[Freeipa] [Bug 1769485] Re: freeipa install server fails - cannot start apache server with SSL
I had the same issue. 4.7.0~pre1+git20180411-2ubuntu2 is installed on a new server - and that does not have the fix in it. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1769485 Title: freeipa install server fails - cannot start apache server with SSL Status in freeipa package in Ubuntu: Fix Released Status in freeipa source package in Bionic: Confirmed Bug description: After having installed the new version of Tomcat 8, compatible with JDK 8 (see https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1765616), I am still stucked with freeipa-server on Ubuntu 18.04. The ipa-server-install script fails during step "[19/21]: starting httpd" of HTTP configuration. From my investigation, it seems that the problem is that the SSL private key in /var/lib/ipa/private/httpd.key has a passphrase, saved in /var/lib/ipa/-443-RSA. The passphrase is correct (I checked with openssl), but Apache does not find it. [Test Case] Add repository ppa:freeipa/ppa, install freeipa-server, run ipa- server-install. [What expected] ipa-server-install terminates without errors. [What happens] ipa-server-install fails. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769485/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1769485] Re: freeipa install server fails - cannot start apache server with SSL
This bug is still present in Ubuntu bionic. To workaround it i had to edit the script /usr/lib/ipa/ipa-httpd- pwdreader and replace "${HOSTNAME}" with $(hostname -f). -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1769485 Title: freeipa install server fails - cannot start apache server with SSL Status in freeipa package in Ubuntu: Fix Released Status in freeipa source package in Bionic: Confirmed Bug description: After having installed the new version of Tomcat 8, compatible with JDK 8 (see https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1765616), I am still stucked with freeipa-server on Ubuntu 18.04. The ipa-server-install script fails during step "[19/21]: starting httpd" of HTTP configuration. From my investigation, it seems that the problem is that the SSL private key in /var/lib/ipa/private/httpd.key has a passphrase, saved in /var/lib/ipa/-443-RSA. The passphrase is correct (I checked with openssl), but Apache does not find it. [Test Case] Add repository ppa:freeipa/ppa, install freeipa-server, run ipa- server-install. [What expected] ipa-server-install terminates without errors. [What happens] ipa-server-install fails. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769485/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1769485] Re: freeipa install server fails - cannot start apache server with SSL
This bug was fixed in the package freeipa - 4.7.0-1ubuntu4 --- freeipa (4.7.0-1ubuntu4) cosmic; urgency=medium * Actually build server on architecture any. -- Dimitri John Ledkov Tue, 02 Oct 2018 23:32:01 +0100 ** Changed in: freeipa (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1769485 Title: freeipa install server fails - cannot start apache server with SSL Status in freeipa package in Ubuntu: Fix Released Status in freeipa source package in Bionic: Confirmed Bug description: After having installed the new version of Tomcat 8, compatible with JDK 8 (see https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1765616), I am still stucked with freeipa-server on Ubuntu 18.04. The ipa-server-install script fails during step "[19/21]: starting httpd" of HTTP configuration. From my investigation, it seems that the problem is that the SSL private key in /var/lib/ipa/private/httpd.key has a passphrase, saved in /var/lib/ipa/-443-RSA. The passphrase is correct (I checked with openssl), but Apache does not find it. [Test Case] Add repository ppa:freeipa/ppa, install freeipa-server, run ipa- server-install. [What expected] ipa-server-install terminates without errors. [What happens] ipa-server-install fails. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769485/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1769485] Re: freeipa install server fails - cannot start apache server with SSL
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: freeipa (Ubuntu Bionic) Status: New => Confirmed -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1769485 Title: freeipa install server fails - cannot start apache server with SSL Status in freeipa package in Ubuntu: In Progress Status in freeipa source package in Bionic: Confirmed Bug description: After having installed the new version of Tomcat 8, compatible with JDK 8 (see https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1765616), I am still stucked with freeipa-server on Ubuntu 18.04. The ipa-server-install script fails during step "[19/21]: starting httpd" of HTTP configuration. From my investigation, it seems that the problem is that the SSL private key in /var/lib/ipa/private/httpd.key has a passphrase, saved in /var/lib/ipa/-443-RSA. The passphrase is correct (I checked with openssl), but Apache does not find it. [Test Case] Add repository ppa:freeipa/ppa, install freeipa-server, run ipa- server-install. [What expected] ipa-server-install terminates without errors. [What happens] ipa-server-install fails. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769485/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1769485] Re: freeipa install server fails - cannot start apache server with SSL
I added your line just before the case statement in ipa-httpd-pwdreader, and it works. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1769485 Title: freeipa install server fails - cannot start apache server with SSL Status in freeipa package in Ubuntu: Triaged Status in freeipa source package in Bionic: New Bug description: After having installed the new version of Tomcat 8, compatible with JDK 8 (see https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1765616), I am still stucked with freeipa-server on Ubuntu 18.04. The ipa-server-install script fails during step "[19/21]: starting httpd" of HTTP configuration. From my investigation, it seems that the problem is that the SSL private key in /var/lib/ipa/private/httpd.key has a passphrase, saved in /var/lib/ipa/-443-RSA. The passphrase is correct (I checked with openssl), but Apache does not find it. [Test Case] Add repository ppa:freeipa/ppa, install freeipa-server, run ipa- server-install. [What expected] ipa-server-install terminates without errors. [What happens] ipa-server-install fails. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769485/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1769485] Re: freeipa install server fails - cannot start apache server with SSL
if you edit ipa-httpd-pwdreader to set HOSTNAME=`hostname -f` before it's called, does it work? -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1769485 Title: freeipa install server fails - cannot start apache server with SSL Status in freeipa package in Ubuntu: New Bug description: After having installed the new version of Tomcat 8, compatible with JDK 8 (see https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1765616), I am still stucked with freeipa-server on Ubuntu 18.04. The ipa-server-install script fails during step "[19/21]: starting httpd" of HTTP configuration. From my investigation, it seems that the problem is that the SSL private key in /var/lib/ipa/private/httpd.key has a passphrase, saved in /var/lib/ipa/-443-RSA. The passphrase is correct (I checked with openssl), but Apache does not find it. [Test Case] Add repository ppa:freeipa/ppa, install freeipa-server, run ipa- server-install. [What expected] ipa-server-install terminates without errors. [What happens] ipa-server-install fails. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769485/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1769485] Re: freeipa install server fails - cannot start apache server with SSL
I tried with the Alternate ISO. The problem still occurs, but now I can change the hostname to my fully qualified domain name with hostnamectl in a reliable way. Still, ipa-server-install should work with a simple hostname, since this is the standard for Ubuntu sysems. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1769485 Title: freeipa install server fails - cannot start apache server with SSL Status in freeipa package in Ubuntu: New Bug description: After having installed the new version of Tomcat 8, compatible with JDK 8 (see https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1765616), I am still stucked with freeipa-server on Ubuntu 18.04. The ipa-server-install script fails during step "[19/21]: starting httpd" of HTTP configuration. From my investigation, it seems that the problem is that the SSL private key in /var/lib/ipa/private/httpd.key has a passphrase, saved in /var/lib/ipa/-443-RSA. The passphrase is correct (I checked with openssl), but Apache does not find it. [Test Case] Add repository ppa:freeipa/ppa, install freeipa-server, run ipa- server-install. [What expected] ipa-server-install terminates without errors. [What happens] ipa-server-install fails. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769485/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1769485] Re: freeipa install server fails - cannot start apache server with SSL
I realized now that "hostnamectl set-hostname" is not deterministic. Most of the times, the new hostname is lost after reboot, sometimes, without any apparent reason, it is preserved. The problem is that I installed Ubuntu 18.04 with the Live image, which has some peculiarities (see https://ubuntuforums.org/showthread.php?t=2390785). I will reinstall with the alternate ISO and see what happens. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1769485 Title: freeipa install server fails - cannot start apache server with SSL Status in freeipa package in Ubuntu: New Bug description: After having installed the new version of Tomcat 8, compatible with JDK 8 (see https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1765616), I am still stucked with freeipa-server on Ubuntu 18.04. The ipa-server-install script fails during step "[19/21]: starting httpd" of HTTP configuration. From my investigation, it seems that the problem is that the SSL private key in /var/lib/ipa/private/httpd.key has a passphrase, saved in /var/lib/ipa/-443-RSA. The passphrase is correct (I checked with openssl), but Apache does not find it. [Test Case] Add repository ppa:freeipa/ppa, install freeipa-server, run ipa- server-install. [What expected] ipa-server-install terminates without errors. [What happens] ipa-server-install fails. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769485/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1769485] Re: freeipa install server fails - cannot start apache server with SSL
I was able to permanently change the host name with "hosnamectl --set- hostname". Nonetheless, I still thinks there is a bug here, because the Ubuntu 18.04 installer only allows me to set a unqualified host name, while "ipa-server-install" insists on a FQDN, and the two do not matches. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1769485 Title: freeipa install server fails - cannot start apache server with SSL Status in freeipa package in Ubuntu: New Bug description: After having installed the new version of Tomcat 8, compatible with JDK 8 (see https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1765616), I am still stucked with freeipa-server on Ubuntu 18.04. The ipa-server-install script fails during step "[19/21]: starting httpd" of HTTP configuration. From my investigation, it seems that the problem is that the SSL private key in /var/lib/ipa/private/httpd.key has a passphrase, saved in /var/lib/ipa/-443-RSA. The passphrase is correct (I checked with openssl), but Apache does not find it. [Test Case] Add repository ppa:freeipa/ppa, install freeipa-server, run ipa- server-install. [What expected] ipa-server-install terminates without errors. [What happens] ipa-server-install fails. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769485/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1769485] Re: freeipa install server fails - cannot start apache server with SSL
I made some progress. The problem is that the script /usr/lib/ipa/ipa- httpd-pwdreader, which reads the passphrase of the SSL key on behalf of Apache, checks that the hostname passed by Apache has the same value of the $HOSTNAME environment variable. In my case, the two are different: Apache uses the full qualified name "ipa.labeconomia.unich.it", while $HOSTNAME contains only "ipa". I wonder why other people do not have the same problem. I temporary solved the problem with the command 'hostname ipa.labeconomia.unich.it', but this is only a partial solution, since after the reboot $HOSTNAME is back to "ipa" and Apache does not start. I tried to change '/etc/hostname' with the FQDN, but without success: the file get changed back to "ipa" after a reboot. I could change the ipa-httpd-pwdreader to avoid this check, but I suspect that the $HOSTNAME variable could be used elsewhere, so I would really change my /etc/hostname with the FQDN, like I have in my Fedora and CentOS boxes. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1769485 Title: freeipa install server fails - cannot start apache server with SSL Status in freeipa package in Ubuntu: New Bug description: After having installed the new version of Tomcat 8, compatible with JDK 8 (see https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1765616), I am still stucked with freeipa-server on Ubuntu 18.04. The ipa-server-install script fails during step "[19/21]: starting httpd" of HTTP configuration. From my investigation, it seems that the problem is that the SSL private key in /var/lib/ipa/private/httpd.key has a passphrase, saved in /var/lib/ipa/-443-RSA. The passphrase is correct (I checked with openssl), but Apache does not find it. [Test Case] Add repository ppa:freeipa/ppa, install freeipa-server, run ipa- server-install. [What expected] ipa-server-install terminates without errors. [What happens] ipa-server-install fails. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769485/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp