• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

The Geek Diary

HowTos | Basics | Concepts

  • Solaris
    • Solaris 11
    • SVM
    • ZFS
    • Zones
    • LDOMs
    • Hardware
  • Linux
    • CentOS/RHEL 7
    • RHCSA notes
    • SuSE Linux Enterprise
    • Linux Services
  • VCS
    • VxVM
  • Interview Questions
  • oracle
    • ASM
    • mysql
    • RAC
    • oracle 12c
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Hadoop
    • Hortonworks HDP
      • HDPCA
    • Cloudera
      • CCA 131

How to configure logrotate for multiple httpd instances

By admin

The Issue

When running multiple httpd instances on a single host (i.e. as suggested by this post) that has SELinux enabled and in enforcing mode, using a single logrotate configuration for log rotation may fail when a postrotate script similar to the following is used:

postrotate
      /bin/systemctl reload httpd*.service > /dev/null 2>/dev/null || true
endscript

The “systemctl reload httpd*.service” command works from command line, however, SELinux policy prevents logrotate listing active services matching the httpd*.service pattern when running as a cron or anacron job with an AVC denial in audit.log similar to the following:

type=USER_AVC msg=audit(1523410562.012:837): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { status } for auid=0 uid=0 gid=0 cmdline="/bin/systemctl reload httpd*.service" scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=system  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

The Solution

The issue can be resolved by sending the USR1 signal to the main httpd processes. This will trigger a graceful restart of the httpd child processes, reload of the configuration and log files reopening.

We can get the PIDs of the main processes by reading the PID files of the individual httpd instances as configured in their respective httpd.conf configuration files.

In the following example all of the httpd.conf configuration files of all instances were matching the /etc/httpd/conf/httpd*.conf pattern and the PID files were all matching /var/run/httpd*.pid:

# grep PidFile /etc/httpd/conf/httpd*.conf
/etc/httpd/conf/httpd1.conf:PidFile "/var/run/httpd1.pid"
/etc/httpd/conf/httpd2.conf:PidFile "/var/run/httpd2.pid"
/etc/httpd/conf/httpd3.conf:PidFile "/var/run/httpd3.pid"
Note: Please make sure you adjust the pattern to match the naming scheme used in your environment!

Then a script, similar to the following, can be used in the postrotate section of your /etc/logrotate.d/httpd configuration file:

# vi /etc/logrotate.d/httpd
postrotate
    for pidfile in $(ls -1 /var/run/httpd*.pid); do
        PID=$(cat "$pidfile")
        if grep -qa "/usr/sbin/httpd" /proc/$PID/cmdline; then
            kill -USR1 $PID
        fi
    done || true
endscript
Note: Please note that the above script is only an example and may require changes in your environment.

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. How to disable password dictionary check in CentOS/RHEL 7
  2. How to limit bandwidth or traffic for applications using iptables
  3. How to recover from deleted root entry in /etc/shadow and/or /etc/passwd files in CentOS / RHEL 6
  4. How to persistently set nr_requests using UDEV rules
  5. What are the mount options to improve ext4 filesystem performance in Linux
  6. CentOS / RHEL : How to collect sosreport
  7. How to Recover Missing GRUB2 Files from /boot
  8. CentOS / RHEL 5 : How to Configure kdump
  9. How to map /dev/sdX and /dev/mapper/mpathY device from the /dev/dm-Z device
  10. How to create custom systemd target unit in CentOS/RHEL/Fedora

You May Also Like

Primary Sidebar

Recent Posts

  • How to set the order to load certain modules in CentOS/RHEL 7 and 8
  • How to configure initrd / initramfs to including kernel modules in CentOS/RHEL
  • How to configure systemd.path to trigger an event when any changes made to a directory
  • Script to monitor RMAN Backup and Restore Operations
  • Oracle RMAN Backup Shell Script Example
  • Archives
  • Contact Us
  • Copyright

© 2019 · The Geek Diary