Issue #7867: Installation fails when trying to start httpd - freeipa

freeipa

#7867 Installation fails when trying to start httpd

Closed: worksforme 5 years ago by rcritten. Opened 5 years ago by tmdag.

Issue

This is first time i am trying to install FreeIPA on my home, local network. I've setup IPV6.
Local server machine have default Apache running on :80 which i just left as is.

Setup my hostname and domain

myhost[user]~: hostname --domain
ipa.mydomain.com
myhost[user]~: hostname --fqdn
myhost.ipa.mydomain.com

Also made sure that my router will point to proper IP while querying that host

dig myhost.ipa.mydomain.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-13.P2.fc29 <<>> myhost.ipa.mydomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56921
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;myhost.ipa.mydomain.com.           IN  ANY

;; ANSWER SECTION:
myhost.ipa.mydomain.com.        0   IN  A   10.0.1.10
myhost.ipa.mydomain.com.        0   IN  AAAA    fe80::c8e5:xxxx:xxxx:xxxx

;; Query time: 1 msec
;; SERVER: 10.0.1.1#53(10.0.1.1)
;; WHEN: Sun Feb 17 12:12:09 PST 2019
;; MSG SIZE  rcvd: 68

And started installation on my local server via ssh:

myhost[user]~: sudo ipa-server-install -a MyPasswordA -p MyPasswordA --hostname=myhost.ipa.mydomain.com -n ipa.mydomain.com -r IPA.MYDOMAIN.COM --no-forwarders --setup-dns -U

Actual behavior

Unfortunately few mins into installation I am getting

CalledProcessError(Command ['/bin/systemctl', 'start', 'httpd.service'] returned non-zero exit status 1: 'Job for httpd.service failed because the control process exited with error code.\nSee "systemctl status httpd.service" and "journalctl -xe" for details.\n')
2019-02-17T17:59:23Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

At first, I did some digging and on some website from few years ago one suggested installing 'mod_nss' , which I did (It was not present on my machine when installing firs time) - Not very familiar with it but after some more digging i did:

sudo gencert /etc/httpd/nss
mv /etc/httpd/conf.d/nss.conf-BAK

(which compleatly removed nss config, but that was the only way for me to start httpd even after uninstalling FreeIpa)

I've tried installing again, but i did not managed to get much further this time.

Version/Release/Distribution

4.20.8-200.fc29.x86_64
freeipa-server-4.7.2-1.fc29.x86_64
freeipa-client-4.7.2-1.fc29.x86_64
package ipa-server is not installed
package ipa-client is not installed
389-ds-base-1.4.0.21-1.fc29.x86_64
pki-ca-10.6.9-1.fc29.noarch
krb5-server-1.16.1-25.fc29.x86_64

Additional info:

Part of '/var/log/ipaserver-install.log'

2019-02-17T17:59:17Z DEBUG step duration: httpd request_service_keytab 0.32 sec
2019-02-17T17:59:17Z DEBUG   [11/21]: configuring Gssproxy
2019-02-17T17:59:17Z DEBUG Starting external process
2019-02-17T17:59:17Z DEBUG args=['/usr/sbin/selinuxenabled']
2019-02-17T17:59:17Z DEBUG Process finished, return code=1
2019-02-17T17:59:17Z DEBUG stdout=
2019-02-17T17:59:17Z DEBUG stderr=
2019-02-17T17:59:17Z DEBUG Starting external process
2019-02-17T17:59:17Z DEBUG args=['/bin/systemctl', 'restart', 'gssproxy.service']
2019-02-17T17:59:17Z DEBUG Process finished, return code=0
2019-02-17T17:59:17Z DEBUG stdout=
2019-02-17T17:59:17Z DEBUG stderr=
2019-02-17T17:59:17Z DEBUG Starting external process
2019-02-17T17:59:17Z DEBUG args=['/bin/systemctl', 'is-active', 'gssproxy.service']
2019-02-17T17:59:17Z DEBUG Process finished, return code=0
2019-02-17T17:59:17Z DEBUG stdout=active

2019-02-17T17:59:17Z DEBUG stderr=
2019-02-17T17:59:17Z DEBUG Restart of gssproxy.service complete
2019-02-17T17:59:17Z DEBUG step duration: httpd configure_gssproxy 0.06 sec
2019-02-17T17:59:17Z DEBUG   [12/21]: setting up ssl
2019-02-17T17:59:17Z DEBUG certmonger request is in state dbus.String('GENERATING_KEY_PAIR', variant_level=1)
2019-02-17T17:59:22Z DEBUG certmonger request is in state dbus.String('MONITORING', variant_level=1)
2019-02-17T17:59:22Z DEBUG Cert request 20190217175917 was successful
2019-02-17T17:59:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
2019-02-17T17:59:22Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
2019-02-17T17:59:22Z DEBUG step duration: httpd __setup_ssl 5.29 sec
2019-02-17T17:59:22Z DEBUG   [13/21]: configure certmonger for renewals
2019-02-17T17:59:22Z DEBUG Starting external process
2019-02-17T17:59:22Z DEBUG args=['/bin/systemctl', 'is-active', 'certmonger.service']
2019-02-17T17:59:22Z DEBUG Process finished, return code=0
2019-02-17T17:59:22Z DEBUG stdout=active

2019-02-17T17:59:22Z DEBUG stderr=
2019-02-17T17:59:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2019-02-17T17:59:22Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2019-02-17T17:59:22Z DEBUG step duration: httpd configure_certmonger_renewal_guard 0.21 sec
2019-02-17T17:59:22Z DEBUG   [14/21]: publish CA cert
2019-02-17T17:59:22Z DEBUG step duration: httpd __publish_ca_cert 0.01 sec
2019-02-17T17:59:22Z DEBUG   [15/21]: clean up any existing httpd ccaches
2019-02-17T17:59:22Z DEBUG step duration: httpd remove_httpd_ccaches 0.00 sec
2019-02-17T17:59:22Z DEBUG   [16/21]: configuring SELinux for httpd
2019-02-17T17:59:22Z DEBUG Starting external process
2019-02-17T17:59:22Z DEBUG args=['/usr/sbin/selinuxenabled']
2019-02-17T17:59:22Z DEBUG Process finished, return code=1
2019-02-17T17:59:22Z DEBUG stdout=
2019-02-17T17:59:22Z DEBUG stderr=
2019-02-17T17:59:22Z DEBUG step duration: httpd configure_selinux_for_httpd 0.01 sec
2019-02-17T17:59:22Z DEBUG   [17/21]: create KDC proxy config
2019-02-17T17:59:22Z DEBUG Backing up system configuration file '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf'
2019-02-17T17:59:22Z DEBUG   -> Not backing up - '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf' doesn't exist
2019-02-17T17:59:22Z DEBUG step duration: httpd create_kdcproxy_conf 0.00 sec
2019-02-17T17:59:22Z DEBUG   [18/21]: enable KDC proxy
2019-02-17T17:59:22Z DEBUG service KDC has all config values set
2019-02-17T17:59:22Z DEBUG step duration: httpd enable_kdcproxy 0.01 sec
2019-02-17T17:59:22Z DEBUG   [19/21]: starting httpd
2019-02-17T17:59:22Z DEBUG Starting external process
2019-02-17T17:59:22Z DEBUG args=['/bin/systemctl', 'start', 'httpd.service']
2019-02-17T17:59:23Z DEBUG Process finished, return code=1
2019-02-17T17:59:23Z DEBUG stdout=
2019-02-17T17:59:23Z DEBUG stderr=Job for httpd.service failed because the control process exited with error code.
See "systemctl status httpd.service" and "journalctl -xe" for details.

2019-02-17T17:59:23Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line 605, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line 591, in run_step
    method()
  File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line 497, in start
    self.service.start(instance_name, capture_output=capture_output, wait=wait)
  File "/usr/lib/python3.7/site-packages/ipaplatform/base/services.py", line 302, in start
    skip_output=not capture_output)
  File "/usr/lib/python3.7/site-packages/ipapython/ipautil.py", line 574, in run
    p.returncode, arg_string, output_log, error_log
ipapython.ipautil.CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'httpd.service'] returned non-zero exit status 1: 'Job for httpd.service failed because the control process exited with error code.\nSee "systemctl status httpd.service" and "journalctl -xe" for details.\n')

2019-02-17T17:59:23Z DEBUG   [error] CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'httpd.service'] returned non-zero exit status 1: 'Job for httpd.service failed because the control process exited with error code.\nSee "systemctl status httpd.service" and "journalctl -xe" for details.\n')
2019-02-17T17:59:23Z DEBUG   File "/usr/lib/python3.7/site-packages/ipapython/admintool.py", line 179, in execute
    return_value = self.run()
  File "/usr/lib/python3.7/site-packages/ipapython/install/cli.py", line 347, in run
    return cfgr.run()
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 360, in run
    return self.execute()
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 386, in execute
    for rval in self._executor():
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 431, in __runner
    exc_handler(exc_info)
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 421, in __runner
    step()
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 418, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 655, in _configure
    next(executor)
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 431, in __runner
    exc_handler(exc_info)
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 515, in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 421, in __runner
    step()
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 418, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python3.7/site-packages/ipapython/install/common.py", line 65, in _install
    for unused in self._installer(self.parent):
  File "/usr/lib/python3.7/site-packages/ipaserver/install/server/__init__.py", line 550, in main
    master_install(self)
  File "/usr/lib/python3.7/site-packages/ipaserver/install/server/install.py", line 253, in decorated
    func(installer)
  File "/usr/lib/python3.7/site-packages/ipaserver/install/server/install.py", line 881, in install
    ca_is_configured=setup_ca)
  File "/usr/lib/python3.7/site-packages/ipaserver/install/httpinstance.py", line 148, in create_instance
    self.start_creation()
  File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line 605, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line 591, in run_step
    method()
  File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line 497, in start
    self.service.start(instance_name, capture_output=capture_output, wait=wait)
  File "/usr/lib/python3.7/site-packages/ipaplatform/base/services.py", line 302, in start
    skip_output=not capture_output)
  File "/usr/lib/python3.7/site-packages/ipapython/ipautil.py", line 574, in run
    p.returncode, arg_string, output_log, error_log

2019-02-17T17:59:23Z DEBUG The ipa-server-install command failed, exception: CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'httpd.service'] returned non-zero exit status 1: 'Job for httpd.service failed because the control process exited with error code.\nSee "systemctl status httpd.service" and "journalctl -xe" for details.\n')
2019-02-17T17:59:23Z ERROR CalledProcessError(Command ['/bin/systemctl', 'start', 'httpd.service'] returned non-zero exit status 1: 'Job for httpd.service failed because the control process exited with error code.\nSee "systemctl status httpd.service" and "journalctl -xe" for details.\n')
2019-02-17T17:59:23Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

And 'journalctl -xe'

-- Unit gssproxy.service has finished shutting down.
Feb 17 09:59:17 myhost.ipa.mydomain.com audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Feb 17 09:59:17 myhost.ipa.mydomain.com audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Feb 17 09:59:17 myhost.ipa.mydomain.com systemd[1]: Starting GSSAPI Proxy Daemon...
-- Subject: Unit gssproxy.service has begun start-up
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit gssproxy.service has begun starting up.
Feb 17 09:59:17 myhost.ipa.mydomain.com systemd[1]: Started GSSAPI Proxy Daemon.
-- Subject: Unit gssproxy.service has finished start-up
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit gssproxy.service has finished starting up.
-- 
-- The start-up result is done.
Feb 17 09:59:17 myhost.ipa.mydomain.com audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Feb 17 09:59:17 myhost.ipa.mydomain.com server[27722]: PKCS10Attributes: adding attribute: Generic Extension
Feb 17 09:59:17 myhost.ipa.mydomain.com server[27722]: PKCS10Attributes: adding attribute: extensions
Feb 17 09:59:18 myhost.ipa.mydomain.com server[27722]: PKCS10Attributes: adding attribute: Generic Extension
Feb 17 09:59:18 myhost.ipa.mydomain.com server[27722]: PKCS10Attributes: adding attribute: extensions
Feb 17 09:59:18 myhost.ipa.mydomain.com /restart_httpd[27984]: certmonger restarted httpd
Feb 17 09:59:18 myhost.ipa.mydomain.com certmonger[27987]: Certificate in file "/var/lib/ipa/certs/httpd.crt" issued by CA and saved.
Feb 17 09:59:22 myhost.ipa.mydomain.com ipa-submit[27989]: GSSAPI client step 1
Feb 17 09:59:22 myhost.ipa.mydomain.com ipa-submit[27989]: GSSAPI client step 1
Feb 17 09:59:22 myhost.ipa.mydomain.com ipa-submit[27989]: GSSAPI client step 1
Feb 17 09:59:22 myhost.ipa.mydomain.com ipa-submit[27989]: GSSAPI client step 1
Feb 17 09:59:22 myhost.ipa.mydomain.com ipa-submit[27989]: GSSAPI client step 2
Feb 17 09:59:22 myhost.ipa.mydomain.com systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit httpd.service has begun starting up.
Feb 17 09:59:23 myhost.ipa.mydomain.com ipa-submit[28027]: GSSAPI client step 1
Feb 17 09:59:23 myhost.ipa.mydomain.com ipa-submit[28027]: GSSAPI client step 1
Feb 17 09:59:23 myhost.ipa.mydomain.com ipa-submit[28027]: GSSAPI client step 1
Feb 17 09:59:23 myhost.ipa.mydomain.com ipa-submit[28027]: GSSAPI client step 1
Feb 17 09:59:23 myhost.ipa.mydomain.com ipa-submit[28027]: GSSAPI client step 2
Feb 17 09:59:23 myhost.ipa.mydomain.com ipa-httpd-kdcproxy[28017]: ipa: INFO: KDC proxy enabled
Feb 17 09:59:23 myhost.ipa.mydomain.com ipa-httpd-kdcproxy[28017]: ipa-httpd-kdcproxy: INFO     KDC proxy enabled
Feb 17 09:59:23 myhost.ipa.mydomain.com httpd[28029]: [Sun Feb 17 09:59:23.712445 2019] [so:warn] [pid 28029:tid 140659006052608] AH01574: module proxy_module is already loaded, skipping
Feb 17 09:59:23 myhost.ipa.mydomain.com httpd[28029]: [Sun Feb 17 09:59:23.712513 2019] [so:warn] [pid 28029:tid 140659006052608] AH01574: module proxy_http_module is already loaded, skipping
Feb 17 09:59:23 myhost.ipa.mydomain.com systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Feb 17 09:59:23 myhost.ipa.mydomain.com systemd[1]: httpd.service: Failed with result 'exit-code'.
Feb 17 09:59:23 myhost.ipa.mydomain.com systemd[1]: Failed to start The Apache HTTP Server.

As much as I am trying on my own, there is not much i can deduct from those logs.

rcritten commented 5 years ago

You need to look at /var/log/httpd/error_log for details.

I would strongly recommend to removing mod_nss to simplify troubleshooting. It is not used by IPA.

tmdag commented 5 years ago

Thanks!, I've removed mod_nss.
and /var/log/httpd/error_log:

AH00016: Configuration Failed
[Sun Feb 17 10:15:54.814078 2019] [suexec:notice] [pid 28676:tid 140432885836032] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Feb 17 10:15:54.871063 2019] [so:warn] [pid 28676:tid 140432885836032] AH01574: module proxy_module is already loaded, skipping
[Sun Feb 17 10:15:54.871102 2019] [so:warn] [pid 28676:tid 140432885836032] AH01574: module proxy_http_module is already loaded, skipping
[Sun Feb 17 10:15:54.881677 2019] [lbmethod_heartbeat:notice] [pid 28676:tid 140432885836032] AH02282: No slotmem from mod_heartmonitor
[Sun Feb 17 10:15:54.889999 2019] [mpm_event:notice] [pid 28676:tid 140432885836032] AH00489: Apache/2.4.38 (Fedora) OpenSSL/1.1.1a mod_auth_gssapi/1.6.1 mod_fcgid/2.3.9 mod_wsgi/4.6.4 Python/3.7 mod_perl/2.0.10 Perl/v5.28.1 configured -- resuming normal operations
[Sun Feb 17 10:15:54.890025 2019] [core:notice] [pid 28676:tid 140432885836032] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sun Feb 17 19:57:19.284447 2019] [mpm_event:notice] [pid 28676:tid 140432885836032] AH00492: caught SIGWINCH, shutting down gracefully
[Sun Feb 17 19:57:27.726763 2019] [suexec:notice] [pid 25703:tid 140313707010304] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Feb 17 19:57:27.738641 2019] [ssl:emerg] [pid 25703:tid 140313707010304] AH02580: Init: Pass phrase incorrect for key myhost:443:0
[Sun Feb 17 19:57:27.738737 2019] [ssl:emerg] [pid 25703:tid 140313707010304] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
[Sun Feb 17 19:57:27.738761 2019] [ssl:emerg] [pid 25703:tid 140313707010304] SSL Library Error: error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error
[Sun Feb 17 19:57:27.738771 2019] [ssl:emerg] [pid 25703:tid 140313707010304] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
[Sun Feb 17 19:57:27.738782 2019] [ssl:emerg] [pid 25703:tid 140313707010304] SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=RSAPrivateKey)
[Sun Feb 17 19:57:27.738792 2019] [ssl:emerg] [pid 25703:tid 140313707010304] SSL Library Error: error:04093004:rsa routines:old_rsa_priv_decode:RSA lib
[Sun Feb 17 19:57:27.738801 2019] [ssl:emerg] [pid 25703:tid 140313707010304] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
[Sun Feb 17 19:57:27.738811 2019] [ssl:emerg] [pid 25703:tid 140313707010304] SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Sun Feb 17 19:57:27.738818 2019] [ssl:emerg] [pid 25703:tid 140313707010304] AH02311: Fatal error initialising mod_ssl, exiting. See /etc/httpd/logs/error_log for more information
[Sun Feb 17 19:57:27.738823 2019] [ssl:emerg] [pid 25703:tid 140313707010304] AH02564: Failed to configure encrypted (?) private key myhost:443:0, check /var/lib/ipa/private/httpd.key
AH00016: Configuration Failed

Does it mean i should have created some ssl keys prior the installation ?

Edited 5 years ago by tmdag

frenaud commented 5 years ago

Hi,
the asn1 error reminds me of an issue related to the hostname which was not a FQDN (issue 7528).
Can you check the content of /etc/hostname and /etc/hosts? The FQDN should be used everywhere.

tmdag commented 5 years ago

Thanks @frenaud, I thoiught i got that covered. Here is my setup:

myhost[user]~: hostname --domain
ipa.mydomain.com
myhost[user]~: hostname --fqdn
myhost.ipa.mydomain.com
myhost[user]~: cat /etc/hostname
myhost.ipa.mydomain.com
myhost[user]~: cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.1.10   myhost.ipa.mydomain.com     myhost

rcritten commented 5 years ago

Unclear why Apache is sending the wrong hostname.

IPA writes to something like /var/lib/ipa/passwds/ipa.example.test-443-RSA

The script /usr/libexec/ipa/ipa-httpd-pwdreader reads this file and passes the contents to Apache as the token password.

Is this a stock Apache configuration or did you make local changes to it?

tmdag commented 5 years ago

Science I've installed fedora server over a year ago, I cannot promisse that i haven't changed something from its default settings.
Originally I never set domain as there was no need for me in my local home network. But as it is required by IPA, I started setting it up just now (and maybe some settings were not there yet?)

This is my httpd.conf :
(I see that there is 'ServerName myhost:80' but maybe i should change it to 'ServerName myhost.ipa.mydomain.com:80' ?)

ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin my@email.com
ServerName myhost:80
<Directory />
    AllowOverride none
    Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
    AllowOverride None
    Require all granted
</Directory>
<Directory "/var/www/html">
    Options FollowSymLinks

    AllowOverride All

    Require all granted
</Directory>
<IfModule dir_module>
    DirectoryIndex index.html index.php index.cgi
</IfModule>
<Files ".ht*">
    Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule mime_module>
    TypesConfig /etc/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8

<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf
ServerTokens Prod
KeepAlive On
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

tmdag commented 5 years ago

So, that was it!

I've changed

ServerName myhost:80

ServerName myhost.ipa.mydomain.com:80

I wish i knew that i should look for it during initial setup :) but it worked. Installation went just fine.

rcritten commented 5 years ago

By default ServerName is not set at all in Apache, it isn't a required config option.

I'll go ahead and mark this as complete, glad it's working for you.

Metadata Update from @rcritten:
- Issue close_status updated to: worksforme
- Issue status updated to: Closed (was: Open)

5 years ago

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

freeipa

Source Code

#7867 Installation fails when trying to start httpd Closed: worksforme 5 years ago by rcritten. Opened 5 years ago by tmdag.

Issue

Actual behavior

Version/Release/Distribution

Additional info:

Metadata

#7867 Installation fails when trying to start httpd

Closed: worksforme 5 years ago by rcritten. Opened 5 years ago by tmdag.