Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Gentoo Apache2 Config Change Idiocy
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3, 4 ... 9, 10, 11  Next  
This topic is locked: you cannot edit posts or make replies.    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
wolf31o2
Retired Dev
Retired Dev


Joined: 31 Jan 2003
Posts: 628
Location: Mountain View, CA

PostPosted: Mon Sep 26, 2005 8:48 pm    Post subject: Re: Thanks Gentoo Reply with quote

gkmac wrote:
Am I the only one not complaining?

I'm not complaining. I had to do exactly 3 steps to get my server upgraded.

mv /etc/apache2/conf/apache2.conf /etc/apache2/conf/apache2.conf.bak
cp /etc/apache2/conf/vhosts/*.conf /etc/apache2/vhosts.d
/etc/init.d/apache restart

Of course, I'm used to running servers and having things designed with modularity and upgrades in mind. My manual steps took about 30 seconds.
_________________
Ex-Gentoo Developer
Catalyst/Genkernel Development Lead
http://wolf31o2.org
Back to top
View user's profile Send private message
Danathan
Tux's lil' helper
Tux's lil' helper


Joined: 08 Mar 2004
Posts: 120

PostPosted: Mon Sep 26, 2005 8:53 pm    Post subject: Reply with quote

I didn't try this, but couldn't you just combine your old apache2.conf and commonapache.conf into a single file, use that as your httpd, and then remove the one include call to commonapache.conf? I didn't do that, but it seems like it ought to work. (Also, I had to move my vhosts.d directory and change the shell scripts that generate vhost configs...)

Didn't like the upgrade at all, and it felt particularly nasty that it coincided with a security update, but that's life, I suppose.
Back to top
View user's profile Send private message
wolf31o2
Retired Dev
Retired Dev


Joined: 31 Jan 2003
Posts: 628
Location: Mountain View, CA

PostPosted: Mon Sep 26, 2005 8:55 pm    Post subject: Reply with quote

Danathan wrote:
Didn't like the upgrade at all, and it felt particularly nasty that it coincided with a security update, but that's life, I suppose.

I think this was the real root of the problem.
_________________
Ex-Gentoo Developer
Catalyst/Genkernel Development Lead
http://wolf31o2.org
Back to top
View user's profile Send private message
arcterex
Tux's lil' helper
Tux's lil' helper


Joined: 30 Sep 2002
Posts: 109

PostPosted: Mon Sep 26, 2005 9:11 pm    Post subject: Reply with quote

My ideas on how to do this gracefully:
- ensure that all mod_* packages work with the new apache class. As of a couple of days ago the mod_perl package still didn't use the modules.d directory properly, as noted in bug 77551.
- ensure all those modules get version bumps so that they are rebuilt when apache is updated
- attempt to migrate configuration automatically... ie: copying vhosts/* to vhosts.d/, grepping values out of the apache.conf and commonapache.conf to put into the new httpd.conf, etc. Hard work, however it's the little tweaks that were the PITA (ie: resetting includes to look at .html as well as .shtml) to track down
- some way of having the new apache work with the old configuration until the user goes in and moves files around. This means that we get the security update and don't have to futz around with configurations that we may not have been prepared to do (not everyone has a setup that just copying vhosts/* to vhosts.d/ will make work).
- leave some way of backing-out easily so that if something breaks horribly users can revert easily to the previous version (other than rebuilding apache version N-1)
- email to the gentoo-announce list about major apache config changes, (maybe you did and I just never saw anything)
My $0.02.

I'm glad that the changes have been made, the new setup looks far saner than apache-extra-modules and modules and all that crap, it was a PITA to find that out and have to and migrate settings though.
Back to top
View user's profile Send private message
HeXiLeD
Veteran
Veteran


Joined: 20 Aug 2005
Posts: 1159
Location: Online

PostPosted: Mon Sep 26, 2005 9:21 pm    Post subject: Reply with quote

i must say that i prefer this standard configuration way .
i was looking for it a long time ago.
Sure i lost some hair... but im happy now :)
In general things are easier to do now.

To the devs:
Thanks for the long time wanted update
5 stars
_________________
Do you hear the sound of inevitability?
With age, comes great grumpiness and that, was 20 years ago...

CertFP: becbbd161d5a5c31de3c45171b77bf710911db29 / d985d21f89fe2977b593c4d381a1a86802e62990d9328d893db76d59f9935244
Back to top
View user's profile Send private message
orick
n00b
n00b


Joined: 08 May 2003
Posts: 46
Location: Chile

PostPosted: Mon Sep 26, 2005 9:32 pm    Post subject: Reply with quote

Well, for me it wasn't that bad, as I read the announcements before. Some work, yes, to update the httpd.conf with all the changes I had made to the apache2.conf and commonapache.conf. I didn't like this separation anyway, so it was for the better, on my taste.

The only atendable critic, on my opinion, is that it apparently overwrote files in /etc/apache2. Did it really happen to someone? I wasn't affected, though, and anyway copied all that directory, just in case, to somewhere else. If CONFIG_PROTECT would have been honoured, overwriting shouldn't have happened.

By the way, I never had stability problems with gentoo.
_________________
Olivier
Back to top
View user's profile Send private message
tornamodo
Apprentice
Apprentice


Joined: 12 Aug 2005
Posts: 185

PostPosted: Mon Sep 26, 2005 9:46 pm    Post subject: Reply with quote

i'm really surprised there are admins out there which

1. Don't read news related to their os/server
2. Don't read the output of the updates they make (emerge)
3. Don't want to have a look what files the update want to change (use dispatch-conf instead of etc-update!)

Don't you complaining admins want to know whats going on if you do something?
I mean honestly - at least you missed 1 warning!

There are many infos spread around - just open your eyes when doing something important like upgrading your server.
_________________
1. Docs | 2. Gentoo-Wiki | 3. Search the Forum | 4. Post


Last edited by tornamodo on Mon Sep 26, 2005 9:47 pm; edited 1 time in total
Back to top
View user's profile Send private message
trasila
n00b
n00b


Joined: 26 Sep 2005
Posts: 1

PostPosted: Mon Sep 26, 2005 9:47 pm    Post subject: How about stable unstable testing Reply with quote

I am also runnig multiple servers in production use under Gentoo. The one thing I always do before installing software is testing on some other machine. For I love Gentoo I have to say you cannot rely on it before testing. I dont mean that there are problems on stability. Installing new software is the problem. I have also faced problems with Apache and couple of other pieces of software witch has caused me little bit of downtime.

Well I know there are masks. but does anyone of you think there is a possibility to provide "stable" version of gentoo. Because if there is Gentoo would be the distro of my and many others choise to all the kinds of usage.
Back to top
View user's profile Send private message
halfgaar
l33t
l33t


Joined: 22 Feb 2004
Posts: 781
Location: Netherlands

PostPosted: Mon Sep 26, 2005 9:58 pm    Post subject: Reply with quote

Quote:
Well I know there are masks....


About that. I've decided some time ago (after breaking courier-imap and openldap with every upgrade) that I will only update some of my world packages of which I want the newest version, like firefox. I don't even like to update deps, because I don't use the _deps_, I use the primary package. As long as the package I really need, works. As for --deep, I hope I can forget this feature...

Anyway, my problem: ebuilds and distfiles dissapear too quickly. When you don't update a package relativly often, you end up with a version which is no longer being supported. Re-compling for whatever reason is not posible anymore when this happens. This happened to my with lm_sensors a while back. I was content to work with a certain version, and an update would cause breakage, so I masked the newer version. But then, it dissappeared out of portage :( Why is the retention time so short?

BTW, reconfiguring apache was quite troublesome for me. Getting my directory listing permissions for both port 80 and 443 vhosts was quite some finding-out, how to do it. Edit: but I was prepared, I read the GWN every week. Has nice tips as well :). Any gentoo user should read it, in my opinion. That said, I don't blame anyone for apache. I knew it was coming, so I postponed it until I had time.


Last edited by halfgaar on Mon Sep 26, 2005 10:58 pm; edited 1 time in total
Back to top
View user's profile Send private message
imotlaw
n00b
n00b


Joined: 25 May 2005
Posts: 38
Location: Washington DC Area

PostPosted: Mon Sep 26, 2005 10:28 pm    Post subject: Reply with quote

The comments we're getting here make things pretty clear. The situation is this: Gentoo is for people with enough mental capacity to learn. Learn how to configure your package masks and unmasks, learn what portage is and what it does, learn how to use portage, learn how to read documentation, learn to find out what an upgrade will do before you install it, just learn. Almost every complaint on this thread (with a few exceptions; to those few who've posted with reasonable complaints, this doesn't apply to you) shares one or more of the following features:

1) The poster hasn't a clue what the Gentoo distribution is about.
2) The poster hasn't a clue how portage works. (this one really gets me; when I was ten it made sense for me to say "the game cheated" when I lost during Ninja Gaiden; now, I just say "oh, I used the wrong buttons". Since this analogy will be too subtle for the people this post is aimed at, try this one: if you typed "rm -rf /*" while root, how stupid would you sound complaining "why didn't anyone warn me that this command was bad? It shouldn't be allowed! Change rm!"?)
3) The poster doesn't understand that not being an idiot is a prerequisite to being able to maintain a working system.

A lot of people can be taught to use a computer, even taught to do such magical things as "run a Linux machine" and "compile programs" and "type commands that I've seen typed before", but it takes a little more to be able to think past "monkey see, monkey do".

In summary, the complainers (with some noticeable exceptions) need to find an OS which will do exactly what they've been asking for Gentoo to do (i.e. coddle them, give them hugs, be Windows) and stop posting on forums which they didn't bother to read before (and, judging by their comments, possibly even after) they started mucking about with the soft under-belly of their computer's software.

Do I seem harsh? No, I'm really not. It's reality that's harsh, and you've just never noticed before.
Back to top
View user's profile Send private message
halfgaar
l33t
l33t


Joined: 22 Feb 2004
Posts: 781
Location: Netherlands

PostPosted: Mon Sep 26, 2005 10:57 pm    Post subject: Reply with quote

(off-topic post, just had to mention it...)

Quote:
this one really gets me; when I was ten it made sense for me to say "the game cheated" when I lost during Ninja Gaiden


Well, you know, games do :). I made Starcraft maps with the highest possible difficulty setting. A friend and me like a challenge (us against 5 of those computers, set to "insane"). In a replay, I noticed that they _do_ cheat. They get whole lots of money when their money-counter reaches zero...

We can do it BTW, win :). Almost won against 6 of them :)
Back to top
View user's profile Send private message
imotlaw
n00b
n00b


Joined: 25 May 2005
Posts: 38
Location: Washington DC Area

PostPosted: Mon Sep 26, 2005 11:12 pm    Post subject: Reply with quote

They do? Well, there goes my analogy ;) I can hear my inner child screaming "I told you they cheated!"
Back to top
View user's profile Send private message
cynyr
n00b
n00b


Joined: 24 Feb 2005
Posts: 21

PostPosted: Mon Sep 26, 2005 11:42 pm    Post subject: Reply with quote

asv wrote:
Monkeh wrote:

Plus, it doesn't take hours to fix, nor does it require 'manual configuration just to be operational'. .


Do you have to manually edit apache configuration files after the upgrade in order for apache to run? Yes!

While most of you may have machines with a handful of domains, a configuration with many domains and custom settings takes awhile to get back online. As I've said before its not a question of notice or warning. Its a question of pushing an update that breaks all existing apache configurations without an automated solution.


umm if you were using it on a server why did you upgrade with out knowing what it would do or the amount of downtime you would experiance, /etc/portage/package.mask is your friend. and last i knew there was no reason for the service to ever be down... there is a way to have apache soft restart that as old threads die they are replaced with the new one... so it means that you had to spend like 30-45 minutes, of admin on your linux server this week
Back to top
View user's profile Send private message
chammer
n00b
n00b


Joined: 19 May 2003
Posts: 43
Location: Newport News, VA

PostPosted: Tue Sep 27, 2005 12:32 am    Post subject: Reply with quote

just thought i'd add my two cents.

i really dont have to worry about this idiocy much. i have compiled apache by hand, and written my configs for apache by hand for the past several years. the main reason being so that i know what its doing, when its doing it, and why. ever since i first saw the way gentoo handled apache i pretty much moved gentoo itself as the top reason why compiling apache by hand is your best bet. every other server daemon, no issues at all. very very sane layout. why must apache be so difficult for you to standardize into a semi-sane layout? why must i edit 20 config files to bring up one bloody site?

i thought i'd be immune to this, as the *only* machine i have running a portage version of apache is here locally in my house doing only two things. serving a fairly static mrtg page (with an ssi to include output from 'uptime'), and to serve nagios's web interface. however, after the upgrade i soon found my self at a loss for words as i had to re-add Options Includes only to find /etc/init.d/apache2 start not work saying that line was invalid. excuse me? whatever...i dont really need this drama, but i do need the site up. so with some breaking of gentoo files (ie: fixing them proper), i get the site back up as it was. weee fun!

gentoo: here's a clue, the best layout for apache is still /usr/local/apache/*

etc/httdpd.conf
etc/vhosts/somedomain.com
...and so on

bin/httpd
bin/apachectl
...and so on

modules/mod_rewrite.so
modules/mod_perl.so
...and so on

etc, etc, etc.

add a simple init.d script to start/stop using apachectl and its just that easy. (local.start/local.stop work great too).

over complication leads to broken systems. broken systems lead to angered admins. angered admins lead to flame wars. flame wars lead to...more flame wars!

anyways, just my two cents...im not angry. just knowledgable enough not to let portage handle my crown jewel. ;)
_________________
http://www.thezengarden.net
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlbxq' |dc
Back to top
View user's profile Send private message
CornedBee
n00b
n00b


Joined: 01 Oct 2003
Posts: 28
Location: Vienna, Austria

PostPosted: Tue Sep 27, 2005 1:27 am    Post subject: Reply with quote

I do have to wonder ... did anything inherent to the new Apache compile break the old config files? Wasn't it merely the new init.d and conf.d files that required the new config files?

In other words, if you emerge r30, but don't replace init.d and conf.d files, would Apache start with the old config? I'm pretty sure it would.

Had to bring this up, because some people complained that merging r30 and not updating configs breaks the system - I don't think so.
_________________
All the buzzt :roll:
CornedBee
Back to top
View user's profile Send private message
robbat2
Developer
Developer


Joined: 19 Feb 2003
Posts: 82

PostPosted: Tue Sep 27, 2005 6:30 am    Post subject: Reply with quote

j79zlr wrote:
This is why you should use a production OS for a production job, e.g. FreeBSD. I would never run a proction server with Gentoo, it just breaks too frequently, portage commits are not tested, and when they break, there is rarely a message, its just fixed without any notification. Half the time I have a compile error, I just wait a couple hours and resync, hmm error mysteriously fixed. This rarely happens with FreeBSD, ports are actually tested before commits, a practice that should be adopted, and no silly hard masked, soft masked crap. Tested, stable, committed.


I agree that Gentoo 'stable arch' isn't as stable as FreeBSD stable arch, but we try to be a lot faster moving.
For comparision of breakage, just how much do you run -CURRENT and not read the NEWS file? I've had at least handful of situations over the last year on a FreeBSD -CURRENT box where not reading the NEWS file would have borked my box.
Back to top
View user's profile Send private message
j79zlr
Apprentice
Apprentice


Joined: 05 Dec 2004
Posts: 235
Location: Chicago, IL

PostPosted: Tue Sep 27, 2005 6:56 am    Post subject: Reply with quote

Who would run -CURRENT for a production server? If gentoo could adapt a /usr/ports/UPDATING style file, then these kinds of messages would be avoided, in theory atleast. While I agree that that anyone running a server, who updates the world without either testing, or reading up on a upgrade to apache is nuts. OTOH, if major changes could be outlined along with the procedures to remedy them, e.g. /usr/ports/UPDATING, it would make this process even easier.

In my experiences, things do not break in FreeBSD at nearly the rate they do in Gentoo, they just don't. The ports tree is definitely faster moving if you compare to the fully stable portage branch. They sit in there with a soft mask for ever before being released to stable, there needs to be some middle ground. Test it, let it sit masked for a couple days, no breakages, unmask it.

I haven't had any issues running FreeBSD 5-STABLE through 6-beta over the last few years on my bsd desktop, I haven't ran a server here in a while though, since 1) my old PC I was running my apache2, php5, mysql, qmail, proftp server on died, and 2) I switched from DSL to cable which doesn't allow me to run a server.
Back to top
View user's profile Send private message
frilled
Retired Dev
Retired Dev


Joined: 15 Mar 2004
Posts: 386
Location: Atlantis, inner city ring

PostPosted: Tue Sep 27, 2005 6:57 am    Post subject: Reply with quote

lokey wrote:
Ok.. I'll be honest, it wasn't on a production server. Its a pseudo-development server where the customers realize that its gentoo and are cool with the system not being rock solid. You would have to be out of your mind to run gentoo on a production server.


Very subtle comment. Thank you.

I do run gentoo production servers (for about 2 years now). And I don't feel out of my mind.

I admit I was angry about the Apache change, too. Very. But the mistake was made long ago when Apache was laid out so much different than on other distros.
_________________
"Failure is not an option!"
"Sir, we are out of further options."
Back to top
View user's profile Send private message
kar1181
n00b
n00b


Joined: 11 Jul 2005
Posts: 18
Location: Watford, UK

PostPosted: Tue Sep 27, 2005 7:15 am    Post subject: Reply with quote

I got bitten pretty bad by the bunch of updates, despite knowing it was coming (I got to this thread via a link in the newsletter).

Now that the pain is over and my server is operational again I can think a little more rationally.

I run gentoo on my laptop as a development machine, much to the derision of my colleagues all running debian. Normally though, I'm the one having a laugh as they trudge trying to upgrade to packages that are anyway modern to use new libraries.

But I lost a good half day with these apache updates. The initial basic update was okay, just merging my old common apache config and moving the vhosts over. What killed me was the ssl stuff. Https failed outright, it just plain didn't work. The informative apache error_log message 'unrecognised request method 0x57 0x78 ... (unintelligible hex string) was not exactly helpful. From what I could see there was no _obvious_ documentation about the problem. Thankfully, a day later, there was a helpful thread in the portage/programming forums explaining an extra -DSSL_DEFAULT_VHOST needed to be set in the apache2 file in conf.d.

That's the bad news. The good news is now my apache configuations resemble those of my colleagues. We all need to test on very similar environments so when they make changes to their config, it's often a pain for me to work out how to mirror it with my (old apache2) config environment.

So there are definitely pluses and minuses here.

I think it was the right decision on the part of the developers to make this change, perhaps though this might be a learning experience though, and better communication / release mechanism determined for future changes that can break otherwise stable operating environments.

At the end of the day portage is what makes gentoo great imho. But with all powerful features, you need to be properly careful in how it is used.

My 2p anyway.
Back to top
View user's profile Send private message
martinhudec
n00b
n00b


Joined: 03 Oct 2003
Posts: 5
Location: Bratislava

PostPosted: Tue Sep 27, 2005 8:04 am    Post subject: Reply with quote

asv wrote:
loki99 wrote:
You two guys should rather read the GWN or the gentoo dev mailing list (where it has been discussed for a couple of months!)

What else should they do? Send you a personal email?


I love how people are trying to justify this move by saying "oh read the mailing list" or the newletter, or my favorite "its a community distro." Its not a question of notification, its a question having .xx upgrade that requires a bunch of manual configuration just to be operational. Its completely insane!


Loki99 is correct. Was there information about major ongoing changes in Apache? Yes there was. This is purely your failure to asses what exactly does an upgrade process need! I am thouroughly checking everything about possible outcomes of any upgrade I am doing! Please do not feel offended. But to blame gentoo developers is not in place in this case.
Back to top
View user's profile Send private message
zark
n00b
n00b


Joined: 27 Mar 2004
Posts: 74
Location: Belgium

PostPosted: Tue Sep 27, 2005 8:07 am    Post subject: Reply with quote

this is partly off topic .... but does anyone know a small webserver (something like a perl script or a small bin) that would just send out the same html file regardless of url

so i can launch it so that so it sends a "server maintenance" page ?
Back to top
View user's profile Send private message
lokey
n00b
n00b


Joined: 30 Aug 2004
Posts: 33

PostPosted: Tue Sep 27, 2005 11:01 am    Post subject: Reply with quote

Well, I've managed to get over the fact that portage broke the cardinal "understood" rule of a package management system.

Maybe we can have a use flag called "LET_THE_DEVELOPERS_DECIDE_WHATS_BEST_FOR_ME" and be done with this whole argument.

Whatever. There seems to be bigger problems with gentoo as a whole.. as running emerge --update --deep world is apparently not sufficient to keep your system updated and secure.


https://bugs.gentoo.org/show_bug.cgi?id=96088
https://forums.gentoo.org/viewtopic-t-384996-highlight-.html
Back to top
View user's profile Send private message
Kloeri
Retired Dev
Retired Dev


Joined: 02 Sep 2002
Posts: 144

PostPosted: Tue Sep 27, 2005 2:10 pm    Post subject: Reply with quote

lokey wrote:
Whatever. There seems to be bigger problems with gentoo as a whole.. as running emerge --update --deep world is apparently not sufficient to keep your system updated and secure.

Add some good sysadmin skills and procedures and you should be fine - of course that would include paying attention to different communication channels like mailinglists etc. that lets you know about important changes and updates and of course the all important testing on non-production boxes.

Failing that will get you into trouble no matter which distribution or operating system you use.
Back to top
View user's profile Send private message
RSnow
n00b
n00b


Joined: 26 Jul 2002
Posts: 23

PostPosted: Tue Sep 27, 2005 2:28 pm    Post subject: Reply with quote

To read these posts attempting to make people feel inadequate and somehow LESS of an admin because of getting caught with their pants down on an upgrade is the most ridicules thing I have ever seen. How anyone can justify not having an extremely visible warning before this update within portage itself, I cannot fathom. Not everyone that loves gentoo and it's flexibility reads newsletters and mailing lists before each emerge. Not everyone comes to the forums. 99.9% of the time, something like this is a complete non-issue. So instead of being reactive and defensive this should be met with more consideration and a proactive approach should be taken to remedy this situation in the future. Why not have a team outlook, instead of standing around saying someone isn't a good system admin because they don't lurk on the forums all day and read press releases?
Back to top
View user's profile Send private message
Kloeri
Retired Dev
Retired Dev


Joined: 02 Sep 2002
Posts: 144

PostPosted: Tue Sep 27, 2005 3:04 pm    Post subject: Reply with quote

RSnow wrote:
To read these posts attempting to make people feel inadequate and somehow LESS of an admin because of getting caught with their pants down on an upgrade is the most ridicules thing I have ever seen.

I'm sorry but I think you misunderstand what's going on here. I'm not personally trying to ridicule anybody but not paying any attention makes a rather bad sysadmin IMO.

We've been shouting at the top of our lungs for almost a year now about these changes and there's a very clear warning in the ebuild as well. If somebody completely disregards all this information that's their choice. But that doesn't mean you're a good sysadmin and personally I'd fire any sysadmin caring so little for the companies servers and/or data.
Back to top
View user's profile Send private message
Display posts from previous:   
This topic is locked: you cannot edit posts or make replies.    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Goto page Previous  1, 2, 3, 4 ... 9, 10, 11  Next
Page 3 of 11

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum