Saturday, 23 December 2017

IBM HTTP Server on Windows - 32-bit or 64-bit ?

Following a previous post: -


I'm continuing to tinker with IBM HTTP Server (IHS) 9.0 on Windows.

Most of my work involves Unix ( Linux, AIX, macOS ), so Windows is relatively new to me, leastways in the context of IBM middleware etc.

So, given that I'm running a 64-bit version of Windows: -


I assumed that I could use the 64-bit version of the WebSphere Plugin: -

LoadModule was_ap24_module "c:\IBM\WebSphere\Plugins\bin\64bits\mod_was_ap24_http.dll"

Alas, no, not possible :-(

I see this when I start IHS: -

httpd.exe: Syntax error on line 806 of C:/IBM/HTTPServer/WAS/conf/httpd.conf: Cannot load c:\\IBM\\WebSphere\\Plugins\\bin\\64bits\\mod_was_ap24_http.dll into server: %1 is not a valid Win32 application.

I checked the underlying Apache binaries: -

c:\IBM\HTTPServer\bin\apache.exe -v

Server version: IBM_HTTP_Server/9.0.0.6 (Win32)
Server built:   Oct 10 2017 20:22:21


c:\IBM\HTTPServer\bin\apache.exe -V

Server version: IBM_HTTP_Server/9.0.0.6 (Win32)
Apache version: 2.4.12 (with additional fixes)
Server built:   Oct 10 2017 20:22:21
Build level:    RIHSX.IHS/webIHS1741.01
Server's Module Magic Number: 20120211:57
Server loaded:  APR 1.5.1, APR-UTIL 1.5.2
Compiled using: APR 1.5.1, APR-UTIL 1.5.2
Architecture:   32-bit
Operating System: Windows
Server MPM:     WinNT
  threaded:     yes (fixed thread count)
    forked:     no
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses disabled)
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/apache"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error.log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"
Apache vulnerability fixes included:
  CVE-2009-1191  CVE-2009-1890  CVE-2009-3094  CVE-2009-3095
  CVE-2010-0434  CVE-2010-0425  CVE-2010-0408  CVE-2009-3555
  CVE-2010-1452  CVE-2010-1623  CVE-2011-3368  CVE-2011-3607
  CVE-2011-3192  CVE-2011-3348  CVE-2011-4317  CVE-2012-0021
  CVE-2012-0031  CVE-2012-0053  CVE-2012-0883  CVE-2012-2687
  CVE-2012-3502  CVE-2012-4558  CVE-2012-3499  CVE-2013-2249
  CVE-2013-1896  CVE-2013-4352  CVE-2013-6438  CVE-2014-0098
  CVE-2014-0963  CVE-2014-0231  CVE-2014-0118  CVE-2014-0226
  CVE-2014-3523  CVE-2014-0117  CVE-2013-5704  CVE-2014-8109
  CVE-2014-3581  CVE-2014-3583  CVE-2015-0253  CVE-2015-3185
  CVE-2015-3183  CVE-2015-1829  CVE-2014-8730  CVE-2015-0228
  CVE-2015-4947  CVE-2015-1283  CVE-2015-7420  CVE-2016-0201
  CVE-2016-0718  CVE-2016-5387  CVE-2012-0876  CVE-2016-4472
  CVE-2016-8743  CVE-2017-3169  CVE-2017-3167  CVE-2017-7668
  CVE-2017-7679  CVE-2017-12618  CVE-2017-9798

even though I chose to install the 64-bit version of IHS itself: -

  <profile id='IBM HTTP Server V9.0' installLocation='c:\IBM\HTTPServer'>
    <data key='cic.selector.arch' value='x86_64'/>
    <data key='user.ihs.http.server.service.name.key' value='IBMHTTPServerV9.0'/>
    <data key='user.ihs.http.server.service.name' value='IBM HTTP Server V9.0'/>
    <data key='user.ihs.win.serverServiceStartType' value='auto'/>
    <data key='user.ihs.win.serverServicePassword' value='XjTveChg5ba6olBVMK/Reg=='/>
    <data key='user.ihs.allowNonRootSilentInstall' value='true'/>
    <data key='user.ihs.win.serverServiceLogOnAsLocalSystem' value='true'/>
    <data key='user.ihs.installHttpService' value='false'/>
    <data key='user.ihs.win.serverServiceUser' value='Administrator'/>
    <data key='user.ihs.httpPort' value='8080'/>
  </profile>


which explains everything.

Once I changed IHS, from: -

LoadModule was_ap24_module "c:\IBM\WebSphere\Plugins\bin\64bits\mod_was_ap24_http.dll"

to: -

LoadModule was_ap24_module "c:\IBM\WebSphere\Plugins\bin\32bits\mod_was_ap24_http.dll"

everything was fine.

It's also worth noting that, given that I'm running Apache 2.4 under the covers, the syntax in the httpd.conf is to use was_ap24_module rather than was_ap22_module.

I'm not sure I've paid much attention to 2.2 vs 2.4 in the past, but it's more important with v9.0, as per this: -

Migrating to IBM HTTP Server 9.0

Migrate an IBM® HTTP Server, Version 7 or 8 server, to IBM HTTP Server 9.0. Because IHS 9.0 is based on Apache 2.4, you must modify your existing configuration.


This document describes changes in Apache HTTP Server 2.4 that might require you to change your configuration or how you use the server in order to use IHS 9.0 (Based on Apache 2.4) as you are currently using IHS 7.0 or 8.x (based on Apache 2.2) . For step by step instructions on migrating a configuration file, see the "Migrating a configuration" section below.

2 comments:

Danny said...

hi, i'm new to this.

Do this ibm http server support clustering?
Can it support active/active setup?

Dave Hay said...

Morning, Danny

Thanks for the comment.

So, in broad terms, no, there's no concept of clustering per se, as the web servers typically hold little/no state and don't typically have applications deployed to them. Instead, they act as front-end focal points for web application servers e.g. WebSphere Application Server, Tomcat etc. which can/should be clustered.

Traffic to the front-end web server - IBM HTTP Server, Apache etc. - is aggregated by an HTTP load balancer, such as F5 Network's BigIP device or similar LB services such as that provided by Amazon Web Services.

Therefore, you can/should have multiple instances of an active web server, typically >2 such instances ( whether physical or virtual ) per data centre, aiming to avoid single points of failure and provide resilience and availability.

Hope this is of some help

Dave

Note to self - use kubectl to query images in a pod or deployment

In both cases, we use JSON ... For a deployment, we can do this: - kubectl get deployment foobar --namespace snafu --output jsonpath="{...