Project

General

Profile

Actions

Bug #10455

closed

Relay-Api does not handle different Apache versions

Added by Janos Mattyasovszky over 7 years ago. Updated over 7 years ago.

Status:
Released
Priority:
N/A
Category:
Packaging
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Fix check:
Regression:

Description

On SLES12 SP2, apache (which has a version of 2.4.23-something) is not starting after a clean installation and initialization of 4.1-rc1:

start_apache2[11305]: AH00526: Syntax error on line 97 of /opt/rudder/etc/rudder-apache-relay-common.conf:
start_apache2[11305]: Invalid command 'Allow', perhaps misspelled or defined by a module not included in the server configuration
systemd[1]: apache2.service: Control process exited, code=exited status=1

In "/opt/rudder/etc/rudder-apache-relay-common.conf" there is this section:

<Directory /opt/rudder/share/relay-api/relay_api>
  # Allow access from anybody
  Allow from all
</Directory>

This should be more like something like this:

  <IfVersion < 2.4>
    Order deny,allow
    Allow From all
  </IfVersion>
  <IfVersion >= 2.4>
    Require all granted
  </IfVersion>

This patch helped me start apache2 :

--- /opt/rudder/etc/rudder-apache-relay-common.conf.orig        2017-03-17 12:27:20.420838026 +0100
+++ /opt/rudder/etc/rudder-apache-relay-common.conf     2017-03-17 12:27:22.200821643 +0100
@@ -94,17 +94,35 @@

 <Directory /opt/rudder/share/relay-api/relay_api>
   # Allow access from anybody
-  Allow from all
+  <IfVersion < 2.4>
+    Order deny,allow
+    Allow From all
+  </IfVersion>
+  <IfVersion >= 2.4>
+    Require all granted
+  </IfVersion>
 </Directory>

 <Files /opt/rudder/share/relay-api/relay-api.wsgi>
   # Allow access from anybody
-  Allow from all
+  <IfVersion < 2.4>
+    Order deny,allow
+    Allow From all
+  </IfVersion>
+  <IfVersion >= 2.4>
+    Require all granted
+  </IfVersion>
 </Files>

 <Directory /opt/rudder/share/relay-api/flask>
   # Allow access from anybody
-  Allow from all
+  <IfVersion < 2.4>
+    Order deny,allow
+    Allow From all
+  </IfVersion>
+  <IfVersion >= 2.4>
+    Require all granted
+  </IfVersion>
 </Directory>

 # Disallow by default
Actions #1

Updated by Janos Mattyasovszky over 7 years ago

  • Found in version (s) 4.1.0~rc1 added
  • Found in version (s) deleted (4.1.0)
Actions #2

Updated by Alexis Mousset over 7 years ago

  • Category set to Packaging
  • Assignee set to Alexis Mousset
  • Target version set to 4.1.0
Actions #3

Updated by Alexis Mousset over 7 years ago

  • Status changed from New to In progress
Actions #4

Updated by Alexis Mousset over 7 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis Mousset to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/1298
Actions #5

Updated by Alexis Mousset over 7 years ago

Indeed, some version conditions were missing. It probably worked on other OSes thanks to the compatibility module being loaded by default.

Thanks!

Actions #6

Updated by Alexis Mousset over 7 years ago

  • Status changed from Pending technical review to Pending release
Actions #7

Updated by Benoît PECCATTE over 7 years ago

  • Status changed from Pending release to Released
  • Priority set to 0

This bug has been fixed in Rudder 4.1.0 which was released today.

Actions

Also available in: Atom PDF