1362537 – ipa-server-install fails to create symlink from /etc/ipa/kdcproxy/ to /etc/httpd/conf.d/

Bug 1362537 - ipa-server-install fails to create symlink from /etc/ipa/kdcproxy/ to /etc/httpd/conf.d/

Summary: ipa-server-install fails to create symlink from /etc/ipa/kdcproxy/ to /etc/ht...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	7.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Christian Heimes
QA Contact:	Kaleem
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-08-02 13:01 UTC by Abhijeet Kasurde
Modified:	2016-11-04 06:00 UTC (History)
CC List:	4 users (show)
Fixed In Version:	ipa-4.4.0-5.el7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-11-04 06:00:01 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
ipaserver-install.log (3.91 MB, text/plain) 2016-08-02 13:04 UTC, Abhijeet Kasurde	no flags	Details
console.log (785 bytes, text/plain) 2016-08-08 11:36 UTC, Abhijeet Kasurde	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
FedoraHosted FreeIPA	6158	0	None	None	None	Never
Red Hat Product Errata	RHBA-2016:2404	0	normal	SHIPPED_LIVE	ipa bug fix and enhancement update	2016-11-03 13:56:18 UTC

Description Abhijeet Kasurde 2016-08-02 13:01:07 UTC

Description of problem:
ipa-server-install fails to create symlink from /etc/ipa/kdcproxy/ipa-kdc-proxy.conf to /etc/httpd/conf.d/ipa-kdc-proxy.conf

[root@ipamaster11 /]# ls /etc/systemd/system/httpd.service
ls: cannot access /etc/systemd/system/httpd.service: No such file or directory

[root@ipamaster11 /]# ls /etc/ipa/kdcproxy/ipa-kdc-proxy.conf 
/etc/ipa/kdcproxy/ipa-kdc-proxy.conf

[root@ipamaster11 /]# ls /etc/httpd/conf.d/
autoindex.conf  ipa.conf  ipa-pki-proxy.conf  ipa-rewrite.conf  nss.conf  README  userdir.conf  welcome.conf

Version-Release number of selected component (if applicable):


How reproducible:
ipa-server-4.4.0-4.el7.x86_64

Steps to Reproduce:
1. Install ipa-server-install 
2. ipa-ldap-updater /usr/share/ipa/kdcproxy-enable.uldif
3. systemctl restart httpd.service # This step should create symlink

Actual results:
No symlink found

Expected results:
Symlink should be created by installer or `systemctl restart httpd` which required for KKDCP feature.



Additional info:
If user runs /usr/libexec/ipa/ipa-httpd-kdcproxy then symlink is created 

[root@ipamaster11 /]# /usr/libexec/ipa/ipa-httpd-kdcproxy 
ipa         : INFO     KDC proxy enabled

Comment 1 Abhijeet Kasurde 2016-08-02 13:04:24 UTC

Created attachment 1186816 [details]
ipaserver-install.log

Comment 3 Christian Heimes 2016-08-02 14:28:33 UTC

The location of the httpd.service file was changed in https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=586fee293f42388510fa5436af19460bbe1fdec5. The installer now creates the file '/etc/systemd/system/httpd.d/ipa.conf' instead of '/etc/systemd/system/httpd.service'.

Please notice 'httpd.d'. This directory is not recognized by systemd. The directory should be named 'httpd.service.d'. I can confirm that kdcproxy is enabled after:

# mv /etc/systemd/system/httpd.d /etc/systemd/system/httpd.service.d
# systemctl daemon-reload
# systemctl restart httpd

I'll post a patch to freeipa-dev.

Comment 4 Martin Bašti 2016-08-02 14:44:53 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/6158

Comment 5 Martin Bašti 2016-08-02 15:23:25 UTC

Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/64db0592490493a060c7983acdfdf9100d9ea813

Comment 8 Abhijeet Kasurde 2016-08-08 11:34:43 UTC

Verified using IPA package::
ipa-server-4.4.0-5.el7.x86_64

Console log attached. Marking BZ as verified.

Comment 9 Abhijeet Kasurde 2016-08-08 11:36:08 UTC

Created attachment 1188645 [details]
console.log

Comment 11 errata-xmlrpc 2016-11-04 06:00:01 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html

Note You need to log in before you can comment on or make changes to this bug.