Bug 1362537 - ipa-server-install fails to create symlink from /etc/ipa/kdcproxy/ to /etc/httpd/conf.d/
Summary: ipa-server-install fails to create symlink from /etc/ipa/kdcproxy/ to /etc/ht...
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Christian Heimes
QA Contact: Kaleem
Depends On:
TreeView+ depends on / blocked
Reported: 2016-08-02 13:01 UTC by Abhijeet Kasurde
Modified: 2016-11-04 06:00 UTC (History)
4 users (show)

Fixed In Version: ipa-4.4.0-5.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2016-11-04 06:00:01 UTC
Target Upstream Version:

Attachments (Terms of Use)
ipaserver-install.log (3.91 MB, text/plain)
2016-08-02 13:04 UTC, Abhijeet Kasurde
no flags Details
console.log (785 bytes, text/plain)
2016-08-08 11:36 UTC, Abhijeet Kasurde
no flags Details

System ID Private Priority Status Summary Last Updated
FedoraHosted FreeIPA 6158 0 None None None Never
Red Hat Product Errata RHBA-2016:2404 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 13:56:18 UTC

Description Abhijeet Kasurde 2016-08-02 13:01:07 UTC
Description of problem:
ipa-server-install fails to create symlink from /etc/ipa/kdcproxy/ipa-kdc-proxy.conf to /etc/httpd/conf.d/ipa-kdc-proxy.conf

[root@ipamaster11 /]# ls /etc/systemd/system/httpd.service
ls: cannot access /etc/systemd/system/httpd.service: No such file or directory

[root@ipamaster11 /]# ls /etc/ipa/kdcproxy/ipa-kdc-proxy.conf 

[root@ipamaster11 /]# ls /etc/httpd/conf.d/
autoindex.conf  ipa.conf  ipa-pki-proxy.conf  ipa-rewrite.conf  nss.conf  README  userdir.conf  welcome.conf

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install ipa-server-install 
2. ipa-ldap-updater /usr/share/ipa/kdcproxy-enable.uldif
3. systemctl restart httpd.service # This step should create symlink

Actual results:
No symlink found

Expected results:
Symlink should be created by installer or `systemctl restart httpd` which required for KKDCP feature.

Additional info:
If user runs /usr/libexec/ipa/ipa-httpd-kdcproxy then symlink is created 

[root@ipamaster11 /]# /usr/libexec/ipa/ipa-httpd-kdcproxy 
ipa         : INFO     KDC proxy enabled

Comment 1 Abhijeet Kasurde 2016-08-02 13:04:24 UTC
Created attachment 1186816 [details]

Comment 3 Christian Heimes 2016-08-02 14:28:33 UTC
The location of the httpd.service file was changed in https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=586fee293f42388510fa5436af19460bbe1fdec5. The installer now creates the file '/etc/systemd/system/httpd.d/ipa.conf' instead of '/etc/systemd/system/httpd.service'.

Please notice 'httpd.d'. This directory is not recognized by systemd. The directory should be named 'httpd.service.d'. I can confirm that kdcproxy is enabled after:

# mv /etc/systemd/system/httpd.d /etc/systemd/system/httpd.service.d
# systemctl daemon-reload
# systemctl restart httpd

I'll post a patch to freeipa-dev.

Comment 4 Martin Bašti 2016-08-02 14:44:53 UTC
Upstream ticket:

Comment 5 Martin Bašti 2016-08-02 15:23:25 UTC
Fixed upstream

Comment 8 Abhijeet Kasurde 2016-08-08 11:34:43 UTC
Verified using IPA package::

Console log attached. Marking BZ as verified.

Comment 9 Abhijeet Kasurde 2016-08-08 11:36:08 UTC
Created attachment 1188645 [details]

Comment 11 errata-xmlrpc 2016-11-04 06:00:01 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.