[Pacemaker] Cluster failure with mod_security using rotatelogs

Markus Schlup markus at qbik.ch
Sun Oct 10 23:17:36 UTC 2010


  Hi all

I'm running a cluster-based Apache reverse proxy with the mod_security 
module. I would like to rotate the logfiles with rotatelogs as follows:

CustomLog "|/usr/sbin/rotatelogs -l /var/log/httpd/access_log.%Y-%m-%d 
86400" common

And especially the mod_security log with

SecAuditLog  "|/usr/sbin/rotatelogs -l 
/var/log/httpd/modsec_audit_log.%Y-%m-%d 86400"

As soon as I change the mod_security log to this (instead of just using 
"SecAuditLog /var/log/httpd/modsec_audit_log") the resource does not 
start anymore.

When trying to debug and start the apache resource by hand with

OCF_ROOT=/usr/lib/ocf OCF_RESKEY_configfile=/etc/httpd/conf/httpd.conf 
OCF_RESKEY_statusurl=http://localhost:80/server-status sh -x 
/usr/lib/ocf/resource.d/heartbeat/apache start

it stops after

...
+ for p in '"$PORT"' '"$Port"' 80
+ CheckPort 80
+ ocf_is_decimal 80
+ case "$1" in
+ true
+ '[' 80 -gt 0 ']'
+ PORT=80
+ break
+ echo 127.0.0.1:80
+ grep :
+ '[' Xhttp://localhost:80/server-status = X ']'
+ test /etc/httpd/run/httpd.pid
+ : OK
+ case $COMMAND in
+ start_apache
+ silent_status
+ '[' -f /etc/httpd/run/httpd.pid ']'
+ : No pid file
+ false
+ ocf_run /usr/sbin/httpd -DSTATUS -f /etc/httpd/conf/httpd.conf
++ /usr/sbin/httpd -DSTATUS -f /etc/httpd/conf/httpd.conf

The resource is in fact started but the command does not finish - so I 
guess that's the reason why the cluster fails in this setup ... strange 
enough using the rotatelogs directives for the Apache error and access 
logs is not an issue and works as expected.

Does someone know how to fix that problem?

Thanks
Markus




More information about the Pacemaker mailing list