SL7 Waklog

Having a look at apacheconf-waklog.h on DICE SL7. This is actually the first SL7 web server stuff I’ve looked at. So first of all I thought I should try getting a minimum SL7 apacheconf.h web server going.

I commandeered circlevm9, a vanilla SL7 server.h VM. And added

#include <dice/options/apacheconf.h>

After the profile pushed, and I ran updaterpms. om apacheconf start didn’t “just work”.

22/07/16 12:17:35: apache configuration has been modified
22/07/16 12:17:35: Syntax OK
22/07/16 12:17:35: Failed to reload httpd.service: Unit httpd.service is mas\
ked.
22/07/16 12:17:35: ** reload httpd: Fail

systemctl gave me a suggestion:


[circlevm9]root: systemctl status httpd
httpd.service
Loaded: masked (/etc/systemd/system/multi-user.target.wants httpd.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Warning: httpd.service changed on disk. Run 'systemctl daemon-reload' to reload units.

So I tried that:

[circlevm9]root: systemctl daemon-reload
[circlevm9]root: systemctl status httpd
httpd.service – The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/httpd.service.d
└─waithttpd.conf
Active: inactive (dead)
Docs: man:httpd(8)
man:apachectl(8)

Now, after doing an ‘om apacheconf stop’, ‘om apacheconf start’ worked and left httpd process running with /var/www/html/ as the docroot, but with all access denied. I’m presuming a reboot would have had a similar affect.

I then added a simple vhost to open up access to /var/www/html/ so that I could dump stuff in their and convince myself the basics worked.

!apacheconf.vhosts               mADD(default)
apacheconf.vhostname_default     _default_
apacheconf.vhostdocroot_default  /var/www/html
apacheconf.vhostaccesslog_default   /var/lcfg/log/apacheconf.access
apacheconf.vhosterrorlog_default    /var/lcfg/log/apacheconf.error
!apacheconf.vhostverbatim_default   mADD(stuff)
apacheconf.vhostline_default_stuff  <Directory "<%apacheconf.vhostdocroot_default%>">¶\
  Options Indexes FollowSymLinks¶\
  Require all granted¶\
</Directory>

With that done, I was able to drop files into /var/www/html/ and they would be served. Equally I added some symlinks to other bits of the file system, and they were followed unless file permissions said otherwise. So a symlink to /afs/inf.ed.ac.uk/ showed the contents of publicly accessible stuff, but all other access was denied by ACLs.

So now I know if I add apacheconf-waklog.h and get it working, if they symlinks to AFS show more content, then httpd will have obtained the necessary AFS PTS tokens.

Neil

Leave a Reply

Your email address will not be published. Required fields are marked *