Fedora Update Breaks httpd



  • Anyone else run into this issue? I just completed a simple update and now service fails to start.

    dnf -y update
    
    [root@bookstack-fedora ~]# systemctl status httpd
    ● httpd.service - The Apache HTTP Server
       Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
      Drop-In: /usr/lib/systemd/system/httpd.service.d
               └─php-fpm.conf
       Active: failed (Result: exit-code) since Mon 2018-03-05 12:51:18 EST; 1min 31s ago
         Docs: man:httpd.service(8)
      Process: 651 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
     Main PID: 651 (code=exited, status=1/FAILURE)
       Status: "Reading configuration..."
    
    Mar 05 12:51:18 bookstack-fedora systemd[1]: Starting The Apache HTTP Server...
    Mar 05 12:51:18 bookstack-fedora httpd[651]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using ::1. Set
    Mar 05 12:51:18 bookstack-fedora systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
    Mar 05 12:51:18 bookstack-fedora systemd[1]: Failed to start The Apache HTTP Server.
    Mar 05 12:51:18 bookstack-fedora systemd[1]: httpd.service: Unit entered failed state.
    Mar 05 12:51:18 bookstack-fedora systemd[1]: httpd.service: Failed with result 'exit-code'.
    

    Nothing else has changed. Even after reboot still get this error.

    Error log shows this:

    [Mon Mar 05 12:39:04.290603 2018] [core:notice] [pid 656:tid 140047618265088] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
    [Mon Mar 05 12:39:04.294838 2018] [suexec:notice] [pid 656:tid 140047618265088] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message
    [Mon Mar 05 12:39:04.438012 2018] [lbmethod_heartbeat:notice] [pid 656:tid 140047618265088] AH02282: No slotmem from mod_heartmonitor
    [Mon Mar 05 12:39:04.443196 2018] [http2:warn] [pid 656:tid 140047618265088] AH02951: mod_ssl does not seem to be enabled
    [Mon Mar 05 12:39:04.489771 2018] [mpm_event:notice] [pid 656:tid 140047618265088] AH00489: Apache/2.4.29 (Fedora) configured -- resuming normal operations
    [Mon Mar 05 12:39:04.489819 2018] [core:notice] [pid 656:tid 140047618265088] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
    [Mon Mar 05 12:49:37.356049 2018] [mpm_event:notice] [pid 656:tid 140047618265088] AH00492: caught SIGWINCH, shutting down gracefully
    AH00015: Unable to open logs
    

    ServerName is set in the config file. Always has been since I've had this setup.



  • After restarting httpd run this command: journalctl -xe for more info.

    You can also try tempoary setting SELinux to permissive for troubleshooting.
    setenforce 0



  • Your logs not being readable is the problem.

    That FQDN error is normal if you use a vhost conf file instead of editing the main httpd.conf



  • My Fedora 27 based system if fully up to date with SElinux enforcing.

    [root@bookstack ~]# dnf -y update --refresh
    Last metadata expiration check: 0:00:00 ago on Mon 05 Mar 2018 12:16:46 PM CST.
    Dependencies resolved.
    Nothing to do.
    Complete!
    [root@bookstack ~]# getenforce
    Enforcing
    [root@bookstack ~]# 
    


  • And you can note here, I get the same FQDN message.

    [root@bookstack ~]# journalctl -u httpd.service -f
    -- Logs begin at Sun 2018-02-11 22:18:27 CST. --
    Feb 19 17:46:24 bookstack systemd[1]: Stopping The Apache HTTP Server...
    Feb 19 17:46:25 bookstack systemd[1]: Stopped The Apache HTTP Server.
    Feb 19 17:46:25 bookstack systemd[1]: Starting The Apache HTTP Server...
    Feb 19 17:46:27 bookstack httpd[5272]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::243d:4b41:ab2c:c2b8. Set the 'ServerName' directive globally to suppress this message
    Feb 19 17:46:27 bookstack systemd[1]: Started The Apache HTTP Server.
    Feb 19 19:21:06 bookstack systemd[1]: Stopping The Apache HTTP Server...
    Feb 19 19:21:07 bookstack systemd[1]: Stopped The Apache HTTP Server.
    -- Reboot --
    Feb 19 19:21:31 bookstack systemd[1]: Starting The Apache HTTP Server...
    Feb 19 19:21:32 bookstack httpd[641]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message
    Feb 19 19:21:32 bookstack systemd[1]: Started The Apache HTTP Server.
    


  • Ah, now I have the problem. I just rebooted.

    So the problem is not that it updated. It is that it updated and something else changed that was not applied until a reboot applied the update. Like the new kernel.

    [root@bookstack ~]# journalctl -u httpd.service -f
    -- Logs begin at Sun 2018-02-11 22:18:27 CST. --
    Feb 19 19:21:32 bookstack httpd[641]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message
    Feb 19 19:21:32 bookstack systemd[1]: Started The Apache HTTP Server.
    Mar 05 12:18:55 bookstack systemd[1]: Stopping The Apache HTTP Server...
    Mar 05 12:19:02 bookstack systemd[1]: Stopped The Apache HTTP Server.
    -- Reboot --
    Mar 05 12:19:29 bookstack systemd[1]: Starting The Apache HTTP Server...
    Mar 05 12:19:31 bookstack httpd[623]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message
    Mar 05 12:19:31 bookstack systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
    Mar 05 12:19:31 bookstack systemd[1]: Failed to start The Apache HTTP Server.
    Mar 05 12:19:31 bookstack systemd[1]: httpd.service: Unit entered failed state.
    Mar 05 12:19:31 bookstack systemd[1]: httpd.service: Failed with result 'exit-code'.
    


  • @jaredbusch said in Fedora Update Breaks httpd:

    Ah, now I have the problem. I just rebooted.

    So the problem is not that it updated. It is that it updated and something else changed that was not applied until a reboot applied the update. Like the new kernel.

    [root@bookstack ~]# journalctl -u httpd.service -f
    -- Logs begin at Sun 2018-02-11 22:18:27 CST. --
    Feb 19 19:21:32 bookstack httpd[641]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message
    Feb 19 19:21:32 bookstack systemd[1]: Started The Apache HTTP Server.
    Mar 05 12:18:55 bookstack systemd[1]: Stopping The Apache HTTP Server...
    Mar 05 12:19:02 bookstack systemd[1]: Stopped The Apache HTTP Server.
    -- Reboot --
    Mar 05 12:19:29 bookstack systemd[1]: Starting The Apache HTTP Server...
    Mar 05 12:19:31 bookstack httpd[623]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message
    Mar 05 12:19:31 bookstack systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
    Mar 05 12:19:31 bookstack systemd[1]: Failed to start The Apache HTTP Server.
    Mar 05 12:19:31 bookstack systemd[1]: httpd.service: Unit entered failed state.
    Mar 05 12:19:31 bookstack systemd[1]: httpd.service: Failed with result 'exit-code'.
    

    Well, bollocks. Thanks for the warning guys.



  • @jaredbusch What kernel?



  • @tim_g said in Fedora Update Breaks httpd:

    @jaredbusch What kernel?

    I didn't say the kernel broke anything. I said a new change that was not applied until reboot like the new kernel.



  • @jaredbusch said in Fedora Update Breaks httpd:

    @tim_g said in Fedora Update Breaks httpd:

    @jaredbusch What kernel?

    I didn't say the kernel broke anything. I said a new change that was not applied until reboot like the new kernel.

    Ah I see.

    I just rebooted some web servers last night and no issues.

    0_1520274590378_cb4e86f5-ebb8-497d-a4b8-fd0f17d05511-image.png



  • And here is the problem. SELinux on the log file.

    -- Unit httpd.service has begun starting up.
    Mar 05 12:23:57 bookstack httpd[1046]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, usin
    Mar 05 12:23:57 bookstack audit[1046]: AVC avc:  denied  { open } for  pid=1046 comm="httpd" path="/var/log/access.log" dev="dm-0"
    Mar 05 12:23:57 bookstack systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
    Mar 05 12:23:57 bookstack systemd[1]: Failed to start The Apache HTTP Server.
    

    That vhost file that we made, bookstack.conf specified this: CustomLog /var/log/access.log combined

    And the SELinux context is not writable by Apache.

    [root@bookstack ~]# ls -laZ /var/log/access.log /var/log/httpd
    -rw-r--r--. 1 root root system_u:object_r:var_log_t:s0   789033 Mar  5 09:51 /var/log/access.log
    
    /var/log/httpd:
    total 12
    drwx------.  2 root root system_u:object_r:httpd_log_t:s0   68 Feb 19 17:46 .
    drwxr-xr-x. 11 root root system_u:object_r:var_log_t:s0   4096 Mar  5 12:19 ..
    -rw-r--r--.  1 root root system_u:object_r:httpd_log_t:s0    0 Feb 19 17:37 access_log
    -rw-r--r--.  1 root root system_u:object_r:httpd_log_t:s0  339 Mar  5 12:23 bookstack.error.log
    -rw-r--r--.  1 root root system_u:object_r:httpd_log_t:s0 3536 Mar  5 12:23 error_log
    

    It should have stated CustomLog /var/log/httpd/access_log combined



  • So, if you followed the original instructions, you can use this to fix it.

    sed -i "s/access\.log/httpd\/access_log/" /etc/httpd/conf.d/bookstack.conf
    

    Then start apache.

    systemctl start httpd
    


  • FYI, I totally blame someone else and not myself as I used the conf file from @black3dynamite in my guide.

    Not sure WTF changed to let it work then not work though.
    https://mangolassi.it/topic/16458/interesting-take-on-a-wiki-testing-now/30



  • @jaredbusch said in Fedora Update Breaks httpd:

    FYI, I totally blame someone else and not myself as I used the conf file from @black3dynamite in my guide.

    Not sure WTF changed to let it work then not work though.
    https://mangolassi.it/topic/16458/interesting-take-on-a-wiki-testing-now/30

    My mistake. I've edited my post.



  • @black3dynamite said in Fedora Update Breaks httpd:

    @jaredbusch said in Fedora Update Breaks httpd:

    FYI, I totally blame someone else and not myself as I used the conf file from @black3dynamite in my guide.

    Not sure WTF changed to let it work then not work though.
    https://mangolassi.it/topic/16458/interesting-take-on-a-wiki-testing-now/30

    My mistake. I've edited my post.

    Oh you're fine. Just giving you shit.



  • @jaredbusch said in Fedora Update Breaks httpd:

    @black3dynamite said in Fedora Update Breaks httpd:

    @jaredbusch said in Fedora Update Breaks httpd:

    FYI, I totally blame someone else and not myself as I used the conf file from @black3dynamite in my guide.

    Not sure WTF changed to let it work then not work though.
    https://mangolassi.it/topic/16458/interesting-take-on-a-wiki-testing-now/30

    My mistake. I've edited my post.

    Oh you're fine. Just giving you shit.

    It just sucks that I didn't even notice the incorrect path.



  • @jaredbusch said in Fedora Update Breaks httpd:

    So, if you followed the original instructions, you can use this to fix it.

    sed -i "s/access\.log/httpd\/access_log/" /etc/httpd/conf.d/bookstack.conf
    

    Then start apache.

    systemctl start httpd
    

    As always, thanks @JaredBusch that fixed it for me as well.



  • This post is deleted!