• 10/10/2003

Using Apache with HP MPE/iX

This document explains how to compile, install, configure and run Apache 1.3 under HP MPE/iX.

The bug reporting page and new-httpd mailing list are NOT provided to answer questions about configuration or running Apache. Before you submit a bug report or request, first consult this document, the Frequently Asked Questions page and the other relevant documentation topics. If you still have a question or problem, post it to the comp.sys.hp.mpe newsgroup or the associated HP3000-L mailing list, where many Apache users and several contributors are more than willing to answer new and obscure questions about using Apache on MPE/iX.

deja.com’s newsgroup archives offer easy browsing of previous questions. Searching the newsgroup archives, you will usually find your question was already asked and answered by other users!

Requirements

Apache 1.3 requires MPE/iX 6.0 or greater.  It will NOT run on earlier releases of MPE/iX.  The following MPE/iX patches (or their superseding descendants) are relevant to Apache:

  • MPE/iX 6.0:
    • MPEKXT3B – fixes an MPE bug that results in transient “permission denied” errors being returned by the server to the browser.
    • MPELX36A – enhances the kill() function so that MPE users with SM capability can send signals to Apache for shutdown, restart, etc.
    • MPELX44C – fixes an MPE bug that prevents DSO modules from being dynamically loaded.
    • MPELX51C – enhances the kill() function so that Apache can use it when the Apache parent UID is different from the Apache children UID (strongly recommended).
    • NSTxxxxx – the latest network transport patch should always be installed when using TCP/IP applications such as Apache.
  • MPE/iX 6.5:
    • MPELX44D – fixes an MPE bug that prevents DSO modules from being dynamically loaded.
    • MPELX51D – enhances the kill() function so that Apache can use it when the Apache parent UID is different from the Apache children UID (strongly recommended).
    • NSTxxxxx – the latest network transport patch should always be installed when using TCP/IP applications such as Apache.

Implementation Considerations

While MPE has a very good POSIX implementation that enables fairly simple porting of Unix applications such as Apache, there are some Unix concepts which just don’t exist or aren’t fully implemented in MPE, and so this may force some functionality changes in the package being ported.

Significant MPE vs. Unix OS differences

  • MPE lacks the concept of a Unix UID=0 root user with special privileges.  Where Unix functions require a user to be executing as root, MPE requires the user to be executing in priv mode, so the program file must be linked with PM (Priv Mode) capability, and the Unix function calls must be bracketed by GETPRIVMODE() and GETUSERMODE() calls.  The following Unix functions used by Apache are affected:
    • bind() for ports less than 1024
    • setgid()
    • setuid()
  • MPE’s support for UIDs and GIDs is more limited than Unix.  Every MPE account maps to a unique GID.  Each MPE account can contain multiple MPE users, and every MPE user maps to a unique UID (UID 0 is not supported).  The current UID for a process must correspond to an MPE user within the MPE account that corresponds to the current GID of the process.
  • MPE child processes cannot survive the death of their parent.  When the parent terminates, any remaining children will be killed.
  • MPE doesn’t initialize the envp parameter when invoking the main() of a new process.  Use the global variable environ instead of envp.
  • MPE link() exists, but always returns EIMPL.  Use rename() or symlinks instead of hard links.
  • MPE doesn’t allow the @ character in filenames.
  • MPE lacks support for TCP_NODELAY, but that’s the default anyway.
  • MPE lacks support for SO_KEEPALIVE.
  • MPE lacks support for process groups.
  • MPE inetd only passes stdin (and NOT stdout) to the invoked service.  But you can write to stdin just fine.

Major Apache functionality issues

  • Beginning with HP-supported Apache 1.3.9 and HP WebWise MPE/iX Secure Web Server A.01.00 (based on Apache 1.3.9), the User and Group directives in httpd.conf are now unconditionally executed as corresponding setuid()/setgid() calls.  Previously this was only done if HTTPD was being run as MANAGER.SYS.  This functionality change was submitted back to the 1.3.13-dev source tree at www.apache.org.  The Apache for Unix behavior is to only honor User and Group if running as root.
  • Beginning with HP-supported Apache 1.3.9 and HP WebWise MPE/iX Secure Web Server A.01.00 (based on Apache 1.3.9), the SVIPC shared memory macros SHM_R and SHM_W have been modified from their traditional owner-only-read and owner-only-write values to be owner-and-group-read and owner-and-group-write on MPE/iX in order to allow increased parent/child flexibility in spite of MPE’s limited POSIX UID/GID support.  This functionality change was submitted back to the 1.3.13-dev source tree at www.apache.org.  The Apache for Unix behavior uses the traditional owner-only values of SHM_R and SHM_W.

Minor Apache functionality issues

  • Apache for Unix must be run as root to bind to TCP ports 1-1023. Apache for MPE must call GETPRIVMODE() to bind to TCP ports 1-1023; PM is not used for ports greater than 1023. The standard web server HTTP port is 80.
  • Apache for Unix in standalone mode will detach itself and run in the background as a system-type process. Apache for MPE in standalone mode cannot detach itself and run in the background because MPE POSIX doesn’t allow this (the detached child would be killed when the parent terminated).  Therefore you must use an MPE batch job to run Apache in standalone mode.
  • Apache for Unix uses process groups to manage child processes. Apache for MPE cannot use process groups because MPE POSIX doesn’t support this. The implications of this are unknown.
  • Apache for Unix uses the setsockopt() option TCP_NODELAY. Apache for MPE does not, because MPE doesn’t support it. But TCP_NODELAY is the default MPE behavior anyway.
  • Apache for Unix uses the setsockopt() option SO_KEEPALIVE.  Apache for MPE does not, because MPE doesn’t support it.
  • Apache for Unix under inetd reads from the socket via stdin and writes via stdout. Apache for MPE under inetd reads *AND* writes the socket via stdin. I consider MPE 5.5 inetd to be broken and poorly documented, so I submitted SR 5003355016 to address this. If HP ever alters the MPE inetd to pass the socket the way HPUX inetd does (not likely in the grand scheme of things), the existing Apache for MPE code will break.
  • Apache for Unix will use the @ character in proxy cache filenames, but since @ is illegal in MPE filenames, Apache for MPE uses the % character instead.

Binary Distributions

HP ships a fully supported Apache binary distribution with the Fundamental Operating System (FOS) in MPE/iX 6.5 and later.  This distribution can be found in the APACHE account.

HP supplies fully supported Apache binary distributions for MPE/iX 6.0 or later available for downloading from http://jazz.external.hp.com/src/apache/.

Mark Bixby supplies Apache binary distributions for MPE/iX available for downloading from http://www.bixby.org/mark/apacheix.html.  Binaries from bixby.org are NOT supported by HP.  HP only supports binaries distributed by HP.

All of the binary distributions mentioned above may possibly include functionality that hasn’t yet been submitted back to the Apache Software Foundation (though submitting back is the intended goal).  Please read the documentation that comes with these binaries in order to determine functionality differences (if any) compared to the latest sources available from the ASF.

If you will be using one of these binary distributions, please stop reading this document and start reading the specific distribution documentation for installation details.

Create the Accounting Structure

Apache can be installed under the account of your choice.  For the purposes of this document, the APACHE account will be used:

  1. :HELLO MANAGER.SYS
  2. :NEWACCT APACHE,MGR
  3. :ALTACCT APACHE;PASS=xxxxxxxx;CAP=AM,AL,ND,SF,BA,IA,PM,PH
  4. :ALTGROUP PUB.APACHE;CAP=BA,IA,PM,PH;ACCESS=(R,L,X:AC;W,A,S:AL)
  5. :ALTUSER MGR.APACHE;CAP=AM,AL,ND,SF,BA,IA,PM,PH;HOME=PUB
  6. :NEWUSER SERVER.APACHE
  7. :ALTUSER SERVER.APACHE;CAP=ND,SF,BA,IA,PH;HOME=PUB

Downloading Apache

Use your web browser to download the Apache source tarball from http://www.apache.org/dist/.  Then ftp upload the tarball to your e3000 as show below:

C:\Temp>ftp 3000.host.name
Connected to 3000.host.name.
220 HP ARPA FTP Server [A0009H09] (C) Hewlett-Packard Co. 1990
User (3000.host.name:(none)): MGR.APACHE
331 Password required for MGR.APACHE.  Syntax: acctpass
Password:xxxxxxxx
230 User logged on
ftp> quote type L 8
200 Type set to L (byte size 8).
ftp> put apache_v.u.ff.tar.Z /tmp/apache.tar.Z
200 PORT command ok.
150 File: /tmp/apache.tar.Z opened; data connection will be opened
226 Transfer complete.
ftp: 2685572 bytes sent in 2.75Seconds 976.57Kbytes/sec.
ftp> quit
221 Server is closing command connection

Unpack the tarball:

  1. :HELLO MGR.APACHE
  2. :XEQ SH.HPBIN.SYS -L
  3. $ mkdir src
  4. $ chmod 700 src
  5. $ cd src
  6. $ tar xvfopz /tmp/apache.tar.Z

Compiling Apache

It is STRONGLY recommended to use gcc instead of the HP C/iX compiler.  You can obtain gcc from http://jazz.external.hp.com/src/gnu/gnuframe.html.

  1. $ cd apache_v.uu.ff
  2. $ ./configure –prefix=/APACHE/PUB –enable-module=xxx –enable-module=yyy …etc…
  3. $ make

Installing Apache

  1. $ make install
  2. $ cd /APACHE/PUB
  3. $ mv bin/httpd HTTPD
  4. $ ln -s HTTPD bin/httpd
  5. $ callci “xeq linkedit.pub.sys ‘altprog HTTPD;cap=ia,ba,ph,pm'”

Configuring Apache

Edit /APACHE/PUB/conf/httpd.conf and customize as needed for your environment.  Be sure to make the following mandatory changes:

  • User SERVER.APACHE
  • Group APACHE

Running Apache

Simply create and :STREAM the following standalone server job in order to start Apache:

!JOB JHTTPD,MGR.APACHE;OUTCLASS=,2
!XEQ SH.HPBIN.SYS "-c 'umask 007; ./HTTPD -f /APACHE/PUB/conf/httpd.conf'"
!eoj

Controlling Apache

Log on as MGR.APACHE (or MANAGER.SYS or any other SM user if you’ve installed MPELX36A on 6.0) in order to shutdown or restart Apache via the use of signals.

To shut down Apache from the POSIX shell:

$ kill `cat /APACHE/PUB/logs/httpd.pid`

To shut down Apache from the CI:

:XEQ SH.HPBIN.SYS '-c "kill `cat /APACHE/PUB/logs/httpd.pid`"'

Apache HTTP Server

Close Bitnami banner
Bitnami