mod_proxy_hcheck does not detect AJP/CPING support
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Apache2 Web Server |
Fix Released
|
Medium
|
|||
apache2 (Ubuntu) |
Fix Released
|
Undecided
|
Michał Małoszewski | ||
Jammy |
Fix Released
|
Undecided
|
Michał Małoszewski | ||
Kinetic |
Fix Released
|
Undecided
|
Michał Małoszewski |
Bug Description
[Impact]
The Apache JServe Protocol (AJP) proxies inbound requests to an application server, such as health checks via CPING/CPONG. mod_proxy_hcheck added support for AJP/CPING in 22.04, however the following error is encountered when enabling it, which prevents the new feature from operating:
BalancerMember Health check method CPING not (yet) implemented
This is caused by a incorrect check for AJP support in hc_post_config() that occurs too late, after the configuration syntax has already been marked invalid by the time the "hcmethod=CPING" token is found. The fix is to move the check from hc_post_config() to hc_pre_config().
[Test Plan]
Make a container for testing:
$ lxc launch ubuntu-daily:jammy jammy-test
$ lxc shell jammy-test
Type in:
# apt update && apt dist-upgrade -y
# apt install -y apache2
# cat > /etc/apache2/
<VirtualHost *:80>
ServerAdmin <email address hidden>
DocumentRoot "/var/www/html"
ServerName myapp.example.com
ErrorLog "${APACHE_
CustomLog "${APACHE_
<Proxy balancer://myapp>
connectiontime
</Proxy>
ProxyPass /myapp balancer://myapp stickysession=
</VirtualHost>
__EOF__
# a2enmod proxy
# a2enmod proxy_ajp
# a2enmod proxy_hcheck
# a2ensite httpd-hcheck-ajp
# apachectl -t
Example of failed output:
# apachectl -t
AH00526: Syntax error on line 10 of /etc/apache2/
BalancerMember Health check method CPING not (yet) implemented
Action ‘-t’ failed.
The Apache error log may have more information.
Example of successful output:
# apachectl -t
Syntax OK
[Where problems could occur]
The patch itself modifies the code of mod_proxy_hcheck, so any new bugs involving that module would be suspect. The patch changes configuration code, so issues cropping up that seem related to module configuration could be suspect. Finally, since the patch modifies C code, issues typical of C code (segfaults, memory leaks, …) would be possible, however since this moves a chunk of code unmodified this seems unlikely.
-------
We were very excited to see mod_proxy_hcheck support for AJP/CPING land in Ubuntu 22.04, however trying to enable it results in the following error:
> BalancerMember Health check method CPING not (yet) implemented
This unfortunately renders AJP-based health checks, which is a new feature introduced in version 2.4.49 (and thus only available in Jammy), impossible to use.
Luckily we were able to find the code responsible for the misbehavior and propose a fix which has now been accepted upstream.
Upstream bug: https:/
Upstream fix: https:/
We would like to see this fix backported in Jammy.
Related branches
- git-ubuntu bot: Approve
- Bryce Harrington (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 82 lines (+60/-0)3 files modifieddebian/changelog (+7/-0)
debian/patches/mod_proxy_hcheck_kinetic_fix_to_detect_support.patch (+52/-0)
debian/patches/series (+1/-0)
- git-ubuntu bot: Approve
- Bryce Harrington (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 86 lines (+64/-0)3 files modifieddebian/changelog (+7/-0)
debian/patches/mod_proxy_hcheck_jammy_fix_to_detect_support.patch (+56/-0)
debian/patches/series (+1/-0)
tags: | added: server-todo |
Changed in apache2: | |
importance: | Unknown → Medium |
status: | Unknown → Confirmed |
Changed in apache2 (Ubuntu): | |
assignee: | nobody → Michał Małoszewski (michal-maloszewski99) |
Changed in apache2 (Ubuntu Jammy): | |
assignee: | nobody → Michał Małoszewski (michal-maloszewski99) |
Changed in apache2 (Ubuntu Kinetic): | |
assignee: | nobody → Michał Małoszewski (michal-maloszewski99) |
tags: | removed: server-todo |
description: | updated |
tags: | added: verification-needed |
tags: | added: verification-needed-jammy verification-needed-kinetic |
tags: | removed: verification-needed verification-needed-jammy verification-needed-kinetic |
description: | updated |
Changed in apache2: | |
status: | Confirmed → Fix Released |
description: | updated |
tags: |
added: verification-done verification-done-jammy verification-done-kinetic removed: verification-needed verification-needed-jammy verification-needed-kinetic |
We were very excited to see mod_proxy_hcheck support for AJP/CPING (r1887415) land in Ubuntu 22.04; however trying to enable it yields the following error:
BalancerMember Health check method CPING not (yet) implemented
This was surprising for us since from a cursory look at the code this functionality seems implemented.
A couple of hours of debugging later we concluded that the order of execution of the code added in r1887415 seems to be incorrect: the code checking for AJP availability is executed in hc_post_config() which is unfortunately too late since the configuration syntax has already been marked invalid when the "hcmethod=CPING" token was found.
To fix this we simply moved the code checking for AJP availability in hc_pre_config(). We are running a patched version of http-2.4.52 on a couple of hosts running Ubuntu 22.04 and it seems to be working without issues so far.