May 12, 2014

apache 2.4.9 in solaris 11 zone on sparc

Install apache 2.4.9 notes so far

This was done on a sparc zone

pkg install gcc-3
pkg install developer/assembler   
pkg install developer/build/make
export PATH=$PATH:/usr/sfw/bin

Install pcre

./configure --prefix=/opt/warwick/pcre/
make
make install

openssl

./Configure solaris-sparcv9-gcc -m32 --prefix=/opt/warwick/openssl --shared
make
make install

apr & apr util
unpack tarball in httpsource---/srclib dir and rename dirs so there's no version numbers

apache

export LD_RUN_PATH=/opt/warwick/openssl/lib
./configure --prefix=/opt/warwick/apache2/2.4.9 --enable-mods-shared=all--enable-cache -enable-cache-disk --enable-deflate --enable-file-cache --enable-cgi --enable-proxy --enable-rewrite --enable-ssl --enable-suexec --with-suexec-caller=USER --enable-exception-hook --with-ssl=/opt/warwick/openssl --with-included-apr --with-mpm=prefork --with-pcre=/opt/warwick/pcre/bin/pcre-config CC="gcc -m32" LDFLAGS=" -s"
make
make install

Tested with a self signed cert & it works.

Next to run as another user using the SMF.


Here is where I found some most excellent notes: https://blogs.oracle.com/observatory/entry/limiting_apache_s_power

1. Give USER the correct privs

pfexec usermod -K defaultpriv=basic,net_privaddr USER 

2. make USER the owner of logs and all that is in it


3. Configure the service:


# svccfg -s application/apache listprop
manifestfiles framework
manifestfiles/opt_src_war-apache249_xml astring /opt/src/war-apache249.xml
multi_user_dependency dependency
multi_user_dependency/entities fmri svc:/milestone/multi-user
multi_user_dependency/grouping astring require_all
multi_user_dependency/restart_on astring none
multi_user_dependency/type astring service
start method
start/exec astring "/opt/warwick/apache2/2.4.9/bin/apachectl start"
start/group astring USER
start/privileges astring basic,!proc_session,!proc_info,!file_link_any,net_privaddr
start/timeout_seconds count 60
start/type astring method
start/use_profile boolean false
start/user astring USER
stop method
stop/exec astring "/opt/warwick/apache2/2.4.9/bin/apachectl stop"
stop/timeout_seconds count 60
stop/type astring method
refresh method
refresh/exec astring "/opt/warwick/apache2/2.4.9/bin/apachectl graceful"
refresh/timeout_seconds count 60
refresh/type astring method
tm_common_name template
tm_common_name/C ustring
tm_description template
tm_description/C ustring

4. check one of the processes

pfexec ppriv 29316
29316: /opt/warwick/apache2/2.4.9/bin/httpd -k start
flags = <none>
E: basic,!file_link_any,net_privaddr,!proc_info,!proc_session
I: basic,!file_link_any,net_privaddr,!proc_info,!proc_session
P: basic,!file_link_any,net_privaddr,!proc_info,!proc_session
L: basic,contract_event,contract_identity,contract_observer,file_chown,file_chown_self,file_dac_execute,file_dac_read,file_dac_search,file_dac_write,file_owner,file_setid,ipc_dac_read,ipc_dac_write,ipc_owner,net_bindmlp,net_icmpaccess,net_mac_aware,net_observability,net_privaddr,net_rawaccess,proc_audit,proc_chroot,proc_lock_memory,proc_owner,proc_setid,proc_taskid,sys_acct,sys_admin,sys_audit,sys_flow_config,sys_ip_config,sys_iptun_config,sys_mount,sys_nfs,sys_ppp_config,sys_resource,sys_share
{code}

Here's the service manifest:


<?xml version="1.0" ?>
<!DOCTYPE service_bundle
SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<service_bundle type="manifest" name="application/apache">
<service version="1" type="service" name="application/apache">
<dependency restart_on="none" type="service"
name="multi_user_dependency" grouping="require_all">
<service_fmri value="svc:/milestone/multi-user"/>
</dependency>
<exec_method timeout_seconds="60" type="method" name="start"
exec="/opt/warwick/apache2/2.4.9/bin/apachectl start">
<method_context>
<method_credential user='USER' group='GROUP' privileges='basic,!proc_session,!proc_info,!file_link_any,net_privaddr'/>
</method_context>
</exec_method>
<exec_method timeout_seconds="60" type="method" name="stop"
exec="/opt/warwick/apache2/2.4.9/bin/apachectl stop"/>
<exec_method timeout_seconds="60" type="method" name="refresh"
exec="/opt/warwick/apache2/2.4.9/bin/apachectl graceful"/>
<instance enabled="true" name="default"/>
<template>
<common_name>
<loctext xml:lang="C">
<!--
Replace this comment with a short name for the
service.
-->
</loctext>
</common_name>
<description>
<loctext xml:lang="C">
<!--
Replace this comment with a brief description of
the service
-->
</loctext>
</description>
</template>
</service>
</service_bundle>

- No comments Not publicly viewable


Add a comment

You are not allowed to comment on this entry as it has restricted commenting permissions.

May 2014

Mo Tu We Th Fr Sa Su
Apr |  Today  | Jun
         1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31   

Search this blog

Tags

Galleries

Most recent comments

  • Hello, It was more for internal consumption, I will check it over and send you a version, can you em… by Maria MacCallum on this entry
  • Hello Maria, i don't see the script setup–zone.sh, can you post it ? I'am looking too for an example… by FRANCISCO on this entry
  • Solaris 11.2 returns the value of SI_MEMSIZE in Mb's now by Maria MacCallum on this entry

Blog archive

Loading…
Not signed in
Sign in

Powered by BlogBuilder
© MMXVIII