Bug#927302: apache2ctl graceful can cause apache to run in a different cgroup
On Wed, 17 Apr 2019 13:05:08 -0400 Joey Hess <id@joeyh.name> wrote:
> Package: apache2
> Version: 2.4.38-2
> Severity: normal
>
> If apache is not running when apache2ctl graceful is run, it starts the
> daemon up itself:
>
> root@darkstar:~>systemctl stop apache2
> root@darkstar:~>apache2ctl graceful
> httpd not running, trying to start
>
> Problem is, that results in an apache daemon running in a cgroup other
> than the usual systemd cgroup for apache.
>
> That prevents systemctl from being used to manage apache. In particular,
> both systemctl start apache2 and systemctl restart apache2 then silently
> do nothing and exit 0.
>
> Seems this could happen in a race, if something runs apache2ctl
> graceful just as apache is being upgraded or otherwise restarted, it
> might see no apache process running and so start its own process up.
>
> I keep encountering this problem on a server intermittently. It has
> resulted for me in apache not loading new letsencrypt certs for long
> enough that certs have expired, at least twice. I don't entirely
> understand why, since certbot seems to itself use apache2ctl graceful to
> reload apache certs.
>
> IMHO, apache2ctl should not be starting the daemon itself when systemd
> is in use; it ought to start it via systemctl or service. And indeed,
> apache2ctl start already does do that, but the fix for #839227 missed
> that apache2ctl graceful can also start apache.
I had a look at the apache2ctl script [1] and I agree in that the
"restart|graceful)" case stanza requires the same change that fixed the
bug #839227 for the "start" command. I'd also move the need_systemd
logic out of the "case" to avoid duplication.
Paride
[1]
https://salsa.debian.org/apache-team/apache2/-/blob/master/debian/apache2ctl
Reply to: