Bonjour à tous

Je possède un serveur perso sous Debian 5.0.2. J’ai un souci récurent sous apache2, très fréquemment et aléatoirement, j’ai de nombreux processus apache qui se crééent, montant mon cpu à 100% de manière permanente, jusqu’à ce que ma ram (1go) soit complètement saturée, de même de mon swap.
J’en arrive même à une charge système de 96 suite à une nuit de plantage de ce type, au lieu de mes 0.5 habituels…

J’ai tenté une réinstallation d’apache, mais ça revient :s

Une idée ?

Ça m’est déjà arrivé et ça venait de PHP qui était mal configuré. Même symtômes que toi et ça en boucle dans les logs (/var/log/syslog):

Feb 23 10:57:48 golgoth kernel: php5-cgi invoked oom-killer: gfp_mask=0×1201d2, order=0, oomkilladj=0 Feb 23 11:05:05 golgoth kernel: Pid: 21091, comm: php5-cgi Tainted: G M 2.6.24.5-grsec-xxxx-grs-ipv4-64 #3 Feb 23 11:05:05 golgoth kernel: Feb 23 11:05:05 golgoth kernel: Call Trace: Feb 23 11:05:05 golgoth kernel: [<ffffffff80251b79>] oom_kill_process+0×149/0×160 Feb 23 11:05:05 golgoth kernel: [<ffffffff80251e3b>] out_of_memory+0×1ab/0×230 Feb 23 11:05:05 golgoth kernel: [<ffffffff8025418f>] __alloc_pages+0×2df/0×390 Feb 23 11:05:05 golgoth kernel: [<ffffffff802562b2>] __do_page_cache_readahead+0xe2/0×220 Feb 23 11:05:05 golgoth kernel: [<ffffffff8024f31e>] filemap_fault+0×29e/0×3f0 Feb 23 11:05:05 golgoth kernel: [<ffffffff8025f10f>] __do_fault+0×7f/0×450 Feb 23 11:05:05 golgoth kernel: [<ffffffff8025f7a6>] handle_mm_fault+0×1a6/0×7c0 Feb 23 11:05:05 golgoth kernel: [<ffffffff802131c9>] do_page_fault+0×159/0×820 (…)Feb 23 11:05:06 golgoth kernel: Swap cache: add 4536112, delete 4536109, find 41511650/41849140, race 6+50 Feb 23 11:05:06 golgoth kernel: Free swap = 0kB Feb 23 11:05:06 golgoth kernel: Total swap = 1020116kB Feb 23 11:05:06 golgoth kernel: Free swap: 0kB Feb 23 11:05:06 golgoth kernel: 257968 pages of RAM Feb 23 11:05:06 golgoth kernel: 5998 reserved pages Feb 23 11:05:06 golgoth kernel: 117949 pages shared Feb 23 11:05:06 golgoth kernel: 3 pages swap cached Feb 23 11:05:06 golgoth kernel: Out of memory: kill process 17945 (apache2) score 562388 or a child Feb 23 11:05:06 golgoth kernel: Killed process 20156 (php5-cgi)

Après tout dépend à quoi te sert ton serveur, je fais de l’hébergement de sites mutualisé et php est configuré en mode CGI avec FastCGI.

Développe un peu plus ta config…

Je possède plusieurs sites, un dotclear, un forum, piwigo, phpsysinfo…bref principalement du php.
Qu’as-tu besoin de savoir ?

Ben juste de savoir si on a des configs qui se ressemblent, à savoir php en mode CGI. Et si dans tes logs, tu as les mêmes messages que moi, en faisant par exemple :

ou

je n’ai rien lorsque je fais ça :s
on doit pas avoir la même erreur :s

Peut-être mais en attendant personne ne pourra t’aider avec aussi peu de détails, on ne sais toujours pas comment php est installé, et puis le problème ne vient peut-être pas de php après tout…
En tout cas, au jour et à l’heure où ton serveur s’est met à swapper, il y a forcément eu des messages significatifs dans les logs. Ce sont ces messages qu’il faudrait fournir ainsi que ta config Apache :

Les paquets apache installés :

Les paquets PHP installés :

Et le plus important, ce que racontent les logs au moment du “swapping” (dans /var/log/apache, /var/log/syslog, etc.)

oui je veux bien donner des détails mais je voyais pas quoi

Mon apache2.conf :

[code]#

Based upon the NCSA server configuration files originally by Rob McCool.

This is the main Apache server configuration file. It contains the

configuration directives that give the server its instructions.

See http://httpd.apache.org/docs/2.2/ for detailed information about

the directives.

Do NOT simply read the instructions in here without understanding

what they do. They’re here only as hints or reminders. If you are unsure

consult the online docs. You have been warned.

The configuration directives are grouped into three basic sections:

1. Directives that control the operation of the Apache server process as a

whole (the ‘global environment’).

2. Directives that define the parameters of the ‘main’ or ‘default’ server,

which responds to requests that aren’t handled by a virtual host.

These directives also provide default values for the settings

of all virtual hosts.

3. Settings for virtual hosts, which allow Web requests to be sent to

different IP addresses or hostnames and have them handled by the

same Apache server process.

Configuration and logfile names: If the filenames you specify for many

of the server’s control files begin with “/” (or “drive:/” for Win32), the

server will use that explicit path. If the filenames do not begin

with “/”, the value of ServerRoot is prepended – so “/var/log/apache2/foo.log”

with ServerRoot set to “” will be interpreted by the

server as “//var/log/apache2/foo.log”.

Section 1: Global Environment

The directives in this section affect the overall operation of Apache,

such as the number of concurrent requests it can handle or where it

can find its configuration files.

ServerRoot: The top of the directory tree under which the server’s

configuration, error, and log files are kept.

NOTE! If you intend to place this on an NFS (or otherwise network)

mounted filesystem then please read the LockFile documentation (available

at URL:http://httpd.apache.org/docs-2.1/mod/mpm_common.html#lockfile);

you will save yourself a lot of trouble.

Do NOT add a slash at the end of the directory path.

ServerRoot “/etc/apache2”

The accept serialization lock file MUST BE STORED ON A LOCAL DISK.

#<IfModule !mpm_winnt.c>
#<IfModule !mpm_netware.c>
LockFile /var/lock/apache2/accept.lock
#
#

PidFile: The file in which the server should record its process

identification number when it starts.

This needs to be set in /etc/apache2/envvars

PidFile ${APACHE_PID_FILE}

Timeout: The number of seconds before receives and sends time out.

Timeout 300

KeepAlive: Whether or not to allow persistent connections (more than

one request per connection). Set to “Off” to deactivate.

KeepAlive On

MaxKeepAliveRequests: The maximum number of requests to allow

during a persistent connection. Set to 0 to allow an unlimited amount.

We recommend you leave this number high, for maximum performance.

MaxKeepAliveRequests 100

KeepAliveTimeout: Number of seconds to wait for the next request from the

same client on the same connection.

KeepAliveTimeout 15

Server-Pool Size Regulation (MPM specific)

prefork MPM

StartServers: number of server processes to start

MinSpareServers: minimum number of server processes which are kept spare

MaxSpareServers: maximum number of server processes which are kept spare

MaxClients: maximum number of server processes allowed to start

MaxRequestsPerChild: maximum number of requests a server process serves

StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxClients 150 MaxRequestsPerChild 0

worker MPM

StartServers: initial number of server processes to start

MaxClients: maximum number of simultaneous client connections

MinSpareThreads: minimum number of worker threads which are kept spare

MaxSpareThreads: maximum number of worker threads which are kept spare

ThreadsPerChild: constant number of worker threads in each server process

MaxRequestsPerChild: maximum number of requests a server process serves

StartServers 2 MaxClients 150 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0

These need to be set in /etc/apache2/envvars

User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

AccessFileName: The name of the file to look for in each directory

for additional configuration directives. See also the AllowOverride

directive.

AccessFileName .htaccess

The following lines prevent .htaccess and .htpasswd files from being

viewed by Web clients.

<Files ~ “^.ht”>
Order allow,deny
Deny from all

DefaultType is the default MIME type the server will use for a document

if it cannot otherwise determine one, such as from filename extensions.

If your server contains mostly text or HTML documents, “text/plain” is

a good value. If most of your content is binary, such as applications

or images, you may want to use “application/octet-stream” instead to

keep browsers from trying to display binary files as though they are

text.

DefaultType text/plain

HostnameLookups: Log the names of clients or just their IP addresses

e.g., www.apache.org (on) or 204.62.129.132 (off).

The default is off because it’d be overall better for the net if people

had to knowingly turn this feature on, since enabling it means that

each client request will result in AT LEAST one lookup request to the

nameserver.

HostnameLookups Off

ErrorLog: The location of the error log file.

If you do not specify an ErrorLog directive within a

container, error messages relating to that virtual host will be

logged here. If you do define an error logfile for a

container, that host’s errors will be logged there and not here.

ErrorLog /var/log/apache2/error.log

LogLevel: Control the number of messages logged to the error_log.

Possible values include: debug, info, notice, warn, error, crit,

alert, emerg.

LogLevel warn

Include module configuration:

Include /etc/apache2/mods-enabled/.load
Include /etc/apache2/mods-enabled/.conf

Include all the user configurations:

Include /etc/apache2/httpd.conf

Include ports listing

Include /etc/apache2/ports.conf

The following directives define some format nicknames for use with

a CustomLog directive (see below).

If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i

LogFormat “%v:%p %h %l %u %t “%r” %>s %b “%{Referer}i” “%{User-Agent}i”” vhost_combined
LogFormat “%h %l %u %t “%r” %>s %b “%{Referer}i” “%{User-Agent}i”” combined
LogFormat “%h %l %u %t “%r” %>s %b” common
LogFormat “%{Referer}i -> %U” referer
LogFormat “%{User-agent}i” agent

Define an access log for VirtualHosts that don’t define their own logfile

CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined

Customizable error responses come in three flavors:

1) plain text 2) local redirects 3) external redirects

Some examples:

#ErrorDocument 500 “The server made a boo boo.”
#ErrorDocument 404 /missing.html
#ErrorDocument 404 “/cgi-bin/missing_handler.pl”
#ErrorDocument 402 http://www.example.com/subscription_info.html

Putting this all together, we can internationalize error responses.

We use Alias to redirect any /error/HTTP_.html.var response to

our collection of by-error message multi-language collections. We use

includes to substitute the appropriate text.

You can modify the messages’ appearance without changing any of the

default HTTP_.html.var files by adding the line:

Alias /error/include/ “/your/include/path/”

which allows you to create your own set of files by starting with the

/usr/share/apache2/error/include/ files and copying them to /your/include/path/,

even on a per-VirtualHost basis. The default include files will display

your Apache version number and your ServerAdmin email address regardless

of the setting of ServerSignature.

The internationalized error documents require mod_alias, mod_include

and mod_negotiation. To activate them, uncomment the following 30 lines.

Alias /error/ “/usr/share/apache2/error/”

<Directory “/usr/share/apache2/error”>

AllowOverride None

Options IncludesNoExec

AddOutputFilter Includes html

AddHandler type-map var

Order allow,deny

Allow from all

LanguagePriority en cs de es fr it nl sv pt-br ro

ForceLanguagePriority Prefer Fallback

ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var

ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var

ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var

ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var

ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var

ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var

ErrorDocument 410 /error/HTTP_GONE.html.var

ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var

ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var

ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var

ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var

ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var

ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var

ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var

ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var

ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var

ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var

Include of directories ignores editors’ and dpkg’s backup files,

see README.Debian for details.

Include generic snippets of statements

Include /etc/apache2/conf.d/

Include the virtual host configurations:

Include /etc/apache2/sites-enabled/
[/code]

Les paquets apache :

ii apache2-mpm-prefork 2.2.9-10+lenny3 Apache HTTP Server - traditional non-threaded model ii apache2-utils 2.2.9-10+lenny3 utility programs for webservers ii apache2.2-common 2.2.9-10+lenny3 Apache HTTP Server common files ii apachetop 0.12.6-9 Realtime Apache monitoring tool ii libapache2-mod-auth-mysql 4.3.9-11 Apache 2 module for MySQL authentication rc libapache2-mod-auth-pam 1.1.1-6.1 module for Apache2 which authenticate using PAM ii libapache2-mod-auth-sys-group 1.1.1-6.1 Module for Apache2 which checks user against system group ii libapache2-mod-chroot 0.5-7 run Apache in a secure chroot environment rc libapache2-mod-perl2 2.0.4-5 Integration of perl with the Apache2 web server ii libapache2-mod-php5 5.2.6.dfsg.1-1+lenny3 server-side, HTML-embedded scripting language (Apache 2 module

les paquets php

ii libapache2-mod-php5 5.2.6.dfsg.1-1+lenny3 server-side, HTML-embedded scripting language (Apache 2 module ii php-pear 5.2.6.dfsg.1-1+lenny3 PEAR - PHP Extension and Application Repository ii php5 5.2.6.dfsg.1-1+lenny3 server-side, HTML-embedded scripting language (metapackage) ii php5-cgi 5.2.6.dfsg.1-1+lenny3 server-side, HTML-embedded scripting language (CGI binary) ii php5-cli 5.2.6.dfsg.1-1+lenny3 command-line interpreter for the php5 scripting language ii php5-common 5.2.6.dfsg.1-1+lenny3 Common files for packages built from the php5 source ii php5-curl 5.2.6.dfsg.1-1+lenny3 CURL module for php5 ii php5-dev 5.2.6.dfsg.1-1+lenny3 Files for PHP5 module development ii php5-ffmpeg 0.5.3.1-3 ffmpeg support for php5 ii php5-gd 5.2.6.dfsg.1-1+lenny3 GD module for php5 ii php5-idn 1.2b-5.3 PHP API for the IDNA library ii php5-imagick 2.1.1RC1-1 ImageMagick module for php5 ii php5-imap 5.2.6.dfsg.1-1+lenny3 IMAP module for php5 ii php5-mcrypt 5.2.6.dfsg.1-1+lenny3 MCrypt module for php5 ii php5-memcache 3.0.1-1 memcache extension module for PHP5 ii php5-mhash 5.2.6.dfsg.1-1+lenny3 MHASH module for php5 ii php5-ming 1:0.3.0-14 Ming module for php5 ii php5-mysql 5.2.6.dfsg.1-1+lenny3 MySQL module for php5 ii php5-ps 1.3.6-3 ps module for PHP 5 ii php5-pspell 5.2.6.dfsg.1-1+lenny3 pspell module for php5 ii php5-recode 5.2.6.dfsg.1-1+lenny3 recode module for php5 ii php5-snmp 5.2.6.dfsg.1-1+lenny3 SNMP module for php5 ii php5-sqlite 5.2.6.dfsg.1-1+lenny3 SQLite module for php5 ii php5-tidy 5.2.6.dfsg.1-1+lenny3 tidy module for php5 ii php5-xmlrpc 5.2.6.dfsg.1-1+lenny3 XML-RPC module for php5 ii php5-xsl 5.2.6.dfsg.1-1+lenny3 XSL module for php5

il manque le plus important, les logs au moment ou l’indien se met à dériver.

sauf que l’indien est sage depuis deux jours :s

tu dois quand meme avoir des logs de plus de deux jours ?

en général dans errors.log de apache j’ai ça :

[Thu Jul 09 22:16:44 2009] [error] server reached MaxClients setting, consider raising the MaxClients setting
[Thu Jul 09 22:29:36 2009] [warn] child process 7760 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 23762 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 14660 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 22444 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 7443 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 17251 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 905 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 17314 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 17315 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 7445 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 29974 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 14662 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 23872 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 14767 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 29975 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 23874 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 14664 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 23941 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 15363 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 26087 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 29983 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 19776 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 21079 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 14667 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 17430 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 30217 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 14668 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 23942 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 20540 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 23943 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 20606 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 14671 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 21333 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 30225 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 15364 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 14672 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 28247 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 23944 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 14753 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 23945 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 14676 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 17431 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 17432 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 20608 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 23946 still did not exit, sending a SIGTERM
[Thu Jul 09 22:29:36 2009] [warn] child process 23947 still did not exit, sending a SIGTERM

sur des pages…

Tu as laissé la config par défaut d’Apache, non ?
Dans ta partie prefork, tu as ça :

Un extrait de cette page :

[quote]MaxRequestsPerChild : ce paramètre fixe la limite du nombre de demandes qu’un processus apache satisfera en générant un processus fils avant de mourir. Il faut savoir qu’un processus fils consomme plus de mémoire après chaque demande.

Si MaxRequestsPerChild vaut 0, alors le processus ne meurt jamais, sa taille augmente au fur est en mesure des demandes et vous vous retrouvez avec la mémoire du serveur saturée et apache qui ne réponds pratiquement plus.

Si MaxRequestsPerChild vaut 1, alors le processus meurt après chaque service. Le nouveau processus crée pour repondre au client utilise un minimum de mémoire mais en contrepartie, sa génération est plus lente.[/quote]

Il n’y a pas de “bonne valeur”, tout dépend de la fréquentation de ton site.

De plus, hors prefork, tu as laissé le timeout à 300, c’est beaucoup…

Tu peux zieuter cette page si tu veux : wiki.goldzoneweb.info/configurat … imisations

Depuis 2 jours qu’Apache ne t’embête plus, il te reste quand même assez de mémoire ?
Pour le savoir :

oui au niveau de la ram c’est ok quand tout va bien mon système utilise 120Mo/1Go.

je vais changer la valeur alors pour MaxRequestsPerChild et voir ce que ça donne.
J’ai regardé ton site il est bien sympa !!

En effet, ça va, c’est correct !

Bon courage pour la suite et surveille bien les logs si ça replante

Sinon, oui le wiki de goldzoneweb est bien sympa