Fedora 23 - SVN 4455 - Restarting Apache2 for fog vhost ... Failed!



  •  * Restarting Apache2 for fog vhost............................Failed!
    

    systemctl restart httpd

    Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
    

    systemctl status httpd

    ● httpd.service - The Apache HTTP Server
       Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
       Active: failed (Result: exit-code) since Mon 2015-11-30 09:39:39 CST; 5s ago
      Process: 41381 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
     Main PID: 41381 (code=exited, status=1/FAILURE)
    
    Nov 30 09:39:39 OMITTED systemd[1]: Starting The Apache HTTP Server...
    Nov 30 09:39:39 OMITTED httpd[41381]: AH00526: Syntax error on line 15 of /etc/httpd/conf.d/fog.conf:
    Nov 30 09:39:39 OMITTED httpd[41381]: SSLCertificateKeyFile: file '/opt/fog/snapins/ssl/.srvprivate.key' does not exist or is empty
    Nov 30 09:39:39 OMITTED systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
    Nov 30 09:39:39 OMITTED systemd[1]: Failed to start The Apache HTTP Server.
    Nov 30 09:39:39 OMITTED systemd[1]: httpd.service: Unit entered failed state.
    Nov 30 09:39:39 OMITTED systemd[1]: httpd.service: Failed with result 'exit-code'.
    
    

  • Senior Developer

    Another thread being solved because this isn’t “directly” a FOG issue, but rather SELinux issue.



  • @Jbob Whenever you’re free just let me know. I have FOG setup in Fedora 23 both at work and home.



  • @Jbob Figured it out.

    The newest SELinux userspace project release 2015-02-02 includes a change of the location of the SELinux policy store, which defaults to /var/lib/selinux/.

    https://fedoraproject.org/wiki/Changes/SELinuxPolicyStoreMigration

    find /var/lib/selinux | grep fog

    /var/lib/selinux/targeted/active/modules/400/fog
    /var/lib/selinux/targeted/active/modules/400/fog/lang_ext
    /var/lib/selinux/targeted/active/modules/400/fog/hll
    /var/lib/selinux/targeted/active/modules/400/fog/cil
    


  • @Jbob

    [root@mbfog targeted]# semodule -l | grep fog
    fog
    [root@mbfog targeted]#
    

  • Senior Developer

    @Wayne-Workman said:
    Like I said the folder seemed to be moved.

    Search just /etc/selinux/targeted/



  • @Jbob

    [root@mbfog bin]# getenforce
    Enforcing
    [root@mbfog bin]# setenforce 0
    [root@mbfog bin]# getenforce
    Permissive
    [root@mbfog bin]#
    [root@mbfog bin]#
    [root@mbfog bin]#
    [root@mbfog bin]# yum install -y selinux-policy-devel gcc make
    Yum command has been deprecated, redirecting to '/usr/bin/dnf install -y selinux-policy-devel gcc make'.
    See 'man dnf' and 'man yum2dnf' for more information.
    To transfer transaction metadata from yum to DNF, run:
    'dnf install python-dnf-plugins-extras-migrate && dnf-2 migrate'
    
    Last metadata expiration check performed 3:30:02 ago on Mon Nov 30 06:45:24 2015.
    Package selinux-policy-devel-3.13.1-155.fc23.noarch is already installed, skipping.
    Package gcc-5.1.1-4.fc23.x86_64 is already installed, skipping.
    Package make-1:4.0-5.1.fc23.x86_64 is already installed, skipping.
    Dependencies resolved.
    Nothing to do.
    Complete!
    [root@mbfog bin]# cd ~/svn/trunk/SELinux
    [root@mbfog SELinux]# make -f /usr/share/selinux/devel/Makefile fog.pp
    make: 'fog.pp' is up to date.
    [root@mbfog SELinux]# semodule -i fog.pp
    [root@mbfog SELinux]# ls /etc/selinux/targeted/modules/active/modules/ | grep fog
    ls: cannot access /etc/selinux/targeted/modules/active/modules/: No such file or directory
    [root@mbfog SELinux]# setenforce 1
    [root@mbfog SELinux]# ls /etc/selinux/targeted/modules/active/modules/ | grep fog
    ls: cannot access /etc/selinux/targeted/modules/active/modules/: No such file or directory
    [root@mbfog SELinux]# cd /etc/selinux/targeted/modules/active/modules
    -bash: cd: /etc/selinux/targeted/modules/active/modules: No such file or directory
    [root@mbfog SELinux]# ls /etc/selinux/targeted
    booleans.subs_dist  contexts  logins  policy  setrans.conf  seusers
    [root@mbfog SELinux]# cd /etc/selinux/targeted
    [root@mbfog targeted]# cd policy
    [root@mbfog policy]# ls
    policy.29
    [root@mbfog policy]# cd ..
    [root@mbfog targeted]# find / | grep "modules/active"
    find: ‘/sys/devices/virtual/misc/vmbus!hv_vss’: No such file or directory
    find: ‘/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/vmbus_1915520’: No such file or directory
    [root@mbfog targeted]#
    

  • Senior Developer



  • @Jbob I suppose so. What do I need to do?


  • Senior Developer

    Unless I’m mistaken that means the SELinux policy is not active.



  • @Jbob
    find / | grep fog.pp

    find: ‘/sys/devices/virtual/misc/vmbus!hv_vss’: No such file or directory
    find: ‘/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/vmbus_1602193’: No such file or directory
    /root/svn/trunk/SELinux/fog.pp
    


  • @Jbob SELinux also apparently breaks the FTP Image Size feature.


  • Senior Developer

    Well evidently that folder is moved on new Fedora distros … Can do you a little hunting around /etc/selinux/targeted to find fog.pp ?



  • @Jbob Fedora 23.

    ls /etc/selinux/targeted/modules/active/modules/ | grep fog

    ls: cannot access /etc/selinux/targeted/modules/active/modules/: No such file or directory
    


  • OK Done, FOG Server successfully migrated to Fedora 23 with Firewalld enabled.

    I’ll set SELinux back to enforcing just to try it out - but the problem described in this thread does need some addressing.

    I’m more than willing to help ofcourse.


  • Senior Developer

    @Wayne-Workman

    Need more details. My server (running the SELinux policy) does not have this issue. What distro? Can you run this command on the server and post the output?

    ls /etc/selinux/targeted/modules/active/modules/ | grep fog
    


  • @Tom-Elliott @Jbob

    [root@mbfog ssl]#
    [root@mbfog ssl]# getenforce
    Enforcing
    [root@mbfog ssl]# setenforce 0
    [root@mbfog ssl]# getenforce
    Permissive
    [root@mbfog ssl]# systemctl restart httpd
    [root@mbfog ssl]# systemctl status httpd
    ● httpd.service - The Apache HTTP Server
       Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
       Active: active (running) since Mon 2015-11-30 09:54:18 CST; 39s ago
     Main PID: 41141 (httpd)
       Status: "Total requests: 468; Idle/Busy workers 88/11;Requests/sec: 12; Bytes served/sec: 8.9KB/sec"
       CGroup: /system.slice/httpd.service
               ├─41141 /usr/sbin/httpd -DFOREGROUND
               ├─42084 /usr/sbin/httpd -DFOREGROUND
               ├─42085 /usr/sbin/httpd -DFOREGROUND
               ├─42087 /usr/sbin/httpd -DFOREGROUND
               ├─42088 /usr/sbin/httpd -DFOREGROUND
               ├─42090 /usr/sbin/httpd -DFOREGROUND
               ├─42191 /usr/sbin/httpd -DFOREGROUND
               ├─43231 /usr/sbin/httpd -DFOREGROUND
               ├─43249 /usr/sbin/httpd -DFOREGROUND
               └─43739 /usr/sbin/httpd -DFOREGROUND
    
    Nov 30 09:54:11 OMITTED systemd[1]: Starting The Apache HTTP Server...
    Nov 30 09:54:18 OMITTED systemd[1]: Started The Apache HTTP Server.
    [root@mbfog ssl]#
    


  • @Tom-Elliott Funny you asked, I was trying it as you replied.

    it works.


  • Senior Developer

    what if you run:

    setenforce 0; systemctl restart httpd



  • @Tom-Elliott I think it’s there… I copied the whole directory from the old server.

    ls -lat /opt/fog/snapins/ssl

    total 8
    drwxr--r--. 4 apache apache   50 Nov 24 11:05 ..
    -rwxr--r--. 1 apache apache 3243 Nov 24 11:04 .srvprivate.key
    drwxr--r--. 2 apache apache   44 Nov 24 11:04 .
    -rwxr--r--. 1 apache apache 1586 Nov 24 11:04 fog.csr
    

 

476
Online

41.8k
Users

12.3k
Topics

116.0k
Posts