Red Hat Bugzilla – Bug 1257352
nss.load missing from packstack, httpd unable to start.
Last modified: 2016-04-18 03:12:00 EDT
Description of problem:
While running packstack --allinone, the process stops at:
10.0.128.164_osclient.pp: [ DONE ]
10.0.128.164_horizon.pp: [ ERROR ]
Applying Puppet manifests [ ERROR ]
ERROR : Error appeared during Puppet run: 10.0.128.164_horizon.pp
Error: Could not start Service[httpd]: Execution of '/usr/bin/systemctl start httpd' returned 1: Job for httpd.service failed. See 'systemctl status httpd.service' and 'journalctl -xn' for details.
You will find full trace in log /var/tmp/packstack/20150826-155841-taA0ML/manifests/10.0.128.164_horizon.pp.log
What happens is that httpd fails to start because of the following error:
[root@osp1 conf.modules.d]# httpd -t -D MODULES
AH00526: Syntax error on line 38 of /etc/httpd/conf.d/nss.conf:
Invalid command 'NSSPassPhraseDialog', perhaps misspelled or defined by a module not included in the server configuration
perhaps /etc/httpd/conf.modules.d got excluded by the truckload of stuff dumped under /etc/httpd/conf.d (there is no matching nss.load there).
As a workaround, I did a:
[root@osp1 ~]# cp -afv /etc/httpd/conf.modules.d/10-nss.conf /etc/httpd/conf.d/nss.load
cp: overwrite '/etc/httpd/conf.d/nss.load'? y
'/etc/httpd/conf.modules.d/10-nss.conf' -> '/etc/httpd/conf.d/nss.load'
This makes the config pass the tests and httpd starts fine:
[root@osp1 ~]# httpd -t -D MODULES
Would packstack need to a provide a /etc/httpd/conf.d/nss.load file if mod_nss is present on the system?
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install RHEL7.1
2. sudo yum update -y
3. sudo yum install -y https://rdoproject.org/repos/rdo-release.rpm
4. sudo yum install -y openstack-packstack
5. sudo packstack --allinone
Fails to complete packstack
**** Installation completed successfully ******
[root@osp1 ~]# rpm -qa httpd\* mod_nss
Note that this affects OSP7 and RDO Liberty as well.
Packstack is suppoused to be used on a fresh install, if you want to use mod_nss with apache you should configure it after Packstack finishes the OpenStack installation
I disagree with closing this bug as this occurrence was on a fresh install (some of the RHEL install options provide mod_ssl installed unconfigured by default).
I believe this should be a simple case of:
if [ -e /etc/httpd/conf.modules.d/10-nss.conf ]; then
cp /etc/httpd/conf.modules.d/10-nss.conf /etc/httpd/conf.d/nss.load
This would solve the issue altogether as this would make packstack 'safe' on a fresh install where mod_ssl is installed. Note that 'installed' is different from 'configured'.
If you can point me to the routine that creates *.load files from within packstack, I'll submit a patch.
The file: /etc/httpd/conf.modules.d/10-nss.conf belongs to mod_nss not mod_ssl:
# rpm -qf /etc/httpd/conf.modules.d/10-nss.conf
Can you please detail the use cases in which the mod_nss gets installed on a RHEL fresh server install?
It's recommended to use packstack on a RHEL box that has been deployed using the "Minimal Install"  option.
Agreed, I meant mod_nss, not mod_ssl sorry about that.
I checked the base install and mod_nss isn't present indeed so I guess it is a non-issue. Still, having packstack do the right thing when mod_nss is present could be viewed as a 'nice-to-have' to improve end-user experience.
Feel free to close this issue if you think it's not needed.
Thank you for your time,
Well, since packstack is recommended to be used on a minimal server install i'm gonna close this issue.