I can get RT up and running just fine using LDAP with
RT::Authen::ExternalAuth. But as soon as I shut down the server and
install mod_ssl, apache won’t restart, segfaults.
Similarly, I can install mod_ssl just fine but as soon as I install
RT::Authen::ExternalAuth and add the known-working LDAP server config
to RT_SiteConfig.pm, same problem.
I’ll be honest that I haven’t debugged an apache crash for years.
Since I am not even sending the SSL virtual host to RT (the
DocumentRoot for the SSL host is the default apache /var/www/html) I
am not sure what could be conflicting.
I am happy to provide logs but the RT, and apache error logs don’t
seem to have anything relevant.
I can get RT up and running just fine using LDAP with
RT::Authen::ExternalAuth. But as soon as I shut down the server and
install mod_ssl, apache won’t restart, segfaults.
What version of RT and Apache? I presume you’re running with a mod_perl
deployment?
RT 4.0.19 (because of RTIR)
mod_perl
RHEL 6.5 x64
Server version: Apache/2.2.15 (Unix)
Server built: Aug 2 2013 08:02:15
Server’s Module Magic Number: 20051115:25
Server loaded: APR 1.3.9, APR-Util 1.3.9
Compiled using: APR 1.3.9, APR-Util 1.3.9
Architecture: 64-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
Server compiled with…
-D APACHE_MPM_DIR=“server/mpm/prefork”
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT=“/etc/httpd”
-D SUEXEC_BIN=“/usr/sbin/suexec”
-D DEFAULT_PIDLOG=“run/httpd.pid”
-D DEFAULT_SCOREBOARD=“logs/apache_runtime_status”
-D DEFAULT_LOCKFILE=“logs/accept.lock”
-D DEFAULT_ERRORLOG=“logs/error_log”
-D AP_TYPES_CONFIG_FILE=“conf/mime.types”
-D SERVER_CONFIG_FILE="conf/httpd.conf"On Thu, Mar 27, 2014 at 4:30 PM, Alex Vandiver alexmv@bestpractical.com wrote:
On Thu, 2014-03-27 at 16:01 -0500, Dewhirst, Rob wrote:
I can get RT up and running just fine using LDAP with
RT::Authen::ExternalAuth. But as soon as I shut down the server and
install mod_ssl, apache won’t restart, segfaults.
What version of RT and Apache? I presume you’re running with a mod_perl
deployment?
–
RT Training - Dallas May 20-21
http://bestpractical.com/training
RT 4.0.19 (because of RTIR)
mod_perl
Interesting; we’ve seen another report of this previously, but I’ve been
unable to replicate it. It’s presumably caused by a disagreement of
mod_ssl with the SSL libraries that perl uses for LDAPS support – and
since mod_perl is in use, those two exist in the same process, and their
disagreements lead to coredumps. We addressed a similar problem with
mod_ssl and TLS connections to Postgres early in the 4.0 series.
The simple work-around is to switch from mod_perl to one of the fastcgi
deployment strategies, which separates the mod_ssl OpenSSL stack from
perl’s LDAPS OpenSSL stack, allowing them to play well together.
However, I’d love to have a simple replication strategy to help track
this down and fix it. How stock an RT install is this? I presume
you’re running with the standard Apache and mod_perl installs from RPMs?
Can you provide your RT::Authen::ExternalAuth configuration?
This is just about as basic an RT install as you can get. everything
was installed by CPAN and RPMs.
I can give you instructions or if you have a place I can put a 1-2GB
file I could probably just build a CentOS VM that exhibits the
problem.On Thu, Mar 27, 2014 at 4:53 PM, Alex Vandiver alexmv@bestpractical.com wrote:
On Thu, 2014-03-27 at 16:42 -0500, Dewhirst, Rob wrote:
RT 4.0.19 (because of RTIR)
mod_perl
Interesting; we’ve seen another report of this previously, but I’ve been
unable to replicate it. It’s presumably caused by a disagreement of
mod_ssl with the SSL libraries that perl uses for LDAPS support – and
since mod_perl is in use, those two exist in the same process, and their
disagreements lead to coredumps. We addressed a similar problem with
mod_ssl and TLS connections to Postgres early in the 4.0 series.
The simple work-around is to switch from mod_perl to one of the fastcgi
deployment strategies, which separates the mod_ssl OpenSSL stack from
perl’s LDAPS OpenSSL stack, allowing them to play well together.
However, I’d love to have a simple replication strategy to help track
this down and fix it. How stock an RT install is this? I presume
you’re running with the standard Apache and mod_perl installs from RPMs?
Can you provide your RT::Authen::ExternalAuth configuration?
–
RT Training - Dallas May 20-21
http://bestpractical.com/training