Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1099811
Description of problem: Apache crashes when installing 6.5 master+replica and 5.11 Client. In discussing with Rob and team, it was decided to remove extra restart Version-Release number of selected component (if applicable): ipa-server-3.0.0-37.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Used beaker to install the environment using quickinstall for QE tests Actual results: Crash is detetcted Expected results: No crash Additional info: Email from Rob: I found this in /var/log/messages May 19 09:13:34 pogolinux-01 setsebool: The httpd_can_network_connect policy boolean was changed to on by root May 19 09:13:34 pogolinux-01 setsebool: The httpd_manage_ipa policy boolean was changed to on by root May 19 09:13:35 pogolinux-01 kernel: httpd[19488]: segfault at 30 ip 00007f333682a7c7 sp 00007fffe606d050 error 4 in libapr-1.so.0.3.9[7f3336816000+2b000] May 19 09:13:35 pogolinux-01 kernel: httpd[19489]: segfault at 30 ip 00007f333682a7c7 sp 00007fffe606f6d0 error 4 in libapr-1.so.0.3.9[7f3336816000+2b000] May 19 09:13:35 pogolinux-01 kernel: May 19 09:13:35 pogolinux-01 abrt[19523]: Not saving repeating crash in '/usr/sbin/httpd' May 19 09:13:36 pogolinux-01 abrt[19524]: Saved core dump of pid 19488 (/usr/sbin/httpd) to /var/spool/abrt/ccpp-2014-05-19-09:13:35-19488 (73166848 bytes) May 19 09:13:36 pogolinux-01 abrtd: Directory 'ccpp-2014-05-19-09:13:35-19488' creation detected My initial thought was that Apache was restarted in the middle of initialization. Based on the core it looked like it blew up on a python import. The ipareplica-install.log doesn't confirm this though. We restart the server after configuring SELinux and that is what is failing. Fortunately we restart it again a few steps later and that is fine which is why the install is successful. While I wonder why it is blowing up, it may mean we can drop an HTTP restart and save a few seconds.
This is addressed by mod_wsgi 3.4
The issue is that we are starting and then restarting Apache in the same second. As originally proposed, the restarts of Apache need to be re-evaluated in httpinstance.py.
FreeIPA 4.0.1 was released, moving to next bugfixing release milestone.
In FreeIPA 4.0 code base, I see only 2 restarts in ipaserver-install.log:
ipaserver-install.log
# grep systemctl /var/log/ipaserver-install.log | grep httpd.service 2014-08-29T07:16:06Z DEBUG args='/bin/systemctl' 'is-active' 'httpd.service' 2014-08-29T07:16:06Z DEBUG args='/bin/systemctl' 'restart' 'httpd.service' 2014-08-29T07:16:07Z DEBUG args='/bin/systemctl' 'is-active' 'httpd.service' 2014-08-29T07:16:07Z DEBUG args='/bin/systemctl' 'is-active' 'httpd.service' 2014-08-29T07:16:07Z DEBUG args='/bin/systemctl' 'disable' 'httpd.service' 2014-08-29T07:17:45Z DEBUG args='/bin/systemctl' 'restart' 'httpd.service' 2014-08-29T07:17:47Z DEBUG args='/bin/systemctl' 'is-active' 'httpd.service'
One is in the end of httpinstance.py and one in the end of the installation. None was done within the same second. This is IMO correct. So if I do not miss anything, I think we can safely close the ticket.
httpinstance.py
I checked again, ipa-replica-install indeed does one more httpd restart compared to ipa-server-install:
if CA: CA.configure_certmonger_renewal() CA.import_ra_cert(dir + "/ra.p12") CA.fix_ra_perms() services.knownservices.httpd.restart()
Honza, is this required? If yes, we should just close this ticket as worksforme. If no, we should remove the extra restart.
ipa-replica-install works fine for me without this particular restart, so I guess it can be removed.
I rather meant if you this would not crash cert renewal as there are CA related commands previously. BTW the httpd restart was added in 8d16456, so it is rather old.
Given that Apache is restarted in the end again, I also do not think this restart is necessary. David, can you please remove this line? :-)
attachment freeipa-dkupka-0013-Do-not-restart-apache-server-when-not-necessary.patch
master:
ipa-4-1:
ipa-4-0:
Metadata Update from @mkosek: - Issue assigned to dkupka - Issue set to the milestone: FreeIPA 4.0.2
Login to comment on this ticket.