Re: [PATCH] simplified apachectl that passes through options to httpd
Cliff Woolley [EMAIL PROTECTED] writes: On 23 May 2002, Jeff Trawick wrote: Existing apachectl keywords are still supported for now (except for some alternate spellings of startssl -- whats up with that stuff?). I always assumed it was for Apache-SSL compatibility. Ben? google finds lots of hits for sslstart. The only hits for start-SSL I see so far are from the apachectl usage message. I've added support back in for the alternate spellings for the time being: sslstart|start-SSL) $HTTPD -k startssl ERROR=$? ;; (well, I'm calling anything but startssl an alternate spelling; I dunno what came first, but it is -k startssl which httpd supports) -- Jeff Trawick | [EMAIL PROTECTED] Born in Roswell... married an alien...
Re: [PATCH] simplified apachectl that passes through options to httpd
At 06:20 AM 5/24/2002, you wrote: Cliff Woolley [EMAIL PROTECTED] writes: On 23 May 2002, Jeff Trawick wrote: Existing apachectl keywords are still supported for now (except for some alternate spellings of startssl -- whats up with that stuff?). sslstart|start-SSL) $HTTPD -k startssl ERROR=$? ;; (well, I'm calling anything but startssl an alternate spelling; I dunno what came first, but it is -k startssl which httpd supports) Can I ask WHY? -k has never supported anything but start/stop/restart and has always required a seperate -D SSL argument on Win32. I see the advantage of a simple apachectl doit verb that includes ssl. However, overloading -k start -D SSL with -k startssl seems outright silly. We can't argue back-compat here, -k didn't exist before. Not that win32 was complete... -k stop should probably stop-graceful while -k shutdown on win32 should probably slam it all down fast. Likewise we should probably be adding -k graceful for what we do today with -k restart, and let -k restart to hard shutdowns of open connections. This is similar to the -X debate, with one huge exception. -X has been around for a very long time :-) Bill
Re: [PATCH] simplified apachectl that passes through options to httpd
Cliff Woolley wrote: On 23 May 2002, Jeff Trawick wrote: Existing apachectl keywords are still supported for now (except for some alternate spellings of startssl -- whats up with that stuff?). I always assumed it was for Apache-SSL compatibility. Ben? Apache-SSL always has SSL (surprise!), so just plain start suffices. Cheers, Ben.
Re: [PATCH] simplified apachectl that passes through options to httpd
William A. Rowe, Jr. [EMAIL PROTECTED] writes: At 06:20 AM 5/24/2002, you wrote: Cliff Woolley [EMAIL PROTECTED] writes: On 23 May 2002, Jeff Trawick wrote: Existing apachectl keywords are still supported for now (except for some alternate spellings of startssl -- whats up with that stuff?). sslstart|start-SSL) $HTTPD -k startssl ERROR=$? ;; (well, I'm calling anything but startssl an alternate spelling; I dunno what came first, but it is -k startssl which httpd supports) Can I ask WHY? -k has never supported anything but start/stop/restart and has always required a seperate -D SSL argument on Win32. I see the advantage of a simple apachectl doit verb that includes ssl. However, overloading -k start -D SSL with -k startssl seems outright silly. We can't argue back-compat here, -k didn't exist before. I think that this is your main point (please confirm): don't support httpd -k startssl, and instead force the user (or apachectl) to run httpd -k startssl -DSSL One issue that may affect your opinion: historic apachectl verbs are to be considered deprecated; the vision is that apachectl is just a wrapper script whose user interface is the same as httpd. Thinking long-term (e.g., Apache 2.1 or whatever), would you want the user to have to do httpd -k start -DSSL instead of httpd -k startssl ? -- Jeff Trawick | [EMAIL PROTECTED] Born in Roswell... married an alien...
Re: [PATCH] simplified apachectl that passes through options to httpd
Jeff Trawick wrote: I think that this is your main point (please confirm): don't support httpd -k startssl, and instead force the user (or apachectl) to run httpd -k startssl -DSSL One issue that may affect your opinion: historic apachectl verbs are to be considered deprecated; the vision is that apachectl is just a wrapper script whose user interface is the same as httpd. Thinking long-term (e.g., Apache 2.1 or whatever), would you want the user to have to do httpd -k start -DSSL But there are tons of configs out there with the IfDef SSL directives in their httpd.conf file that want/expect/require that SSL is defined -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ A society that will trade a little liberty for a little order will lose both and deserve neither - T.Jefferson
Re: [PATCH] simplified apachectl that passes through options to httpd
At 10:52 AM 5/24/2002, you wrote: William A. Rowe, Jr. [EMAIL PROTECTED] writes: Can I ask WHY? -k has never supported anything but start/stop/restart and has always required a seperate -D SSL argument on Win32. I see the advantage of a simple apachectl doit verb that includes ssl. However, overloading -k start -D SSL with -k startssl seems outright silly. We can't argue back-compat here, -k didn't exist before. I think that this is your main point (please confirm): don't support httpd -k startssl, and instead force the user (or apachectl) to run httpd -k startssl -DSSL err... still a bit redundant, httpd -k start -DSSL should suffice [I'm pretty sure that's what you ment to ask :-] One issue that may affect your opinion: historic apachectl verbs are to be considered deprecated; the vision is that apachectl is just a wrapper script whose user interface is the same as httpd. Thinking long-term (e.g., Apache 2.1 or whatever), would you want the user to have to do httpd -k start -DSSL Yes. How many other server modules [protocols especially, such as pop3 and so on] will beg the same. It's bogus. If you configure your machine for SSL, then run it as SSL already!!! Why are we trying to say you've installed and configured SSL, so now you have to turn it on explicitly everytime you start up. Which most will take as meaning I have apache2 installed, so now all I need to do is to startssl and everything will work. Either the user installs and configures SSL correctly or they don't, I still don't see a benefit in this switch. Uncommenting and Commenting Out our Include ssl.conf should suffice, no? And if a user wants to use the 'classic' mode of toggling a variable [I did so very often when testing both jserv and tomcat, used -D JSERV and -D TOMCAT for that purpose since they can never load together], then do it explicitly before we start seeing -k starttomcat patches popping up everywhere. At 10:57 AM 5/24/2002, JimJag wrote: But there are tons of configs out there with the IfDef SSL directives in their httpd.conf file that want/expect/require that SSL is defined Apache 2.0 config files? Tons of them? Really :-? Seriously, dump the IfDefine. For most cases these should really be IfModule mod_ssl.c entities instead anyways. Only the load module itself aught to be caught in an IfDefine SSL. I fail to see how setting up ssl in Apache 2.0 should differ from setting up mod_pop3, mod_mbox, mod_jk or any other module. Bill
Re: [PATCH] simplified apachectl that passes through options to httpd
On Fri, May 24, 2002 at 11:10:25AM -0500, William A. Rowe, Jr. wrote: If you configure your machine for SSL, then run it as SSL already!!! Why are we trying to say you've installed and configured SSL, so now you have to turn it on explicitly everytime you start up. Which most will take as meaning I have apache2 installed, so now all I need to do is to startssl and everything will work. Simple: We have static and dynamic modules. Static modules can't turn off their LoadModule lines, so we can't use that to turn on and off the functionality in those modules. -DSSL is the runtime switch that mod_ssl uses to enable SSL functionality. -aaron
Re: [PATCH] simplified apachectl that passes through options to httpd
On Fri, May 24, 2002 at 11:10:25AM -0500, William A. Rowe, Jr. wrote: Seriously, dump the IfDefine. For most cases these should really be IfModule mod_ssl.c entities instead anyways. Only the load module itself aught to be caught in an IfDefine SSL. I fail to see how setting up ssl in Apache 2.0 should differ from setting up mod_pop3, mod_mbox, mod_jk or any other module. I'd rather see us decouple loading of modules from enabling of modules, and then come up with a consistent way to do both. That way static modules are just implicitly loaded, DSOs can be optionally loaded with LoadModule, and it takes something else entirely to enable or disable*. *(The default could be to enable or disable, but a consistent way to override this at start-time would make it really clear to an admin how they can control this.) -aaron
Re: [PATCH] simplified apachectl that passes through options to httpd
William A. Rowe, Jr. [EMAIL PROTECTED] writes: At 10:52 AM 5/24/2002, you wrote: William A. Rowe, Jr. [EMAIL PROTECTED] writes: Can I ask WHY? -k has never supported anything but start/stop/restart and has always required a seperate -D SSL argument on Win32. I see the advantage of a simple apachectl doit verb that includes ssl. However, overloading -k start -D SSL with -k startssl seems outright silly. We can't argue back-compat here, -k didn't exist before. I think that this is your main point (please confirm): don't support httpd -k startssl, and instead force the user (or apachectl) to run httpd -k startssl -DSSL err... still a bit redundant, httpd -k start -DSSL should suffice [I'm pretty sure that's what you ment to ask :-] yep, I meant -k start -DSSL :) One issue that may affect your opinion: historic apachectl verbs are to be considered deprecated; the vision is that apachectl is just a wrapper script whose user interface is the same as httpd. Thinking long-term (e.g., Apache 2.1 or whatever), would you want the user to have to do httpd -k start -DSSL Yes. How many other server modules [protocols especially, such as pop3 and so on] will beg the same. It's bogus. If you configure your machine for SSL, then run it as SSL already!!! I'm +.6 on removing the httpd -k startssl hack already committed (my only reservation is due to my lack of interaction with the folks that actually use the startssl|sslstart thingie). Heck, I'm even fine with completely ditching the old apachectl verbs with 2.0.37 and imposing the un-onerous task on admins of converting to the httpd syntax. Once that happens the help text for httpd matches what apachectl will accept. For the moment I'll wait until I hear more opinions before deviating from the plan outlined in the original discussion. Thanks, -- Jeff Trawick | [EMAIL PROTECTED] Born in Roswell... married an alien...
Re: [PATCH] simplified apachectl that passes through options to httpd
At 11:30 AM 5/24/2002, Jeff Trawick wrote: William A. Rowe, Jr. [EMAIL PROTECTED] writes: err... still a bit redundant, httpd -k start -DSSL should suffice [I'm pretty sure that's what you ment to ask :-] yep, I meant -k start -DSSL :) One issue that may affect your opinion: historic apachectl verbs are to be considered deprecated; the vision is that apachectl is just a wrapper script whose user interface is the same as httpd. Thinking long-term (e.g., Apache 2.1 or whatever), would you want the user to have to do httpd -k start -DSSL Yes. How many other server modules [protocols especially, such as pop3 and so on] will beg the same. It's bogus. If you configure your machine for SSL, then run it as SSL already!!! I'm +.6 on removing the httpd -k startssl hack already committed (my only reservation is due to my lack of interaction with the folks that actually use the startssl|sslstart thingie). They don't [use the httpd thingie]... Heck, I'm even fine with completely ditching the old apachectl verbs with 2.0.37 and imposing the un-onerous task on admins of converting to the httpd syntax. Once that happens the help text for httpd matches what apachectl will accept. I'm not - apachectl has always been a convience thing. If we are making them change their conf to use httpd -k start without specifing -D SSL, I am still in favor of handling apachectl startssl [and all the silly flavors thereof.] I'm actually against pulling apachectl until version 2.1. Give them some time to adjust, provide some backwards compatibility for the present time. And in the meantime, don't break what apachectl already provides. Bill
Re: [PATCH] simplified apachectl that passes through options to httpd
At 11:18 AM 5/24/2002, you wrote: On Fri, May 24, 2002 at 11:10:25AM -0500, William A. Rowe, Jr. wrote: If you configure your machine for SSL, then run it as SSL already!!! Why are we trying to say you've installed and configured SSL, so now you have to turn it on explicitly everytime you start up. Which most will take as meaning I have apache2 installed, so now all I need to do is to startssl and everything will work. Simple: We have static and dynamic modules. Static modules can't turn off their LoadModule lines, so we can't use that to turn on and off the functionality in those modules. -DSSL is the runtime switch that mod_ssl uses to enable SSL functionality. That isn't a reason to create -k startssl to duplicate -k start -D SSL ...in fact, if you have a problem with not being able to disable a module in Apache2, then fix the essential problem, which is disabling modules. That was the feature 'broken' in Apache 2. And that still doesn't answer the question, why not simply; #Include conf/ssl.conf And let them uncomment it when they are good and ready. This shouldn't be a constantly toggled decision, either it's ready to run SSL or it's not. Bill
RE: [PATCH] simplified apachectl that passes through options to httpd
From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED]] At 11:18 AM 5/24/2002, you wrote: On Fri, May 24, 2002 at 11:10:25AM -0500, William A. Rowe, Jr. wrote: If you configure your machine for SSL, then run it as SSL already!!! Why are we trying to say you've installed and configured SSL, so now you have to turn it on explicitly everytime you start up. Which most will take as meaning I have apache2 installed, so now all I need to do is to startssl and everything will work. Simple: We have static and dynamic modules. Static modules can't turn off their LoadModule lines, so we can't use that to turn on and off the functionality in those modules. -DSSL is the runtime switch that mod_ssl uses to enable SSL functionality. That isn't a reason to create -k startssl to duplicate -k start -D SSL ...in fact, if you have a problem with not being able to disable a module in Apache2, then fix the essential problem, which is disabling modules. That was the feature 'broken' in Apache 2. I'm missing why that is considered broken. If you are compiling your own server, then you should only statically compile the modules that you want to use. If you are using a binary dist, then I don't know of any binary dists that use static modules instead of dynamic ones. Is there actually a case where somebody has wanted to be able to disable a module and been unable to? Ryan
Re: [PATCH] simplified apachectl that passes through options to httpd
William A. Rowe, Jr. [EMAIL PROTECTED] writes: Heck, I'm even fine with completely ditching the old apachectl verbs with 2.0.37 and imposing the un-onerous task on admins of converting to the httpd syntax. Once that happens the help text for httpd matches what apachectl will accept. I'm not - apachectl has always been a convience thing. by the way... with 2.0 on Unix, apachectl is a required thing to ensure that any environment variables (LD_LIBRARY_PATH and others) are set up properly If we are making them change their conf to use httpd -k start without specifing -D SSL, I am still in favor of handling apachectl startssl [and all the silly flavors thereof.] I'm actually against pulling apachectl until version 2.1. Give them some time to adjust, provide some backwards compatibility for the present time. And in the meantime, don't break what apachectl already provides. no plan to pull apachectl at all... the issue is when to stop mapping the old apachectl verbs onto httpd options... the user needs to know that all those options that can be passed to httpd can be passed to apachectl with no problem... the separate user interface for apachectl vs. httpd is potentially confusing... -- Jeff Trawick | [EMAIL PROTECTED] Born in Roswell... married an alien...
Re: [PATCH] simplified apachectl that passes through options to httpd
I think the old apachectl verbs should go. apachectl should source the envars and pass args unmodified to httpd. That's it. Bill - Original Message - From: Jeff Trawick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 24, 2002 1:30 PM Subject: Re: [PATCH] simplified apachectl that passes through options to httpd William A. Rowe, Jr. [EMAIL PROTECTED] writes: Heck, I'm even fine with completely ditching the old apachectl verbs with 2.0.37 and imposing the un-onerous task on admins of converting to the httpd syntax. Once that happens the help text for httpd matches what apachectl will accept. I'm not - apachectl has always been a convience thing. by the way... with 2.0 on Unix, apachectl is a required thing to ensure that any environment variables (LD_LIBRARY_PATH and others) are set up properly If we are making them change their conf to use httpd -k start without specifing -D SSL, I am still in favor of handling apachectl startssl [and all the silly flavors thereof.] I'm actually against pulling apachectl until version 2.1. Give them some time to adjust, provide some backwards compatibility for the present time. And in the meantime, don't break what apachectl already provides. no plan to pull apachectl at all... the issue is when to stop mapping the old apachectl verbs onto httpd options... the user needs to know that all those options that can be passed to httpd can be passed to apachectl with no problem... the separate user interface for apachectl vs. httpd is potentially confusing... -- Jeff Trawick | [EMAIL PROTECTED] Born in Roswell... married an alien...
Re: [PATCH] simplified apachectl that passes through options to httpd
On Fri, May 24, 2002 at 07:20:11AM -0400, Jeff Trawick wrote: google finds lots of hits for sslstart. The only hits for start-SSL I see so far are from the apachectl usage message. I've added support back in for the alternate spellings for the time being: sslstart|start-SSL) $HTTPD -k startssl ERROR=$? ;; FWIW, my intention in adding the -k feature was that the startssl would only be handled by apachectl - not by httpd itself. For startssl, apachectl would send in '-k start -DSSL'. I don't think it makes sense for httpd to recognize start-ssl (or its variants). That's something that apachectl can handle. The idea behind adding the -k feature to httpd on all platforms was that the start code was abstracted out of apachectl - not to support oddball invocation arguments. -- justin
[PATCH] simplified apachectl that passes through options to httpd
This apachectl can supposedly be used to pass anything through to httpd. Thus, we now have a wrapper script people can use to run httpd with the proper environment variables. Existing apachectl keywords are still supported for now (except for some alternate spellings of startssl -- whats up with that stuff?). Comments? Index: support/apachectl.in === RCS file: /home/cvs/httpd-2.0/support/apachectl.in,v retrieving revision 1.12 diff -u -r1.12 apachectl.in --- support/apachectl.in15 Apr 2002 00:41:25 - 1.12 +++ support/apachectl.in23 May 2002 19:23:20 - @@ -25,9 +25,6 @@ # START CONFIGURATION SECTION # # -# the path to your PID file -PIDFILE=@exp_runtimedir@/@progname@.pid -# # the path to your httpd binary, including options if necessary HTTPD='@exp_sbindir@/@progname@' # @@ -50,146 +47,28 @@ ERROR=0 if [ x$ARGV = x ] ; then -ARGS=help +ARGV=-h fi -for ARG in $ARGV $ARGS -do -# check for pidfile -if [ -f $PIDFILE ] ; then - PID=`cat $PIDFILE` - if [ x$PID != x ] kill -0 $PID 2/dev/null ; then - STATUS=@progname@ (pid $PID) running - RUNNING=1 - else - STATUS=@progname@ (pid $PID?) not running - RUNNING=0 - fi -else - STATUS=@progname@ (no pid file) not running - RUNNING=0 -fi - -case $ARG in -start) - if [ $RUNNING -eq 1 ]; then - echo $0 $ARG: @progname@ (pid $PID) already running - continue - fi - if $HTTPD ; then - echo $0 $ARG: @progname@ started - else - echo $0 $ARG: @progname@ could not be started - ERROR=3 - fi - ;; -startssl|sslstart|start-SSL) -if [ $RUNNING -eq 1 ]; then -echo $0 $ARG: @progname@ (pid $PID) already running -continue -fi -if $HTTPD -DSSL; then -echo $0 $ARG: @progname@ started -else -echo $0 $ARG: @progname@ could not be started -ERROR=3 -fi -;; -stop) - if [ $RUNNING -eq 0 ]; then - echo $0 $ARG: $STATUS - continue - fi - if kill $PID ; then - echo $0 $ARG: @progname@ stopped - else - echo $0 $ARG: @progname@ could not be stopped - ERROR=4 - fi - ;; -restart) - if [ $RUNNING -eq 0 ]; then - echo $0 $ARG: @progname@ not running, trying to start - if $HTTPD ; then - echo $0 $ARG: @progname@ started - else - echo $0 $ARG: @progname@ could not be started - ERROR=5 - fi - else - if $HTTPD -t /dev/null 21; then - if kill -HUP $PID ; then - echo $0 $ARG: @progname@ restarted - else - echo $0 $ARG: @progname@ could not be restarted - ERROR=6 - fi - else - echo $0 $ARG: configuration broken, ignoring restart - echo $0 $ARG: (run 'apachectl configtest' for details) - ERROR=6 - fi - fi - ;; -graceful) - if [ $RUNNING -eq 0 ]; then - echo $0 $ARG: @progname@ not running, trying to start - if $HTTPD ; then - echo $0 $ARG: @progname@ started - else - echo $0 $ARG: @progname@ could not be started - ERROR=5 - fi - else - if $HTTPD -t /dev/null 21; then - if kill -@AP_SIG_GRACEFUL_SHORT@ $PID ; then - echo $0 $ARG: @progname@ gracefully restarted - else - echo $0 $ARG: @progname@ could not be restarted - ERROR=7 - fi - else - echo $0 $ARG: configuration broken, ignoring restart - echo $0 $ARG: (run 'apachectl configtest' for details) - ERROR=7 - fi - fi - ;; -status) - $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } ' - ;; -fullstatus) - $LYNX $STATUSURL - ;; -configtest) - if $HTTPD -t; then - : - else - ERROR=8 - fi - ;; -*) - echo usage: $0 (start|stop|restart|fullstatus|status|graceful|configtest|help) - cat EOF - -start - start @progname@ -startssl - start @progname@ with SSL enabled -stop - stop @progname@ -restart- restart @progname@ if running by sending a SIGHUP or start if - not running -fullstatus - dump a full status screen; requires lynx and mod_status enabled -status - dump a short status screen; requires lynx and mod_status enabled -graceful - do a graceful restart by sending a