Forum OpenACS Q&A: My production site is down

One of my Aolserver instances seems to have died at 6:00am this morning. The last thing that happened:

209.237.238.163 - - [17/Jan/2003:06:19:21 -0800] "GET /robots.txt HTTP/1.0" 404 
538 "" "ia_archiver"
209.237.238.164 - - [17/Jan/2003:06:24:28 -0800] "GET /robots.txt HTTP/1.0" 404 
538 "" "ia_archiver"
209.237.238.164 - - [17/Jan/2003:06:24:28 -0800] "GET /news/item?item_id=3106 HT
TP/1.0" 200 9431 "" "ia_archiver"
209.237.238.159 - - [17/Jan/2003:06:24:36 -0800] "GET /robots.txt HTTP/1.0" 404 
538 "" "ia_archiver"
209.237.238.159 - - [17/Jan/2003:06:24:37 -0800] "GET /news/item?item_id=3120 HT
TP/1.0" 200 9644 "" "ia_archiver"
209.237.238.161 - - [17/Jan/2003:06:26:06 -0800] "GET /robots.txt HTTP/1.0" 404 
538 "" "ia_archiver"
209.237.238.161 - - [17/Jan/2003:06:26:07 -0800] "GET /news/item?item_id=3204 HT
TP/1.0" 200 9381 "" "ia_archiver"
209.237.238.162 - - [17/Jan/2003:06:28:37 -0800] "GET /robots.txt HTTP/1.0" 404 
538 "" "ia_archiver"
209.237.238.165 - - [17/Jan/2003:06:29:29 -0800] "GET /robots.txt HTTP/1.0" 404 
538 "" "ia_archiver"
209.237.238.163 - - [17/Jan/2003:06:30:20 -0800] "GET /news/item?item_id=3206 HT
TP/1.0" 200 9243 "" "ia_archiver"

It looks like it got hit by a robot. I'm not sure why it would have gone down, though. No errors in the error log that I can see.

I have it set up using /etc/inittab, and it was working fine up until now.

I need to get this back up and running right away. Any suggestions? I think I might just restart the entire server, and see if that helps..

Interesting. Have you tried restarting AOLserver yet?

Instead of using inittab, you might want to look at monit (http://www.tildeslash.com/monit/). monit is "a utility for monitoring and managing daemons or similar programs running on a Unix system. It will start specified programs if they are not running and restart programs not responding"

There's also djb's supervise, but as with every other djb tool, it's non-free, hard to setup and non-intuitive to understand.

-Roberto

Roberto Mello wrote:

There's also djb's supervise, but as with every other djb tool, it's non-free, hard to setup and non-intuitive to understand.

I'm sorry that I can't resist. Just download and install djb's daemontools package. It is a one or two minute install process. Then to start AOLserver you create a file called run in some directory. I use /web/control/servername. The run script should set any environment variables you need and then start AOLserver. Here is a copy of mine, which works for both pg and Oracle:

#!/bin/bash

export ORACLE_HOME="/ora8/m01/app/oracle/product/8.1.7"
export ORACLE_BASE="/ora8/m01/app/oracle"
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:$ORACLE_HOME/ctx/lib:/usr/local/pgsql/lib:$LD_LIBRARY_PATH
export PATH=$ORACLE_HOME/bin:$ORACLE_HOME/ctx/lib:$PATH
export ORACLE_SID='ora8'
export ORACLE_TERM='vt100'
export ORAENV_ASK=NO
export NLS_DATE_FORMAT="YYYY-MM-DD"
export LD_ASSUME_KERNEL=2.2.5
sleep 4

exec /usr/local/aolserver/bin/nsd -it \ 
 /web/control/iunicycle-oracle/iunicycle-oracle-nsd.tcl -u \
 iunicycle -g web 

Then you just link the directory to the /service directory:

ln -s /web/control/servername /service

Your webserver should start in a few seconds.

If your server seems to not startup, or constantly restarts without printing to the error.log why it is dying (usually a startup file syntax error), you can use ps axww|grep readproctitle to show the last 400 chars of output.

Start and stop, restart of your server:

svc -u /service/servername
svc -d /service/servername
svc -k /service/servername
svc -o /service/servername ;# start once, don't restart

Getting a status on how long the server is up/down:

svstat /service/servername

My opinion is software is never intuitive, but it can have simple commands and good documentation.

Here's a server log roll script that works from me. There's actually a more general one floating around that I simplified to make this one. It sits in cron.daily and works fine (it's hardwired to one of my server instance names).

#!/usr/bin/perl

## Sends AOLserver an HUP signal, so it will roll it's logs. Takes as its
## only argument the name of the server to roll.

## modified from the version in ACS 4

$ENV{'PATH'} = '/sbin:/bin';

## get the PIDs of all matching servers
open(PID, "/bin/ps -efwww |") || die $!;
my @pids;
while (< PID>) {
  next unless /^\s*\S+\s+(\d+).*nsd.*\/birdnotes\.tcl/;
  my $pid = $1;
  push(@pids, $pid);
}
close PID;

print "Rolling ", join(" ", @pids), "\n";
kill 'HUP', @pids;

For this to work you have to have the AOLserver parameters "roll server log on SIGHUP" set. You can roll the access lo g from within the AOLserver .tcl config file. Both these are documented in the AOLserver documentation but I agree it would be nice to have something written up in our "set up your world" docs. Just as we've done with my simple backup scripts.

(there's a space after the less-than sign before the PID above that needs to be removed)

Something similar happened to our site in early beta, twice in a row, 20 minutes apart. I believe I should be ablet to reproduce it under heavy load, but haven't got opportunity to simulate it in last two weeks. Could not post it earlier, but here is the log excerpt :

Everything normal ...
....
203.163.150.198 - - [06/Jan/2003:19:49:30 +0530] "GET /dotlrn/admin/user-new-2?user_id=20202 HTTP/1.1" 200 5905 
203.163.150.198 - - [06/Jan/2003:20:00:58 +0530] "GET /dotlrn/classes/maths/calculus/f-y-b-sc-maths/?folder%5fid=21188&n%5fpast%5fdays=99999&page%5fnum=2 HTTP/1.1" 302 389
....
Everything normal again...

The server stopped responding after 19:49:30. After 8-9 minutes I rebooted the machine in panic. The debug mode is on, but there is no error displayed there and everything looked normal untill the last entry in the access log.The surprise entries ( not surprising for the log-content but due to timestamps and the delay between them )in the error log are :

Everything normal ...
...
[06/Jan/2003:19:50:05][2554.3076][-conn0-] Debug: PgBindCmd: query with bind variables substituted =
    	select file_storage__new_file (
        	'NEW',           	-- title
        	'20281',          	-- parent_id
        	'19660',            	-- creation_user
        	'203.163.162.234',        	-- creation_ip
		true			-- indb_p
		);

[06/Jan/2003:19:50:05][2554.3076][-conn0-] Notice: Querying '
    	select file_storage__new_file (
        	'NEW',           	-- title
        	'20281',          	-- parent_id
        	'19660',            	-- creation_user
        	'203.163.162.234',        	-- creation_ip
		true			-- indb_p
		);'
[06/Jan/2003:19:58:21][2554.1024][-main-] Notice: nsmain: AOLserver/3.3.1+ad13 stopping
[06/Jan/2003:19:58:21][2554.1024][-main-] Notice: nssock: triggering shutdown
[06/Jan/2003:19:58:21][2554.1024][-main-] Notice: serv: stopping connection threads
[06/Jan/2003:20:00:06][1276.1024][-main-] Notice: nsmain: AOLserver/3.3.1+ad13 starting
....
Things back to normal again...

That is to say, though no new HTTP connection was logged after 19:49:30 , at least server logging thread was working upto 19:50:05. After that despite many requests from clients, there is no HTTP access log entry / debug log. But when I rebooted the machine, AOLServer logged 'AOLserver/3.3.1+ad13 stopping' message at 19:58:21.

There is no error logged in the Postgres log. I could not think of what might have gone wrong and what happened between 19:50 to 19:58.

Many thanks in advance for clues, hints and help !

I used both by accident on one system.  Had a little log file covering midnight to 4am (cron.daily runs at 4am) and a big log file for the rest of the day.

I don't think there is any major difference.  If anything ns_logroll is more precise since you are telling the server exactly what you want while with the other method you are just telling it to HUP.

For people willing to use DJB tools you should also take a look at multilog which can roll logs based on size (also worth taking a look at is dqd_log by Rob Mayoff which lets you use multilog for aolserver access logs.

Incidentally, I'd like to mention that I find supervise to be unreliable.

paje, the #openacs bot, is monitored by supervise on the openacs.org box. While it works well most of the time, supervise will just fail to restart paje when it dies sometimes.

-Roberto

By "free" I meant "I can change it and redistribute my changes in binary and source forms". If you really need an answer to your "so what?" question, then I suppose (and I mean no offense with this) that you're missing the point about open source/free software, IMHO

I'd like to point out that if you look at the daemontools source 90% of the code is licensed under the public domain (which I know, since I'm repacking that code and releasing it under a different license).

[ Okay guys, this is slight off topic but what the heck ]

I'm involved with a User Group in Northeast Ohio, USA.

http://www.nooss.org

I am using the pubilc domain software to start a project with in the group [ annoucement here.

I have a copy of the start of the code available at:

http://devel.alal.com

That code is still public domain.

The plan is to have a "ready for primetime" distirbution near the end of Febuary. I'd be open to suggestions going forward.

I also using that code to create a ns_cdb module for AOLserver (which I need for some qmail/vpopmail/OpenACS intergration).

I think this is getting a bit off topic, but feel free to contact me via email if anybody wants any more detail, has suggestions, or wants to help.

Co-incidentally I had to implement error log rolling today. Here's what I did based on an ACS 3 version I had working written by mailto:arjun@openforce.net :

In your server's .tcl file put these 2 lines after ns_section ns/parameters:

ns_param  logroll            on
ns_param  maxbackup          30

Then create 2 files in /acs-tcl/tcl, one called logroll-init.tcl and the other called logroll-procs.tcl.

logroll-procs.tcl contains the following:
#
# logroll.tcl - Rolls the server log on a daily basis
#
# mailto:arjun@openforce.net
# May 17, 2001
# version 0.1
#
# Note: This script is for rolling the _server_ log not the _access_ log!
ad_library {
    TCL library for the rolling error log.

    @creation-date 23/01/2003
}

#
# Directions
# ----------
# 1. Set the MaxBackup ns_param in the "ns/parameters" section of your config
# file to the desired number of backups. NOTE: The AOLServer documentation
# incorrectly calls this param "LogMaxBackup"! You can verify this param is set
# correctly by seeing something like "Notice: conf: [ns/parameters]maxbackup = 6"
# in your server log.
#
#
# Further Work
# ------------
# - Verify the log got rolled, if not send email
# - Check for disk space
# - Allow for non-daily intervals
# - scp logs to a remote site(s)

# You don't have to edit anything below this line
ad_proc -public roll_server_log {
} {
  Proc to roll server error log
}  {
set MaxBackupValue [ns_config -int "ns/parameters" MaxBackup]
if {$MaxBackupValue == ""} {
    # The default is 10
    set MaxBackupValue 10
}

ns_log Notice "logroll.tcl: About to roll server log. ns_param MaxBackup = $MaxBackupValue "
ns_logroll
ns_log Notice "logroll.tcl: Just rolled server log"
}

logroll-init.tcl contains the following:
# Adjust the paramaters below. Hours are between 0-23,
#  and minutes are between 0-59
set hour 16
set minute 00

ns_log Notice "Scheduling logroll"

# Schedule "roll_server_log" to run at the desired time
ns_schedule_daily $hour $minute roll_server_log

Then just bounce your AOLserver.

About the size of the error log: I have OpenACS 4.6 on my home system, with the packages Notifications and ACS-Mail-Lite (necessary for the forums?)  installed.  After 3 hours the error log has grown by about 500,000 bytes (half a meg), that's about 4 Meg per day?  I think some sort of default error log rotation would be useful.

added log-rolling to the to-do list for docs - I can just add it to the default config.tcl file, right?

Tilmann,

one way to roll the access log is mentioned in https://openacs.org/forums/message-view?message_id=34256.

Here's my Tcl version:

#
# logroll.tcl.postload - Rolls the server log on the same basis as the access log.
#
# bart.teeuwisse@thecodemill.biz
# Oct 07, 2001
# version 0.1 based on prior work by
# arjun@openforce.net 
# May 17, 2001
# version 0.1 
#
# Note: This script is for rolling the _server_ log not the _access_ log!
#
# Directions
# ----------
# 1. Set the "ServerLog" in the ns/parameters section and the 
# "RollDay", "RollHour", "RollFmt" parameters in the
# ns/server/'yourserver'/module/nslog section of your config file.
#
# 2. Place this script a Tcl directory sourced at server startup
#
# Further Work
# ------------
# - Verify the log got rolled, if not send email
# - Check for disk space
# - scp logs to a remote site(s)

# Roll the server log and give it an extension of the current date and time.

proc roll_server_log {serverlog rollfmt} {
    ns_log Notice "logroll.tcl: About to roll server log."
    ns_logroll
    set date [clock format [clock seconds] -format $rollfmt]
    if {[file exists "$serverlog.000"]} {
	file rename "$serverlog.000" "$serverlog.$date"
	ns_log Notice "logroll.tcl: Just rolled server log into $serverlog.$date"
    } else {
	ns_log Warning "logroll.tcl: Just rolled server log but couldn't move it to $serverlog.$date"
    }
}

# Create argument list

set args [list]

# Find out where the log is stored.

lappend args [ns_config "ns/parameters" ServerLog]

# Roll the log when the access log is being rolled.

set rollday [ns_config "ns/server/[ns_info server]/module/nslog" RollDay]
set rollhour [ns_config -int "ns/server/[ns_info server]/module/nslog" RollHour]
set rollminute 0

# Use the same roll format as the access log.

lappend args [ns_config "ns/server/[ns_info server]/module/nslog" RollFmt]

if {$rollday == "*"} {

    # Schedule "roll_server_log" to run at the desired time

    ns_schedule_daily $rollhour $rollminute roll_server_log $args
} else {

    # Schedule "roll_server_log" to run only on RollDay days.

    ns_schedule_weekly $rollday $rollhour $rollminute roll_server_log $args
}

Place this file in /web/'yourserver'/tcl directory, follow the directions in the header and restart the server. Et voila!

/Bart

Randy,

please do post an example setup for package specific log files using multilog.

/Bart

added log-rolling to the to-do list for docs - I can just add it to the default config.tcl file, right?

Joel, you're on the right track but it's not quite that simple.

First, here's all the stuff I have in my AOLserver config.tcl related to both the server and access logs. You may want to change some of the settings for the OpenACS default config.tcl (I'm not sure), but you should at least look at what all of these do:

ns_section ns/parameters 
 
  ns_param serverlog $error_log_full_filename($which) 
  # Number of days to keep old error logs around: 
  ns_param maxbackup 7 
 
ns_section ns/server/$server_name/module/nslog 
 
  ns_param File $access_log_full_filename 
  # Number of days to keep old access logs around: 
  ns_param maxbackup 7 
 
  ns_param EnableHostnameLookup Off 
  ns_param LogRefer Off 
  ns_param LogUserAgent Off 
  ns_param maxbackup 7 
  ns_param RollDay * 
  ns_param RollFmt %Y-%m-%d-%H:%M 
  ns_param RollHour 0 
  ns_param RollOnSignal On 
  ns_param RollLog On 
  ns_param ExtendedHeaders X-User-Tracking 

The settings above will take care of rolling the access log without doing anything else. But to roll the server log, you need to schedule ns_logroll (usually once per night at midnight) to roll the log. See my old Jan. 18 2003 definition of my dtk_roll_server_log proc above.

I think using a simple helper proc like that is a bit nicer than scheduling ns_logroll directly, because it writes a notice to the log before and after telling you what's going on. So you just need a proc like that (probably named "ad_roll_server_log"), and the call to ad_schedule_proc.

Hm, I don't see anywhere better to put it, so, ad_roll_server_log should probably just go into packages/acs-tcl/tcl/utilities-proc.tcl, and the call to ad_schedule_proc should go into the matching utilities-init.tcl file.

Once that's all done... then the only thing to put into the docs is pointers to those places, and telling people how to change it in case they need to.