Solved apache 2.4 + mpm_itk in FreeBSD 11-RELEASE jail -> core dump

Hello,

I'm running a FreeBSD server with about 20 web server jails for years now. I've tried this morning to upgrade from FreeBSD 10.3-RELEASE to FreeBSD 11-RELEASE on both host and jails. It went ok, except for jails that use mod_mpm_itk with Apache.

Versions used before upgrade:

apache24-2.4.29
apr-1.6.3.1.6.1
mod_php56-5.6.32
ap24-mod_mpm_itk-2.4.7_2

Versions used after upgrade:

apache24-2.4.33_1
apr-1.6.3.1.6.1_1
mod_php56-5.6.36_1
ap24-mod_mpm_itk-2.4.7_2

I've tried both packages and ports, both yield to the same result:

Apache crashes immediately at launch time when started with the same configuration than before the upgrade. It appears the crash depends on some configuration directives: those used by ITK. I've a dedicated config file for ITK where I put its directives. Some typical lines from this file:

Apache config:
<Directory /sites/foo>
        AssignUserID ldapuser1 www
</Directory>

<Directory /sites/bar>
        AssignUserID ldapuser2 www
</Directory>
...

If I replace this config file with a blank one, Apache no longer crashes, but obviously ITK is not really used.

I've had to rollback my VMware snapshot to restore access to those web sites, but eventually I'll have to perform this upgrade.

Any idea?
 
Last edited:
Which 11 release? And did you upgrade the jails too? And did you reinstall all ports/packages?
 
Sorry, I meant FreeBSD 11.2-RELEASE (GENERIC) #0

I've upgraded both host and jails, and as far as I can say I've reinstalled all ports/packages (pkg upgraded old ones and reinstalled the remaining because of the OS upgrade).
By the way I'm not super-confident about ezjail-admin for jail upgrade :/
 
I'm currently experimenting with a clone of the original VM.
I've upgraded host from 10.3-RELEASE to 11.2-RELEASE (+packages) following the same procedure as before.
I've upgraded basejail manually using those commands:
Bash:
# one:
env UNAME_r=10.3-RELEASE-p24 PAGER=/bin/cat freebsd-update -b /Sites/basejail -r 11.2-RELEASE upgrade
# and as many as necessary:
env UNAME_r=10.3-RELEASE-p24 PAGER=/bin/cat freebsd-update -b /Sites/basejail -r 11.2-RELEASE install

Those commands are crafted by ezjail-admin() (I've just added a echo() in front of lines 1027 and 1029 so that ezjail-admin() prints the commands instead of executing them).
The very last install was not ran ("Completing this upgrade requires removing old shared object files...")

Inside a test jail: no packages / ports have been upgraded and Apache+mpm-itk works flawlessly.

Following this test, I've upgraded/reinstalled every port/pkg inside the test jail.
APR and Apache require port compilation (LDAP option needed).

After re-installing everything, same result: Apache crashes at launch time:
Code:
pid 44759 (httpd), uid 0: exited on signal 11 (core dumped)

But if I run Apache manually via httpd -X it does not crash, and it works perfectly (ITK switches users accordingly, etc.)

I've tried and used ktrace to find out a little bit more about the crash, but I don't find any blatant problem in the output.

Any idea?
 
With help from the mpm-itk mailing list I've been able to find the broken part of my setup. Rebuilding the world and pkgs with debug and looking at backtrace inside httpd.core allowed me to infer there is a problem with nss_ldap. Not sure about the exact problem, but replacing nss_ldap and pam_ldap with nss-pam-ldapd allowed me to workaround the crash.

Problem solved, so far.
 
Back
Top