Bug 1369761 - ipa-server must depend on a version of httpd that support mod_proxy with UDS
Summary: ipa-server must depend on a version of httpd that support mod_proxy with UDS
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Kaleem
URL: https://fedorahosted.org/freeipa/tick...
Whiteboard:
Depends On: 1373910
Blocks: 1364071
TreeView+ depends on / blocked
 
Reported: 2016-08-24 10:49 UTC by Nikhil Dehadrai
Modified: 2016-11-04 06:02 UTC (History)
6 users (show)

Fixed In Version: ipa-4.4.0-9.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-04 06:02:09 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 13:56:18 UTC

Description Nikhil Dehadrai 2016-08-24 10:49:25 UTC 
Description of problem:
ipa-server must depend on a version of httpd that support mod_proxy with UDS, as a result noticed that ipa-server upgrade failed for upgrade path 7.0 > 7.3.

Version-Release number of selected component (if applicable):
ipa-server-4.4.0-8.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Setup IPA server on RHEL 7.0 (in my case ipa-server-3.3.3-28.el7.x86_64)
2. Use the latest repo links for RHEL 7.3
3. Now update the ipa server with command "yum -y update 'ipa*' sssd"

Actual results:
1. IPA-server upgrade fails.
2. After upgrade:
#  journalctl -l -u httpd.service
Aug 24 03:08:06 auto-hv-01-guest09.testrelm.test systemd[1]: Starting The Apache HTTP Server...
Aug 24 03:08:06 auto-hv-01-guest09.testrelm.test ipa-httpd-kdcproxy[13706]: ipa         : INFO     KDC proxy enabled
Aug 24 03:08:06 auto-hv-01-guest09.testrelm.test httpd[13707]: AH00526: Syntax error on line 113 of /etc/httpd/conf.d/ipa.conf:
Aug 24 03:08:06 auto-hv-01-guest09.testrelm.test httpd[13707]: ProxyPass URL must be absolute!
Aug 24 03:08:06 auto-hv-01-guest09.testrelm.test systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Aug 24 03:08:06 auto-hv-01-guest09.testrelm.test systemd[1]: Failed to start The Apache HTTP Server.
line 113 is:  ProxyPass "unix:/run/httpd/ipa-custodia.sock|http://localhost/keys/"

3. # rpm -q httpd
httpd-2.4.6-17.el7.x86_64

4. # tail -f /var/log/ipaupgrade.log
    self.service.start(instance_name, capture_output=capture_output, wait=wait)
  File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 285, in start
    skip_output=not capture_output)
  File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 489, in run
    raise CalledProcessError(p.returncode, arg_string, str(output))

2016-08-24T07:08:06Z DEBUG The ipa-server-upgrade command failed, exception: CalledProcessError: Command '/bin/systemctl start httpd.service' returned non-zero exit status 1
2016-08-24T07:08:06Z ERROR Unexpected error - see /var/log/ipaupgrade.log for details:
CalledProcessError: Command '/bin/systemctl start httpd.service' returned non-zero exit status 1
2016-08-24T07:08:06Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information

5.# ipactl status
Directory Service: STOPPED
Directory Service must be running in order to obtain status of other services
ipa: INFO: The ipactl command was successful
[root@auto-hv-01-guest09 log]# ipactl restart
Starting Directory Service
Starting krb5kdc Service
Starting kadmin Service
Starting named Service
Failed to start named Service
Shutting down
Hint: You can use --ignore-service-failure option for forced start in case that a non-critical service failed
Aborting ipactl
[root@auto-hv-01-guest09 log]# kinit admin
kinit: Generic error (see e-text) while getting initial credentials
[root@auto-hv-01-guest09 log]# ipactl start
Existing service file detected!
Assuming stale, cleaning and proceeding
Starting Directory Service
Starting krb5kdc Service
Starting kadmin Service
Starting named Service
Failed to start named Service
Shutting down
Hint: You can use --ignore-service-failure option for forced start in case that a non-critical service failed
Aborting ipactl
 


Expected results:
Ipa-server upgrade should be successful and no errors should be observed.

Additional info:
The upgrade was successful for 7.1 > 7.3
Comment 3 Petr Vobornik 2016-08-24 12:43:49 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/6251
Comment 4 Martin Bašti 2016-08-24 15:24:02 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/17bb9b9a9ba983020c66f4b83a5918be636ef3bd
Comment 7 Nikhil Dehadrai 2016-09-22 13:29:42 UTC 
IPA server version: ipa-server-4.4.0-12.el7.x86_64
Bind-ldap: bind-dyndb-ldap-10.0-5.el7.x86_64

Verified the bug on the basis of following points:
1. Verified that IPA server upgrade is successful for path RHEL 7.0 to RHEL 7.3.
2. "DNS timed out error" message is not displayed at the console.
3. "httpd.service" error message is not observed in ipaupgrade.log.
4.  No errors related to import of urllib3.exceptions are noticed in ipaupgarde.log
5. The dummy dns forwardzone details created at 7.0 are reflected after upgrade.

Thus on the basis of observations above, marking the status of bug to "VERIFIED".
Comment 10 errata-xmlrpc 2016-11-04 06:02:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html
Note You need to log in before you can comment on or make changes to this bug.