Bug 1079959
| Summary: | mod_revocator does not shut down httpd server if expired CRL is fetched | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Kaleem <ksiddiqu> | |
| Component: | mod_revocator | Assignee: | Matthew Harmsen <mharmsen> | |
| Status: | CLOSED WONTFIX | QA Contact: | Kaleem <ksiddiqu> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 7.0 | CC: | ksiddiqu, mharmsen, nkinder, nsoman, rcritten | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1295988 (view as bug list) | Environment: | ||
| Last Closed: | 2018-04-16 20:43:07 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1295988 | |||
|
Description
Kaleem
2014-03-24 11:58:00 UTC
Does this same test work on RHEL 6.x? I'd like to determine if this is a regression or not. Yes it is a regression. Same test worked on RHEL-6.5 (In reply to Kaleem from comment #3) > Yes it is a regression. Same test worked on RHEL-6.5 Could you please list the versions of Apache HTTPD, mod_nss, and NSS? (In reply to Matthew Harmsen from comment #4) > (In reply to Kaleem from comment #3) > > Yes it is a regression. Same test worked on RHEL-6.5 > > Could you please list the versions of Apache HTTPD, mod_nss, and NSS? [root@mclient ~]# rpm -q httpd nss mod_nss httpd-2.4.6-17.el7.x86_64 nss-3.15.4-6.el7.x86_64 mod_nss-1.0.8-32.el7.x86_64 [root@mclient ~]# (In reply to Kaleem from comment #5) > (In reply to Matthew Harmsen from comment #4) > > (In reply to Kaleem from comment #3) > > > Yes it is a regression. Same test worked on RHEL-6.5 > > > > Could you please list the versions of Apache HTTPD, mod_nss, and NSS? > > [root@mclient ~]# rpm -q httpd nss mod_nss > httpd-2.4.6-17.el7.x86_64 > nss-3.15.4-6.el7.x86_64 > mod_nss-1.0.8-32.el7.x86_64 > [root@mclient ~]# # uname -a Linux pki-rhel7.example.com 3.10.0-115.el7.x86_64 #1 SMP Tue Mar 25 16:21:38 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux # cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.0 Beta (Maipo) # rpm -q httpd nss mod_nss mod_revocator systemd kernel httpd-2.4.6-17.el7.x86_64 nss-3.15.4-6.el7.x86_64 mod_nss-1.0.8-32.el7.x86_64 mod_revocator-1.0.3-19.el7.x86_64 systemd-208-9.el7.x86_64 kernel-3.10.0-115.el7.x86_64 =============================================================================== SETUP: I installed and configured an instance of a Dogtag CA, and extracted and installed the following Certificates and CRLs into a fresh NSS database located at /etc/httpd/alias: # certutil -d /etc/httpd/alias -N Enter a password which will be used to encrypt your keys. The password should be at least 8 characters long, and should contain at least one non-alphabetic character. Enter new password: Re-enter password: # chmod 640 /etc/httpd/alias/*.db # chgrp apache /etc/httpd/alias/*.db # pwd /etc/pki/pki-tomcat/alias # certutil -d . -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI caSigningCert cert-pki-tomcat CA CTu,Cu,Cu Server-Cert cert-pki-tomcat u,u,u auditSigningCert cert-pki-tomcat CA u,u,Pu ocspSigningCert cert-pki-tomcat CA u,u,u subsystemCert cert-pki-tomcat CA u,u,u # cat ../password.conf internal=571798645910 internaldb=XXXXXXXX replicationdb=1961544682 # pk12util -o servercert.p12 -n "Server-Cert cert-pki-tomcat" -d . Enter Password or Pin for "NSS Certificate DB":<use "internal" passwd> Enter password for PKCS12 file: Re-enter password: pk12util: PKCS12 EXPORT SUCCESSFUL # pk12util -o casigningcert.p12 -n "caSigningCert cert-pki-tomcat CA" -d . Enter Password or Pin for "NSS Certificate DB":<use "internal" passwd> Enter password for PKCS12 file: Re-enter password: pk12util: PKCS12 EXPORT SUCCESSFUL # pk12util -o ocspsigningcert.p12 -n "ocspSigningCert cert-pki-tomcat CA" -d . Enter Password or Pin for "NSS Certificate DB":<use "internal" passwd> Enter password for PKCS12 file: Re-enter password: pk12util: PKCS12 EXPORT SUCCESSFUL # certutil -d /etc/httpd/alias -L certutil -d /etc/httpd/alias -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI # pk12util -i servercert.p12 -d /etc/httpd/alias/ Enter password for PKCS12 file: pk12util: PKCS12 IMPORT SUCCESSFUL # pk12util -i casigningcert.p12 -d /etc/httpd/alias/ Enter password for PKCS12 file: pk12util: PKCS12 IMPORT SUCCESSFUL # pk12util -i ocspsigningcert.p12 -d /etc/httpd/alias/ Enter password for PKCS12 file: pk12util: PKCS12 IMPORT SUCCESSFUL # certutil -d /etc/httpd/alias -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Server-Cert cert-pki-tomcat u,u,u caSigningCert cert-pki-tomcat CA u,u,u ocspSigningCert cert-pki-tomcat CA u,u,u # certutil -M -n "ocspSigningCert cert-pki-tomcat CA" -t "CTu,Cu,Cu" -d /etc/httpd/alias/ # certutil -M -n "caSigningCert cert-pki-tomcat CA" -t "CTu,Cu,Cu" -d /etc/httpd/alias/ # certutil -d /etc/httpd/alias -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Server-Cert cert-pki-tomcat u,u,u caSigningCert cert-pki-tomcat CA CTu,Cu,Cu ocspSigningCert cert-pki-tomcat CA CTu,Cu,Cu # wget -O 'MasterCRL.bin' -d 'http://pki-rhel7.example.com:8080/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL' # crlutil -L -d /etc/httpd/alias CRL names CRL Type # crlutil -I -i MasterCRL.bin -d /etc/httpd/alias/ # crlutil -L -d /etc/httpd/alias CRL names CRL Type caSigningCert cert-pki-tomcat CA CRL =============================================================================== # cat /etc/httpd/conf.d/revocator.conf # CRL Engine Switch: # Enable/Disable CRL retrieval #CRLEngine off CRLEngine on # CRL Age Check Switch: # Shut the server down if a CRL expires #CRLAgeCheck off CRLAgeCheck on # CRL Update Critical Switch: # Shut the server down if a CRL cannot be retrieved CRLUpdateCritical off # CRL Helper: # This helper program does the actual CRL retrieval # # NOTE: Located at '/usr/bin/crlhelper' prior to 'mod_revocator-1.0.3-16'. # CRLHelper /usr/libexec/crlhelper # CRL URLs: # A space delimited list of URLs to retrieve and install. # protocol://urldata;update_interval;max_age #CRLFile "ldap://ldap.example.com:5000/o=example.net?usercertificate%3binary?sub?(sn=Jensen)??;30;30" #CRLFile "exec:///usr/sbin/ldapget|ldap://ldap.example.com:3389/o=example.com?userCertificate%3bbinary?sub?(uid=crl)??;30;30" #CRLFile "https://ca.example.com:1025/getCRL?op=getCRL&issuepoint=MasterCRL;30;30" CRLFile "http://pki-rhel7.example.com:8080/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL;2;2" # systemctl start httpd.service # cat /var/log/httpd/error_log . . . [Wed Mar 26 11:59:17.088015 2014] [:info] [pid 23658] Using nickname Server-Cert cert-pki-tomcat. [Wed Mar 26 11:59:17.098304 2014] [:info] [pid 23659] Configuring server for SSL protocol [Wed Mar 26 11:59:17.098745 2014] [:debug] [pid 23659] nss_engine_init.c(684): NSSProtocol: Enabling SSL3 [Wed Mar 26 11:59:17.098793 2014] [:debug] [pid 23659] nss_engine_init.c(697): NSSProtocol: Enabling TLSv1.0 [Wed Mar 26 11:59:17.098801 2014] [:debug] [pid 23659] nss_engine_init.c(702): NSSProtocol: Enabling TLSv1.1 [Wed Mar 26 11:59:17.098810 2014] [:debug] [pid 23659] nss_engine_init.c(751): NSSProtocol: [SSL 3.0] (minimum) [Wed Mar 26 11:59:17.098817 2014] [:debug] [pid 23659] nss_engine_init.c(778): NSSProtocol: [TLS 1.1] (maximum) [Wed Mar 26 11:59:17.098861 2014] [:debug] [pid 23659] nss_engine_init.c(983): NSSCipherSuite: Configuring permitted SSL ciphers [+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha] [Wed Mar 26 11:59:17.098954 2014] [:info] [pid 23659] Using nickname Server-Cert cert-pki-tomcat. [Wed Mar 26 11:59:17.242709 2014] [:info] [pid 23657] Successfully downloaded CRL at URL http://pki-rhel7.example.com:8080/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL, subject = CN=CA Signing Certificate,O=example.com Security Domain, lastupdate = Wed Mar 26 11:56:20 2014, nextupdate = Wed Mar 26 13:00:00 2014 [Wed Mar 26 11:59:17.244699 2014] [:info] [pid 23655] Successfully downloaded CRL at URL http://pki-rhel7.example.com:8080/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL, subject = CN=CA Signing Certificate,O=example.com Security Domain, lastupdate = Wed Mar 26 11:56:20 2014, nextupdate = Wed Mar 26 13:00:00 2014 [Wed Mar 26 11:59:17.289130 2014] [:info] [pid 23659] Successfully downloaded CRL at URL http://pki-rhel7.example.com:8080/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL, subject = CN=CA Signing Certificate,O=example.com Security Domain, lastupdate = Wed Mar 26 11:56:20 2014, nextupdate = Wed Mar 26 13:00:00 2014 [Wed Mar 26 11:59:17.296997 2014] [:info] [pid 23656] Successfully downloaded CRL at URL http://pki-rhel7.example.com:8080/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL, subject = CN=CA Signing Certificate,O=example.com Security Domain, lastupdate = Wed Mar 26 11:56:20 2014, nextupdate = Wed Mar 26 13:00:00 2014 [Wed Mar 26 11:59:17.310850 2014] [:info] [pid 23658] Successfully downloaded CRL at URL http://pki-rhel7.example.com:8080/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL, subject = CN=CA Signing Certificate,O=example.com Security Domain, lastupdate = Wed Mar 26 11:56:20 2014, nextupdate = Wed Mar 26 13:00:00 2014 [Wed Mar 26 11:59:17.462193 2014] [:notice] [pid 23656] Revocation subsystem initialized 2 [Wed Mar 26 11:59:17.462201 2014] [:notice] [pid 23655] Revocation subsystem initialized 2 [Wed Mar 26 11:59:17.462458 2014] [:notice] [pid 23659] Revocation subsystem initialized 2 [Wed Mar 26 11:59:17.462841 2014] [:notice] [pid 23657] Revocation subsystem initialized 2 [Wed Mar 26 11:59:17.463012 2014] [:notice] [pid 23658] Revocation subsystem initialized 2 # date Wed Mar 26 12:29:47 PDT 2014 # ps -ef | grep httpd root 23652 1 0 11:59 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND root 23653 23652 0 11:59 ? 00:00:00 /usr/libexec/nss_pcache 3276812 off /etc/httpd/alias root 23654 23652 0 11:59 ? 00:00:00 /usr/libexec/crlhelper 3309581 23652 /etc/httpd/alias apache 23655 23652 0 11:59 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND apache 23656 23652 0 11:59 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND apache 23657 23652 0 11:59 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND apache 23658 23652 0 11:59 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND apache 23659 23652 0 11:59 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND root 24985 14384 0 12:37 pts/0 00:00:00 grep --color=auto httpd # date Wed Mar 26 13:00:01 PDT 2014 Since my MasterCRL was from a running Dogtag CA, I VERIFIED that my CRL had been updated at 13:00: Certificate Revocation List: Data: Signature Algorithm: SHA256withRSA Issuer: CN=CA Signing Certificate,O=example.com Security Domain This Update: Wednesday, March 26, 2014 1:00:00 PM PDT America/Los_Angeles Next Update: Wednesday, March 26, 2014 5:00:00 PM PDT America/Los_Angeles # date Wed Mar 26 13:08:28 PDT 2014 I saw no change in the httpd error_log at this time (e. g. - no new CRL was fetched). # date -s "+20 days" Tue Apr 15 13:27:38 PDT 2014 # cat /var/log/httpd/error_log [Tue Apr 15 13:27:38.296431 2014] [:error] [pid 23655] CRL http://pki-rhel7.example.com:8080/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL CN=CA Signing Certificate,O=example.com Security Domain is outdated. Shutting down server pid 23652 [Tue Apr 15 13:27:38.434729 2014] [:error] [pid 23659] Error updating CRL http://pki-rhel7.example.com:8080/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL CN=CA Signing Certificate,O=example.com Security Domain : Unable to decode DER CRL [Tue Apr 15 13:27:38.436722 2014] [:error] [pid 23656] CRL http://pki-rhel7.example.com:8080/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL CN=CA Signing Certificate,O=example.com Security Domain is outdated. Shutting down server pid 23652 [Tue Apr 15 13:27:38.437273 2014] [:error] [pid 23657] Error updating CRL http://pki-rhel7.example.com:8080/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL CN=CA Signing Certificate,O=example.com Security Domain : Unable to decode DER CRL [Tue Apr 15 13:27:38.444559 2014] [:error] [pid 23658] CRL http://pki-rhel7.example.com:8080/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL CN=CA Signing Certificate,O=example.com Security Domain is outdated. Shutting down server pid 23652 [Tue Apr 15 13:27:38.527429 2014] [core:info] [pid 23652] AH00096: removed PID file /run/httpd/httpd.pid (pid=23652) [Tue Apr 15 13:27:38.527546 2014] [mpm_prefork:notice] [pid 23652] AH00169: caught SIGTERM, shutting down [Tue Apr 15 13:27:38.537851 2014] [:info] [pid 23652] Shutting down SSL Session ID Cache # systemctl status httpd.service httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled) Active: inactive (dead) Mar 26 10:46:57 pki-rhel7.example.com systemd[1]: Stopping The Apache ... Mar 26 10:46:58 pki-rhel7.example.com systemd[1]: Stopped The Apache H... Mar 26 10:52:33 pki-rhel7.example.com systemd[1]: Starting The Apache ... Mar 26 10:52:33 pki-rhel7.example.com systemd[1]: Started The Apache H... Mar 26 10:56:49 pki-rhel7.example.com systemd[1]: Stopping The Apache ... Mar 26 10:56:50 pki-rhel7.example.com systemd[1]: Stopped The Apache H... Mar 26 10:57:19 pki-rhel7.example.com systemd[1]: Starting The Apache ... Mar 26 10:57:20 pki-rhel7.example.com systemd[1]: Started The Apache H... Mar 26 11:59:15 pki-rhel7.example.com systemd[1]: Starting The Apache ... Mar 26 11:59:16 pki-rhel7.example.com systemd[1]: Started The Apache H... Hint: Some lines were ellipsized, use -l to show in full. # ps -ef | grep httpd root 27431 14384 0 13:49 pts/0 00:00:00 grep --color=auto httpd Note that I witnessed correct operation, albeit I obtained my MasterCRL from a running Dogtag CA on RHEL 7 rather than an IPA installation. Kaleem, Per comment #7 above, since this scenario actually worked for me, could you re-test verifying that you have the same versions of all of these components? Thanks, -- Matt Matthew, I obatained CRL from a IPA based installation and still issue re-producible at my end. [root@mclient ~]# rpm -q httpd nss mod_nss mod_revocator systemd kernel httpd-2.4.6-17.el7.x86_64 nss-3.15.4-6.el7.x86_64 mod_nss-1.0.8-32.el7.x86_64 mod_revocator-1.0.3-19.el7.x86_64 systemd-208-9.el7.x86_64 kernel-3.10.0-113.el7.x86_64 kernel-3.10.0-114.el7.x86_64 [root@mclient ~]# [root@mclient ~]# tail /var/log/httpd/error_log [Thu Mar 27 12:47:36.033148 2014] [:info] [pid 10129] Successfully downloaded CRL at URL http://master.testrelm.test:80/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL, subject = CN=Certificate Authority,O=TESTRELM.TEST, lastupdate = Thu Mar 27 12:22:41 2014, nextupdate = Thu Mar 27 13:00:00 2014 [Thu Mar 27 12:47:36.033689 2014] [:notice] [pid 10129] Revocation subsystem initialized 2 [Wed Apr 16 12:48:11.059259 2014] [:debug] [pid 10128] mod_rev.c(289): Successfully downloaded CRL at URL http://master.testrelm.test:80/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL, subject = CN=Certificate Authority,O=TESTRELM.TEST, lastupdate = Thu Mar 27 12:22:41 2014, nextupdate = Thu Mar 27 13:00:00 2014 [Wed Apr 16 12:48:11.059299 2014] [:error] [pid 10128] CRL http://master.testrelm.test:80/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL CN=Certificate Authority,O=TESTRELM.TEST is outdated. Shutting down server pid 10124 [root@mclient ~]# I tried on a different VM where in first attempt, i got expected result (httpd down when expired CRL is fetched) but ssh connection got disconnected and ip of VM changed. In second attempt, i am able to reproduce the issue. [root@dhcp207-42 ~]# rpm -q httpd nss mod_nss mod_revocator systemd kernel httpd-2.4.6-17.el7.x86_64 nss-3.15.4-6.el7.x86_64 mod_nss-1.0.8-32.el7.x86_64 mod_revocator-1.0.3-19.el7.x86_64 systemd-208-9.el7.x86_64 kernel-3.10.0-115.el7.x86_64 [root@dhcp207-42 ~]# 1st attempt =========== [Wed Apr 16 16:46:23.740458 2014] [:debug] [pid 10178] mod_rev.c(289): Successfully downloaded CRL at URL http://master.testrelm.test:80/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL, subject = CN=Certificate Authority,O=TESTRELM.TEST, lastupdate = Thu Mar 27 13:00:00 2014, nextupdate = Thu Mar 27 17:00:00 2014 [Wed Apr 16 16:46:23.740477 2014] [:error] [pid 10178] CRL http://master.testrelm.test:80/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL CN=Certificate Authority,O=TESTRELM.TEST is outdated. Shutting down server pid 10173 [Wed Apr 16 16:46:23.751469 2014] [:error] [pid 10177] Error updating CRL http://master.testrelm.test:80/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL CN=Certificate Authority,O=TESTRELM.TEST : No CRL data found on server [Wed Apr 16 16:46:23.763377 2014] [:debug] [pid 10179] mod_rev.c(289): Successfully downloaded CRL at URL http://master.testrelm.test:80/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL, subject = CN=Certificate Authority,O=TESTRELM.TEST, lastupdate = Thu Mar 27 13:00:00 2014, nextupdate = Thu Mar 27 17:00:00 2014 [Wed Apr 16 16:46:23.763397 2014] [:error] [pid 10179] CRL http://master.testrelm.test:80/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL CN=Certificate Authority,O=TESTRELM.TEST is outdated. Shutting down server pid 10173 [Wed Apr 16 16:46:23.853083 2014] [core:info] [pid 10173] AH00096: removed PID file /run/httpd/httpd.pid (pid=10173) [Wed Apr 16 16:46:23.853155 2014] [mpm_prefork:notice] [pid 10173] AH00169: caught SIGTERM, shutting down [Wed Apr 16 16:46:23.863377 2014] [:info] [pid 10173] Shutting down SSL Session ID Cache I tried on a different VM where i got expected result in 1st attempt but ssh connection got disconnected and ip of VM changed. 2nd attempt =========== [root@dhcp207-42 ~]# tail /var/log/httpd/error_log ... [Wed Apr 16 16:50:28.752422 2014] [:debug] [pid 10341] mod_rev.c(289): Successfully downloaded CRL at URL http://master.testrelm.test:80/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL, subject = CN=Certificate Authority,O=TESTRELM.TEST, lastupdate = Thu Mar 27 13:00:00 2014, nextupdate = Thu Mar 27 17:00:00 2014 [Wed Apr 16 16:50:28.752473 2014] [:error] [pid 10341] CRL http://master.testrelm.test:80/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL CN=Certificate Authority,O=TESTRELM.TEST is outdated. Shutting down server pid 10336 [root@dhcp207-42 ~]# [root@dhcp207-42 ~]# date;service httpd status Wed Apr 16 16:53:30 IST 2014 Redirecting to /bin/systemctl status httpd.service httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled) Active: active (running) since Thu 2014-03-27 16:50:17 IST; 2 weeks 6 days ago Main PID: 10336 (httpd) Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec" CGroup: /system.slice/httpd.service ├─10336 /usr/sbin/httpd -DFOREGROUND ├─10337 /usr/libexec/nss_pcache 425988 off /etc/httpd/alias ├─10338 /usr/libexec/crlhelper 458757 10336 /etc/httpd/alias ├─10339 /usr/sbin/httpd -DFOREGROUND ├─10340 /usr/sbin/httpd -DFOREGROUND ├─10341 /usr/sbin/httpd -DFOREGROUND ├─10342 /usr/sbin/httpd -DFOREGROUND └─10343 /usr/sbin/httpd -DFOREGROUND Mar 27 16:50:16 dhcp207-42.lab.eng.pnq.redhat.com systemd[1]: Starting The Apache HTTP Server... Mar 27 16:50:17 dhcp207-42.lab.eng.pnq.redhat.com httpd[10336]: AH00557: httpd: apr_sockaddr_info_get() failed for dhcp207-42.lab.eng.pnq.redhat.com Mar 27 16:50:17 dhcp207-42.lab.eng.pnq.redhat.com httpd[10336]: AH00558: httpd: Could not reliably determine the server's fully qualified domain na...message Mar 27 16:50:17 dhcp207-42.lab.eng.pnq.redhat.com systemd[1]: Started The Apache HTTP Server. Hint: Some lines were ellipsized, use -l to show in full. [root@dhcp207-42 ~]# Rob was unable to reproduce this issue. As the mod_revocator component is being deprecated in the next major release of RHEL, and since there is simply not strong enough demand for fixing this issue in RHEL 7.x, it has been determined that this bug will be CLOSED WONTFIX at this point in time. |