# [SOLVED] Problem [error] while restarting apache.

## eddy89

I have a gentoo-uclibc installed with apache2, php5 and mysql.

But sometimes, when i try to restart apache, after updating configuration or to get more free ram:

```
/etc/init.d/apache2 restart
```

But it doesn't restart well: if i use "ps -e" i see only one apache2 process instead of many, and it don't work anymore.

The only way i have to get apache working is to reboot the computer.  :Sad: 

Can someone help me to solve this problem?

Other 2 questions:

How to reduce ram consume with apache?

What is the better way between worker MPM & USE=threads and prefork MPM & USE=-threads for a system with not much ram, or what is the way to reduce the number of apache2 running processes?

Thanks.

Edit: added [SOLVED] in subject.Last edited by eddy89 on Wed Feb 22, 2006 10:11 pm; edited 1 time in total

----------

## martin20450

You can recover apache by doing the following:

```
killall -9 apache

/etc/init.d/apache zap

/etc/init.d/apache start

```

As for why it won't restart - what's in the contents of the logs?

If you want to reduce the memory usage then tweak your config file to limit the processes apache has idle etc.[/code]

----------

## eddy89

I alredy tried that guy, but the /etc/init.d/apache2 start script don't gives any error message and seems to be started normally, but when i see, only one apache2 process is created, and it doesn't work (Obviusly i tried to kill it, it died, and I did the zap and the start, but with the same result).

The logs:

From error_log

```
[Mon Feb 20 18:33:12 2006] [notice] caught SIGTERM, shutting down

[Mon Feb 20 18:33:14 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2)

[Mon Feb 20 18:33:14 2006] [notice] Digest: generating secret for digest authentication ...

[Mon Feb 20 18:33:50 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2)

[Mon Feb 20 18:33:50 2006] [notice] Digest: generating secret for digest authentication ...

[Mon Feb 20 18:34:44 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2)

[Mon Feb 20 18:34:44 2006] [notice] Digest: generating secret for digest authentication ...

[Mon Feb 20 18:36:07 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2)

[Mon Feb 20 18:36:08 2006] [notice] Digest: generating secret for digest authentication ...

[Mon Feb 20 18:38:04 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2)

[Mon Feb 20 18:38:04 2006] [notice] Digest: generating secret for digest authentication ...

[Mon Feb 20 19:40:54 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2)

[Mon Feb 20 19:40:54 2006] [notice] Digest: generating secret for digest authentication ...

[Mon Feb 20 19:40:54 2006] [notice] Digest: done

[Mon Feb 20 19:40:54 2006] [notice] Apache configured -- resuming normal operations

```

I think the last [Digest: done] is when pc is rebooted.

When apache's restart succes the log is:

```
[Mon Feb 20 22:14:21 2006] [notice] caught SIGTERM, shutting down

[Mon Feb 20 22:14:29 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2)

[Mon Feb 20 22:14:29 2006] [notice] Digest: generating secret for digest authentication ...

[Mon Feb 20 22:14:29 2006] [notice] Digest: done

[Mon Feb 20 22:14:29 2006] [notice] Apache configured -- resuming normal operations

```

P.s. Can you give me a link where i can find how to tweak apache config and how to choose between MPMs?

----------

## martin20450

You could check to see if the pid file is still active?

With regards to the MPM's I found the information on http://httpd.apache.org/ under the documentation, there's also comments in the httpd.conf that should aid you in deciding on values that will be more suitable to your environment.

I currently have the following use flags set for apache:

```
net-www/apache-2.0.55-r1  +apache2 -debug +doc -ldap -mpm-leader -mpm-peruser -mpm-prefork -mpm-threadpool +mpm-worker -no-suexec (-selinux) +ssl -static-modules +threads
```

Cheers

----------

## PaulCompton

 *eddy89 wrote:*   

> I alredy tried that guy, but the /etc/init.d/apache2 start script don't gives any error message and seems to be started normally, but when i see, only one apache2 process is created, and it doesn't work (Obviusly i tried to kill it, it died, and I did the zap and the start, but with the same result).
> 
> 

 

I had the same problems.

This :-> https://forums.gentoo.org/viewtopic-t-408314.html sorted it straight away. Good luck!

----------

## eddy89

Sorry, I read this, but:

First: I cannot emerge rng-tools (compiling error, maybe because of uclibc?)

Second: I tried to do 

```
cat /proc/sys/kernel/random/entropy_avail

```

and it, after sshing into server, returns a low number (about 30), but after sometime it relase an higher number (about 400).

I noticed that if I update the site's page of the server on my browser the returned number grows.

What does it depends on?

----------

## PaulCompton

 *eddy89 wrote:*   

> Sorry, I read this, but:
> 
> First: I cannot emerge rng-tools (compiling error, maybe because of uclibc?)
> 
> 

 

You could perhaps try emerging clrngd. I haven't used it, and I'm not 100% sure, but I think it has a similar effect. Or will emerge not work at all? In that case, you might need to deal with that problem first!

 *eddy89 wrote:*   

> 
> 
> Second: I tried to do 
> 
> ```
> ...

 

Entropy depends on "noise" created by processes taking place on the computer, particularly processes related to behaviour that is not completely programmatic/deterministic/predictable. Disk access, interaction with device drivers, commands issued by the user all create "noise" which is "fed into" /dev/urandom to provide randomicity. Entropy is effectively a measure of randomicity.

So if you update the site's pages you have an externally initiated action plus interaction with the device drivers of the network card, the hard disk, etc. This will increase the entropy. A busy server has a lot of entropy because there is a lot of unpredictable interaction with the outside world and with device drivers.

Apache needs the entropy to start for reasons associated with the authorization module, where randomicity is a vital factor in generating secure (random/unpredictable) data. It's all about math, basically.

----------

## eddy89

Ok, but can I increase entropicity manually just when i need to restart server?

(it's something like "cat /dev/something > /dev/urandom" for some time?)

Anyway clrngd seems work, but i cannot say if it solve my problem with apache, i'll try soon, Thanks-Last edited by eddy89 on Wed Feb 22, 2006 10:00 pm; edited 1 time in total

----------

## PaulCompton

 *eddy89 wrote:*   

> Ok, but can I increase entropicity manually just when i need to restart server?
> 
> (it's something like "cat /dev/something > /dev/urandom" for some time?)

 

Yeah, it's probably a bit of a pain-in-the-backside solution, but it should work. Actually, just running an "emerge --searchdesc mod" should create enough entropy to get Apache restarted. If you forget and Apache gets stuck on the restart, just create some entropy and then watch it fly.

I really don't think it's the ideal solution - it means something else you have to remember, for a start, and errare humanum est. But it should work.

HTH

Best,

Paul

----------

## eddy89

Ok, problem solved with clrngd.

If I get the condition, after restarting apache, of only one apache2 process, then I run clrngd, I find all apache2 processes without doing anithing else, and the server works.

Thanks all!  :Very Happy: 

p.s.:Shall i open a new topic for the question of MPM and threads?

----------

## PaulCompton

 *eddy89 wrote:*   

> Ok, problem solved with clrngd.
> 
> If I get the condition, after restarting apache, of only one apache2 process, then I run clrngd, I find all apache2 processes without doing anithing else, and the server works.
> 
> 

 

Great!   :Very Happy:   A final tip: the problem might occur with other programs and/or modules in the future, so maybe its worth making clrngd autostart on boot with:

```
rc-update add clrngd default
```

Then you should never have to worry and every restart of Apache should be fine - at least when it comes to entropy.

 *eddy89 wrote:*   

> 
> 
> p.s.:Shall i open a new topic for the question of MPM and threads?

 

Yep!

Pleased we could help you, mate. I'm always happy to give a little back to this community - it has given a lot to me.  :Cool: 

----------

## eddy89

Hi again!

Also if now my apache stop and re-start normally, my server has very low entropy level, or ...er... someone eats it...

When I had to access my server via ssh, or via ssl ftp, it take much time before asking my login informations.

In lasts times I added ssl support in apache, maybe it's this that eats my entropy?

Also with clrngd running every 240 seconds (as default configuration) my entropy level get down  very fast..

Take a look at this:

 *Quote:*   

> 
> 
> server ~ # cat /proc/sys/kernel/random/entropy_avail
> 
> 2240
> ...

 

All this in the time to do so.... Please help my patient...

----------

## PaulCompton

 *eddy89 wrote:*   

> 
> 
> Also if now my apache stop and re-start normally, my server has very low entropy level, or ...er... someone eats it...
> 
> 

 

It could well be that someone eats it. Security modules, including things like ssh, need entropy. Just like the apache authorisation modules do. And entropy is a single-use substance: every time it gets used up, you need to replace it.

 *eddy89 wrote:*   

> When I had to access my server via ssh, or via ssl ftp, it take much time before asking my login informations.
> 
> 

 

How long does it take? This could maybe be some sort of configuration thing, if it is trying different handshaking mechanisms first, or looking at certificates. Do you have certificate login enabled but are not providing a valid certificate in your login directory? (If you are not aware of having set that up, then it is unlikely that it is configured so don't worry too much at this stage). It is also quite possible that it is an entropy-related thing. On my server, an ssh login across the LAN, using ssh2, seems to gobble up about 600 little entropy dumplings - but that's hard to tell for certain, as I am producing entropy at a fairly high rate. So it could be eating a lot more up.

 *eddy89 wrote:*   

> In lasts times I added ssl support in apache, maybe it's this that eats my entropy?

 

I'm not a gambling man, but if I were then I would put quite a bit of money on it. It will certainly be eating quite a lot of entropy.

 *eddy89 wrote:*   

> Also with clrngd running every 240 seconds (as default configuration) my entropy level get down  very fast..

 

I would try running it more frequently then.

Or perhaps just encourage more activity on your server  :Wink:  If I run a reindex and data purge (vacuum) on my postgres server, with 3 databases and about 100,000 records on it, it ups my entropy by 1000 in the space of a minute. The more activity, the more human-initiated interaction and other unpredicatable interaction you have, the better. These Linux beasties are made to work hard!

Those numbers look pretty bad. You are definitely losing entropy at a fast rate, which means you need to produce more of it. If you still can't get the other entropy generator to compile, then maybe you can adjust the config for clrngd so that it produces more entropy and more often.

All the best

Paul[/quote]

----------

