Monit configuration for php-fpm - monit

I'm struggling to find a monit config for php-fpm that works.
This is what I've tried:
### Monitoring php-fpm: the parent process.
check process php-fpm with pidfile /var/run/php-fpm/php-fpm.pid
group phpcgi # phpcgi group
start program = "/etc/init.d/php-fpm start"
stop program = "/etc/init.d/php-fpm stop"
## Test the UNIX socket. Restart if down.
if failed unixsocket /var/run/php-fpm.sock then restart
## If the restarts attempts fail then alert.
if 3 restarts within 5 cycles then timeout
But it fails because there is no php-fpm.sock (Centos 6)

For anyone else with this problem on Centos 6, the php-fpm socket is in /var/run/php-fpm/php-fpm.sock
Hence final config would be like so:
check process php-fpm with pidfile /var/run/php-fpm/php-fpm.pid
group phpcgi #change accordingly
start program = "/etc/init.d/php-fpm start"
stop program = "/etc/init.d/php-fpm stop"
if failed unixsocket /var/run/php-fpm/php-fpm.sock then restart
if 3 restarts within 5 cycles then timeout

Instead of:
if failed unixsocket /var/run/php-fpm.sock then restart
you may try:
if failed port 9000 type TCP then restart
It does not require editing lighttpd/nginx config as in the location /ping case.
My /etc/monit/conf.d/php-fpm.conf on Ubuntu looks like this:
check process php-fpm with pidfile /var/run/php5-fpm.pid
stop program = "/sbin/start-stop-daemon --stop --pidfile /var/run/php5-fpm.pid"
start program = "/sbin/start-stop-daemon --start --pidfile /var/run/php5-fpm.pid --exec /usr/sbin/php5-fpm"
if failed port 9000 type TCP then restart

I´m using the ping.path directive in php-fpm to check if it´s working...
and configured it on nginx.conf (i down´t know if it´s your setup)
location /ping {
access_log off;
allow 127.0.0.1;
deny all;
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;
include fastcgi_params;
}

Here is a way of checking php-fpm via a TCP connection (which is more reliable than a simple .pid):
# Empty FastCGI request
if failed port 8101
# Send FastCGI packet: version 1 (0x01), cmd FCGI_GET_VALUES (0x09)
# padding 8 bytes (0x08), followed by 8xNULLs padding
send "\0x01\0x09\0x00\0x00\0x00\0x00\0x08\0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00"
# Expect FastCGI packet: version 1 (0x01), resp FCGI_GET_VALUES_RESULT (0x0A)
expect "\0x01\0x0A"
timeout 5 seconds
then restart
Source: http://richard.wallman.org.uk/2010/03/monitor-a-fastcgi-server-using-monit/

This is work for me
check process php5-fpm with pidfile /var/run/php5-fpm.pid
start program = "/usr/sbin/service php5-fpm start" with timeout 60 seconds
stop program = "/usr/sbin/service php5-fpm stop"
if cpu > 60% for 2 cycles then alert
if cpu > 90% for 5 cycles then restart
if 3 restarts within 5 cycles then timeout
group server

This is on my debian 7 running nginx and php5-fpm;
check process php5-fpm with pidfile /var/run/php5-fpm.pid
group php #change accordingly
start program = "/etc/init.d/php5-fpm start"
stop program = "/etc/init.d/php5-fpm stop"
if failed unixsocket /tmp/php-fpm.sock then restart
if 3 restarts within 5 cycles then timeout

Related

nginx is started but not found service on ubuntu

I try to restart the apache service on ubuntu 16.04 but i can not because the port '80' is listened to by nginx.
But when I try to stop nginx, the service is not found.
netstat -ltnp | grep ':80'
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6069/nginx
systemctl status nginx
● nginx.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
service nginx stop
Failed to stop nginx.service: Unit nginx.service not loaded.
So how can I stop nginx in order to restart apache ?
Thanks for your help
nginx on your machine was started in other way then systemd standard nginx service.
alex#openresty:~$ ps aux | grep nginx
root 2668 0.0 0.0 41040 928 ? Ss 12:33 0:00 nginx: master process /usr/local/openresty/bin/openresty -p /usr/local/openresty/nginx/
nobody 2669 0.0 0.0 41040 3316 ? S 12:33 0:00 nginx: worker process
Will show you the full path of running nginx with command line arguments. Here is example from my PC (I use Openresty bundle so your paths may vary).
Now take a look at nginx master process command line parameters. If -p is present you should use exactly the same to stop nginx. For my case it should be:
/usr/local/openresty/bin/openresty -p /usr/local/openresty/nginx/ -s stop
If -p is missed you may just
/usr/local/openresty/bin/openresty -s stop
It would stop nginx, but it may be possible that on your PC nginx is configured to run as not standard service, for example hand written systemd unit.
So on every reboot you will have nginx running again.

Monit EXEC not working when monitored process dies

using Monit 5.15 on FreeBSD 10.2:
set daemon 5
set logfile syslog
set pidfile /var/run/monit.pid
set idfile /var/.monit.id
set statefile /var/.monit.state
set alert x#y.z
set mailserver localhost
set httpd port 2812 and
use address 192.168.40.72
allow 192.168.20.0/24
allow admin:monit
check process haproxy with pidfile /var/run/haproxy.pid
if failed host 192.168.40.72 port 9090 type tcp
then exec "/bin/sh -c '/bin/echo `/bin/date` >> /tmp/monit.test'"
When i run monit with -vI and i kill haproxy, i have the following output:
Adding net allow '192.168.20.0/24'
Adding credentials for user 'admin'
Runtime constants:
Control file = /usr/local/etc/monitrc
Log file = syslog
Pid file = /var/run/monit.pid
Id file = /var/.monit.id
State file = /var/.monit.state
Debug = True
Log = True
Use syslog = True
Is Daemon = True
Use process engine = True
Poll time = 5 seconds with start delay 0 seconds
Expect buffer = 256 bytes
Mail server(s) = localhost:25 with timeout 30 seconds
Mail from = (not defined)
Mail subject = (not defined)
Mail message = (not defined)
Start monit httpd = True
httpd bind address = 192.168.40.72
httpd portnumber = 2812
httpd ssl = Disabled
httpd signature = Enabled
httpd auth. style = Basic Authentication and Host/Net allow list
Alert mail to = root#localhost
Alert on = All events
The service list contains the following entries:
Process Name = haproxy
Pid file = /var/run/haproxy.pid
Monitoring mode = active
Existence = if does not exist then restart
Port = if failed [192.168.40.72]:9090 type TCP/IP protocol DEFAULT with timeout 5 seconds then exec '/bin/sh -c /bin/echo `/bin/date` >> /tmp/monit.test'
System Name = appsrv01
Monitoring mode = active
-------------------------------------------------------------------------------
pidfile '/var/run/monit.pid' does not exist
Starting Monit 5.15 daemon with http interface at [192.168.40.72]:2812
Starting Monit HTTP server at [192.168.40.72]:2812
Monit HTTP server started
'appsrv01' Monit 5.15 started
Sending Monit instance changed notification to root#localhost
'haproxy' process is running with pid 42999
'haproxy' zombie check succeeded
'haproxy' succeeded testing protocol [DEFAULT] at [192.168.40.72]:9090 [TCP/IP]
'haproxy' connection succeeded to [192.168.40.72]:9090 [TCP/IP]
'haproxy' process is running with pid 42999
'haproxy' zombie check succeeded
'haproxy' succeeded testing protocol [DEFAULT] at [192.168.40.72]:9090 [TCP/IP]
'haproxy' connection succeeded to [192.168.40.72]:9090 [TCP/IP]
'haproxy' process is running with pid 42999
'haproxy' zombie check succeeded
'haproxy' succeeded testing protocol [DEFAULT] at [192.168.40.72]:9090 [TCP/IP]
'haproxy' connection succeeded to [192.168.40.72]:9090 [TCP/IP]
'haproxy' process test failed [pid=42999] -- No such process
'haproxy' process is not running
Sending Does not exist notification to root#localhost
'haproxy' trying to restart
'haproxy' stop skipped -- method not defined
'haproxy' start method not defined
'haproxy' monitoring enabled
'haproxy' process test failed [pid=42999] -- No such process
'haproxy' process is not running
'haproxy' trying to restart
'haproxy' stop skipped -- method not defined
'haproxy' start method not defined
'haproxy' monitoring enabled
^CShutting down Monit HTTP server
Monit HTTP server stopped
Monit daemon with pid [48685] stopped
'appsrv01' Monit 5.15 stopped
Sending Monit instance changed notification to root#localhost
The EXEC Line never gets executed, i dont see any new lines in /tmp/monit.test
If i change the checked Port from 9090 to some invalid port, lets say 9190 and start monit (haproxy is running !), i see:
Starting Monit 5.15 daemon with http interface at [192.168.40.72]:2812
Starting Monit HTTP server at [192.168.40.72]:2812
Monit HTTP server started
'appsrv01' Monit 5.15 started
Sending Monit instance changed notification to root#localhost
'haproxy' process is running with pid 50703
'haproxy' zombie check succeeded
Socket test failed for [192.168.40.72]:9190 -- Connection refused
'haproxy' failed protocol test [DEFAULT] at [192.168.40.72]:9190 [TCP/IP] -- Connection refused
Sending Connection failed notification to root#localhost
'haproxy' exec: /bin/sh
'haproxy' process is running with pid 50703
'haproxy' zombie check succeeded
Socket test failed for [192.168.40.72]:9190 -- Connection refused
'haproxy' failed protocol test [DEFAULT] at [192.168.40.72]:9190 [TCP/IP] -- Connection refused
'haproxy' exec: /bin/sh
Why does the EXEC Line works here but not when i kill -9 haproxy ?
What i'm trying to do is get monit to run the exec in case of a haproxy failure. the exec line will then contain a command to switch the CARP IP to another host.
haproxy itself is monitored using zabbix, so the NOC can investigate the cause of the failure later.
When you kill -9 haproxy you're killing the daemon. So when monit performs this "check process" block, it's detecting that the process isn't there and restarting the process. It doesn't perform the check on that port because it sees the process isn't there.
It works when you give it an invalid port because the process is still alive. When it performs the port check it will fail that and run the script.
You should add an additional line to this check block that says
check process haproxy with pidfile /var/run/haproxy.pid
if failed host 192.168.40.72 port 9090 type tcp
then exec "/bin/sh -c '/bin/echo `/bin/date` >> /tmp/monit.test'"
if restarted then exec "/bin/sh -c '/bin/echo `/bin/date` >>/tmp/monit.test'"
This should run the shell commands on both a restart AND a failed host.

how to solve Apache Error i already changes the ports but couldn't what the Error is?

03:32:35[Apache]Problem detected!
03:32:35[Apache]Port 80 in use by "Unable to open process" with PID 4!
03:32:35[Apache]Apache WILL NOT start without the configured ports free!
03:32:35[Apache]You need to uninstall/disable/reconfigure the blocking application
03:32:35[Apache]or reconfigure Apache and the Control Panel to listen on a different port
03:32:35[Apache]Attempting to start Apache app...
03:32:35[Apache]Status change detected: running
As log said, Port 80 is already used by another process
to check wich process use port :
WINDOWS: netstat -a -b
LINUX : sudo netstat -tulpn (must run with root)
To change the port of Apache, you have to modify this file:
APACHE_INSTALLATION_PATH/conf/httpd.conf and change this configuration Listen 80 to the port you want to use, example : Listen 8085
N.B: in your browser you must type this url http://www.mywebsite.com:8085 instead of http://www.mywebsite.com ( == http://www.mywebsite.com:80)
You must restart your apache server
I think that skype is using port 80, but i'm not sure

Bash Script: Wait for apache2 graceful-stop

On Ubuntu 12.04 server, I have a bash script to gracefully stop my apache2 server, removing the content of /var/www, unzipping the new content and the start the apache again. (Everything is executed as root)
echo "Test";
cd /var;
service apache2 graceful-stop;
rm -R www/ && echo "Flush...";
unzip transfer.zip > /dev/null && echo "Flushed.";
service apache2 start;
The error I get is when apache starts again:
Test
Flush...
Flushed.
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
Action 'start' failed.
The Apache error log may have more information.
So the script doesn't wait for apache to stop.
Here what I tried so far:
I tried to wait with wait (Same error.)
service apache2 graceful-stop;
wait $!;
I tried to get the PID of apache and wait for this one (Same error)
pid=$(cat /var/run/apache2.pid)
apache2ctl graceful-stop;
wait $pid;
I tried to use apache2ctl graceful-stop instead of service apache2 graceful-stop (Same error)
What am I missing? When I use service apache2 stop, everything works fine:
* Stopping web server apache2
... waiting [ OK ]
Flush...
Flushed.
* Starting web server apache2 [ OK ]
Thanks
Edit
Here the output with the exit code of wait:
* Stopping web server apache2 [ OK ]
0
Flush...
Flushed.
* Starting web server apache2
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
Action 'start' failed.
The Apache error log may have more information.
[fail]
It seems that Apache itself recommends waiting a couple of seconds between restarts:
http://wiki.apache.org/httpd/CouldNotBindToAddress
It is actually relatively common that releasing and binding to a port is not immediate. It may take some time (up to several minutes) for the kernel to free up the closed socket. It is called Linger Time. It is also briefly discussed by some Apache documentation, see http://httpd.apache.org/docs/2.2/misc/perf-tuning.html search for "Lingering Close".
There is a very detailed answer about the issue to this question: Socket options SO_REUSEADDR and SO_REUSEPORT, how do they differ? Do they mean the same across all major operating systems?

Monit on CentOS causes httpd.pid not to be created

The solution was to replace this line:
check process apache with pidfile /var/run/httpd.pid
With this line:
check process httpd with pidfile /var/run/httpd/httpd.pid
And I also removed the 'group apache'.
Original post:
After installing Monit on CentOS, and setting an alert for the Apache (httpd) service, the service no longer creates the /var/run/httpd.pid file.
The httpd service IS running properly.
On top of it, as if that's not enough, Monit reports the status of the service as: Execution failed
Naturally, the only way to restart such a service is by killing it, since the 'restart' script doesn't see any running process.
These are the contents of the /etc/monit.d/monitrc file:
set daemon 10
set logfile syslog facility log_daemon
set mailserver localhost
set mail-format { from: me#server.com }
set alert bugs#server.com
set httpd port 2812 and
# SSL ENABLE
# PEMFILE /var/certs/monit.pem
allow user:password
check process apache with pidfile /var/run/httpd.pid
group apache
start program = "/etc/init.d/httpd start"
stop program = "/etc/init.d/httpd stop"
if cpu is greater than 180% for 1 cycles then alert
if totalmem > 1200 MB for 2 cycles then restart
if children > 250 then restart
check process sshd with pidfile /var/run/sshd.pid
start program "/etc/init.d/sshd start"
stop program "/etc/init.d/sshd stop"
if failed port 22 protocol ssh for 5 cycles then restart
if 5 restarts within 25 cycles then timeout
Output of "service httpd restart":
Stopping httpd: [FAILED]
Starting httpd: (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
[FAILED]
Any help will be greatly appreciated.
Try to replace stop program with /usr/sbin/httpd -k stop. It work for me.
I had the same problem but /usr/sbin/httpd -k stop didn't seem to help since this still tries to look up the process id from the pid file.
I opted for stop program = "/usr/bin/killall httpd". I don't think this is very elegant (probably kills open requests) but it was the only way I could find to restart apache and have the pid file recreated by monit.
I think that monit is doing a restart as 'stop; start' and is not waiting for 'stop' to finish before starting a new process, and thus is deleting the pid file at an inappropriate time. At least, that's my conclusion after tinkering with all this.
I found a reference to someone who fixed this issue by making monit sleep after the 'stop' statement.
Personally, I found that replacing 'restart' with 'start' when the http server is down worked just fine.