Missing mutex directory after installation

[shunwen]

Just noticed that after installation the node['apache']['lock_dir'] is not created until the first time starting the apache2 service. It causes an error while installing passenger apache2 module, because that process tries to detect apache2 by running through the conf file and the missing lock folder would fail it.

I am wondering which is the better way to solve this issue -- create the folder in my own recipe, start apache2 after installation, or create the folder in this cookbook like other folders it creates in the default recipe? What do you think?

Thanks!

[shunwen]

I checked the default recipe again and it seems the apache2 service should be started at the end of the recipe. The actions are skipped due to only_if and below is the log I found. It has the same issue as the passenger-config --detect-apache2 command which fails parsing apache2.conf due to the missing Mutex directory. My suggestion would be creating that folder like others in the default recipe to fix this problem.

  * execute[a2dissite default.conf] action run       [2014-11-27T09:11:21+00:00] INFO: Processing execute[a2dissite default.conf] action run (apache2::default line 35)
        (skipped due to only_if)
       [2014-11-27T09:11:21+00:00] DEBUG: Skipping execute[a2dissite default.conf] due to only_if ruby block
  * execute[a2dissite 000-default.conf] action run       [2014-11-27T09:11:21+00:00] INFO: Processing execute[a2dissite 000-default.conf] action run (apache2::default line 35)
        (skipped due to only_if)
       [2014-11-27T09:11:21+00:00] DEBUG: Skipping execute[a2dissite 000-default.conf] due to only_if ruby block
         * service[apache2] action enable[2014-11-27T09:11:21+00:00] INFO: Processing service[apache2] action enable (apache2::default line 193)
       AH00526: Syntax error on line 11 of /etc/apache2/apache2.conf:
       Invalid Mutex directory in argument file:/var/lock/apache2
        (skipped due to only_if)
       [2014-11-27T09:11:21+00:00] DEBUG: Skipping service[apache2] due to only_if command `/usr/sbin/apache2 -t`
  * service[apache2] action start       [2014-11-27T09:11:21+00:00] INFO: Processing service[apache2] action start (apache2::default line 193)
       AH00526: Syntax error on line 11 of /etc/apache2/apache2.conf:
       Invalid Mutex directory in argument file:/var/lock/apache2
        (skipped due to only_if)
       [2014-11-27T09:11:21+00:00] DEBUG: Skipping service[apache2] due to only_if command `/usr/sbin/apache2 -t`
       [2014-11-27T09:11:21+00:00] DEBUG: Saving the current state of node apache2-ubuntu-1404
       [2014-11-27T09:11:21+00:00] DEBUG: Chef::HTTP calling Chef::HTTP::JSONInput#handle_request
       [2014-11-27T09:11:21+00:00] DEBUG: Chef::HTTP calling Chef::HTTP::JSONToModelOutput#handle_request
       [2014-11-27T09:11:21+00:00] DEBUG: Chef::HTTP calling Chef::HTTP::CookieManager#handle_request
       [2014-11-27T09:11:21+00:00] DEBUG: Chef::HTTP calling Chef::HTTP::Decompressor#handle_request
[2014-11-27T09:11:21+00:00] DEBUG: Chef::HTTP calling Chef::HTTP::Authenticator#handle_request

[svanzoest]

Which version of apache2 and on what exact platform are you seeing this?

We can definitely add a line that creates the dir, but I wonder how this relates to https://security-tracker.debian.org/tracker/CVE-2013-1048

The creation is done in the apache2ctl script and the call to apache2 -t skips that. I am curious though how come I have not ran into this myself or with the test framework.

[shunwen]

I am having this problem on ubuntu-14.04 with apache2 2.4.7-1ubuntu4.1 package, on docker with chef_zero (Here is my .kitchen.yml: https://gist.github.com/aa035e7ab1c9f7e0885c ). It seems the security issue is suggesting that apache2 package should create the lock folder with installation if I understand correctly. Here is another note I found about this issue http://log.axcoto.com/article/164442852 .

Recipe: apache2::default
  * package[apache2] action install
[2014-12-02T03:19:24+00:00] INFO: Processing package[apache2] action install (apache2::default line 20)
     - install version 2.4.7-1ubuntu4.1 of package apache2

And in the end of chef log you should be able to see the start and reload actions are skipped due to the only_if guards.

* service[apache2] action enable
       [2014-12-02T03:19:57+00:00] INFO: Processing service[apache2] action enable (apache2::default line 193)
        (skipped due to only_if)

* service[apache2] action start       [2014-12-02T03:19:57+00:00] INFO: Processing service[apache2] action start (apache2::default line 193)
        (skipped due to only_if)
       [2014-12-02T03:19:57+00:00] INFO: template[/etc/apache2/envvars] sending reload action to service[apache2] (delayed)
* service[apache2] action reload       [2014-12-02T03:19:57+00:00] INFO: Processing service[apache2] action reload (apache2::default line 193)
        (skipped due to only_if)
       [2014-12-02T03:19:57+00:00] INFO: Chef Run complete in 97.166129085 seconds

[svanzoest]

Closing based on 03bd215, please create a new ticket and reference this if you see any related issues.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.