[opensuse] How to start apache+ssl with encrypted server key?
Hello, I am currently upgrading to opensuse-13.1 and experience a problem starting apache with an encrypted SSL server key. In older opensuse releases, I increased APACHE_START_TIMEOUT in /etc/sysconfig/apache2, and started the server manually by calling /etc/init.d/apache2 startssl But this don't seem to work anymore in 13.1. No matter how big I set the timeout, it always times out after about 90 seconds. Before the upgrade, I had to wait about 5 minutes until the passphrase prompt appeared. Here is a transcript: raven:/root # date; /etc/init.d/apache2 start; date Sat May 3 00:15:25 CEST 2014 redirecting to systemctl start apache2.service Job for apache2.service failed. See 'systemctl status apache2.service' and 'journalctl -xn' for details. Sat May 3 00:16:55 CEST 2014 It times out after 90 seconds, although I have set APACHE_START_TIMEOUT=400. With older opensuse releases, I would get a passphrase prompt after several minutes. raven:/root # journalctl -xn -- Logs begin at Fri 2014-05-02 15:48:46 CEST, end at Sat 2014-05-03 00:17:21 CEST. -- May 03 00:16:55 raven systemd[1]: apache2.service operation timed out. Terminating. May 03 00:16:55 raven systemd[1]: Failed to start The Apache Webserver. -- Subject: Unit apache2.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- Documentation: http://www.freedesktop.org/wiki/Software/systemd/catalog/be02cf6855d2428ba40... -- -- Unit apache2.service has failed. -- -- The result is failed. May 03 00:16:55 raven systemd[1]: Unit apache2.service entered failed state. raven:/root # systemctl status apache2.service apache2.service - The Apache Webserver Loaded: loaded (/usr/lib/systemd/system/apache2.service; disabled) Active: failed (Result: timeout) since Sat 2014-05-03 00:16:55 CEST; 43s ago Main PID: 21229 May 03 00:15:25 raven start_apache2[21229]: [Sat May 03 00:15:25.469059 2014] [so:warn] [pid 21229] AH01574: module ssl_module is already loaded, skipping May 03 00:16:55 raven systemd[1]: apache2.service operation timed out. Terminating. May 03 00:16:55 raven systemd[1]: Failed to start The Apache Webserver. May 03 00:16:55 raven systemd[1]: Unit apache2.service entered failed state. raven:/root # The files in /var/log/apache2/ are created, but are eempty. Any ideas how to track this down? -- Josef Wolf jw@raven.inka.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
В Sat, 3 May 2014 00:29:44 +0200 Josef Wolf <jw@raven.inka.de> пишет:
Hello,
I am currently upgrading to opensuse-13.1 and experience a problem starting apache with an encrypted SSL server key.
In older opensuse releases, I increased APACHE_START_TIMEOUT in /etc/sysconfig/apache2, and started the server manually by calling
/etc/init.d/apache2 startssl
But this don't seem to work anymore in 13.1. No matter how big I set the timeout, it always times out after about 90 seconds. Before the upgrade, I had to wait about 5 minutes until the passphrase prompt appeared.
90 seconds is the default timeout for starting services. You can change it by adding TimeoutStartSec parameter to service definition. It is possible to override it on per-service basis, e.g. using drop-ins: mkdir /etc/systemd/system/apache2.service.d echo -e '[Service]\nTimeoutStartSec=5min' > /etc/systemd/system/apache2.service.d/TimeoutStart.conf systemctl daemon-reload -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sa, Mai 03, 2014 at 12:07:29 +0400, Andrey Borzenkov wrote:
В Sat, 3 May 2014 00:29:44 +0200 Josef Wolf <jw@raven.inka.de> пишет:
I am currently upgrading to opensuse-13.1 and experience a problem starting apache with an encrypted SSL server key.
In older opensuse releases, I increased APACHE_START_TIMEOUT in /etc/sysconfig/apache2, and started the server manually by calling
/etc/init.d/apache2 startssl
But this don't seem to work anymore in 13.1. No matter how big I set the timeout, it always times out after about 90 seconds. Before the upgrade, I had to wait about 5 minutes until the passphrase prompt appeared.
90 seconds is the default timeout for starting services. You can change it by adding TimeoutStartSec parameter to service definition. It is possible to override it on per-service basis, e.g. using drop-ins:
mkdir /etc/systemd/system/apache2.service.d echo -e '[Service]\nTimeoutStartSec=5min' > /etc/systemd/system/apache2.service.d/TimeoutStart.conf systemctl daemon-reload
Thanks for the quick help, Andrey! This solves the timeout problem. I have one more problem, though: If I mis-type the passphrase, in older opensuse asked up to five times to re-type the passphrase. In 13.1, however, a mistyped passphrase errors out immediately, so I'll have to wait another 5 minutes for the next try. This is _very_ inconvenient. Any ideas on this? -- Josef Wolf jw@raven.inka.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (2)
-
Andrey Borzenkov -
Josef Wolf