4.0.5 FastCGI nightmare

Well now. What a total waste of 4 hours so far It’s
a shame this is what web app deployment is in 2012 still.
I remember this same old sort of crap from a decade ago.

If anyone has any ideas, please share.

I’m choosing FastCGI so that I can use my own Perl build,
and not Red Hat’s built into mod_perl.

I’ve read docs/web_deployment.pod. It includes an Apache
snippet, doesn’t mention suexec configuration like the wiki
does, doesn’t mention the suexec DocumentRoot restriction,
etc… Not a very useful document here so far.

Here’s rt-server.fcgi below, copied into the spot where Red Hat’s
"suexec" must find it located (under the compiled-in
DocumentRoot). As you can see, it is owned by the
suexec-destination user and group so suexec is happy:

[root@rtdev1 httpd]#
[root@rtdev1 ~]# cd /var/www
[root@rtdev1 www]# ls -ld .
drwxr-xr-x 7 root root 4096 Feb 21 20:05 ./
[root@rtdev1 www]# ls -ld fcgi/
dr-xr-xr-x 2 rt rt 4096 Feb 21 20:12 fcgi//
[root@rtdev1 www]# ls -ld fcgi/rt-server.fcgi
-r-xr-xr-x 1 rt rt 8043 Feb 21 20:12 fcgi/rt-server.fcgi*
[root@rtdev1 www]#

LoadModule fastcgi_module modules/mod_fastcgi.so
FastCgiWrapper /usr/sbin/suexec
FastCgiServer /var/www/fcgi/rt-server.fcgi -processes 5 -idle-timeout
300 -user rt -group rt
<VirtualHost 1xx.xx.xx.xx:443>
DocumentRoot /apps/rt4/share/html
AddDefaultCharset UTF-8

 Alias /NoAuth/images/ /apps/rt4/share/html/NoAuth/images/
 ScriptAlias / /var/www/fcgi/rt-server.fcgi/
 SuexecUserGroup rt rt
 <Location />
     Options +ExecCGI
     AddHandler fastcgi-script fcgi
     Order allow,deny
     Allow from all
 </Location>

suexec.log states everything is fine:

[2012-02-21 20:29:03]: uid: (rt/rt) gid: (rt/rt) cmd: rt-server.fcgi

Apache reports this:

[Tue Feb 21 20:33:40 2012] [warn] FastCGI: server
"/var/www/fcgi/rt-server.fcgi" has failed to remain running for 30
seconds given 3 attempts, its restart interval has been backed off to
600 seconds

And the browser just spins for a LONG time, then finally
throws a 500 Internal Server Error.

Testing shows this:

[root@rtdev1 httpd]# sudo -u apache /var/www/fcgi/rt-server.fcgi --port 9999
WARNING: RT couldn’t start up a web server on port 9999.
This is often the case if the port is already in use or you’re running
/var/www/fcgi/rt-server.fcgi
as someone other than your system’s “root” user. You may also specify a
temporary port with: /var/www/fcgi/rt-server.fcgi --port
Please check your system configuration or choose another port

I get the same exact error if I run rt-server.fcgi as root,
so it’s not a permissions problem.

I’ve read docs/web_deployment.pod. It includes an Apache
snippet, doesn’t mention suexec configuration like the wiki
does, doesn’t mention the suexec DocumentRoot restriction,
etc… Not a very useful document here so far.

It includes two working FastCGI configs (we’re using one of them in
production). It doesn’t document every possible way to deploy RT, just
several standard and tested solutions.

Apache reports this:

[Tue Feb 21 20:33:40 2012] [warn] FastCGI: server
“/var/www/fcgi/rt-server.fcgi” has failed to remain running for 30
seconds given 3 attempts, its restart interval has been backed off
to 600 seconds

And the browser just spins for a LONG time, then finally
throws a 500 Internal Server Error.

Testing shows this:

[root@rtdev1 httpd]# sudo -u apache /var/www/fcgi/rt-server.fcgi --port 9999

Try running

sudo -u apache plackup --server FCGI /var/www/fcgi/rt-server.fcgi

rt-server.fcgi depends a lot on proper environment. If you want to
run it outside of mod_fastcgi/mod_fcgid you’ll need to do it more
explicitly. I believe there’s a bug open to untangle it.

-kevin

sudo -u apache plackup --server FCGI /var/www/fcgi/rt-server.fcgi

Works fine:

FastCGI: manager (pid 21688): initialized
FastCGI: server (pid 21691): initialized
FastCGI: manager (pid 21688): server (pid 21691) started
^C

Apache still just sits there spinning its wheels when hit
by browser.

[ PS: No firewall in play here either FWIW ]

sudo -u apache plackup --server FCGI /var/www/fcgi/rt-server.fcgi

Works fine:

FastCGI: manager (pid 21688): initialized
FastCGI: server (pid 21691): initialized
FastCGI: manager (pid 21688): server (pid 21691) started
^C

Apache still just sits there spinning its wheels when hit
by browser.

This is long before your browser comes into it.
This is apache failing to start the rt fastcgi server.

Try having RT log to a logfile other than Apache (syslog or it’s own
file) and see if you can coax an error out of it.

You may also be able to get something if you turn up the apache
loglevel. Unfortunately the error you posted originally is just
apache saying “something went wrong, I’ll wait 30 seconds and try
again” and the error is either right before that in the logs, or was
eaten.

-kevin

Apache “LogLevel debug” showed that mason_data could not
be written to as user ‘rt’ (it was apache:apache 770)

cd mason_data
rm -rf *
chgrp rt .
service httpd restart

Win. Well, insofar as using FastCGI via suexec can be
considered a win.

Thank you for the help.

Now then – before I go bothering, would additional
info in docs/web_deployment.pod be welcomed?