Running IPA on the same host running RHEV-M was supported in version 3.0 and is not supported anymore. As side effect of the IPA setup, you'll have Apache mod_nss configured for binding https on standard port 443.
When upgrading to a newer RHEV-M releases if the mod_nss configuration file is still around it will cause a failure when trying to configure Apache mod_ssl for binding https on port 443 since it's already used by mod_nss.
So when upgrading from 3.0 the file /etc/httpd/conf.d/nss.conf should be removed or configured properly for not using port 443
Created attachment 879512[details]
upg-log.tgz
Description of problem:
Have upgraded engine since 3.0 and when upgrade 3.2 => 3.3 (is35.1) got the message:
...
[ INFO ] Restarting httpd
[WARNING] Engine port was modified from port 8080 to 80. Consider to run rename script to re-issue web certificate with current port within AIA extension.
[ INFO ] Stage: Clean up
...
However httpd is unable to run thus port 80/443 is not working. Problem here is mod_nss which is leftover from 3.0 when we used IPA. During removal (3.1?) we get rid of freeipa-server|ipa-server but mod_nss.
/etc/httpd/conf.d/nss.conf:
Listen 443
Removing that httpd conf solve the issue.
Version-Release number of selected component (if applicable):
rhevm-setup-3.3.2-0.50.el6ev.noarch
mod_nss-1.0.8-19.el6_5.x86_64
How reproducible:
Steps to Reproduce:
1. to have chain upgrade since 3.0 => 3.2
2. upgrade to 3.3
3.
Actual results:
Expected results:
Additional info:
httpd:
Starting httpd: [Thu Mar 27 14:52:34 2014] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
(98)Address already in use: make_sock: could not bind to address [::]:443
Running IPA on the same host running RHEV-M was supported in version 3.0 and is not supported anymore. As side effect of the IPA setup, you'll have Apache mod_nss configured for binding https on standard port 443.
When upgrading to a newer RHEV-M releases if the mod_nss configuration file is still around it will cause a failure when trying to configure Apache mod_ssl for binding https on port 443 since it's already used by mod_nss.
So when upgrading from 3.0 the file /etc/httpd/conf.d/nss.conf should be removed or configured properly for not using port 443
Moving to ON_QA for allowing documentation provided to be verified.
Verified according to comment 4.
1. reproduced and failed to upgrade to 3.3 from 3.2 when /etc/httpd/conf.d/nss.conf was configured.
2. removed package mod_nss and deleted /etc/httpd/conf.d/nss.conf before upgrade from 3.2 to 3.3 - upgrade was successful.
Created attachment 879512 [details] upg-log.tgz Description of problem: Have upgraded engine since 3.0 and when upgrade 3.2 => 3.3 (is35.1) got the message: ... [ INFO ] Restarting httpd [WARNING] Engine port was modified from port 8080 to 80. Consider to run rename script to re-issue web certificate with current port within AIA extension. [ INFO ] Stage: Clean up ... However httpd is unable to run thus port 80/443 is not working. Problem here is mod_nss which is leftover from 3.0 when we used IPA. During removal (3.1?) we get rid of freeipa-server|ipa-server but mod_nss. /etc/httpd/conf.d/nss.conf: Listen 443 Removing that httpd conf solve the issue. Version-Release number of selected component (if applicable): rhevm-setup-3.3.2-0.50.el6ev.noarch mod_nss-1.0.8-19.el6_5.x86_64 How reproducible: Steps to Reproduce: 1. to have chain upgrade since 3.0 => 3.2 2. upgrade to 3.3 3. Actual results: Expected results: Additional info: httpd: Starting httpd: [Thu Mar 27 14:52:34 2014] [warn] _default_ VirtualHost overlap on port 443, the first has precedence (98)Address already in use: make_sock: could not bind to address [::]:443