Mount an external volume in the /srv directory

nanoaknanoak
in SUSE Linux Enterprise Server

We have started using Suse Enterprise Server in our company, and everything is going smoothly. The thing is that now we have a problem. We have a load balancer, and three Front Servers. We use Apache. We have the application on an external disk, and that disk is mounted on the three servers. We have the application in the external disk because in that way we can update the app in one step, and the three servers drink from that updated code. Also, in this way the application does not write to the database (which is on another server) the same thing over and over again. So we have tried the following without much success

  1. Mount the external disk in /mnt and put a link in /srv. It works with a .html file, but not with a complete directory with many subdirectories.

  2. Mount the disk directly in /srv. It gives an error.

The reason why we need Apache to read from /srv, is that this way we have the same code for all the servers. The ones from the development team, the test ones, the ones from operations, etc...

How can I solve this problem?

Thanks in advance,

Comments

  • malcolmlewismalcolmlewis Knowledge Partner

    @nanoak Hi and welcome to the Forum :)
    When you say mount an external drive, is this a shared drive over samba, NFS etc?

    Note: Are you using btrfs on /? Might need to ensure the subvolume /@/srv is removed before the following.

    There is nothing stopping you removing the /srv directory and creating your new mount point with the external source as the mount point /srv but on reboot you might need to ensure the services that are required to use /srv are run after the external disk is mounted, else they may fail to start eg apache.

  • nanoaknanoak
    edited January 4

    Sorry for my delay, I became a daddy recently, and my days are crazy.

    When you say mount an external drive, is this a shared drive over samba, NFS etc?

    No, it's an AWS volume. Mounted on the system as a disk.

    Note: Are you using btrfs on /? Might need to ensure the subvolume /@/srv is removed before the following.

    I'm using xfs. What do you mean with removing the subvolume?
    I have mounted the volume in /srv, and now the path is /srv/srv/.... I guess you mean this, right? How do I fix it?
    By the way, this is my entry in fstab:
    /dev/nvme1n1 /srv ext4 defaults,nofail 0 0

    on reboot you might need to ensure the services that are required to use /srv are run after the external disk is mounted, else they may fail to start eg apache

    This is exactly what's happening to me right now

    ● apache2.service - The Apache Webserver
   Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2021-01-04 10:32:32 UTC; 9s ago
  Process: 2353 ExecStart=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k start (code=exited, status=1/FAILURE)
 Main PID: 2353 (code=exited, status=1/FAILURE)
   Status: "Reading configuration..."

Jan 04 10:32:32 FRONT-1 systemd[1]: Starting The Apache Webserver...
Jan 04 10:32:32 FRONT-1 start_apache2[2353]: AH00526: Syntax error on line 6 of /etc/apache2/default-server.conf:
Jan 04 10:32:32 FRONT-1 start_apache2[2353]: DocumentRoot '/srv/www/htdocs' is not a directory, or is not readable
Jan 04 10:32:32 FRONT-1 systemd[1]: apache2.service: Main process exited, code=exited, status=1/FAILURE
Jan 04 10:32:32 FRONT-1 systemd[1]: Failed to start The Apache Webserver.
Jan 04 10:32:32 FRONT-1 systemd[1]: apache2.service: Unit entered failed state.
Jan 04 10:32:32 FRONT-1 systemd[1]: apache2.service: Failed with result 'exit-code'.

    How can I fix that?
    Thank you in advance.

  • malcolmlewismalcolmlewis Knowledge Partner
    edited January 4

    @nanoak Hi, so what is under /srv without the device mounted?

    I see /srv/spm and /srv/www I would ensure and directories aside from www are duplicated on the nvme device (ownership and permissions), then unmount the nvme device, remove your mount point in /etc/fstab, delete the /srv directory. Then fire up YaST Partitioner and go through adding the partition (no format) and select the mount point as /srv and save, should at that point appear in your /etc/fstab. I doubt you will need the nofail, just stick with the defaults and should be good to go.

  • nanoaknanoak
    edited January 5

    I've got it all figured out!

    Although there are a couple of things I don't like about my configuration.

    1. Since I have the /srv/.... path on the external hard drive, when I mount the external drive on /srv, the final path I configure in apache is /srv/srv/....
      I wish there was only one /srv. Is there a way to solve this? It is not very important, but it scratches my eyes.

    2. The owner of all the directories and files inside /srv is root. I leave it like this because that's how the SUSE documentation recommends it. Is that correct?

    3. For the apache unit to load, I have had to modify /etc/apache2/default-server.conf and I have modified the paths of /srv/.... to /srv/srv/.... But the SUSE documentation says not to modify this file because it could cause errors in an update. Should I look for another way?

    Thank you for your help

  • malcolmlewismalcolmlewis Knowledge Partner

    @nanoak Hi, make your own server.conf and use that instead with your modifications, looks like you might be stuck with then extra directory....

  • nanoaknanoak
    edited January 5

    If I put my server.conf file in /conf.d apache still not working:

    ● apache2.service - The Apache Webserver
   Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2021-01-05 20:41:51 UTC; 2s ago
  Process: 6032 ExecStop=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful-stop (code=exited, status=1/FAILUR>
  Process: 6231 ExecStart=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k start (code=exited, status=1/FAILURE)
 Main PID: 6231 (code=exited, status=1/FAILURE)
   Status: "Reading configuration..."

Jan 05 20:41:51 FRONT-1 systemd[1]: Starting The Apache Webserver...
Jan 05 20:41:51 FRONT-1 start_apache2[6231]: AH00526: Syntax error on line 6 of /etc/apache2/default-server.conf:
Jan 05 20:41:51 FRONT-1 start_apache2[6231]: DocumentRoot '/srv/www/htdocs' is not a directory, or is not readable
Jan 05 20:41:51 FRONT-1 systemd[1]: apache2.service: Main process exited, code=exited, status=1/FAILURE
Jan 05 20:41:51 FRONT-1 systemd[1]: Failed to start The Apache Webserver.
Jan 05 20:41:51 FRONT-1 systemd[1]: apache2.service: Unit entered failed state.
Jan 05 20:41:51 FRONT-1 systemd[1]: apache2.service: Failed with result 'exit-code'.

    The owner of all directories and files should be root? It is safer to use apache user?

  • malcolmlewismalcolmlewis Knowledge Partner

    @nanoak Hi, normally group is root user is www or both www for the apache files. Is the apache configuration looking in /srv/srv/... and is apache using your config file and not the default one?

  • nanoaknanoak
    edited January 6

    So, my /srv, all of the subdirectories, and all of the files in the subdirectories, belongs to root.
    I'm following the text of the administration guide:
    https://documentation.suse.com/sles/15-SP2/html/SLES-all/cha-apache2.html#sec-apache2-security

    38.8.2 DocumentRoot Permissions

    By default in SUSE Linux Enterprise Server, the DocumentRoot directory /srv/www/htdocs and the CGI directory /srv/www/cgi-bin belong to the user and group root. You should not change these permissions. If the directories are writable for all, any user can place files into them. These files might then be executed by Apache with the permissions of wwwrun, which may give the user unintended access to file system resources. Use subdirectories of /srv/www to place the DocumentRoot and CGI directories for your virtual hosts and make sure that directories and files belong to user and group root.

    I don't know if I'm misunderstanding something, but for security reasons they shouldn't belong to www user and group?

    Is the apache configuration looking in /srv/srv/... and is apache using your config file and not the default one?

    My vhost custom config file is looking in /srv/srv.
    /etc/apache2/default-server.conf is looking in /srv (default config).
    If I modify /etc/apache2/default-server.conf, and replace /srv with /srv/srv, everything works fine. But, by doing so, I'm modifying the default config file, and that can cause problems in a future Apache update right?
    If I manually create /srv/www/htdocs directory, without modifying /etc/apache2/default-server.conf, everything works fine.
    What do you recommend?

  • malcolmlewismalcolmlewis Knowledge Partner

    @nanoak Hi, then leave permissions as is ;)

    So are you using just /srv/www/htdocs? On your external drive, why not just move /srv/www and other directories up a level to remove the extra/srv, then can mount under/srv`?

    Can you show the output from lsblk command when everything mounted.

  • nanoaknanoak
    edited January 6

    This is my fstab

    LABEL=ROOT        /          xfs   defaults  0  0
LABEL=EFI         /boot/efi  vfat  defaults  0  0

LABEL=SCHOOLYARD  /srv       xfs   defaults  0  0
LABEL=SCHOOLYARD  /schoolyard       xfs   defaults  0  0

    And this is the output of lsblk

    NAME        MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
nvme0n1     259:0    0  15G  0 disk 
├─nvme0n1p1 259:1    0   2M  0 part 
├─nvme0n1p2 259:2    0  20M  0 part /boot/efi
└─nvme0n1p3 259:3    0  15G  0 part /
nvme1n1     259:4    0  15G  0 disk 
└─nvme1n1p1 259:5    0  15G  0 part /schoolyard

    I have the disk mounted in two different directories. But it is a shared disk between three front servers. When we make a new deploy of the app, we do it in /schoolyard, and this way the three front ones are updated at the same time. Besides, we have it shared so that the app does not save the same data three times in the database (and other technical reasons with the sessions inside the app).
    The reason for having the path in /srv/... and for not being able to move /srv and its subdirectories one level, is that we use the /srv/.... path in other test servers. When we update the app, we first test it on a development server, whose path is the standard one (/srv/....), we also have the rest of the team testing the updated app on a different server called PRE (again, /srv path), and after making the necessary changes we make the final deployment on the FRONT servers. The point is that there are hardcoded paths in the app source code. And of course, we would have to modify the app code only for the FRONT servers (and their shared schoolyard hard drive) if we were to up the path one level.

    This is part of the standard /etc/apache2/defaulkt-server.conf (Only the first, and the last part of the file)

    #
# Global configuration that will be applicable for all virtual hosts, unless
# deleted here, or overriden elswhere.
# 

DocumentRoot "/srv/www/htdocs"

#
# Configure the DocumentRoot
#
<Directory "/srv/www/htdocs">
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # https://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    # NOTE: For directories where RewriteRule is used, FollowSymLinks
    # or SymLinksIfOwnerMatch needs to be set in Options directive.
    Options None
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    AllowOverride None
    # Controls who can get stuff from this server.
    <IfModule !mod_access_compat.c>
        Require all granted
    </IfModule>
    <IfModule mod_access_compat.c>
        Order allow,deny
        Allow from all
    </IfModule>
</Directory>
# Include all *.conf files from /etc/apache2/conf.d/.
#
# This is mostly meant as a place for other RPM packages to drop in their
# configuration snippet.
#
# You can comment this out here if you want those bits include only in a
# certain virtual host, but not here.
#
IncludeOptional /etc/apache2/conf.d/*.conf

# The manual... if it is installed ('?' means it won't complain)
IncludeOptional /etc/apache2/conf.d/apache2-manual?conf

    And this is my /srv directory

    drwxr-xr-x root root  28 B Wed Jan  6 11:13:02 2021  .
drwxr-xr-x root root 292 B Tue Jan  5 18:51:08 2021  ..
drwxr-xr-x root root  35 B Tue Jan  5 19:02:03 2021  srv
drwxr-x--- root root  20 B Wed Jan  6 11:13:02 2021  www

    Here's /srv/www contents

    drwxr-x--- root root 20 B Wed Jan  6 11:13:02 2021  .
drwxr-xr-x root root 28 B Wed Jan  6 11:13:02 2021  ..
drwxr-x--- root root  6 B Wed Jan  6 11:13:02 2021  htdocs

    I created manually /srv/www/htdocs in order to get apache working.
    sudo mkdir -p /srv/www/htdocs
    But here's the problem, the operating system doesn't work on reboot if I create manually this directory

  • malcolmlewismalcolmlewis Knowledge Partner

    @nanoak Hi, honestly, I would go with your original working setup (even though sub-optimal) after an update run rpmconfigcheck to ensure none of you configs have changed and should be fine.

  • nanoaknanoak

    Yup. I had the same feeling yesterday. Thank you!

Sign In or Register to comment.