Fedora Update Breaks httpd

NashBrydges

Anyone else run into this issue? I just completed a simple update and now service fails to start.

dnf -y update

[root@bookstack-fedora ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/httpd.service.d
           └─php-fpm.conf
   Active: failed (Result: exit-code) since Mon 2018-03-05 12:51:18 EST; 1min 31s ago
     Docs: man:httpd.service(8)
  Process: 651 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 651 (code=exited, status=1/FAILURE)
   Status: "Reading configuration..."

Mar 05 12:51:18 bookstack-fedora systemd[1]: Starting The Apache HTTP Server...
Mar 05 12:51:18 bookstack-fedora httpd[651]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using ::1. Set
Mar 05 12:51:18 bookstack-fedora systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Mar 05 12:51:18 bookstack-fedora systemd[1]: Failed to start The Apache HTTP Server.
Mar 05 12:51:18 bookstack-fedora systemd[1]: httpd.service: Unit entered failed state.
Mar 05 12:51:18 bookstack-fedora systemd[1]: httpd.service: Failed with result 'exit-code'.

Nothing else has changed. Even after reboot still get this error.

Error log shows this:

[Mon Mar 05 12:39:04.290603 2018] [core:notice] [pid 656:tid 140047618265088] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Mon Mar 05 12:39:04.294838 2018] [suexec:notice] [pid 656:tid 140047618265088] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message
[Mon Mar 05 12:39:04.438012 2018] [lbmethod_heartbeat:notice] [pid 656:tid 140047618265088] AH02282: No slotmem from mod_heartmonitor
[Mon Mar 05 12:39:04.443196 2018] [http2:warn] [pid 656:tid 140047618265088] AH02951: mod_ssl does not seem to be enabled
[Mon Mar 05 12:39:04.489771 2018] [mpm_event:notice] [pid 656:tid 140047618265088] AH00489: Apache/2.4.29 (Fedora) configured -- resuming normal operations
[Mon Mar 05 12:39:04.489819 2018] [core:notice] [pid 656:tid 140047618265088] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Mon Mar 05 12:49:37.356049 2018] [mpm_event:notice] [pid 656:tid 140047618265088] AH00492: caught SIGWINCH, shutting down gracefully
AH00015: Unable to open logs

ServerName is set in the config file. Always has been since I've had this setup.

black3dynamite

After restarting httpd run this command: journalctl -xe for more info.

You can also try tempoary setting SELinux to permissive for troubleshooting.
setenforce 0

JaredBusch

Your logs not being readable is the problem.

That FQDN error is normal if you use a vhost conf file instead of editing the main httpd.conf

JaredBusch

My Fedora 27 based system if fully up to date with SElinux enforcing.

[root@bookstack ~]# dnf -y update --refresh
Last metadata expiration check: 0:00:00 ago on Mon 05 Mar 2018 12:16:46 PM CST.
Dependencies resolved.
Nothing to do.
Complete!
[root@bookstack ~]# getenforce
Enforcing
[root@bookstack ~]#

JaredBusch

And you can note here, I get the same FQDN message.

[root@bookstack ~]# journalctl -u httpd.service -f
-- Logs begin at Sun 2018-02-11 22:18:27 CST. --
Feb 19 17:46:24 bookstack systemd[1]: Stopping The Apache HTTP Server...
Feb 19 17:46:25 bookstack systemd[1]: Stopped The Apache HTTP Server.
Feb 19 17:46:25 bookstack systemd[1]: Starting The Apache HTTP Server...
Feb 19 17:46:27 bookstack httpd[5272]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::243d:4b41:ab2c:c2b8. Set the 'ServerName' directive globally to suppress this message
Feb 19 17:46:27 bookstack systemd[1]: Started The Apache HTTP Server.
Feb 19 19:21:06 bookstack systemd[1]: Stopping The Apache HTTP Server...
Feb 19 19:21:07 bookstack systemd[1]: Stopped The Apache HTTP Server.
-- Reboot --
Feb 19 19:21:31 bookstack systemd[1]: Starting The Apache HTTP Server...
Feb 19 19:21:32 bookstack httpd[641]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message
Feb 19 19:21:32 bookstack systemd[1]: Started The Apache HTTP Server.

JaredBusch

Ah, now I have the problem. I just rebooted.

So the problem is not that it updated. It is that it updated and something else changed that was not applied until a reboot applied the update. Like the new kernel.

[root@bookstack ~]# journalctl -u httpd.service -f
-- Logs begin at Sun 2018-02-11 22:18:27 CST. --
Feb 19 19:21:32 bookstack httpd[641]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message
Feb 19 19:21:32 bookstack systemd[1]: Started The Apache HTTP Server.
Mar 05 12:18:55 bookstack systemd[1]: Stopping The Apache HTTP Server...
Mar 05 12:19:02 bookstack systemd[1]: Stopped The Apache HTTP Server.
-- Reboot --
Mar 05 12:19:29 bookstack systemd[1]: Starting The Apache HTTP Server...
Mar 05 12:19:31 bookstack httpd[623]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message
Mar 05 12:19:31 bookstack systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Mar 05 12:19:31 bookstack systemd[1]: Failed to start The Apache HTTP Server.
Mar 05 12:19:31 bookstack systemd[1]: httpd.service: Unit entered failed state.
Mar 05 12:19:31 bookstack systemd[1]: httpd.service: Failed with result 'exit-code'.

travisdh1

@jaredbusch said in Fedora Update Breaks httpd:

Ah, now I have the problem. I just rebooted.

So the problem is not that it updated. It is that it updated and something else changed that was not applied until a reboot applied the update. Like the new kernel.

[root@bookstack ~]# journalctl -u httpd.service -f
-- Logs begin at Sun 2018-02-11 22:18:27 CST. --
Feb 19 19:21:32 bookstack httpd[641]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message
Feb 19 19:21:32 bookstack systemd[1]: Started The Apache HTTP Server.
Mar 05 12:18:55 bookstack systemd[1]: Stopping The Apache HTTP Server...
Mar 05 12:19:02 bookstack systemd[1]: Stopped The Apache HTTP Server.
-- Reboot --
Mar 05 12:19:29 bookstack systemd[1]: Starting The Apache HTTP Server...
Mar 05 12:19:31 bookstack httpd[623]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message
Mar 05 12:19:31 bookstack systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Mar 05 12:19:31 bookstack systemd[1]: Failed to start The Apache HTTP Server.
Mar 05 12:19:31 bookstack systemd[1]: httpd.service: Unit entered failed state.
Mar 05 12:19:31 bookstack systemd[1]: httpd.service: Failed with result 'exit-code'.

Well, bollocks. Thanks for the warning guys.

Obsolesce

@jaredbusch What kernel?

JaredBusch

@tim_g said in Fedora Update Breaks httpd:

@jaredbusch What kernel?

I didn't say the kernel broke anything. I said a new change that was not applied until reboot like the new kernel.

Obsolesce

@jaredbusch said in Fedora Update Breaks httpd:

@tim_g said in Fedora Update Breaks httpd:

@jaredbusch What kernel?

I didn't say the kernel broke anything. I said a new change that was not applied until reboot like the new kernel.

Ah I see.

I just rebooted some web servers last night and no issues.

0_1520274590378_cb4e86f5-ebb8-497d-a4b8-fd0f17d05511-image.png

JaredBusch

And here is the problem. SELinux on the log file.

-- Unit httpd.service has begun starting up.
Mar 05 12:23:57 bookstack httpd[1046]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, usin
Mar 05 12:23:57 bookstack audit[1046]: AVC avc:  denied  { open } for  pid=1046 comm="httpd" path="/var/log/access.log" dev="dm-0"
Mar 05 12:23:57 bookstack systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Mar 05 12:23:57 bookstack systemd[1]: Failed to start The Apache HTTP Server.

That vhost file that we made, bookstack.conf specified this: CustomLog /var/log/access.log combined

And the SELinux context is not writable by Apache.

[root@bookstack ~]# ls -laZ /var/log/access.log /var/log/httpd
-rw-r--r--. 1 root root system_u:object_r:var_log_t:s0   789033 Mar  5 09:51 /var/log/access.log

/var/log/httpd:
total 12
drwx------.  2 root root system_u:object_r:httpd_log_t:s0   68 Feb 19 17:46 .
drwxr-xr-x. 11 root root system_u:object_r:var_log_t:s0   4096 Mar  5 12:19 ..
-rw-r--r--.  1 root root system_u:object_r:httpd_log_t:s0    0 Feb 19 17:37 access_log
-rw-r--r--.  1 root root system_u:object_r:httpd_log_t:s0  339 Mar  5 12:23 bookstack.error.log
-rw-r--r--.  1 root root system_u:object_r:httpd_log_t:s0 3536 Mar  5 12:23 error_log

It should have stated CustomLog /var/log/httpd/access_log combined

JaredBusch

So, if you followed the original instructions, you can use this to fix it.

sed -i "s/access\.log/httpd\/access_log/" /etc/httpd/conf.d/bookstack.conf

Then start apache.

systemctl start httpd

JaredBusch

FYI, I totally blame someone else and not myself as I used the conf file from @black3dynamite in my guide.

Not sure WTF changed to let it work then not work though.
https://mangolassi.it/topic/16458/interesting-take-on-a-wiki-testing-now/30

black3dynamite

@jaredbusch said in Fedora Update Breaks httpd:

FYI, I totally blame someone else and not myself as I used the conf file from @black3dynamite in my guide.

Not sure WTF changed to let it work then not work though.
https://mangolassi.it/topic/16458/interesting-take-on-a-wiki-testing-now/30

My mistake. I've edited my post.

JaredBusch

@black3dynamite said in Fedora Update Breaks httpd:

@jaredbusch said in Fedora Update Breaks httpd:

FYI, I totally blame someone else and not myself as I used the conf file from @black3dynamite in my guide.

Not sure WTF changed to let it work then not work though.
https://mangolassi.it/topic/16458/interesting-take-on-a-wiki-testing-now/30

My mistake. I've edited my post.

Oh you're fine. Just giving you shit.

black3dynamite

@jaredbusch said in Fedora Update Breaks httpd:

@black3dynamite said in Fedora Update Breaks httpd:

@jaredbusch said in Fedora Update Breaks httpd:

FYI, I totally blame someone else and not myself as I used the conf file from @black3dynamite in my guide.

Not sure WTF changed to let it work then not work though.
https://mangolassi.it/topic/16458/interesting-take-on-a-wiki-testing-now/30

My mistake. I've edited my post.

Oh you're fine. Just giving you shit.

It just sucks that I didn't even notice the incorrect path.

NashBrydges

@jaredbusch said in Fedora Update Breaks httpd:

So, if you followed the original instructions, you can use this to fix it.
sed -i "s/access\.log/httpd\/access_log/" /etc/httpd/conf.d/bookstack.conf
Then start apache.
systemctl start httpd

As always, thanks @JaredBusch that fixed it for me as well.

Alex Sage

This post is deleted!