ChrisDev's picture
ChrisDev - Tue, 2013/07/16 - 17:04

Hi,

Can you confirm if a recent apache update was applied to all appliances? (last 2 days)

Reason for asking is my HTTPS access on the appliance stopped working recently, and when troubleshooting noticed that apache would not start, complaining that "SSLLog" directive was no longer supported.  Once commented out of the config file, apache started no problem.

Just trying to get to the bottom of the issue/downtime.

Thanks,

Chris

Forum: 
Support
Tags: 
apache
bug
Jeremy Davis's picture

Jeremy Davis - Tue, 2013/07/16 - 17:52

Although I don't know for sure and reading what you've posted perhaps...!

Although unless you manually installed updates then the only installs should have been from the security repo. And the only package there is apache2_2.2.16-6+squeeze11 - dated 3rd March...

ChrisDev's picture

ChrisDev - Tue, 2013/07/16 - 19:01

I've certainly not done any manual updating so could only assume it was your change. Thanks for the info anyway, can't see anyone else moaning and you would think there would be :)

Alon Swartz's picture

Alon Swartz - Wed, 2013/07/17 - 15:02

This thread might be related. Can you run the following command and post the output:

apt-cache policy apache2

It should look something like this:

# apt-cache policy apache2
apache2:
  Installed: 2.2.16-6+squeeze11
  Candidate: 2.2.16-6+squeeze11
  Version table:
 *** 2.2.16-6+squeeze11 0
        500 http://security.debian.org/ squeeze/updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2.2.16-6+squeeze10 0
        500 http://cdn.debian.net/debian/ squeeze/main amd64 Packages

ChrisDev's picture

ChrisDev - Thu, 2013/07/18 - 11:50

The downtime started at around the same time.

Output from that command seems to suggest I'm not as uptodate as you expect..?

 

# apt-cache policy apache2

apache2:

  Installed: 2.2.14-5ubuntu8.12

  Candidate: 2.2.14-5ubuntu8.12

  Version table:

 *** 2.2.14-5ubuntu8.12 0

        500 http://eu-west-1.archive.ubuntu.com/ubuntu/ lucid-security/main Packages

        500 http://eu-west-1.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages

        100 /var/lib/dpkg/status

     2.2.14-5ubuntu8 0

        500 http://eu-west-1.archive.ubuntu.com/ubuntu/ lucid/main Packages
Jeremy Davis's picture

Jeremy Davis - Fri, 2013/07/19 - 03:54

It looks like you are running an Ubuntu based appliance... An old v11.x version of TKL!? Does that sound right? If so then first step I would recommend would be to upgrade to the current version (using TKLBAM to transfer to a new instance - don't kill the old one until the new one is tested to be working correctly...)

ChrisDev's picture

ChrisDev - Fri, 2013/07/19 - 11:43

..I've not had to do any maintenance since it was first installed (which is great) but I should upgrade in due course, but it doesn't explain the apache downtime.

Will the Ubuntu appliances go end of support any time soon?  What's my motivation for moving to the current version?

Jeremy Davis's picture

Jeremy Davis - Sun, 2013/07/21 - 06:16

And no support does not run out soon. From your previous post it seems like you have TKL version 11.x which was based on Ubuntu Lucid / 10.04. It will receive security support (from Canonical) until (April?) 2015.

But IMO Ubuntu is not as stable as Debian, more prone to buggy updates. TBH that is somewhat personal bias, but at least somewhat shared by the devs (hence their choice to change base to Debian). Also not all packages even get security updates in the first place in Ubuntu (all packages in the Debian repos are supported with security backports). Assuming you don't have anything but very 'mainstream' packages installed on your v11 server, then you are probably ok...

So personally I'd update 

[update] To check the likelihood of having 'non-mainstream' packages, have a look at your souces.list(s) (they'll be /etc/apt/sources.list and/or any list files in /etc/apt/sources.list.d/). If there are only the TKL repo and the Ubuntu 'main' repo enabled then you should be fine (disabled repos will have a '#' at the start of the line). This is not guaranteed (as alternative repos may have been enabled, software installed and then disabled again) and I'm not sure how you can check but it will at least give you an indication...

Also FWIW there is a precedent for buggy Ubuntu security updates (such as what you seem to have encountered) making it into the repo. I recall a number of years ago a buggy Ubuntu MySQL security update made MySQL crash and refuse to restart. There was also a buggy Ubuntu cron update which crashed cron and stopped the auto install of any security updates. A fix for the cron bug was released within hours but it  required manual installation and restarting of cron... As I mentioned above I think that this was part of the rationale for TKL moving to a Debian base...

Add new comment