Isn’t it always the case, a drought then a couple of interesting pieces of work come along at the same time!
Following an urgent requirement to load balance 2 unstable app servers (not my doing, I should add!).
I started configuring a Mod Proxy version of Apache, which took no time at all in fact.
However I then used my sandpit server to try and test controlling it using Solaris SMF.
Note to self: Check already half configured SMF services prior to installing new ones!
I inadvertently attempted to install an additional instance of an already defined http service, without realising that’s what I had done.
NB, take a step away and re-think the problem…just disconvered teapigs Darjeeling earl grey – fantastic!
Subsequently ended up with an apche instance running and I couldn’t figure out why?
Turns out, I’d removed the service definition before the application was shutdown and subsequently couldn’t use SMF commands to control the application or kill it as the already installed service was restarting the http daemon!
Yes you’ve guessed it….re install the previous SMF service and then stop the application, make sure its all stopped, then delete the service:
svccfg -v import ApacheModJK.xml
svcadm disable ApacheModJK
ps -ef|grep httpd
svccfg delete ApacheModJK
While all this was going on I was trying to configure the installer and test the deployment.
So while I was executing the SMF method directly to start and stop the http daemon it worked fine, however as soon as I try to run the SMF command to enable/disable the service it was a no go?
I wa getting the following:
[ Aug 4 11:03:59 Executing start method (“/opt/apache/httpd-2.2.4/bin/Apache.ksh start”) ]
svc.startd could not set context for method: chdir: No such file or directory
[ Aug 4 11:03:59 Method “start” exited with status 96 ]
I had also configured RBAC to enable the service to be started/stopped as a different user, however I was testing starting and stopping the SMF method directly as superuser, however as soon as i tried to use the SMF service commands it was a no go?
Its during these times of need that google is your friend!
I came accross the following as one of the first posts:
Which didn’t solve the problem but it certainly pointed me in the correct direction.
I hadn’t actually su’d to that user, DOH! When I did, I discovered the error….no home directory. Bloody school boy error 🙁
So the answer lies in two stages, creating the RBAC privileges required:
grep webservd /etc/user_attr
webservd::::type=normal;auths=solaris.smf.manage.site/apache
grep apache /etc/security/auth_attr
solaris.smf.manage.site/apache:::Apache restart authority::
And the Solaris manifest file used to configure SMF which lists the roles required to control apache as user ‘webservd’ (which nee dto be preconfigured in RBAC files:
SMF user guide here…
-
-
<?xml version="1.0"?>
-
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
-
<!–
-
Copyright 2006 Sun Microsystems, Inc. All rights reserved.
-
Use is subject to license terms.
-
-
ident "@(#)http-apache2.xml 1.3 06/03/27 SMI"
-
–>
-
-
<service_bundle type=‘manifest’ name=‘ApacheProxy:apache’>
-
-
<service
-
name=‘site/http’
-
type=‘service’
-
version=‘1’>
-
-
<!–
-
Because we may have multiple instances of network/http
-
provided by different implementations, we keep dependencies
-
and methods within the instance.
-
–>
-
-
<instance name=‘ApacheProxy’ enabled=‘false’>
-
<!–
-
Wait for network interfaces to be initialized.
-
–>
-
<dependency name=‘network’
-
grouping=‘require_all’
-
restart_on=‘error’
-
type=‘service’>
-
<service_fmri value=‘svc:/milestone/network:default’/>
-
</dependency>
-
-
<!–
-
Wait for all local filesystems to be mounted.
-
–>
-
<dependency name=‘filesystem-local’
-
grouping=‘require_all’
-
restart_on=‘none’
-
type=‘service’>
-
<service_fmri
-
value=‘svc:/system/filesystem/local:default’/>
-
</dependency>
-
-
<!–
-
Wait for automounting to be available, as we may be
-
serving data from home directories or other remote
-
filesystems.
-
–>
-
<dependency name=‘autofs’
-
grouping=‘optional_all’
-
restart_on=‘error’
-
type=‘service’>
-
<service_fmri
-
value=‘svc:/system/filesystem/autofs:default’/>
-
</dependency>
-
-
<exec_method
-
type=‘method’
-
name=‘start’
-
exec=‘/opt/apache/httpd-2.2.4/bin/Apache.ksh start’
-
timeout_seconds=’60’ >
-
<method_context>
-
<method_credential
-
user="webservd"
-
group="webservd"
-
privileges="basic,net_privaddr" />
-
</method_context>
-
</exec_method>
-
-
<exec_method
-
type=‘method’
-
name=‘stop’
-
exec=‘/opt/apache/httpd-2.2.4/bin/Apache.ksh stop’
-
timeout_seconds=’60’ />
-
-
<exec_method
-
type=‘method’
-
name=‘refresh’
-
exec=‘/opt/apache/httpd-2.2.4/bin/Apache.ksh refresh’
-
timeout_seconds=’60’ >
-
<method_context>
-
<method_credential
-
user="webservd"
-
group="webservd"
-
privileges="basic,net_privaddr" />
-
</method_context>
-
</exec_method>
-
-
<property_group name=‘start’ type=‘method’>
-
<propval
-
name=‘action_authorization’
-
type=‘astring’
-
value=‘solaris.smf.manage.site/apache’ />
-
<propval
-
name=‘modify_authorization’
-
type=‘astring’
-
value=‘solaris.smf.manage.site/apache’ />
-
<propval
-
name=‘value_authorization’
-
type=‘astring’
-
value=‘solaris.smf.manage.site/apache’ />
-
</property_group>
-
-
<property_group name=‘stop’ type=‘method’>
-
<propval
-
name=‘action_authorization’
-
type=‘astring’
-
value=‘solaris.smf.manage.site/apache’ />
-
<propval
-
name=‘modify_authorization’
-
type=‘astring’
-
value=‘solaris.smf.manage.site/apache’ />
-
<propval
-
name=‘value_authorization’
-
type=‘astring’
-
value=‘solaris.smf.manage.site/apache’ />
-
</property_group>
-
-
<property_group name=‘restart’ type=‘method’>
-
<propval
-
name=‘action_authorization’
-
type=‘astring’
-
value=‘solaris.smf.manage.site/apache’ />
-
<propval
-
name=‘modify_authorization’
-
type=‘astring’
-
value=‘solaris.smf.manage.site/apache’ />
-
<propval
-
name=‘value_authorization’
-
type=‘astring’
-
value=‘solaris.smf.manage.site/apache’ />
-
</property_group>
-
-
<property_group name=‘general’ type=‘framework’>
-
<propval
-
name=‘action_authorization’
-
type=‘astring’
-
value=‘solaris.smf.manage.site/apache’ />
-
<propval
-
name=‘modify_authorization’
-
type=‘astring’
-
value=‘solaris.smf.manage.site/apache’ />
-
<propval
-
name=‘value_authorization’
-
type=‘astring’
-
value=‘solaris.smf.manage.site/apache’ />
-
</property_group>
-
-
-
-
<property_group name=‘httpd’ type=‘application’>
-
<stability value=‘Evolving’ />
-
<propval name=‘ssl’ type=‘boolean’ value=‘false’ />
-
</property_group>
-
-
<property_group name=‘startd’ type=‘framework’>
-
<!– sub-process core dumps shouldn’t restart
-
session –>
-
<propval name=‘ignore_error’ type=‘astring’
-
value=‘core,signal’ />
-
</property_group>
-
-
</instance>
-
-
<stability value=‘Evolving’ />
-
-
<template>
-
<common_name>
-
<loctext xml:lang=‘C’>
-
Apache 2.2.4 HTTP server with Mod Proxy
-
</loctext>
-
</common_name>
-
<documentation>
-
<manpage title=‘httpd’ section=‘8’
-
manpath=‘/opt/apache/httpd-2.2.4/man’ />
-
<doc_link name=‘apache.org’
-
uri=‘http://httpd.apache.org’ />
-
</documentation>
-
</template>
-
</service>
-
-
</service_bundle>
-
-