#4352 Apache crashes when replica is restarted when installing
Closed: Fixed None Opened 9 years ago by mkosek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1099811

Description of problem:
Apache crashes when installing 6.5 master+replica and 5.11 Client.

In discussing with Rob and team, it was decided to remove extra restart

Version-Release number of selected component (if applicable):
ipa-server-3.0.0-37.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. Used beaker to install the environment using quickinstall for QE tests


Actual results:
Crash is detetcted


Expected results:
No crash


Additional info:
Email from Rob:

I found this in /var/log/messages

May 19 09:13:34 pogolinux-01 setsebool: The httpd_can_network_connect
policy boolean was changed to on by root
May 19 09:13:34 pogolinux-01 setsebool: The httpd_manage_ipa policy
boolean was changed to on by root
May 19 09:13:35 pogolinux-01 kernel: httpd[19488]: segfault at 30 ip
00007f333682a7c7 sp 00007fffe606d050 error 4 in
libapr-1.so.0.3.9[7f3336816000+2b000]
May 19 09:13:35 pogolinux-01 kernel: httpd[19489]: segfault at 30 ip
00007f333682a7c7 sp 00007fffe606f6d0 error 4 in
libapr-1.so.0.3.9[7f3336816000+2b000]
May 19 09:13:35 pogolinux-01 kernel:
May 19 09:13:35 pogolinux-01 abrt[19523]: Not saving repeating crash in
'/usr/sbin/httpd'
May 19 09:13:36 pogolinux-01 abrt[19524]: Saved core dump of pid 19488
(/usr/sbin/httpd) to /var/spool/abrt/ccpp-2014-05-19-09:13:35-19488
(73166848 bytes)
May 19 09:13:36 pogolinux-01 abrtd: Directory
'ccpp-2014-05-19-09:13:35-19488' creation detected

My initial thought was that Apache was restarted in the middle of
initialization. Based on the core it looked like it blew up on a python
import. The ipareplica-install.log doesn't confirm this though. We
restart the server after configuring SELinux and that is what is
failing. Fortunately we restart it again a few steps later and that is
fine which is why the install is successful. While I wonder why it is
blowing up, it may mean we can drop an HTTP restart and save a few seconds.

This is addressed by mod_wsgi 3.4

The issue is that we are starting and then restarting Apache in the same second. As originally proposed, the restarts of Apache need to be re-evaluated in httpinstance.py.

FreeIPA 4.0.1 was released, moving to next bugfixing release milestone.

In FreeIPA 4.0 code base, I see only 2 restarts in ipaserver-install.log:

# grep systemctl /var/log/ipaserver-install.log  | grep httpd.service
2014-08-29T07:16:06Z DEBUG args='/bin/systemctl' 'is-active' 'httpd.service'
2014-08-29T07:16:06Z DEBUG args='/bin/systemctl' 'restart' 'httpd.service'
2014-08-29T07:16:07Z DEBUG args='/bin/systemctl' 'is-active' 'httpd.service'
2014-08-29T07:16:07Z DEBUG args='/bin/systemctl' 'is-active' 'httpd.service'
2014-08-29T07:16:07Z DEBUG args='/bin/systemctl' 'disable' 'httpd.service'
2014-08-29T07:17:45Z DEBUG args='/bin/systemctl' 'restart' 'httpd.service'
2014-08-29T07:17:47Z DEBUG args='/bin/systemctl' 'is-active' 'httpd.service'

One is in the end of httpinstance.py and one in the end of the installation. None was done within the same second. This is IMO correct. So if I do not miss anything, I think we can safely close the ticket.

I checked again, ipa-replica-install indeed does one more httpd restart compared to ipa-server-install:

    if CA:
        CA.configure_certmonger_renewal()
        CA.import_ra_cert(dir + "/ra.p12")
        CA.fix_ra_perms()
        services.knownservices.httpd.restart()

Honza, is this required? If yes, we should just close this ticket as worksforme. If no, we should remove the extra restart.

ipa-replica-install works fine for me without this particular restart, so I guess it can be removed.

I rather meant if you this would not crash cert renewal as there are CA related commands previously. BTW the httpd restart was added in 8d16456, so it is rather old.

Given that Apache is restarted in the end again, I also do not think this restart is necessary. David, can you please remove this line? :-)

master:

  • 4484d4d Do not restart apache server when not necessary.

ipa-4-1:

  • ccc3762 Do not restart apache server when not necessary.

ipa-4-0:

  • cabc9bf Do not restart apache server when not necessary.

Metadata Update from @mkosek:
- Issue assigned to dkupka
- Issue set to the milestone: FreeIPA 4.0.2

7 years ago

Login to comment on this ticket.

Metadata