NBLUG/talk] Apache Logs..

ME dugan at passwall.com
Thu Apr 3 04:33:00 PST 2003 

Eric Eisenhart said:
> On Wed, Apr 02, 2003 at 06:41:17PM -0800, ME wrote:
[chop]
>> If you want to educate logrotate on how to gracefully stop apache, then
>> you can send a SIGTERM to the parent process for apache and that should
>> stop apache. As an alternative, you may be able to educate logrotate on
>> how to use apachectl and pass it the arg "stop" and start for a graceful
>> shutdown.
>
> SIGTERM?   Yikes.
>
> With apache, it's best to do the least damage required for the job.
> Absolute least damage is SIGUSR1 (apachectl graceful[1]), which will wait
> for
> existing connections to finnish and then reload the configuration and
> reopen
> all log files.  Next least damage is SIGHUP (apachectl restart), which
> will
> kill existing connections immediately and then reload the configuration
> and
> reopen all log files.  If you stop and then start with SIGTERM (apachectl
> stop), the service is totally unavailable for a period of time
> ("connection
> refused").  With USR1 and HUP, during the restart those connections get
> queued and then handled after it's running again.  Even on a very busy
> server, SIGUSR1 (apachectl graceful) will feed out all data it's supposed
> to, merely delaying responses for a moment to some clients.
>
> In the case of logrotation, SIGUSR1 has the problem that it's not
> instantaneous (while SIGHUP is).  Better to just wait....  Say, "apachectl
> graceful && apachectl status > /dev/null", perhaps?

There is risk in this. If a large file is being transferred, an effective
DoS can prevent log rotation from occuring. Being unkind to users (say
once a month) and just stopping the service without letting connections
finish is faster for scripts that need a level of guarantee that proccess
that have opened files, are no longer writing to them when they are moved
(possibly across mounted partitions.) The apache man page (man httpd)
mentions use of SIGTERM to the httpd parent process to dtop apache.

Also, check out your apachectl script that comes with apache. When you:
#apachectl stop
it sends a sigterm (default kill signal unless another signal is
specified) to the parent httpd process.

The difference here, is that it appears logrotate is sendig a sigterm to
the parent and each of the children too, when a single sigterm to the
parent should suffice, and the SIGHUP just ask each process top flush
unwritted log data and re-read config.

-ME

-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
t at -(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html

More information about the talk mailing list