Bug 1257352 - nss.load missing from packstack, httpd unable to start.
Summary: nss.load missing from packstack, httpd unable to start.
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-packstack
Version: 7.0 (Kilo)
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 7.0 (Kilo)
Assignee: Ivan Chavero
QA Contact: yeylon@redhat.com
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-08-26 21:18 UTC by Vincent S. Cojot
Modified: 2016-04-18 07:12 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-01-05 20:13:55 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Vincent S. Cojot 2015-08-26 21:18:11 UTC
Description of problem:

While running packstack --allinone, the process stops at:

[..]


10.0.128.164_osclient.pp:                            [ DONE ]
10.0.128.164_horizon.pp:                          [ ERROR ]
Applying Puppet manifests                         [ ERROR ]

ERROR : Error appeared during Puppet run: 10.0.128.164_horizon.pp
Error: Could not start Service[httpd]: Execution of '/usr/bin/systemctl start httpd' returned 1: Job for httpd.service failed. See 'systemctl status httpd.service' and 'journalctl -xn' for details.
You will find full trace in log /var/tmp/packstack/20150826-155841-taA0ML/manifests/10.0.128.164_horizon.pp.log

What happens is that httpd fails to start because of the following error:
[root@osp1 conf.modules.d]# httpd -t -D MODULES
AH00526: Syntax error on line 38 of /etc/httpd/conf.d/nss.conf:
Invalid command 'NSSPassPhraseDialog', perhaps misspelled or defined by a module not included in the server configuration

perhaps /etc/httpd/conf.modules.d got excluded by the truckload of stuff dumped under /etc/httpd/conf.d (there is no matching nss.load there).

As a workaround, I did a:

[root@osp1 ~]# cp -afv /etc/httpd/conf.modules.d/10-nss.conf /etc/httpd/conf.d/nss.load
cp: overwrite '/etc/httpd/conf.d/nss.load'? y
'/etc/httpd/conf.modules.d/10-nss.conf' -> '/etc/httpd/conf.d/nss.load'

This makes the config pass the tests and httpd starts fine:
[root@osp1 ~]# httpd -t -D MODULES
Syntax OK

Would packstack need to a provide a /etc/httpd/conf.d/nss.load file if mod_nss is present on the system?

Version-Release number of selected component (if applicable):
openstack-packstack-2015.1-0.11.dev1616.g5526c38.el7.noarch


How reproducible:
Always

Steps to Reproduce:
1. Install RHEL7.1
2. sudo yum update -y
3. sudo yum install -y https://rdoproject.org/repos/rdo-release.rpm 
4. sudo yum install -y openstack-packstack
5. sudo packstack --allinone

Actual results:
Fails to complete packstack

Expected results:

 **** Installation completed successfully ******

Additional info:
[root@osp1 ~]# rpm -qa httpd\* mod_nss
httpd-devel-2.4.6-31.el7_1.1.x86_64
httpd-2.4.6-31.el7_1.1.x86_64
httpd-tools-2.4.6-31.el7_1.1.x86_64
mod_nss-1.0.8-33.el7.x86_64

Comment 1 Vincent S. Cojot 2015-12-10 14:47:02 UTC
Note that this affects OSP7 and RDO Liberty as well.

Comment 2 Ivan Chavero 2015-12-24 19:31:45 UTC
Packstack is suppoused to be used on a fresh install, if you want to use mod_nss with apache you should configure it after Packstack finishes the OpenStack installation

Comment 3 Vincent S. Cojot 2015-12-27 16:12:03 UTC
Hello,
I disagree with closing this bug as this occurrence was on a fresh install (some of the RHEL install options provide mod_ssl installed unconfigured by default).

I believe this should be a simple case of:
if [ -e /etc/httpd/conf.modules.d/10-nss.conf ]; then
cp /etc/httpd/conf.modules.d/10-nss.conf /etc/httpd/conf.d/nss.load
fi

This would solve the issue altogether as this would make packstack 'safe' on a fresh install where mod_ssl is installed. Note that 'installed' is different from 'configured'.

If you can point me to the routine that creates *.load files from within packstack, I'll submit a patch.

Thanks,

Vincent

Comment 4 Ivan Chavero 2015-12-30 19:25:45 UTC
The file: /etc/httpd/conf.modules.d/10-nss.conf belongs to mod_nss not mod_ssl:

# rpm -qf /etc/httpd/conf.modules.d/10-nss.conf 
mod_nss-1.0.11-6.el7.x86_64


Can you please detail the use cases in which the mod_nss gets installed on a RHEL fresh server install?

It's recommended to use packstack on a RHEL box that has been deployed using the "Minimal Install" [1] option.





[1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-package-selection-x86.html

Comment 5 Vincent S. Cojot 2015-12-30 21:01:00 UTC
Agreed, I meant mod_nss, not mod_ssl sorry about that.
I checked the base install and mod_nss isn't present indeed so I guess it is a non-issue. Still, having packstack do the right thing when mod_nss is present could be viewed as a 'nice-to-have' to improve end-user experience.
Feel free to close this issue if you think it's not needed.
Thank you for your time,
Regards,
Vincent

Comment 6 Ivan Chavero 2016-01-05 20:13:55 UTC
Well, since packstack is recommended to be used on a minimal server install i'm gonna close this issue.


Note You need to log in before you can comment on or make changes to this bug.