Red Hat Bugzilla – Bug 1257352
nss.load missing from packstack, httpd unable to start.
Last modified: 2016-04-18 03:12:00 EDT
Description of problem: While running packstack --allinone, the process stops at: [..] 10.0.128.164_osclient.pp: [ DONE ] 10.0.128.164_horizon.pp: [ ERROR ] Applying Puppet manifests [ ERROR ] ERROR : Error appeared during Puppet run: 10.0.128.164_horizon.pp Error: Could not start Service[httpd]: Execution of '/usr/bin/systemctl start httpd' returned 1: Job for httpd.service failed. See 'systemctl status httpd.service' and 'journalctl -xn' for details. You will find full trace in log /var/tmp/packstack/20150826-155841-taA0ML/manifests/10.0.128.164_horizon.pp.log What happens is that httpd fails to start because of the following error: [root@osp1 conf.modules.d]# httpd -t -D MODULES AH00526: Syntax error on line 38 of /etc/httpd/conf.d/nss.conf: Invalid command 'NSSPassPhraseDialog', perhaps misspelled or defined by a module not included in the server configuration perhaps /etc/httpd/conf.modules.d got excluded by the truckload of stuff dumped under /etc/httpd/conf.d (there is no matching nss.load there). As a workaround, I did a: [root@osp1 ~]# cp -afv /etc/httpd/conf.modules.d/10-nss.conf /etc/httpd/conf.d/nss.load cp: overwrite '/etc/httpd/conf.d/nss.load'? y '/etc/httpd/conf.modules.d/10-nss.conf' -> '/etc/httpd/conf.d/nss.load' This makes the config pass the tests and httpd starts fine: [root@osp1 ~]# httpd -t -D MODULES Syntax OK Would packstack need to a provide a /etc/httpd/conf.d/nss.load file if mod_nss is present on the system? Version-Release number of selected component (if applicable): openstack-packstack-2015.1-0.11.dev1616.g5526c38.el7.noarch How reproducible: Always Steps to Reproduce: 1. Install RHEL7.1 2. sudo yum update -y 3. sudo yum install -y https://rdoproject.org/repos/rdo-release.rpm 4. sudo yum install -y openstack-packstack 5. sudo packstack --allinone Actual results: Fails to complete packstack Expected results: **** Installation completed successfully ****** Additional info: [root@osp1 ~]# rpm -qa httpd\* mod_nss httpd-devel-2.4.6-31.el7_1.1.x86_64 httpd-2.4.6-31.el7_1.1.x86_64 httpd-tools-2.4.6-31.el7_1.1.x86_64 mod_nss-1.0.8-33.el7.x86_64
Note that this affects OSP7 and RDO Liberty as well.
Packstack is suppoused to be used on a fresh install, if you want to use mod_nss with apache you should configure it after Packstack finishes the OpenStack installation
Hello, I disagree with closing this bug as this occurrence was on a fresh install (some of the RHEL install options provide mod_ssl installed unconfigured by default). I believe this should be a simple case of: if [ -e /etc/httpd/conf.modules.d/10-nss.conf ]; then cp /etc/httpd/conf.modules.d/10-nss.conf /etc/httpd/conf.d/nss.load fi This would solve the issue altogether as this would make packstack 'safe' on a fresh install where mod_ssl is installed. Note that 'installed' is different from 'configured'. If you can point me to the routine that creates *.load files from within packstack, I'll submit a patch. Thanks, Vincent
The file: /etc/httpd/conf.modules.d/10-nss.conf belongs to mod_nss not mod_ssl: # rpm -qf /etc/httpd/conf.modules.d/10-nss.conf mod_nss-1.0.11-6.el7.x86_64 Can you please detail the use cases in which the mod_nss gets installed on a RHEL fresh server install? It's recommended to use packstack on a RHEL box that has been deployed using the "Minimal Install" [1] option. [1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-package-selection-x86.html
Agreed, I meant mod_nss, not mod_ssl sorry about that. I checked the base install and mod_nss isn't present indeed so I guess it is a non-issue. Still, having packstack do the right thing when mod_nss is present could be viewed as a 'nice-to-have' to improve end-user experience. Feel free to close this issue if you think it's not needed. Thank you for your time, Regards, Vincent
Well, since packstack is recommended to be used on a minimal server install i'm gonna close this issue.