Hi all, I am trying to work out the best way to solve something that does not get configured correctly with puppetlabs-apache.
using puppetlabs-apache and WSGI defaults, it places the wsgi socket into the default location according to: http://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGISocketPrefix Which is $logroot "/var/log/httpd" in the case for CentOS. $logroot is not handled specifically by the module and gets installed via the RPM [root@api02 ~]# rpm -qpl httpd-2.2.15-29.el6.centos.x86_64.rpm | grep /var/log /var/log/httpd with the following perms: [openstack@api02 ~]# ls -al /var/log/httpd total 8 drwx------. 2 root root 4096 Apr 2 14:46 . drwxr-xr-x. 8 root root 4096 Apr 2 14:46 .. srwx------. 1 apache root 0 Apr 2 14:46 wsgi.11431.0.1.sock Other httpd processes run as the user $user (apache) and thus get access denied to the socket, or rather the directory containing the socket. (13)Permission denied: mod_wsgi (pid=11435): Unable to connect to WSGI daemon process 'keystone' on '/etc/httpd/logs/wsgi.11431.0.1.sock' after multiple attempts. This also seems to be specific to RedHat as Ubuntu seems to handle this ok, but it is not in the defaults as outlined in the official doco: openstack@api04:~$ ls -al /run/apache2 total 0 drwxr-xr-x 2 root root 80 Apr 2 10:53 . drwxr-xr-x 16 root root 620 Apr 2 15:07 .. srwx------ 1 www-data root 0 Apr 2 10:53 cgisock.1078 srwx------ 1 www-data root 0 Apr 2 10:53 wsgi.1078.0.1.sock This is the defaults as there is nothing in the /etc/apache2/mods-available/wsgi.conf file explicitly for the socket location. They must use a different compile time option. So I don't need to fix Ubuntu. Another annoying thing is that the location seems to be hard coded in, because if you change $logroot, it still seems to place the socket in /var/log/httpd, and all logs go elsewhere. What is the best way to handle this? Here is some possibilities: 1. In in ::apache::mod::wsgi create new defaults for the WSGISocketPrefix and move it to something like /var/run/wgsi; this is the most complete way as changes to $logroot will not leave the socket high and dry 2. Assuming that /var/log/httpd will always be there via the RPM, change owner directly in init.pp Given that Ubuntu needs no changes I am looking for something that has the least impact to the puppetlabs-apache module. Option 2 seems to fit the bill and only requires the following in init.pp: if $osfamily == "RedHat" { # Set correct ownership for default WSGI socket location file { '/var/log/httpd': ensure => directory, owner => $user, require => Package['httpd'], } } Thoughts? My commit is located here: https://github.com/clarkadamp/puppetlabs-apache/compare/puppetlabs:master...master Adam -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a018184e-66d6-460f-a1ae-c74151945a59%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
