Having a look at apacheconf-waklog.h on DICE SL7. This is actually the first SL7 web server stuff I’ve looked at. So first of all I thought I should try getting a minimum SL7 apacheconf.h web server going.
I commandeered circlevm9, a vanilla SL7 server.h VM. And added
#include <dice/options/apacheconf.h>
After the profile pushed, and I ran updaterpms. om apacheconf start
didn’t “just work”.
22/07/16 12:17:35: apache configuration has been modified
22/07/16 12:17:35: Syntax OK
22/07/16 12:17:35: Failed to reload httpd.service: Unit httpd.service is mas\
ked.
22/07/16 12:17:35: ** reload httpd: Fail
systemctl gave me a suggestion:
[circlevm9]root: systemctl status httpd
httpd.service
Loaded: masked (/etc/systemd/system/multi-user.target.wants httpd.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Warning: httpd.service changed on disk. Run 'systemctl daemon-reload' to reload units.
So I tried that:
[circlevm9]root: systemctl daemon-reload
[circlevm9]root: systemctl status httpd
httpd.service – The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/httpd.service.d
└─waithttpd.conf
Active: inactive (dead)
Docs: man:httpd(8)
man:apachectl(8)
Now, after doing an ‘om apacheconf stop’, ‘om apacheconf start’ worked and left httpd process running with /var/www/html/ as the docroot, but with all access denied. I’m presuming a reboot would have had a similar affect.
I then added a simple vhost to open up access to /var/www/html/ so that I could dump stuff in their and convince myself the basics worked.
!apacheconf.vhosts mADD(default) apacheconf.vhostname_default _default_ apacheconf.vhostdocroot_default /var/www/html apacheconf.vhostaccesslog_default /var/lcfg/log/apacheconf.access apacheconf.vhosterrorlog_default /var/lcfg/log/apacheconf.error !apacheconf.vhostverbatim_default mADD(stuff) apacheconf.vhostline_default_stuff <Directory "<%apacheconf.vhostdocroot_default%>">¶\ Options Indexes FollowSymLinks¶\ Require all granted¶\ </Directory>
With that done, I was able to drop files into /var/www/html/ and they would be served. Equally I added some symlinks to other bits of the file system, and they were followed unless file permissions said otherwise. So a symlink to /afs/inf.ed.ac.uk/ showed the contents of publicly accessible stuff, but all other access was denied by ACLs.
So now I know if I add apacheconf-waklog.h and get it working, if they symlinks to AFS show more content, then httpd will have obtained the necessary AFS PTS tokens.
Neil