[rt-users] RT::Authen::ExternalAuth + mod_ssl = core dump
I can get RT up and running just fine using LDAP with RT::Authen::ExternalAuth. But as soon as I shut down the server and install mod_ssl, apache won't restart, segfaults. Similarly, I can install mod_ssl just fine but as soon as I install RT::Authen::ExternalAuth and add the known-working LDAP server config to RT_SiteConfig.pm, same problem. I'll be honest that I haven't debugged an apache crash for years. Since I am not even sending the SSL virtual host to RT (the DocumentRoot for the SSL host is the default apache /var/www/html) I am not sure what could be conflicting. I am happy to provide logs but the RT, and apache error logs don't seem to have anything relevant. -- RT Training - Dallas May 20-21 http://bestpractical.com/training
Re: [rt-users] RT::Authen::ExternalAuth + mod_ssl = core dump
RT 4.0.19 (because of RTIR) mod_perl RHEL 6.5 x64 Server version: Apache/2.2.15 (Unix) Server built: Aug 2 2013 08:02:15 Server's Module Magic Number: 20051115:25 Server loaded: APR 1.3.9, APR-Util 1.3.9 Compiled using: APR 1.3.9, APR-Util 1.3.9 Architecture: 64-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with -D APACHE_MPM_DIR=server/mpm/prefork -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT=/etc/httpd -D SUEXEC_BIN=/usr/sbin/suexec -D DEFAULT_PIDLOG=run/httpd.pid -D DEFAULT_SCOREBOARD=logs/apache_runtime_status -D DEFAULT_LOCKFILE=logs/accept.lock -D DEFAULT_ERRORLOG=logs/error_log -D AP_TYPES_CONFIG_FILE=conf/mime.types -D SERVER_CONFIG_FILE=conf/httpd.conf On Thu, Mar 27, 2014 at 4:30 PM, Alex Vandiver ale...@bestpractical.com wrote: On Thu, 2014-03-27 at 16:01 -0500, Dewhirst, Rob wrote: I can get RT up and running just fine using LDAP with RT::Authen::ExternalAuth. But as soon as I shut down the server and install mod_ssl, apache won't restart, segfaults. What version of RT and Apache? I presume you're running with a mod_perl deployment? - Alex -- RT Training - Dallas May 20-21 http://bestpractical.com/training -- RT Training - Dallas May 20-21 http://bestpractical.com/training
Re: [rt-users] RT::Authen::ExternalAuth + mod_ssl = core dump
This is just about as basic an RT install as you can get. everything was installed by CPAN and RPMs. I can give you instructions or if you have a place I can put a 1-2GB file I could probably just build a CentOS VM that exhibits the problem. On Thu, Mar 27, 2014 at 4:53 PM, Alex Vandiver ale...@bestpractical.com wrote: On Thu, 2014-03-27 at 16:42 -0500, Dewhirst, Rob wrote: RT 4.0.19 (because of RTIR) mod_perl Interesting; we've seen another report of this previously, but I've been unable to replicate it. It's presumably caused by a disagreement of mod_ssl with the SSL libraries that perl uses for LDAPS support -- and since mod_perl is in use, those two exist in the same process, and their disagreements lead to coredumps. We addressed a similar problem with mod_ssl and TLS connections to Postgres early in the 4.0 series. The simple work-around is to switch from mod_perl to one of the fastcgi deployment strategies, which separates the mod_ssl OpenSSL stack from perl's LDAPS OpenSSL stack, allowing them to play well together. However, I'd love to have a simple replication strategy to help track this down and fix it. How stock an RT install is this? I presume you're running with the standard Apache and mod_perl installs from RPMs? Can you provide your RT::Authen::ExternalAuth configuration? - Alex -- RT Training - Dallas May 20-21 http://bestpractical.com/training -- RT Training - Dallas May 20-21 http://bestpractical.com/training
Re: [rt-users] RT::Authen::ExternalAuth LDAPS
thanks, I should have clarified that LDAP over TLS on 389 is not an option for us. We can only do LDAPS over 636. On Tue, Mar 4, 2014 at 11:32 AM, k...@rice.edu k...@rice.edu wrote: TLS would still be over port 389 if it was being used. Regards, Ken On Tue, Mar 04, 2014 at 11:29:48AM -0600, Dewhirst, Rob wrote: I am successfully authenticating via LDAP (cleartext) over TCP 389 using RT::Authen::ExternalAuth However, once I change: Set($ExternalServiceUsesSSLorTLS,1); and in the ExternalSettings for My_LDAP: 'tls' = 1, 'ssl_version' = 3, It still authenticates (successfully) over TCP 389. I noticed someone else had a similar problem but was lacking Net::SSLeay. Not my case here (I don't see how you can use Net::LDAP without Net:SSLeay) [root@rtir-test ~]# cpan -i Net::SSLeay CPAN: Storable loaded ok (v2.20) Reading '/root/.cpan/Metadata' Database was generated on Mon, 03 Mar 2014 20:17:02 GMT CPAN: Module::CoreList loaded ok (v2.18) Net::SSLeay is up to date (1.58). [root@rtir-test ~]# I have debug logging enabled in RT, but it doesn't seem to tell me anything useful since nothing is failing. RT-Authen-ExternalAuth-0.17 -- RT Training London, March 19-20 and Dallas May 20-21 http://bestpractical.com/training
Re: [rt-users] RT::Authen::ExternalAuth LDAPS
It' always a judgement call what to post and what to leave out. I can't post the full settings, strictly speaking. 'server'= 'ldaps://server', seems to have fixed it. Thanks all. On Wed, Mar 5, 2014 at 10:22 AM, Gerald Vogt v...@spamcop.net wrote: It's always much easier to help if you post the full settings instead of some parts. Did you use ldaps in the server definition or did you add ldaps or the different port number in net_ldap_args? -Gerald On 05.03.2014 17:08, Dewhirst, Rob wrote: thanks, I should have clarified that LDAP over TLS on 389 is not an option for us. We can only do LDAPS over 636. On Tue, Mar 4, 2014 at 11:32 AM, k...@rice.edu k...@rice.edu wrote: TLS would still be over port 389 if it was being used. Regards, Ken On Tue, Mar 04, 2014 at 11:29:48AM -0600, Dewhirst, Rob wrote: I am successfully authenticating via LDAP (cleartext) over TCP 389 using RT::Authen::ExternalAuth However, once I change: Set($ExternalServiceUsesSSLorTLS,1); and in the ExternalSettings for My_LDAP: 'tls' = 1, 'ssl_version' = 3, It still authenticates (successfully) over TCP 389. I noticed someone else had a similar problem but was lacking Net::SSLeay. Not my case here (I don't see how you can use Net::LDAP without Net:SSLeay) [root@rtir-test ~]# cpan -i Net::SSLeay CPAN: Storable loaded ok (v2.20) Reading '/root/.cpan/Metadata' Database was generated on Mon, 03 Mar 2014 20:17:02 GMT CPAN: Module::CoreList loaded ok (v2.18) Net::SSLeay is up to date (1.58). [root@rtir-test ~]# I have debug logging enabled in RT, but it doesn't seem to tell me anything useful since nothing is failing. RT-Authen-ExternalAuth-0.17 -- RT Training London, March 19-20 and Dallas May 20-21 http://bestpractical.com/training -- RT Training London, March 19-20 and Dallas May 20-21 http://bestpractical.com/training
[rt-users] RT::Authen::ExternalAuth LDAPS
I am successfully authenticating via LDAP (cleartext) over TCP 389 using RT::Authen::ExternalAuth However, once I change: Set($ExternalServiceUsesSSLorTLS,1); and in the ExternalSettings for My_LDAP: 'tls' = 1, 'ssl_version' = 3, It still authenticates (successfully) over TCP 389. I noticed someone else had a similar problem but was lacking Net::SSLeay. Not my case here (I don't see how you can use Net::LDAP without Net:SSLeay) [root@rtir-test ~]# cpan -i Net::SSLeay CPAN: Storable loaded ok (v2.20) Reading '/root/.cpan/Metadata' Database was generated on Mon, 03 Mar 2014 20:17:02 GMT CPAN: Module::CoreList loaded ok (v2.18) Net::SSLeay is up to date (1.58). [root@rtir-test ~]# I have debug logging enabled in RT, but it doesn't seem to tell me anything useful since nothing is failing. RT-Authen-ExternalAuth-0.17 -- RT Training London, March 19-20 and Dallas May 20-21 http://bestpractical.com/training
[rt-users] make fixdeps error
I am starting a new install on RHEL6 and getting this error after running make fixdeps. I've already installed all dependencies via CPAN as best I can tell. I looked at the line generating the error in the script and can't easily tell what it's doing. Test Summary Report --- t/01plack-test.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/02graceful.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/03post.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/04-bumpy-life.t(Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/05server-header.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/06harakiri.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/07remote_port.t(Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/08chunked_req.t(Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/09chunked_zero_length.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output Files=10, Tests=1, 0 wallclock secs ( 0.02 usr 0.03 sys + 0.44 cusr 0.08 csys = 0.57 CPU) Result: FAIL Failed 9/10 test programs. 0/1 subtests failed. make[1]: *** [test_dynamic] Error 2 make[1]: Leaving directory `/root/.cpan/build/Starlet-0.20-Cis82r' KAZUHO/Starlet-0.20.tar.gz /usr/bin/make test -- NOT OK //hint// to see the cpan-testers results for installing this module, try: reports KAZUHO/Starlet-0.20.tar.gz Warning (usually harmless): 'YAML' not installed, will not store persistent state Running make install make test had returned bad status, won't install without force SMTP dependencies: Net::SMTP ...found USERLOGO dependencies: Convert::Color ...found Can't exec ./sbin/rt-test-dependencies: No such file or directory at ./sbin/rt-test-dependencies line 419.
Re: [rt-users] make fixdeps error
rt-4.0.17 in case that's not clear. On Thu, Aug 29, 2013 at 9:16 AM, Dewhirst, Rob robdewhi...@gmail.comwrote: I am starting a new install on RHEL6 and getting this error after running make fixdeps. I've already installed all dependencies via CPAN as best I can tell. I looked at the line generating the error in the script and can't easily tell what it's doing. Test Summary Report --- t/01plack-test.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/02graceful.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/03post.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/04-bumpy-life.t(Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/05server-header.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/06harakiri.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/07remote_port.t(Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/08chunked_req.t(Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/09chunked_zero_length.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output Files=10, Tests=1, 0 wallclock secs ( 0.02 usr 0.03 sys + 0.44 cusr 0.08 csys = 0.57 CPU) Result: FAIL Failed 9/10 test programs. 0/1 subtests failed. make[1]: *** [test_dynamic] Error 2 make[1]: Leaving directory `/root/.cpan/build/Starlet-0.20-Cis82r' KAZUHO/Starlet-0.20.tar.gz /usr/bin/make test -- NOT OK //hint// to see the cpan-testers results for installing this module, try: reports KAZUHO/Starlet-0.20.tar.gz Warning (usually harmless): 'YAML' not installed, will not store persistent state Running make install make test had returned bad status, won't install without force SMTP dependencies: Net::SMTP ...found USERLOGO dependencies: Convert::Color ...found Can't exec ./sbin/rt-test-dependencies: No such file or directory at ./sbin/rt-test-dependencies line 419.
Re: [rt-users] make fixdeps error
There's a LOT of output from this script -- how much do you need to make it useful? On Thu, Aug 29, 2013 at 9:46 AM, Ruslan Zakirov r...@bestpractical.comwrote: You've cut to much of the output. I see that script tries and fails to restart itself to get fresh environment. You can run it again yourself, but as I said it's not enough of the output to see what's wrong with Plack. On Thu, Aug 29, 2013 at 6:16 PM, Dewhirst, Rob robdewhi...@gmail.comwrote: I am starting a new install on RHEL6 and getting this error after running make fixdeps. I've already installed all dependencies via CPAN as best I can tell. I looked at the line generating the error in the script and can't easily tell what it's doing. Test Summary Report --- t/01plack-test.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/02graceful.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/03post.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/04-bumpy-life.t(Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/05server-header.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/06harakiri.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/07remote_port.t(Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/08chunked_req.t(Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output t/09chunked_zero_length.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: No plan found in TAP output Files=10, Tests=1, 0 wallclock secs ( 0.02 usr 0.03 sys + 0.44 cusr 0.08 csys = 0.57 CPU) Result: FAIL Failed 9/10 test programs. 0/1 subtests failed. make[1]: *** [test_dynamic] Error 2 make[1]: Leaving directory `/root/.cpan/build/Starlet-0.20-Cis82r' KAZUHO/Starlet-0.20.tar.gz /usr/bin/make test -- NOT OK //hint// to see the cpan-testers results for installing this module, try: reports KAZUHO/Starlet-0.20.tar.gz Warning (usually harmless): 'YAML' not installed, will not store persistent state Running make install make test had returned bad status, won't install without force SMTP dependencies: Net::SMTP ...found USERLOGO dependencies: Convert::Color ...found Can't exec ./sbin/rt-test-dependencies: No such file or directory at ./sbin/rt-test-dependencies line 419. -- Best regards, Ruslan.