Project

General

Profile

Bug #10455

Relay-Api does not handle different Apache versions

Added by Janos Mattyasovszky 8 months ago. Updated 8 months ago.

Status:
Released
Priority:
N/A
Category:
Packaging
Target version:
Target version (plugin):
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
User visibility:
Effort required:
Priority:
0

Description

On SLES12 SP2, apache (which has a version of 2.4.23-something) is not starting after a clean installation and initialization of 4.1-rc1:

start_apache2[11305]: AH00526: Syntax error on line 97 of /opt/rudder/etc/rudder-apache-relay-common.conf:
start_apache2[11305]: Invalid command 'Allow', perhaps misspelled or defined by a module not included in the server configuration
systemd[1]: apache2.service: Control process exited, code=exited status=1

In "/opt/rudder/etc/rudder-apache-relay-common.conf" there is this section:

<Directory /opt/rudder/share/relay-api/relay_api>
  # Allow access from anybody
  Allow from all
</Directory>

This should be more like something like this:

  <IfVersion < 2.4>
    Order deny,allow
    Allow From all
  </IfVersion>
  <IfVersion >= 2.4>
    Require all granted
  </IfVersion>

This patch helped me start apache2 :

--- /opt/rudder/etc/rudder-apache-relay-common.conf.orig        2017-03-17 12:27:20.420838026 +0100
+++ /opt/rudder/etc/rudder-apache-relay-common.conf     2017-03-17 12:27:22.200821643 +0100
@@ -94,17 +94,35 @@

 <Directory /opt/rudder/share/relay-api/relay_api>
   # Allow access from anybody
-  Allow from all
+  <IfVersion < 2.4>
+    Order deny,allow
+    Allow From all
+  </IfVersion>
+  <IfVersion >= 2.4>
+    Require all granted
+  </IfVersion>
 </Directory>

 <Files /opt/rudder/share/relay-api/relay-api.wsgi>
   # Allow access from anybody
-  Allow from all
+  <IfVersion < 2.4>
+    Order deny,allow
+    Allow From all
+  </IfVersion>
+  <IfVersion >= 2.4>
+    Require all granted
+  </IfVersion>
 </Files>

 <Directory /opt/rudder/share/relay-api/flask>
   # Allow access from anybody
-  Allow from all
+  <IfVersion < 2.4>
+    Order deny,allow
+    Allow From all
+  </IfVersion>
+  <IfVersion >= 2.4>
+    Require all granted
+  </IfVersion>
 </Directory>

 # Disallow by default

Associated revisions

Revision 3144d145
Added by Alexis MOUSSET 8 months ago

Fixes #10455: Relay-Api does not handle different Apache versions

History

#1 Updated by Janos Mattyasovszky 8 months ago

  • Found in version (s) 4.1.0~rc1 added
  • Found in version (s) deleted (4.1.0)

#2 Updated by Alexis MOUSSET 8 months ago

  • Category set to Packaging
  • Assignee set to Alexis MOUSSET
  • Target version set to 4.1.0

#3 Updated by Alexis MOUSSET 8 months ago

  • Status changed from New to In progress

#4 Updated by Alexis MOUSSET 8 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis MOUSSET to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/1298

#5 Updated by Alexis MOUSSET 8 months ago

Indeed, some version conditions were missing. It probably worked on other OSes thanks to the compatibility module being loaded by default.

Thanks!

#6 Updated by Alexis MOUSSET 8 months ago

  • Status changed from Pending technical review to Pending release

#7 Updated by Benoît PECCATTE 8 months ago

  • Status changed from Pending release to Released
  • Priority set to 0

This bug has been fixed in Rudder 4.1.0 which was released today.

Also available in: Atom PDF