New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
apache plugin HTTPS - multithread crash on RHES 5.7 #858
Comments
Hi @mfournier I've patched apache.c with (5f2f969 ) , and deployed on test servers waiting to reproduce the crash . The other patch doesn't apply to my environment since we are not loading the network plugin. |
Hi @mfournier , after patch applied and deployed over some servers (with the same software versions but other servers than the previous backtrace )2 things happened.
https://gist.github.com/toni-moreno/5a30930fe7361afefa1b#file-collectd_apache_log
https://gist.github.com/toni-moreno/5a30930fe7361afefa1b#file-collectd-gdb Where crashing is a production servers ( there is no way to reproduce the crash on test and preproduction servers). What to do? |
Hi @mfournier After fixed the apache+openssl bug persist as you can see in the following backtrace.
The patch was only
what to do know? |
Hi @mfournier I'm reviewing how to use libcurl on multithreaded environtment and it seems that is needed a different flag that you are doing
instead of
as you are doing in 5f2f969 a least this is the way shown at http://curl.haxx.se/libcurl/c/multithread.html what do you think about? |
Hi @mfournier after review the curl.h init flags CURL_GLOBAL_ALL and CURL_GLOBAL_SSL seems to be the same. I have found that collectd + plugin apache works ok with HTTP queries and HTTPS when only are collecting data from one HTTPS instance. So it seems to be a HTTP bug in multithreaded environment. so I've opened an issue to the libcurl guys. |
Hi @mfournier the libcurl developer (Daniel Stenberg) answered us about this bug. It seems to be needed that collectd set and use a special and proper OpenSSL mutex callbacks to work in multithread. https://sourceforge.net/p/curl/bugs/1475/ Seems that libcurl + openssl needs a thread setup , like in the next example code. |
Hi @mfournier, cc/ @octo, @tokkee , @pyr After review the new information gave for Daniel Stenberg seems that is needed a only openssl_setup for all openssl multithread comunicacions. I would like to build a patch for this issue but I think the apache_init() is not the best place to do this common initialization. Perhaps there are some other plugin that needs also thi custom ssl init. Perhaps could be interesting a global parameter "EnableMultithreadSSL" in the collectd.conf base add a sslmultithread.c file at src/daemon dir and call the cd_ssl_mthead_init() at:
So the CRYPTO_xxxxx () callbacks will be availables for all plugins. what do you think about this? |
A config parameter does not sound like the right solution to me. Users should not have to worry about this. Would it hurt to call the SSL init function multiple times (i.e. from each affected plugin's init function)? |
@tokkee I agree that users should not have to worry about this. About your question if could be possible to be more than one CRYPTO_xxx callback ( one for each plugin) , I don't know, I reviewed documentation and there is nothing on that question. http://www.openssl.org/docs/crypto/threads.html#DESCRIPTION I can ask Daniel Stenberg but it seems that only one callback is allowed and will be overwritten if you do twice the same initialization. When in doubt , perhaps is better to force this crypto initialization only once. |
@Tokke , another way could be create the sslmultithread.c linked with collectd binary but not initialized and enable each plugin the initialization in its _init() function. The cd_ssl_mthead_init() will do CRYPTO callbacks initialization only on the its first call. what do you think about this way? |
Without having looked into the details, that's exactly what I would have proposed then as well. |
I've deployed recently collectd to read mod_status apache info through collectd apache plugin ( over https protocol).
Collectd was compiled and built directly from 25 May 2014 master brach ( d76d251).
Libcurl (libcurl.so.4.3.0) was also compiled and built from official curl-7.35.0 sources.
System: RHEL 5.7 (Linux 2.6.18-274.el5 #1 SMP Fri Jul 8 17:36:59 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux)
OpenSSL: openssl-0.9.8e-27.el5_10.3
After some days running ok the process suddenly crashes ( core dump shows some kind of error with ssl lib).
Anyone knows what is the origin of the problem? what versions are known to run ok with collectd (5.4.1) + apache plugin (https) + libcurl 7.35 on RHEL 5.7?
The text was updated successfully, but these errors were encountered: