May 12, 2014

apache 2.4.9 in solaris 11 zone on sparc

Install apache 2.4.9 notes so far

This was done on a sparc zone

pkg install gcc-3
pkg install developer/assembler   
pkg install developer/build/make
export PATH=$PATH:/usr/sfw/bin

Install pcre

./configure --prefix=/opt/warwick/pcre/
make install


./Configure solaris-sparcv9-gcc -m32 --prefix=/opt/warwick/openssl --shared
make install

apr & apr util
unpack tarball in httpsource---/srclib dir and rename dirs so there's no version numbers


export LD_RUN_PATH=/opt/warwick/openssl/lib
./configure --prefix=/opt/warwick/apache2/2.4.9 --enable-mods-shared=all--enable-cache -enable-cache-disk --enable-deflate --enable-file-cache --enable-cgi --enable-proxy --enable-rewrite --enable-ssl --enable-suexec --with-suexec-caller=USER --enable-exception-hook --with-ssl=/opt/warwick/openssl --with-included-apr --with-mpm=prefork --with-pcre=/opt/warwick/pcre/bin/pcre-config CC="gcc -m32" LDFLAGS=" -s"
make install

Tested with a self signed cert & it works.

Next to run as another user using the SMF.

Here is where I found some most excellent notes:

1. Give USER the correct privs

pfexec usermod -K defaultpriv=basic,net_privaddr USER 

2. make USER the owner of logs and all that is in it

3. Configure the service:

# svccfg -s application/apache listprop
manifestfiles framework
manifestfiles/opt_src_war-apache249_xml astring /opt/src/war-apache249.xml
multi_user_dependency dependency
multi_user_dependency/entities fmri svc:/milestone/multi-user
multi_user_dependency/grouping astring require_all
multi_user_dependency/restart_on astring none
multi_user_dependency/type astring service
start method
start/exec astring "/opt/warwick/apache2/2.4.9/bin/apachectl start"
start/group astring USER
start/privileges astring basic,!proc_session,!proc_info,!file_link_any,net_privaddr
start/timeout_seconds count 60
start/type astring method
start/use_profile boolean false
start/user astring USER
stop method
stop/exec astring "/opt/warwick/apache2/2.4.9/bin/apachectl stop"
stop/timeout_seconds count 60
stop/type astring method
refresh method
refresh/exec astring "/opt/warwick/apache2/2.4.9/bin/apachectl graceful"
refresh/timeout_seconds count 60
refresh/type astring method
tm_common_name template
tm_common_name/C ustring
tm_description template
tm_description/C ustring

4. check one of the processes

pfexec ppriv 29316
29316: /opt/warwick/apache2/2.4.9/bin/httpd -k start
flags = <none>
E: basic,!file_link_any,net_privaddr,!proc_info,!proc_session
I: basic,!file_link_any,net_privaddr,!proc_info,!proc_session
P: basic,!file_link_any,net_privaddr,!proc_info,!proc_session
L: basic,contract_event,contract_identity,contract_observer,file_chown,file_chown_self,file_dac_execute,file_dac_read,file_dac_search,file_dac_write,file_owner,file_setid,ipc_dac_read,ipc_dac_write,ipc_owner,net_bindmlp,net_icmpaccess,net_mac_aware,net_observability,net_privaddr,net_rawaccess,proc_audit,proc_chroot,proc_lock_memory,proc_owner,proc_setid,proc_taskid,sys_acct,sys_admin,sys_audit,sys_flow_config,sys_ip_config,sys_iptun_config,sys_mount,sys_nfs,sys_ppp_config,sys_resource,sys_share

Here's the service manifest:

<?xml version="1.0" ?>
<!DOCTYPE service_bundle
SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<service_bundle type="manifest" name="application/apache">
<service version="1" type="service" name="application/apache">
<dependency restart_on="none" type="service"
name="multi_user_dependency" grouping="require_all">
<service_fmri value="svc:/milestone/multi-user"/>
<exec_method timeout_seconds="60" type="method" name="start"
exec="/opt/warwick/apache2/2.4.9/bin/apachectl start">
<method_credential user='USER' group='GROUP' privileges='basic,!proc_session,!proc_info,!file_link_any,net_privaddr'/>
<exec_method timeout_seconds="60" type="method" name="stop"
exec="/opt/warwick/apache2/2.4.9/bin/apachectl stop"/>
<exec_method timeout_seconds="60" type="method" name="refresh"
exec="/opt/warwick/apache2/2.4.9/bin/apachectl graceful"/>
<instance enabled="true" name="default"/>
<loctext xml:lang="C">
Replace this comment with a short name for the
<loctext xml:lang="C">
Replace this comment with a brief description of
the service

- One comment Not publicly viewable

  1. hello. i am from poland. i uwielbiam was!

    30 Nov 2018, 05:33

Add a comment

You are not allowed to comment on this entry as it has restricted commenting permissions.

May 2014

Mo Tu We Th Fr Sa Su
Apr |  Today  | Jun
         1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31   

Search this blog



Most recent comments

  • hello. i am from poland. i uwielbiam was! by on this entry
  • Hello, It was more for internal consumption, I will check it over and send you a version, can you em… by Maria MacCallum on this entry
  • Hello Maria, i don't see the script setup–, can you post it ? I'am looking too for an example… by FRANCISCO on this entry
  • Solaris 11.2 returns the value of SI_MEMSIZE in Mb's now by Maria MacCallum on this entry

Blog archive

Not signed in
Sign in

Powered by BlogBuilder