Bug 1362537 - ipa-server-install fails to create symlink from /etc/ipa/kdcproxy/ to /etc/httpd/conf.d/
Summary: ipa-server-install fails to create symlink from /etc/ipa/kdcproxy/ to /etc/ht...
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Christian Heimes
QA Contact: Kaleem
URL:
Whiteboard:
Keywords: Regression, TestBlocker
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-02 13:01 UTC by Abhijeet Kasurde
Modified: 2016-11-04 06:00 UTC (History)
4 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2016-11-04 06:00:01 UTC


Attachments (Terms of Use)
ipaserver-install.log (3.91 MB, text/plain)
2016-08-02 13:04 UTC, Abhijeet Kasurde
no flags Details
console.log (785 bytes, text/plain)
2016-08-08 11:36 UTC, Abhijeet Kasurde
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 13:56:18 UTC
FedoraHosted FreeIPA 6158 None None None Never

Description Abhijeet Kasurde 2016-08-02 13:01:07 UTC
Description of problem:
ipa-server-install fails to create symlink from /etc/ipa/kdcproxy/ipa-kdc-proxy.conf to /etc/httpd/conf.d/ipa-kdc-proxy.conf

[root@ipamaster11 /]# ls /etc/systemd/system/httpd.service
ls: cannot access /etc/systemd/system/httpd.service: No such file or directory

[root@ipamaster11 /]# ls /etc/ipa/kdcproxy/ipa-kdc-proxy.conf 
/etc/ipa/kdcproxy/ipa-kdc-proxy.conf

[root@ipamaster11 /]# ls /etc/httpd/conf.d/
autoindex.conf  ipa.conf  ipa-pki-proxy.conf  ipa-rewrite.conf  nss.conf  README  userdir.conf  welcome.conf

Version-Release number of selected component (if applicable):


How reproducible:
ipa-server-4.4.0-4.el7.x86_64

Steps to Reproduce:
1. Install ipa-server-install 
2. ipa-ldap-updater /usr/share/ipa/kdcproxy-enable.uldif
3. systemctl restart httpd.service # This step should create symlink

Actual results:
No symlink found

Expected results:
Symlink should be created by installer or `systemctl restart httpd` which required for KKDCP feature.



Additional info:
If user runs /usr/libexec/ipa/ipa-httpd-kdcproxy then symlink is created 

[root@ipamaster11 /]# /usr/libexec/ipa/ipa-httpd-kdcproxy 
ipa         : INFO     KDC proxy enabled

Comment 1 Abhijeet Kasurde 2016-08-02 13:04 UTC
Created attachment 1186816 [details]
ipaserver-install.log

Comment 3 Christian Heimes 2016-08-02 14:28:33 UTC
The location of the httpd.service file was changed in https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=586fee293f42388510fa5436af19460bbe1fdec5. The installer now creates the file '/etc/systemd/system/httpd.d/ipa.conf' instead of '/etc/systemd/system/httpd.service'.

Please notice 'httpd.d'. This directory is not recognized by systemd. The directory should be named 'httpd.service.d'. I can confirm that kdcproxy is enabled after:

# mv /etc/systemd/system/httpd.d /etc/systemd/system/httpd.service.d
# systemctl daemon-reload
# systemctl restart httpd

I'll post a patch to freeipa-dev.

Comment 4 Martin Bašti 2016-08-02 14:44:53 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/6158

Comment 5 Martin Bašti 2016-08-02 15:23:25 UTC
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/64db0592490493a060c7983acdfdf9100d9ea813

Comment 8 Abhijeet Kasurde 2016-08-08 11:34:43 UTC
Verified using IPA package::
ipa-server-4.4.0-5.el7.x86_64

Console log attached. Marking BZ as verified.

Comment 9 Abhijeet Kasurde 2016-08-08 11:36 UTC
Created attachment 1188645 [details]
console.log

Comment 11 errata-xmlrpc 2016-11-04 06:00:01 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html


Note You need to log in before you can comment on or make changes to this bug.