Bug 1257352 - nss.load missing from packstack, httpd unable to start.
nss.load missing from packstack, httpd unable to start.
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-packstack (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: 7.0 (Kilo)
Assigned To: Ivan Chavero
: Reopened, ZStream
Depends On:
  Show dependency treegraph
Reported: 2015-08-26 17:18 EDT by Vincent S. Cojot
Modified: 2016-04-18 03:12 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-01-05 15:13:55 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Vincent S. Cojot 2015-08-26 17:18:11 EDT
Description of problem:

While running packstack --allinone, the process stops at:

[..]                            [ DONE ]                          [ ERROR ]
Applying Puppet manifests                         [ ERROR ]

ERROR : Error appeared during Puppet run:
Error: Could not start Service[httpd]: Execution of '/usr/bin/systemctl start httpd' returned 1: Job for httpd.service failed. See 'systemctl status httpd.service' and 'journalctl -xn' for details.
You will find full trace in log /var/tmp/packstack/20150826-155841-taA0ML/manifests/

What happens is that httpd fails to start because of the following error:
[root@osp1 conf.modules.d]# httpd -t -D MODULES
AH00526: Syntax error on line 38 of /etc/httpd/conf.d/nss.conf:
Invalid command 'NSSPassPhraseDialog', perhaps misspelled or defined by a module not included in the server configuration

perhaps /etc/httpd/conf.modules.d got excluded by the truckload of stuff dumped under /etc/httpd/conf.d (there is no matching nss.load there).

As a workaround, I did a:

[root@osp1 ~]# cp -afv /etc/httpd/conf.modules.d/10-nss.conf /etc/httpd/conf.d/nss.load
cp: overwrite '/etc/httpd/conf.d/nss.load'? y
'/etc/httpd/conf.modules.d/10-nss.conf' -> '/etc/httpd/conf.d/nss.load'

This makes the config pass the tests and httpd starts fine:
[root@osp1 ~]# httpd -t -D MODULES
Syntax OK

Would packstack need to a provide a /etc/httpd/conf.d/nss.load file if mod_nss is present on the system?

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install RHEL7.1
2. sudo yum update -y
3. sudo yum install -y https://rdoproject.org/repos/rdo-release.rpm 
4. sudo yum install -y openstack-packstack
5. sudo packstack --allinone

Actual results:
Fails to complete packstack

Expected results:

 **** Installation completed successfully ******

Additional info:
[root@osp1 ~]# rpm -qa httpd\* mod_nss
Comment 1 Vincent S. Cojot 2015-12-10 09:47:02 EST
Note that this affects OSP7 and RDO Liberty as well.
Comment 2 Ivan Chavero 2015-12-24 14:31:45 EST
Packstack is suppoused to be used on a fresh install, if you want to use mod_nss with apache you should configure it after Packstack finishes the OpenStack installation
Comment 3 Vincent S. Cojot 2015-12-27 11:12:03 EST
I disagree with closing this bug as this occurrence was on a fresh install (some of the RHEL install options provide mod_ssl installed unconfigured by default).

I believe this should be a simple case of:
if [ -e /etc/httpd/conf.modules.d/10-nss.conf ]; then
cp /etc/httpd/conf.modules.d/10-nss.conf /etc/httpd/conf.d/nss.load

This would solve the issue altogether as this would make packstack 'safe' on a fresh install where mod_ssl is installed. Note that 'installed' is different from 'configured'.

If you can point me to the routine that creates *.load files from within packstack, I'll submit a patch.


Comment 4 Ivan Chavero 2015-12-30 14:25:45 EST
The file: /etc/httpd/conf.modules.d/10-nss.conf belongs to mod_nss not mod_ssl:

# rpm -qf /etc/httpd/conf.modules.d/10-nss.conf 

Can you please detail the use cases in which the mod_nss gets installed on a RHEL fresh server install?

It's recommended to use packstack on a RHEL box that has been deployed using the "Minimal Install" [1] option.

[1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-package-selection-x86.html
Comment 5 Vincent S. Cojot 2015-12-30 16:01:00 EST
Agreed, I meant mod_nss, not mod_ssl sorry about that.
I checked the base install and mod_nss isn't present indeed so I guess it is a non-issue. Still, having packstack do the right thing when mod_nss is present could be viewed as a 'nice-to-have' to improve end-user experience.
Feel free to close this issue if you think it's not needed.
Thank you for your time,
Comment 6 Ivan Chavero 2016-01-05 15:13:55 EST
Well, since packstack is recommended to be used on a minimal server install i'm gonna close this issue.

Note You need to log in before you can comment on or make changes to this bug.