1340310 – Upgrading mod_ssl package causes httpd to not start

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1340310 - Upgrading mod_ssl package causes httpd to not start

Summary: Upgrading mod_ssl package causes httpd to not start

Keywords:
Status:	CLOSED DUPLICATE of bug 1336365
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Installation
Sub Component:
Version:	6.2.0
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	Unspecified
Assignee:	satellite6-bugs
QA Contact:	Katello QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-05-27 01:29 UTC by Geoff Gatward
Modified:	2016-05-30 09:13 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-05-30 09:13:20 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Geoff Gatward 2016-05-27 01:29:57 UTC

It seems that the Satellite 6.2 Beta install process installs the mod_ssl package but deletes /etc/httpd/conf.d/ssl.conf.  Everything works fine until mod_ssl is updated via a yum update. Because ssl.conf is missing, mod_ssl re-creates the default file, resulting in a conflict within httpd as the Listener for port 443 is now defined twice, end result is httpd fails to start and Satellite WebUI is not available.

I have two 6.2 Beta instances:

Satellite 1 (not updated):
root@sat62-1[/etc/httpd] # rpm -q mod_ssl
mod_ssl-2.4.6-40.el7.x86_64
root@sat62-1[/etc/httpd] # grep -R 443 conf*
conf/ports.conf:Listen 443
conf.d/05-foreman-ssl.conf:<VirtualHost *:443>

This satellite has a pending update:
root@sat62-1[/etc/httpd] # yum check-update | grep ssl
mod_ssl.x86_64                   1:2.4.6-40.el7_2.1    rhel-7-server-rpms


My second 6.2 Beta satellite HAS had the yum update applied:
root@sat62-2[/etc/httpd] # rpm -q mod_ssl
mod_ssl-2.4.6-40.el7_2.1.x86_64
root@21t62-2[/etc/httpd] # grep -R 443 conf*
conf/ports.conf:Listen 443
conf.d/05-foreman-ssl.conf:<VirtualHost *:443>
conf.d/ssl.conf:Listen 443 https
conf.d/ssl.conf:<VirtualHost _default_:443>
conf.d/ssl.conf:#ServerName www.example.com:443


root@sat62-2[/etc/httpd] # systemctl status httpd -l
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Fri 2016-05-27 11:13:17 AEST; 13min ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 13299 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
  Process: 13278 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 13278 (code=exited, status=1/FAILURE)

May 27 11:13:12 sat62-2.example.org httpd[13278]: [Fri May 27 11:13:12.816915 2016] [so:warn] [pid 13278] AH01574: module systemd_module is already loaded, skipping
May 27 11:13:12 sat62-2.example.org httpd[13278]: [Fri May 27 11:13:12.817065 2016] [so:warn] [pid 13278] AH01574: module cgi_module is already loaded, skipping
May 27 11:13:12 sat62-2.example.org httpd[13278]: [Fri May 27 11:13:12.834310 2016] [alias:warn] [pid 13278] AH00671: The Alias directive in /etc/httpd/conf.d/autoindex.conf at line 21 will probably never match because it overlaps an earlier Alias.
May 27 11:13:12 sat62-2.example.org httpd[13278]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
May 27 11:13:12 sat62-2.example.org systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
May 27 11:13:13 sat62-2.example.org kill[13299]: kill: cannot find process ""
May 27 11:13:13 sat62-2.example.org systemd[1]: httpd.service: control process exited, code=exited status=1
May 27 11:13:17 sat62-2.example.org systemd[1]: Failed to start The Apache HTTP Server.
May 27 11:13:17 sat62-2.example.org systemd[1]: Unit httpd.service entered failed state.
May 27 11:13:17 sat62-2.example.org systemd[1]: httpd.service failed.


The /etc/conf.d/ssl.conf file should NOT be removed by the Satellite installer, but possibly modified to remove the Listen 443 directive... Alternatively the definition should be left in ssl.conf and removed from ports.conf

Comment 1 Tomer Brisker 2016-05-30 09:13:20 UTC


*** This bug has been marked as a duplicate of bug 1336365 ***

Note You need to log in before you can comment on or make changes to this bug.