Tag Archive for apache

Sun Webstack 1.4 – Packages on Crack

I am a huge fan of Sun Microsystems.
I love Solaris 10.
I love ZFS.
I love RBAC.
I love zones.
I really love T2/T2+ processors.
I especially love the T5140 and X4450 servers.

One thing I cannot figure out though, is why Sun lets obviously delirious cocaine addicts package their software. Maybe I’m exaggerating but I think that many will agree that Sun’s packages leave much to be desired in general. On top of that, Sun seems to have a constant need to move software around and invent new paths- to boldy go where no sysadmin has gone before????

Our journey begins with the mythic /usr/ucb/ directory- a true treasure chest for those making the adjustment from Linux. We’ll continue to /usr/local/ ala sun freeware (actually the most normal place we will visit but not actually supported by sun) and then arrive at the more recent /usr/sfw.

On your right, we’ll be passing the Coolstack project (Not Officially Supported by Sun) located reasonably in /opt/coolstack. Notice the configuration files in /opt/coolstack/etc, apache located comfortably in /opt/coolstack/apache2, mysql located in /opt/coolstack/mysql. Can anyone guess where the SMF manifests are? My first guess would have been /opt/coolstack/var/svc… similar to the native manifests but I would be wrong because that would make too much sense or be too easy. Anyway- they are hiding in /opt/coolstack/lib/svc…

Wait- what’s that ahead? Coolstack is falling into disrepair, no longer to be updated. Instead, there will be a new neighborhood called Webstack and it WILL be officially supported by Sun- Time to get high. Can’t figure out where anything is? I’ll give you some hints:

Looking for configuration files? Don’t try /etc or /opt/webstack/etc. You should be looking in /etc/opt/webstack ??!?! Since when does that directory even exist?

Looking for your MySQL data directory? Don’t try /opt/webstack/mysql/data (similar to the existing structure in coolstack). Bet you wouldn’t have guessed /var/opt/webstack/mysql/5.0/data – /var/opt ??!?! What is that? Maybe for the 1.5 release they could put it in /usr/ucb/opt/usr/local/var/spool/sfw/webstack/mysql/5.0/data?

How about your default DocumentRoot for Apache? You must have guessed it by now: /var/opt/webstack/apache2/2.2/htdocs

Anyone here running webstack on Linux? In that case all the directories are different. I guess Sun wanted to make it difficult to run their stack on heterogenous environments?

Seriously- I really hope Sun wises up and fixes this before they hope for widespread adoption of the 1.5 release.

Match RSA private key to Certificate

== Step One ==
Run the following command on the key file to determine the modulus:
openssl rsa -noout -text -in secure.server.com.pem

=== Example Output ===

Private-Key: (1024 bit)
modulus:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00
...

== Step Two ==
Run the following command on the certificate file to match the modulus:
openssl x509 -noout -text -in secure.server.com.pem

=== Example Output ===

    ...
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00
...

If they match the certificate and key match.

Sun Apache2 breaks PHP?

This post isn’t going to solve anyone’s problems but maybe someone will solve mine.
I recently compiled and packaged a new release of php4 (4.4.7) for use with Sun’s Apache2 (Solaris 10 11/06 patched).
Unfortunately for some very strange reason, Apache segfaults whenever it tries to server a page. It segfaults even if the page has no php involved and only if the php module is loaded.

Here is some sample truss output:

2146:   stat64("/var/apache2/vservers/htdocs/favicon.ico", 0xFFBFF720) Err#2 ENOENT
2146: lstat64("/var", 0xFFBFF720) = 0
2146: lstat64("/var/apache2", 0xFFBFF720) = 0
2146: lstat64("/var/apache2/vservers", 0xFFBFF720) = 0
2146: lstat64("/var/apache2/vservers/htdocs", 0xFFBFF720) = 0
2146: lstat64("/var/apache2/vservers/htdocs/favicon.ico", 0xFFBFF720) Err#2 ENOENT
2146: Incurred fault #6, FLTBOUNDS %pc = 0xFE887CF8
2146: siginfo: SIGSEGV SEGV_MAPERR addr=0x00000054
2146: Received signal #11, SIGSEGV [caught]
2146: siginfo: SIGSEGV SEGV_MAPERR addr=0x00000054
2146: schedctl() = 0xFEE06000
2146: lwp_sigmask(SIG_SETMASK, 0x00000400, 0x00000000) = 0xFFBFFEFF [0x0000FFFF]
2146: chdir("/usr/apache2") = 0
2146: sigaction(SIGSEGV, 0xFFBFF2B8, 0xFFBFF358) = 0
2146: getpid() = 2146 [912]
2146: getpid() = 2146 [912]
2146: kill(2146, SIGSEGV) = 0
2146: setcontext(0xFFBFF298)
2146: Received signal #11, SIGSEGV [default]
2146: siginfo: SIGSEGV pid=2146 uid=80

I configured Solaris to dump core and gdb’d the core file:

#0  php_handler (r=0x1964e8) at /root/dev/php-4.4.7/sapi/apache2handler/sapi_apache2.c:470
470 /root/dev/php-4.4.7/sapi/apache2handler/sapi_apache2.c: No such file or directory.
in /root/dev/php-4.4.7/sapi/apache2handler/sapi_apache2.c
(gdb) bt full
#0 php_handler (r=0x1964e8) at /root/dev/php-4.4.7/sapi/apache2handler/sapi_apache2.c:470
ctx = (php_struct *) 0x0
conf = (void *) 0x0
brigade = (apr_bucket_brigade *) 0x197f38
bucket = (apr_bucket *) 0x0
parent_req = (request_rec *) 0x0
#1 0x0002e730 in ap_run_handler ()
No symbol table info available.
#2 0x0002ed20 in ap_invoke_handler ()
No symbol table info available.
#3 0x0002baa8 in ap_process_request ()
No symbol table info available.
#4 0x0002670c in .st_double_foreff ()
No symbol table info available.
#5 0x0002670c in .st_double_foreff ()
No symbol table info available.
Previous frame identical to this frame (corrupt stack?)
(gdb) quit

I found some people with a similar problem but no answers here: http://forum.java.sun.com/thread.jspa?threadID=5137425&tstart=270

I even tried my old package for php 4.4.3 but no luck. The only difference between the old machine and the new that I know of is that the old machine is 06/06 and the new one is 11/06????

In the end, I ditch Sun’s Apache2 and install Blastwave packages and everything works.

All I can say is that Sun is wasting it’s time on desktops. Sun needs to bring their software delivery and upgrade management up to Redhat/Debian standards. If they would just do that, they could start charging for their OS again.

Cloning zones in Solaris 10 6/06

I’m in the process of setting up a machine to host several SAMP (Solaris-Apache-MySQL-PHP) containers. I decided that it would be very efficient to create a generic zone and clone it over and over again. From reading up on the subject it seemed more than possible, after all, what is a zone besides a config file and a filesystem?

I googled for “Cloning Solaris Zones” and found lots of documentation on the zoneadm clone feature. I started to follow the howtos and hit a brick wall… my zoneadm doesn’t know how to clone. Deeper digging shows that the documentation on Sun’s site was for Solaris Express- Sun’s bleeding edge version of OpenSolaris- Can I say “How useless!”

I continued to google, after all I was very close I have the configuration and the filesystem, I just need to connect the two. I found the zoneadm attach/detach commands. This sounds perfect to me but alas my zoneadm doesn’t support attach/detach. Apparently, this feature is only available from Solaris 11/06- Can someone tell me when Sun started releasing new OS versions every 6 months!

I had no intention of giving up and here is the process which evolved:

  1. Setup the “Gold Master” zone including all the services, users, passwords, etc. (I’m assuming that your zonepath is a ZFS filesystem- this has it’s pluses and minuses so don’t take my word on it.)
  2. Halt the Master zone and export the config file to your zone template file:

    zoneadm -z master halt
    zonecfg -z master export -f /root/template

  3. It should look something like this: (edit with values for new zone)

    create -b
    set zonepath=/zfszones/zoneclone
    set autoboot=true
    set pool=work1-pool
    add inherit-pkg-dir
    set dir=/lib
    end
    add inherit-pkg-dir
    set dir=/platform
    end
    add inherit-pkg-dir
    set dir=/sbin
    end
    add inherit-pkg-dir
    set dir=/usr
    end
    add net
    set address=192.168.0.2
    set physical=bge0
    end
    add rctl
    set name=zone.cpu-shares
    add value (priv=privileged,limit=10,action=none)
    end

  4. Configure a new zone using the new config file:

    zonecfg -z zoneclone -f zoneclone.cfg

  5. Create a ZFS snapshot of the master zone:

    zfs snapshot zfspool/master@040207

  6. Clone the ZFS snapshot

    zfs clone zfspool/master@040207 zfspool/zoneclone

  7. Mount the new ZFS filesystem at the correct zonepath

    zfs setmountpoint=/zfszones/zoneclone/ zfspool/zoneclone

  8. Change the zone state to “installed” –WARNING: I have no idea if this is a good idea but it seems to work.

    vi /etc/zones/index

    Find a line that looks like:
    zoneclone:configured:/zfszones/zoneclone:0000003c-ffbf-f825-ffbf-f80001000000

    Replace it with:
    zoneclone:installed:/zfszones/zoneclone:0000003c-ffbf-f825-ffbf-f80001000000

  9. Boot the new zone:

    zoneadm -z zoneclone boot