[ClusterLabs] Apache doesn't start under corosync with systemd
Ken Gaillot
kgaillot at redhat.com
Thu Oct 17 13:14:31 EDT 2019
On Wed, 2019-10-16 at 13:33 +0000, Reynolds, John F - San Mateo, CA -
Contractor wrote:
> > <From: Ken Gaillot [mailto:kgaillot at redhat.com]
> > Sent: Monday, October 14, 2019 12:02 PM
> >
> > If you have SELinux enabled, check for denials. The cluster
> > processes have a different SELinux context than systemd, so
> > policies might not be set up correctly.
> > --
> > Ken Gaillot <kgaillot at redhat.com>
>
> Alas, SELinux is not in use.
>
>
> I am thinking that the apache OCF module is not starting up apache
> with the modules that it needs.
>
> Again, startup with 'systemctl start apache' brings up the http
> daemons, so we know that the Apache configuration is clean.
>
> But if I enable trace and run the ocf script by hand:
>
> export OCF_TRACE_RA=1
> /usr/lib/ocf/resource.d/heartbeat/apache start ; echo $?
>
> Part of the output is Apache syntax errors that aren't flagged in the
> regular startup:
>
> + 14:57:10: ocf_run:443: ocf_log err 'AH00526: Syntax error on line
> 22 of /etc/apache2/vhosts.d/aqvslookup.conf: Invalid command
> '\''Order'\'', perhaps misspelled or defined by a module not included
> in the server configuration '
>
> The 'Allow' and ' AuthLDAPURL' commands are also flagged as invalid.
>
> The /etc/sysconfig/apache2 module parameter includes the relevant
> modules:
>
> APACHE_MODULES="actions alias auth_basic authn_file authz_host
> authz_groupfile authz_core authz_user autoindex cgi dir env expires
> include log_config mime negotiation setenvif ssl socache_shmcb
> userdir reqtimeout authn_core php5 rewrite ldap authnz_ldap status
> access_compat"
>
>
> Why are they invoked properly from systemctl but not from ocf?
>
> John Reynolds
OCF doesn't know anything about /etc/sysconfig; anything there will
have to specified in the actual apache configuration.
Alternatively, pacemaker can manage apache via systemd (using
"systemd:httpd" as the agent instead of "ocf:heartbeat:apache"). But in
that case the monitor will just check whether the process is running
rather than check the status URL.
--
Ken Gaillot <kgaillot at redhat.com>
More information about the Users
mailing list