obsolete

FEDORA-2019-690c2b1cfe created by lvrabec 2 years ago for Fedora 31

This update has been submitted for testing by lvrabec.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago
User Icon cheimes commented & provided feedback 2 years ago
karma

ipa-server-install is failing with the latest build. httpd is unable to load the cert generated by FreeIPA.

log

  [18/21]: enable KDC proxy
  [19/21]: starting httpd
  [error] CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'httpd.service'] returned non-zero exit status 1: 'Job for httpd.service failed because the control process exited with error code.\nSee "systemctl status httpd.service" and "journalctl -xe" for details.\n')
CalledProcessError(Command ['/bin/systemctl', 'start', 'httpd.service'] returned non-zero exit status 1: 'Job for httpd.service failed because the control process exited with error code.\nSee "systemctl status httpd.service" and "journalctl -xe" for details.\n')
The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
[root@host-10-0-137-103 ~]# 
[root@host-10-0-137-103 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/httpd.service.d
           └─ipa.conf
   Active: failed (Result: exit-code) since Fri 2019-09-20 11:43:20 EDT; 18s ago
     Docs: man:httpd.service(8)
  Process: 23686 ExecStartPre=/usr/libexec/ipa/ipa-httpd-kdcproxy (code=exited, status=0/SUCCESS)
  Process: 23688 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 23688 (code=exited, status=1/FAILURE)
   Status: "Reading configuration..."
      CPU: 371ms

Sep 20 11:43:20 host-10-0-137-103.ipa.example systemd[1]: Starting The Apache HTTP Server...
Sep 20 11:43:20 host-10-0-137-103.ipa.example ipa-httpd-kdcproxy[23686]: ipa: INFO: KDC proxy enabled
Sep 20 11:43:20 host-10-0-137-103.ipa.example ipa-httpd-kdcproxy[23686]: ipa-httpd-kdcproxy: INFO     KDC proxy enabled
Sep 20 11:43:20 host-10-0-137-103.ipa.example httpd[23688]: AH00526: Syntax error on line 102 of /etc/httpd/conf.d/ssl.conf:
Sep 20 11:43:20 host-10-0-137-103.ipa.example httpd[23688]: SSLCertificateFile: file '/var/lib/ipa/certs/httpd.crt' does not exist or is empty
Sep 20 11:43:20 host-10-0-137-103.ipa.example systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Sep 20 11:43:20 host-10-0-137-103.ipa.example systemd[1]: httpd.service: Failed with result 'exit-code'.
Sep 20 11:43:20 host-10-0-137-103.ipa.example systemd[1]: Failed to start The Apache HTTP Server.

cert

# ls -laZ /var/lib/ipa/certs/
total 12
drwxr-xr-x.  2 root root system_u:object_r:ipa_var_lib_t:s0 4096 Sep 20 11:43 .
drwxr-xr-x. 10 root root system_u:object_r:ipa_var_lib_t:s0 4096 Sep 20 11:42 ..
-rw-------.  1 root root system_u:object_r:ipa_var_lib_t:s0 1911 Sep 20 11:43 httpd.crt

AVC

time->Fri Sep 20 11:43:20 2019
type=AVC msg=audit(1568994200.979:751): avc:  denied  { getattr } for  pid=23688 comm="httpd" path="/var/lib/ipa/certs/httpd.crt" dev="vda1" ino=1577788 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:ipa_var_lib_t:s0 tclass=file permissive=0

versions

# rpm -qa httpd selinux-policy
httpd-2.4.41-1.fc31.x86_64
selinux-policy-3.14.4-34.fc31.noarch
User Icon adamwill commented & provided feedback 2 years ago
karma

Yeah, same result in openQA.

This update has been obsoleted.

2 years ago

Please login to add feedback.

Metadata
Type
unspecified
Severity
high
Karma
-2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-2
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
2 years ago

Automated Test Results