From eb690305eefb3603d27479cae7c3856c68a55141 Mon Sep 17 00:00:00 2001 From: Nikolay Petukhov Date: Tue, 15 Nov 2022 17:20:51 +0100 Subject: [PATCH] TCR-107: Added error section for mod_hostinglimits --- docs/cloudlinux_os_components/README.md | 34 +++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/docs/cloudlinux_os_components/README.md b/docs/cloudlinux_os_components/README.md index 8c9de3e65..c0f16ce65 100644 --- a/docs/cloudlinux_os_components/README.md +++ b/docs/cloudlinux_os_components/README.md @@ -7776,6 +7776,7 @@ Directives which can be used by Apache with ITK +#### **Errors** + +**mod_hostinglimits** can report errors via logging. This section lists all possible errors reported in mod_hostinglimits error messages. +* **MHL-EPERM** In most cases, this error means that Apache is running inside single LVE. +This is an error condition that should be resolve as soon as possible. +This happens if you have have pam_lve or CageFS enabled, and user who restarted Apache last time around logged in as regular user (and got into LVE due to pam_lve), then su or sudo to root. If user restarts Apache after that, Apache will run inside that's user LVE. +To solve that issue, login as root directly, and restart Apache web server. +If sshd server was restarted before by same user -- it will run inside LVE as well, so you would have to restart it via console or by setting up a cron job. Rebooting server should also restart SSH & Apache outside of LVE. +To make sure that the issue doesn't happen again, make sure that user ids of users that have sudo and su priviledges are bellow 500 (or the number specified as minimum uid in /etc/pam.d/sshd for pam_lve) + +* **MHL-E2BIG** This error will report itself to end user as 508 error, "Resource Limit Reached". This happens due to customer hitting entry processes limit. Entry processes limit restricts the number of concurrent connections to dynamic (php & cgi) scripts for the customer. Otherwise, one site could use up all Apache slots, and cause all the sites to go down. +You can diagnose the issue by running: +``` +# lveinfo --period=1d --by-fault=mep --display-username +``` +You can also monitor the user by running: +``` +# lvetop +``` +You can always increase entry processes limit by running: +``` +# lvectl set USER_ID -–maxEntryProcs NEW_LIMIT save +``` +If you also see that user is hitting CPU limit at the same time at the same time as entry processes limit, raising just entry processes limit will not help.User is using too much resources, and you should either increase both, CPU and entry process limits, or user should optimize their script, or user should be upgraded to VPS or something similar. +Be careful adjusting entry processes limit, as it can adversely affect overall system stability. + +* **MHL-ENOMEM** This is an internal error in kmod-lve that occurs when memory cannot be allocated for a new lve +* **MHL-EFAULT** This is an internal error in kmod-lve that occurs when data cannot be transferred between the user and the kernel +* **MHL-EINVAL** This is an internal error in kmod-lve that occurs when a function lve_enter is called with invalid parameters +* **MHL-EBUSY** This is an internal error in kmod-lve that occurs when OS resources cannot be allocated +* **MHL-ENOSPC** This is an internal error in kmod-lve that occurs when there is no free memory for a new lve +* **MHL-ENOENT** This is an internal error in kmod-lve that occurs when OS resources cannot be initialized + #### **Additional notes** **mod_hostinglimits** (since version 1.0-22) supports `min-uid - cagefsctl --set-min-uid=600`.