Bug 697113

Summary: Service httpd not start using service httpd start
Product: [Fedora] Fedora Reporter: Muzi <muzammel.linux>
Component: httpdAssignee: Joe Orton <jorton>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 14CC: jorton, pahan
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-16 13:37:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Muzi 2011-04-15 21:21:11 UTC 
Description of problem:
Upgrade from FC13 to FC14 breaks the service httpd start normally.

Version-Release number of selected component (if applicable): 2.2.17-1.fc14.i686


How reproducible:


Steps to Reproduce:
1. upgrade FC13 to FC14
2. start httpd service (service httpd start)
3.
  
Actual results:
1. # service httpd start
2. Starting httpd: [FAILED]


Actual results:
Starting httpd: [FAILED]


Expected results:
Starting httpd: [  OK  ]


Additional info:

httpd works f9 4 me till FC13 i have upgraded to FC14 now its stop working. Its has some conflict with ssl.conf

[root@myserver]# /etc/init.d/httpd start
Starting httpd:                                            [  FAILED  ]

[root@myserver]# mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.bk

[root@myserver]# /etc/init.d/httpd start
Starting httpd:                                            [  OK  ]

Error logs shows below during httpd failed to start.

[Fri Apr 15 21:18:20 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Apr 15 21:18:21 2011] [notice] SSL FIPS mode disabled

ssl.conf is default one file. I have not modified it for custom settings.
Comment 1 Joe Orton 2011-04-16 08:05:01 UTC 
With the SSL configuration in place:

1) Does running "/usr/sbin/httpd" directly work, or have any output?

2) Is there any output from running "httpd -t"?

3) Does httpd start if you use permissive SELinux mode ("setenforce Permissive" as root; remember to reset to Enforcing after testing)
Comment 2 Muzi 2011-04-16 16:33:31 UTC 
Stop apache and mv ssl.conf.bk to ssl.conf and then do below 

1)

[root@myserver]# /usr/sbin/httpd                      
[root@myserver]# ps -ef | grep httpd    
root      8818  8816  0 05:11 ?        00:00:00 sudo tail -c 0 /var/log/httpd/www.myserver.com.access_log                                                                                     
root     10889 10818  0 16:25 pts/0    00:00:00 grep --color=auto httpd

2) 
                               
[root@myserver]# httpd -t                           
Syntax OK           

3) Selinux is already disabled.

     SELINUX=disabled
Comment 3 Muzi 2011-04-16 19:06:06 UTC 
Well i have now successfully resolved the mystery :) 

I have enabled debug log and nothing special found in it, but i see that as ssl.conf have localhost.crt line so they generating temporarly private keys. For sixsense i view the localhost.crt, its CN value is != localhost , i have now copied localhost.crt file from other fc14 machine, and now apache is started f9 with SSL (ssl.conf).

Suggestion: I think it atleast tell in debug if CN value is mismatch and its failed to start apache via ssl.conf, as its difficult to trace the problem with out showing any reason also in debug log.
Comment 4 Muzi 2011-04-16 19:18:07 UTC 
A(In reply to comment #3)
> Well i have now successfully resolved the mystery :) 
> 
> I have enabled debug log and nothing special found in it, but i see that as
> ssl.conf have localhost.crt line so they generating temporarly private keys.
> For sixsense i view the localhost.crt, its CN value is != localhost , i have
> now copied localhost.crt file from other fc14 machine, and now apache is
> started f9 with SSL (ssl.conf).

Also localhost.crt is expired, as machine is old and localhost.crt is also old.

> 
> Suggestion: I think it atleast tell in debug if CN value is mismatch and its
> failed to start apache via ssl.conf, as its difficult to trace the problem with
> out showing any reason also in debug log.

Or if cert is expired, so atleast shows in debug log, which helpful to fix the problem with out wasiting time.

Thanks
Muzi
Comment 5 Joe Orton 2012-05-10 20:16:04 UTC 
Thanks for the update.  Was there not an error logged to /var/log/httpd/ssl_error_log at least?  It can be confusing where these errors end up.
Comment 6 Fedora End Of Life 2012-08-16 13:37:34 UTC 
This message is a notice that Fedora 14 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 14. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained.  At this time, all open bugs with a Fedora 'version'
of '14' have been closed as WONTFIX.

(Please note: Our normal process is to give advanced warning of this 
occurring, but we forgot to do that. A thousand apologies.)

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, feel free to reopen 
this bug and simply change the 'version' to a later Fedora version.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we were unable to fix it before Fedora 14 reached end of life. If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora, you are encouraged to click on 
"Clone This Bug" (top right of this page) and open it against that 
version of Fedora.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping