Fedora 23 - SVN 4455 - Restarting Apache2 for fog vhost ... Failed!
-
@Wayne-Workman What happens if you run:
apachectl restartPlease help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.
Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)
Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG
-
changed ownership and permissions of the /opt/fog folder
chown -R apache:apache /opt/fog
chmod -R 744 /opt/fogsystemctl restart httpdJob for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.systemctl status httpd● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Mon 2015-11-30 09:47:34 CST; 4s ago Process: 47803 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE) Main PID: 47803 (code=exited, status=1/FAILURE) Nov 30 09:47:33 OMITTED systemd[1]: Starting The Apache HTTP Server... Nov 30 09:47:34 OMITTED systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE Nov 30 09:47:34 OMITTED systemd[1]: Failed to start The Apache HTTP Server. Nov 30 09:47:34 OMITTED systemd[1]: httpd.service: Unit entered failed state. Nov 30 09:47:34 OMITTED systemd[1]: httpd.service: Failed with result 'exit-code'. Nov 30 09:47:34 OMITTED httpd[47803]: AH00526: Syntax error on line 15 of /etc/httpd/conf.d/fog.conf: Nov 30 09:47:34 OMITTED httpd[47803]: SSLCertificateKeyFile: file '/opt/fog/snapins/ssl/.srvprivate.key' does not exist or is empty -
@Tom-Elliott
apachectl restartJob for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details. -
So - what I have done is - I built a new fog server, moved over the images, installed the SELinux policy and firewalld settings,
and copied over the /opt/fog directory.
The server has a different name - but the same IP.
-
Then is it possible selinux is failing to allow creation of the /opt/fog/snapins/ssl/.srvprivate.key file?
My guess is either this file is not present, or it is empty.
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.
Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)
Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG
-
@Tom-Elliott I think it’s there… I copied the whole directory from the old server.
ls -lat /opt/fog/snapins/ssltotal 8 drwxr--r--. 4 apache apache 50 Nov 24 11:05 .. -rwxr--r--. 1 apache apache 3243 Nov 24 11:04 .srvprivate.key drwxr--r--. 2 apache apache 44 Nov 24 11:04 . -rwxr--r--. 1 apache apache 1586 Nov 24 11:04 fog.csr -
what if you run:
setenforce 0; systemctl restart httpdPlease help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.
Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)
Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG
-
@Tom-Elliott Funny you asked, I was trying it as you replied.
it works.
-
@Tom-Elliott @Jbob
[root@mbfog ssl]# [root@mbfog ssl]# getenforce Enforcing [root@mbfog ssl]# setenforce 0 [root@mbfog ssl]# getenforce Permissive [root@mbfog ssl]# systemctl restart httpd [root@mbfog ssl]# systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2015-11-30 09:54:18 CST; 39s ago Main PID: 41141 (httpd) Status: "Total requests: 468; Idle/Busy workers 88/11;Requests/sec: 12; Bytes served/sec: 8.9KB/sec" CGroup: /system.slice/httpd.service ├─41141 /usr/sbin/httpd -DFOREGROUND ├─42084 /usr/sbin/httpd -DFOREGROUND ├─42085 /usr/sbin/httpd -DFOREGROUND ├─42087 /usr/sbin/httpd -DFOREGROUND ├─42088 /usr/sbin/httpd -DFOREGROUND ├─42090 /usr/sbin/httpd -DFOREGROUND ├─42191 /usr/sbin/httpd -DFOREGROUND ├─43231 /usr/sbin/httpd -DFOREGROUND ├─43249 /usr/sbin/httpd -DFOREGROUND └─43739 /usr/sbin/httpd -DFOREGROUND Nov 30 09:54:11 OMITTED systemd[1]: Starting The Apache HTTP Server... Nov 30 09:54:18 OMITTED systemd[1]: Started The Apache HTTP Server. [root@mbfog ssl]# -
OK Done, FOG Server successfully migrated to Fedora 23 with Firewalld enabled.
I’ll set SELinux back to enforcing just to try it out - but the problem described in this thread does need some addressing.
I’m more than willing to help ofcourse.
-
@Jbob Fedora 23.
ls /etc/selinux/targeted/modules/active/modules/ | grep fogls: cannot access /etc/selinux/targeted/modules/active/modules/: No such file or directory -
@Jbob SELinux also apparently breaks the FTP Image Size feature.
-
@Jbob
find / | grep fog.ppfind: ‘/sys/devices/virtual/misc/vmbus!hv_vss’: No such file or directory find: ‘/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/vmbus_1602193’: No such file or directory /root/svn/trunk/SELinux/fog.pp -
@Jbob I suppose so. What do I need to do?
-
@Jbob
[root@mbfog bin]# getenforce Enforcing [root@mbfog bin]# setenforce 0 [root@mbfog bin]# getenforce Permissive [root@mbfog bin]# [root@mbfog bin]# [root@mbfog bin]# [root@mbfog bin]# yum install -y selinux-policy-devel gcc make Yum command has been deprecated, redirecting to '/usr/bin/dnf install -y selinux-policy-devel gcc make'. See 'man dnf' and 'man yum2dnf' for more information. To transfer transaction metadata from yum to DNF, run: 'dnf install python-dnf-plugins-extras-migrate && dnf-2 migrate' Last metadata expiration check performed 3:30:02 ago on Mon Nov 30 06:45:24 2015. Package selinux-policy-devel-3.13.1-155.fc23.noarch is already installed, skipping. Package gcc-5.1.1-4.fc23.x86_64 is already installed, skipping. Package make-1:4.0-5.1.fc23.x86_64 is already installed, skipping. Dependencies resolved. Nothing to do. Complete! [root@mbfog bin]# cd ~/svn/trunk/SELinux [root@mbfog SELinux]# make -f /usr/share/selinux/devel/Makefile fog.pp make: 'fog.pp' is up to date. [root@mbfog SELinux]# semodule -i fog.pp [root@mbfog SELinux]# ls /etc/selinux/targeted/modules/active/modules/ | grep fog ls: cannot access /etc/selinux/targeted/modules/active/modules/: No such file or directory [root@mbfog SELinux]# setenforce 1 [root@mbfog SELinux]# ls /etc/selinux/targeted/modules/active/modules/ | grep fog ls: cannot access /etc/selinux/targeted/modules/active/modules/: No such file or directory [root@mbfog SELinux]# cd /etc/selinux/targeted/modules/active/modules -bash: cd: /etc/selinux/targeted/modules/active/modules: No such file or directory [root@mbfog SELinux]# ls /etc/selinux/targeted booleans.subs_dist contexts logins policy setrans.conf seusers [root@mbfog SELinux]# cd /etc/selinux/targeted [root@mbfog targeted]# cd policy [root@mbfog policy]# ls policy.29 [root@mbfog policy]# cd .. [root@mbfog targeted]# find / | grep "modules/active" find: ‘/sys/devices/virtual/misc/vmbus!hv_vss’: No such file or directory find: ‘/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/vmbus_1915520’: No such file or directory [root@mbfog targeted]# -
@Jbob
[root@mbfog targeted]# semodule -l | grep fog fog [root@mbfog targeted]# -
@Jbob Figured it out.
The newest SELinux userspace project release 2015-02-02 includes a change of the location of the SELinux policy store, which defaults to /var/lib/selinux/.
https://fedoraproject.org/wiki/Changes/SELinuxPolicyStoreMigration
find /var/lib/selinux | grep fog/var/lib/selinux/targeted/active/modules/400/fog /var/lib/selinux/targeted/active/modules/400/fog/lang_ext /var/lib/selinux/targeted/active/modules/400/fog/hll /var/lib/selinux/targeted/active/modules/400/fog/cil -
@Jbob Whenever you’re free just let me know. I have FOG setup in Fedora 23 both at work and home.
-
Another thread being solved because this isn’t “directly” a FOG issue, but rather SELinux issue.
