13 Replies Latest reply: Jun 14, 2012 7:08 AM by charlie@carehart.org RSS

    CF 10 with Apache on Centos 5.8

    MeintD Community Member

      Hi,

       

      Cannot get my install to render the CF Admin pages succesfully, keep getting a 503 - Service temporarily unavailable.

       

      Log files all look clean with the exception of the Tomcat log file which gives a load of the below:

       

      [Mon May 21 21:54:30 2012] [3457:47024938890000] [info] init_jk::mod_jk.c (3299)

      : mod_jk/1.2.32 () initialized

      [Mon May 21 21:54:30 2012] [3458:47024938890000] [info] init_jk::mod_jk.c (3299)

      : mod_jk/1.2.32 () initialized

      [Mon May 21 22:02:54 2012] [3461:47024938890000] [error] jk_open_socket::jk_conn

      ect.c (448): socket() failed (errno=22)

      [Mon May 21 22:02:54 2012] [3461:47024938890000] [info] ajp_connect_to_endpoint:

      :jk_ajp_common.c (1027): Failed opening socket to (127.0.0.1:8012) (errno=22)

      [Mon May 21 22:02:54 2012] [3461:47024938890000] [error] ajp_send_request::jk_aj

      p_common.c (1649): (cfusion) connecting to backend failed. Tomcat is probably no

      t started or is listening on the wrong port (errno=22)

      [Mon May 21 22:02:54 2012] [3461:47024938890000] [info] ajp_service::jk_ajp_comm

      on.c (2629): (cfusion) sending request to tomcat failed (recoverable), because o

      f error during request sending (attempt=1)

      [Mon May 21 22:02:54 2012] [3461:47024938890000] [error] jk_open_socket::jk_conn

      ect.c (448): socket() failed (errno=22)

      [Mon May 21 22:02:54 2012] [3461:47024938890000] [info] ajp_connect_to_endpoint:

      :jk_ajp_common.c (1027): Failed opening socket to (127.0.0.1:8012) (errno=22)

      [Mon May 21 22:02:54 2012] [3461:47024938890000] [error] ajp_send_request::jk_aj

      p_common.c (1649): (cfusion) connecting to backend failed. Tomcat is probably no

      t started or is listening on the wrong port (errno=22)

       

      To confirm some of my settings:

       

      [root@web-dev4 1]# sestatus

      SELinux status:                 disabled

       

      [root@web-dev4 1]# service iptables status

      Firewall is stopped.

       

      [root@web-dev4 1]# more /etc/hosts

      # Do not remove the following line, or various programs

      # that require network functionality will fail.

      127.0.0.1               localhost.localdomain localhost web-dev4

      ::1             localhost6.localdomain6 localhost6

       

      [root@web-dev4 1]# hostname

      web-dev4

       

      [root@web-dev4 1]# telnet localhost 8012

      Trying 127.0.0.1...

      Connected to localhost.localdomain (127.0.0.1).

      Escape character is '^]'.

      Connection closed by foreign host.

       

      Really have no ideas at this point, installation repeated a few times, looks all clean. Anybody?

       

      Thanks

        • 1. Re: CF 10 with Apache on Centos 5.8
          ravimedia Community Member

          I get exact same error on Centos 5.8 .

          Tried with few apache version , same issue .

          SeLinux & Firewall completely disabled .

          Not doing anything fancy , clean install , default server install with apache .

          [root@mel-survey-dev conf]# cat mod_jk.conf

          # Load mod_jk module

          LoadModule    jk_module  "/opt/coldfusion10/config/wsconfig/1/mod_jk.so"

          # Where to find workers.properties

          JkWorkersFile "/opt/coldfusion10/config/wsconfig/1/workers.properties"

          JkMountFile "/opt/coldfusion10/config/wsconfig/1/uriworkermap.properties"

          # Where to put jk logs

          JkLogFile "/opt/coldfusion10/config/wsconfig/1/mod_jk.log"

          # Where to put jk shared memory

          JkShmFile "/opt/coldfusion10/config/wsconfig/1/jk_shm"

          # Set the jk log level [debug/error/info]

          JkLogLevel info

          # Select the timestamp log format

          JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

          AddHandler jakarta-servlet .cfm .cfml .cfc .cfr .cfswf

          Alias /CFIDE "/opt/coldfusion10/cfusion/wwwroot/CFIDE"

          <Directory "/opt/coldfusion10/cfusion/wwwroot/CFIDE">

          Options Indexes FollowSymLinks

          AllowOverride None

          Order allow,deny

          Allow from all

          </Directory>

          <Files ~ ".hbmxml$">

          Order allow,deny

          Deny from all

          </Files>

          • 3. Re: CF 10 with Apache on Centos 5.8
            MeintD Community Member

            Sorry, I am afraid I don't understand this position. Looking at the list I see that Red Hat Enterprise version 5.6 x64 is fully supported. If you install this and fully update it with "yum update" you will actually end up on version 5.8 and cat /etc/redhat-release will give the new version. Centos is 100% binary compatible and entirely built from Red Hat sources (with the proprietary stuff removed), but ignoring this, are you saying that Red Hat 5.8 is not supported either? If not, this leaves users in the unenviable position of either not being able to update or not being supported? I understand the difficulty in supporting different flavours and versions of Linux distros but it would help if this could be clarified?

             

            Regards

            Meint

            • 4. Re: CF 10 with Apache on Centos 5.8
              Steven Erat Community Member

              Meint,

               

              I performed a clean install of CentOS 6.2 in the "Software Development" installation type.  After installation, I configured SELinux to be permissive rather than enforcing.  ColdFusion 10 installed correctly and I was able to complete the configuration of Apache 2.2 without any problems.


              I see that you set SELinux to disabled, so that should not have been an issue, although since I was in permissive mode I did get some warnings.

               

              I'm afraid that I dont' have an answer for you, except to say that I can verify that installation of CF10 and configuration of Apache on a clean CentOS server worked.  I could provide a package list or other OS config info if requested for your comparison.

               

              -Steve

               

              Screenshots:

               

              http://www.mobypicture.com/user/stevenerat/view/12991831

               

              http://www.mobypicture.com/user/stevenerat/view/12991835

              • 5. Re: CF 10 with Apache on Centos 5.8
                Steven Erat Community Member

                On Twitter, Andy Allan commented that he experiences a connector problem only on CentOS 5.8, not 6.x.  https://twitter.com/fymd/statuses/211150454535630848

                • 6. Re: CF 10 with Apache on Centos 5.8
                  MeintD Community Member

                  Thanks Steve,

                   

                  Good to hear, I will try again next week on Centos 6.2 next week and hopefully it will work without all the hassle, pretty confident it will be fine.

                   

                  I still don't understand Adobe's position on support on the various Red Hat versions though, it seems very strange. What constitutes a version anyway? If I installed 5.6 (supported but probably not working anyway) and install every update apart from the redhat-release package my version will say 5.6 but I am really running 5.8. Is this supported? What does Adobe consider the correct way to determine the version? The kernel version, Apache version or something else? Not supporting Centos doesn't make any sense either as they are 100% binary compatible.

                   

                  Thanks for your efforts though, appreciated.

                   

                  Meint

                  • 7. Re: CF 10 with Apache on Centos 5.8
                    MeintD Community Member

                    Okay, so I reinstalled with 6.2. All going swimmingly, seemed to install okay. Completely standard install, not touched anything else. Log into CF Admin, enable Use J2EE and find myself constantly logged out, especially after adding a DSN.

                     

                    Following errors logged in application.log:

                     

                    Jun 12, 2012 9:09 AM Information ajp-bio-8012-exec-8
                    Session rotated successfully.
                    Jun 12, 2012 9:09 AM Warning ajp-bio-8012-exec-2 CFADMIN
                    There was an error while verifying the token. Either the session timed out or un-authenticated access is suspected.

                     

                    Also logged in Apache ssl_error_log:

                     

                    [Tue Jun 12 09:35:29 2012] [error] [client 192.168.20.49] File does not exist: /var/www/html/2f CFIDE, referer: https://web-dev4/CFIDE/administrator/navserver.cfm

                    [Tue Jun 12 09:42:45 2012] [error] [client 192.168.20.49] File does not exist: /var/www/html/2f CFIDE, referer: https://web-dev4/CFIDE/administrator/navserver.cfm

                     

                    In the coldfusion-out.log:

                     

                    Jun 12, 2012 09:58:52 AM Information [ajp-bio-8012-exec-9] - User admin logged in.

                    Jun 12, 2012 09:58:56 AM Information [ajp-bio-8012-exec-7] - User admin deleted datasource test.

                    Jun 12, 2012 09:58:57 AM Information [ajp-bio-8012-exec-3] - Session rotated successfully.

                    Jun 12, 2012 09:58:57 AM Information [ajp-bio-8012-exec-3] - User admin logged in.

                    Jun 12, 2012 09:59:06 AM Information [ajp-bio-8012-exec-9] - Session rotated successfully.

                    Jun 12, 2012 09:59:06 AM Information [ajp-bio-8012-exec-9] - User admin logged in.

                    Jun 12, 2012 09:59:15 AM Information [ajp-bio-8012-exec-10] - An error occurred while fetching element from authcache.

                    Jun 12, 2012 09:59:32 AM Information [ajp-bio-8012-exec-9] - Session rotated successfully.

                    Jun 12, 2012 09:59:32 AM Information [ajp-bio-8012-exec-9] - User admin logged in.

                    Jun 12, 2012 09:59:36 AM Information [ajp-bio-8012-exec-10] - User admin added/edited datasource cfdocexamples.

                     

                    Kind of losing heart here, if we can't get a vanilla CF10 server on Linux to install properly, maybe we should consider alternatives.

                    • 8. Re: CF 10 with Apache on Centos 5.8
                      MeintD Community Member

                      And from the mod_jk.log:

                       

                      [Tue Jun 12 10:03:04 2012] [2969:139761065326560] [info] ajp_process_callback::jk_ajp_common.c (1954): Writing to client aborted or client network problems
                      [Tue Jun 12 10:03:04 2012] [2969:139761065326560] [info] ajp_service::jk_ajp_common.c (2629): (cfusion) sending request to tomcat failed (unrecoverable), because of cl
                      ient write error (attempt=1)
                      [Tue Jun 12 10:03:04 2012] [2969:139761065326560] [info] jk_handler::mod_jk.c (2718): Aborting connection for worker=cfusion
                      [Tue Jun 12 10:04:03 2012] [1415:139761065326560] [info] ajp_send_request::jk_ajp_common.c (1638): (cfusion) all endpoints are disconnected, detected by connect check
                      (1), cping (0), send (0)
                      [Tue Jun 12 10:23:14 2012] [1416:139761065326560] [info] ajp_process_callback::jk_ajp_common.c (1954): Writing to client aborted or client network problems
                      [Tue Jun 12 10:23:14 2012] [1416:139761065326560] [info] ajp_service::jk_ajp_common.c (2629): (cfusion) sending request to tomcat failed (unrecoverable), because of cl
                      ient write error (attempt=1)
                      [Tue Jun 12 10:23:14 2012] [1416:139761065326560] [info] jk_handler::mod_jk.c (2718): Aborting connection for worker=cfusion
                      [Tue Jun 12 10:23:14 2012] [2982:139761065326560] [info] ajp_process_callback::jk_ajp_common.c (1954): Writing to client aborted or client network problems
                      [Tue Jun 12 10:23:14 2012] [2982:139761065326560] [info] ajp_service::jk_ajp_common.c (2629): (cfusion) sending request to tomcat failed (unrecoverable), because of cl
                      ient write error (attempt=1)
                      [Tue Jun 12 10:23:14 2012] [2982:139761065326560] [info] jk_handler::mod_jk.c (2718): Aborting connection for worker=cfusion
                      [Tue Jun 12 10:32:14 2012] [2982:139761065326560] [info] ajp_process_callback::jk_ajp_common.c (1954): Writing to client aborted or client network problems
                      [Tue Jun 12 10:32:14 2012] [2982:139761065326560] [info] ajp_service::jk_ajp_common.c (2629): (cfusion) sending request to tomcat failed (unrecoverable), because of cl
                      ient write error (attempt=1)
                      [Tue Jun 12 10:32:14 2012] [2982:139761065326560] [info] jk_handler::mod_jk.c (2718): Aborting connection for worker=cfusion

                       

                      Anybody?

                      • 9. Re: CF 10 with Apache on Centos 5.8
                        MeintD Community Member

                        Update: turns out that one of my colleagues was using the same box and every time he logged into CF Administrator, I got logged out. When I logged back in, he obviously got kicked out. Is this by design or a bug? Definately not like this in previous versions. Confusing but at least now we are getting somewhere.

                        • 10. Re: CF 10 with Apache on Centos 5.8
                          charlie@carehart.org Community Member

                          This is by design, as part of various CF10 security enhancements.

                           

                          For instance, in this article on CF10 Security enhancements (http://www.adobe.com/devnet/coldfusion/articles/security-improvements.html), it notes this with respect to changes about CFLOGIN, which the CF Admin uses under the covers:

                           

                                 Now you can have only one active session open for one user for a given application that uses the cflogin tag.

                           

                           

                           

                                For example, you can now access the Administrator console one user at a time with a given set of UserIDs and passwords.

                           

                          It’s also in the CF10 docs, though not worded as obviously applying to this situation. At the bottom of http://help.adobe.com/en_US/ColdFusion/10.0/Developing/WSe61e35da8d3185183e145c0d1353e31f5 59-7ff7.html, it says:

                           

                                   You are logged out from one of the ColdFusion administrators, if:

                                   From the same host, you log in to the ColdFusion (10) Administrator and the ColdFusion Administrator of an older version.

                           

                          HTH.

                           

                          /charlie

                          • 11. Re: CF 10 with Apache on Centos 5.8
                            charlie@carehart.org Community Member

                            I should have added that while you may think, "but that doesn't explain why another user and I can't use it at once", actually it does. Note that the login is not "per user" but "per account". And by default, there is one account used for logging into the CF Admin, called the Admin user (we normally don't even notice or use that, and only need to enter the password for that account).

                             

                            So it's saying that "2 users of the same account can't be logged into the CF Admin at one time." I agree it's an annoyance, but I'm sure there's a worthy security problem for which it was the solution. Maybe someone from Adobe will chime in with more thoughts.

                            • 12. Re: CF 10 with Apache on Centos 5.8
                              MeintD Community Member

                              Charlie,

                               

                               

                              Thanks for that, a quality answer as always. I agree it is probably a good thing, just wondering how much work it would have been to give a nice helpful message saying "Your session was logged out as a result of a login with the same username from IP: xxx.xxx.xxx.xxx".

                               

                              I had read the bit about "From the same host, you log in to the ColdFusion (10) Administrator and the ColdFusion Administrator of an older version" but that really didn't explain it fully, your last post did though. Frustating to find this after spending a fair bit of time troubleshooting thinking we had session management problems, but at least now we know our install is solid and faith has been restored.

                               

                               

                              Regards

                              Meint

                              • 13. Re: CF 10 with Apache on Centos 5.8
                                charlie@carehart.org Community Member

                                Thanks for the update (and the kind regards).

                                 

                                And I do agree both that it could offer a better message and that it could be better highlighted (in the docs, in the interface, or perhaps even in the installer or something) so people know of it in advance.

                                 

                                Until then, I did a blog entry on it (motivated by this thread), and it’s now at:

                                 

                                Have you noticed the #ColdFusion 10 admin allows only one login at a time? It's by design

                                http://www.carehart.org/blog/client/index.cfm/2012/6/13/cf10_admin_allows_one_logon_at_a_t ime

                                 

                                 

                                 

                                /charlie