728x90
$ vi /etc/httpd/conf.d/httpd-jk.conf[Centos7] [trouble shooting] httpd start failed due to SELinux
mod_jk를 이용하여 Apache와 Tomcat을 연동할 때 SELinux 때문에 httpd service 구동 실패하는 경우가 있습니다.
$ setenforce 0setenforce 0
SELinux 임시 해제
$ service httpd start
Redirecting to /bin/systemctl start httpd.serviceservice httpd start
SELinux 해제 후 httpd 실행 시 잘 작동합니다.
$ setenforce 1setenforce 1
SELinux 재설정
$ service httpd start
Redirecting to /bin/systemctl start httpd.service
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.service httpd start
SELinux 설정 후 httpd 실행 시 에러메시지 발생합니다.
$ systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2019-01-09 14:21:42 KST; 3min 56s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 16028 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 16026 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 16026 (code=exited, status=1/FAILURE)
Jan 09 14:21:42 www.test.co.kr systemd[1]: Starting The Apache HTTP Server...
Jan 09 14:21:42 www.test.co.kr systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jan 09 14:21:42 www.test.co.kr kill[16028]: kill: cannot find process ""
Jan 09 14:21:42 www.test.co.kr systemd[1]: httpd.service: control process exited, code=exited status=1
Jan 09 14:21:42 www.test.co.kr systemd[1]: Failed to start The Apache HTTP Server.
Jan 09 14:21:42 www.test.co.kr systemd[1]: Unit httpd.service entered failed state.
Jan 09 14:21:42 www.test.co.kr systemd[1]: httpd.service failed.systemctl status httpd.service
systemctl 에러 메시지
Jan 09 14:21:42 www.test.or.kr systemd[1]: Unit httpd.service entered failed state.
Jan 09 14:21:42 www.test.or.kr systemd[1]: httpd.service failed.
Jan 09 14:21:42 www.test.or.kr polkitd[4652]: Unregistered Authentication Agent for unix-process:16010:42407707 (system bus name :1.320, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)journalctl -xe
journalctl 에러 메시지
[Wed Jan 09 14:36:00.272602 2019] [jk:emerg] [pid 16103] Initializing shm:/etc/httpd/logs/mod_jk.shm.16103 errno=13. Unable to start due to shared memory failure.vi /etc/httpd/logs/error_log
error_log의 에러 메시지
$ cd /etc/httpd/conf.dcd /etc/httpd/conf.d
/etc/httpd/conf.d 디렉토리 이동
$ vi httpd-jk.confvi httpd-jk.conf
mod_jk 설정파일 열기
<IfModule jk_module>
# We need a workers file exactly once
# and in the global server
JkWorkersFile conf.d/workers.properties
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# Our JK error log
# You can (and should) use rotatelogs here
JkLogFile logs/mod_jk.log
# Our JK log level (trace,debug,info,warn,error)
JkLogLevel info
# Our JK shared memory file
JkShmFile logs/mod_jk.shm
# If you want to put all mounts into an external file
# that gets reloaded automatically after changes
# (with a default latency of 1 minute),
# you can define the name of the file here.
JkMountFile conf.d/uriworkermap.properties
</IfModule>16번째 라인 : JkShmFile logs/mod_jk.shm
(Shared Memory file name 을 지정하는 JkShmFile Keyword가 다음과 같이 되어 있음)
$ cd /etc/httpd/modulescd /etc/httpd/modules
httpd의 modules 디렉토리로 이동
$ ls -lZ /etc/httpd/modules/mod_jk.so
-rwxr-xr-x. root root system_u:object_r:httpd_modules_t:s0 /etc/httpd/modules/mod_jk.sols -lZ /etc/httpd/modules/mod_jk.so
Apache와 Tomcat 을 연계하는 mod_jk의 SELinux context 가 httpd_modules_t 입니다.
$ semanage fcontext -l | grep httpd_modules_t
/usr/lib/httpd(/.*)? all files system_u:object_r:httpd_modules_t:s0
/usr/lib/apache(/.*)? all files system_u:object_r:httpd_modules_t:s0
/usr/lib/cherokee(/.*)? all files system_u:object_r:httpd_modules_t:s0
/usr/lib/lighttpd(/.*)? all files system_u:object_r:httpd_modules_t:s0
/usr/lib/apache2/modules(/.*)? all files system_u:object_r:httpd_modules_t:s0
/etc/httpd/modules all files system_u:object_r:httpd_modules_t:s0
cssemanage fcontext -l | grep httpd_modules_t
httpd_modules_t 의 global context 를 조회하면 http 데몬은 /etc/httpd/logs에 write 할 수 없습니다.
$ semanage fcontext -l | grep var_run_t | grep httpd
/var/run/wsgi.* socket system_u:object_r:httpd_var_run_t:s0
/var/run/mod_.* all files system_u:object_r:httpd_var_run_t:s0
/var/run/httpd.* all files system_u:object_r:httpd_var_run_t:s0
/var/run/nginx.* all files system_u:object_r:httpd_var_run_t:s0
/var/run/apache.* all files system_u:object_r:httpd_var_run_t:s0
/var/run/php-fpm(/.*)? all files system_u:object_r:httpd_var_run_t:s0
/var/run/lighttpd(/.*)? all files system_u:object_r:httpd_var_run_t:s0
/var/lib/php/session(/.*)? all files system_u:object_r:httpd_var_run_t:s0
/var/lib/php/wsdlcache(/.*)? all files system_u:object_r:httpd_var_run_t:s0
/var/run/dirsrv/admin-serv.* all files system_u:object_r:httpd_var_run_t:s0
/var/opt/rh/rh-nginx18/run/nginx(/.*)? all files system_u:object_r:httpd_var_run_t:s0
/var/www/openshift/broker/httpd/run(/.*)? all files system_u:object_r:httpd_var_run_t:s0
/var/www/openshift/console/httpd/run(/.*)? all files system_u:object_r:httpd_var_run_t:s0
/opt/dirsrv/var/run/dirsrv/dsgw/cookies(/.*)? all files system_u:object_r:httpd_var_run_t:s0
/var/run/thttpd\.pid regular file system_u:object_r:httpd_var_run_t:s0
/var/run/gcache_port socket system_u:object_r:httpd_var_run_t:s0
/var/run/cherokee\.pid regular file system_u:object_r:httpd_var_run_t:s0
/var/run/piranha-httpd\.pid regular file system_u:object_r:piranha_web_var_run_t:s0semanage fcontext -l | grep var_run_t | grep httpd
위와 같이 조회하면 http 데몬은 /var/run에 write가 가능한 것을 확인할 수 있습니다.
$ vi /etc/httpd/conf.d/httpd-jk.conf<IfModule jk_module>
# We need a workers file exactly once
# and in the global server
JkWorkersFile conf.d/workers.properties
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# Our JK error log
# You can (and should) use rotatelogs here
JkLogFile logs/mod_jk.log
# Our JK log level (trace,debug,info,warn,error)
JkLogLevel info
# Our JK shared memory file
JkShmFile run/mod_jk.shm
# If you want to put all mounts into an external file
# that gets reloaded automatically after changes
# (with a default latency of 1 minute),
# you can define the name of the file here.
JkMountFile conf.d/uriworkermap.properties
</IfModule>JkShmFile run/mod_jk.shm
shm 파일이 /var/run 디렉토리에 생성되도록 변경
$ service httpd start
Redirecting to /bin/systemctl start httpd.serviceservice httpd start
정상적으로 httpd 서비스 확인 가능
$ cd /var/run/httpd
$ ls -al
total 12
drwx--x---. 3 root apache 140 Jan 9 15:22 .
drwxr-xr-x. 27 root root 820 Jan 4 16:33 ..
-rw-r--r--. 1 root root 8 Jan 9 15:22 authdigest_shm.16290
drwx------. 2 apache apache 40 Jan 4 16:33 htcacheclean
-rw-r--r--. 1 root root 6 Jan 9 15:22 httpd.pid
-rw-r--r--. 1 root root 1024 Jan 9 15:22 mod_jk.shm.16290
-rw-r--r--. 1 root root 1 Jan 9 15:22 mod_jk.shm.16290.lockcd /var/run/httpd
ls -al
mod_jk.shm 파일이 이곳에 생성되는것을 확인 가능
728x90
'OS & Server > Linux' 카테고리의 다른 글
| [Centos7] 아파치 Apache (httpd) 업데이트 (0) | 2022.07.11 |
|---|---|
| [Centos7] 아파치 Apache(httpd) 설치 (0) | 2022.07.11 |
| [Centos7] firewall 방화벽 명령어 (0) | 2022.07.05 |
| [Centos7] systemctl 명령어 사용법 (0) | 2022.07.05 |
| [Centos7] Tomcat 서비스(systemctl) 등록, 삭제, 목록 확인 (0) | 2022.07.04 |
댓글