Bug 1367188

Summary: Satellite's httpd gets broken with every update of mod_ssl package
Product: Red Hat Satellite Reporter: Lukas Pramuk <lpramuk>
Component: InstallationAssignee: Chris Roberts <chrobert>
Status: CLOSED DUPLICATE QA Contact: Lukas Pramuk <lpramuk>
Severity: high Docs Contact:
Priority: medium    
Version: 6.2.0CC: bbuckingham, chrobert, cwelton
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-14 17:44:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lukas Pramuk 2016-08-15 19:43:08 UTC 
Description of problem:
Satellite's httpd gets broken with every update of mod_ssl package.
As new version of mod_ssl package is released then yum update command breaks Satellite's httpd.

mod_ssl provides config file /etc/httpd/conf.d/ssl.conf with conflicting directive 'Listen 443 https' that causes httpd to fail to start:

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443

Version-Release number of selected component (if applicable):
Satellite 6.2.1

How reproducible:
100%

Steps to Reproduce:
1. update mod_ssl rpm
2. httpd is no longer running
3. restrt of httpd fails
# systemctl restart  httpd.service
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.

Actual results:
with every mod_ssl update ssl.conf breaks httpd, as ssl.conf is not present so it gets deployed as ssl.conf

Expected results:
when crafting Satellite ssl config files the puppet should take into account also ssl.conf file and not to just delete it. With mod_ssl update it would then deploy ssl.conf as ssl.conf.rpmnew (and thus not breaking httpd)

Additional info:
commenting out 'Listen 443 https' in ssl.conf allows httpd to start again
(but other ssl directives here may overide Satellite's ones)
Comment 3 Lukas Pramuk 2016-08-16 12:15:51 UTC 
Tested that with empty ssl.conf the Satellite survived mod_ssl update:

1. # cat <<< '' > /etc/httpd/conf.d/ssl.conf
2. # yum update
...

Updated:
  httpd.x86_64 0:2.4.6-45.el7          httpd-tools.x86_64 0:2.4.6-45.el7          mod_ssl.x86_64 1:2.4.6-45.el7         


3. httpd is still running
Comment 5 Lukas Pramuk 2016-08-16 15:53:40 UTC 
Standalone Capsule 6.2 is also affected by this bug as ssl.conf is not present at capsule too.

# ll /etc/httpd/conf.d/ssl.conf
ls: cannot access /etc/httpd/conf.d/ssl.conf: No such file or directory
Comment 6 Chris Roberts 2016-09-14 17:44:22 UTC 
Marking as a dup of 

1336365

which is in release pending for 6.2.2

*** This bug has been marked as a duplicate of bug 1336365 ***