On Thu, 2018-11-15 at 06:12 +0100, Scott van Looy via users wrote:
So httpd survived Tuesday without crashing but crashed again
yesterday and today.
In /var/log/messages I can see:
Nov 14 03:26:57 novak systemd[1]: Reloading The Apache HTTP Server.
Nov 14 03:26:57 novak systemd[739346]: httpd.service: Failed to set
up mount namespacing: No such file or directory
Nov 14 03:26:57 novak systemd[739346]: httpd.service: Failed at step
NAMESPACE spawning /usr/sbin/httpd: No such file or directory
These two lines are bad.
Do you have custom /etc/systemd/system/httpd* ? It likely comes from
"PrivateTmp=..." in httpd.service. The stock file *does* have this.
Googling the NAMESPACE error I find a post about /tmp or /var/tmp
being symbolic links. Neither are.
Does ls -laZd /tmp or /var/tmp look like:
drwxrwxrwt. 18 root root system_u:object_r:tmp_t:s0 16384
Nov 15 10:30 tmp
Does ls -laZd /run /run/httpd/ look like:
drwxr-xr-x. 65 root root system_u:object_r:var_run_t:s0 1660
Nov 15 09:41 /run/
drwx--x---. 3 root apache system_u:object_r:httpd_var_run_t:s0 100
Nov 13 13:06 /run/httpd/
Maybe there's a cron process that messes with /tmp/ ? Some
RedHat/Fedora systems come with tmpwatch (rpm -q tmpwatch ; ls
/etc/cron*/tmpwatch*) which removes stale files from /tmp/ and
/var/tmp/. One of these could be biting.
Yesterday I reinstalled httpd from scratch, last night it crashed
again in the same way.
Seems more like a bad selinux or permissions thing. Or something that
deletes files.
Does anyone know what user logrotate runs as? I’ve tried
/bin/systemctl reload httpd.service as root and it reloads as
expected and am wondering if there’s something else weird going on
here?
root, except where specified otherwise. Look for "su someuser" in
/etc/logrotate.d/*
/etc/logrotate.conf/httpd on my machine runs as root (some conf files
run as a different user) httpd *startup* needs root.
Note that logrotate should reload (not restart) httpd. Reloading
should not kill httpd. This happens to provide an uninterrupted
service on tcp port 80.
*That* "needs" (not really) a consistent file like /run/httpd.pid and
that might go missing.
If you don't need 100% uptime you could replace reload with restart in
/etc/logrotate.d/httpd, but you'll lose your webserver for a few
seconds every day.
Personally I might make a new cron script like
(
ls -laZd /tmp/ /var/tmp/ /run/ /run/httpd/
... something else?
) 2>&1 | logger -t "myscript"
and see if the files go missing.