[Pacemaker] Odd issues with apache on RHEL 7 beta

Vladislav Bogdanov bubble at hoster-ok.com
Fri Dec 27 02:05:28 EST 2013 

27.12.2013 09:45, Digimer wrote:
> On 27/12/13 01:44 AM, Vladislav Bogdanov wrote:
>> 27.12.2013 09:34, Digimer wrote:
>> ...
>>> 3. I know I mentioned this on IRC before, but I thought I should mention
>>> it here again. In the pcs CfS, it shows to set:
>>>
>>> ====
>>> <Location /server-status>
>>>     SetHandler server-status
>>>     Order deny,allow
>>>     Deny from all
>>>     Allow from 127.0.0.1
>>> </Location>
>>> ====
>>>
>>> But then in the resource setup, it says:
>>>
>>> ====
>>> pcs resource create WebSite ocf:heartbeat:apache  \
>>>        configfile=/etc/httpd/conf/httpd.conf \
>>>        statusurl="http://localhost/server-status" op monitor
>>> interval=1min
>>> ====
>>>
>>> This fails because apache will not respond to 'localhost', so you need
>>> to set 'statusurl="http://127.0.0.1/server-status" (or change the apache
>>> directive to 'Allow from localhost').
>>
>> Just a side note on this.
>> It may be caused by 'localhost' resolve default to IPv6 localhost
>> address.
> 
> In my case, this is not so. 'localhost' resolves to '127.0.0.1':
> 
> [root at an-c03n01 ~]# gethostip -d localhost
> 127.0.0.1

Hmm...
I still think that _could_ be the source (or part of it) of the issue.

Below is run on a f18 system.

$ host -a localhost.
Trying "localhost"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28983
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;localhost.                     IN      ANY

;; ANSWER SECTION:
localhost.              0       IN      A       127.0.0.1
localhost.              0       IN      AAAA    ::1


And (http_mon.sh uses wget by default):

$ wget http://localhost/
--2013-12-27 09:55:29--  http://localhost/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:80... failed: Connection refused.
Connecting to localhost (localhost)|127.0.0.1|:80... failed: Connection
refused.

It first tries IPv6.

curl (second http_mon.sh option) tries IPv6 first too:
$ curl -v http://localhost/
* About to connect() to localhost port 80 (#0)
*   Trying ::1...
* Connection refused
*   Trying 127.0.0.1...
* Connection refused
* couldn't connect to host
* Closing connection #0
curl: (7) couldn't connect to host

In your setup apache is probably listening on both localhost addresses,
thus first connection attempt succeeds and it (apache) returns 403
Forbidden, preventing wget(curl) from trying IPv4 address. If apache
listens only on 127.0.0.1 but not on ::1, then monitoring would succeed.

More information about the Pacemaker mailing list