httpd fails to start on Controller

manually creating the certifcate with "openssl req -x509 -sha256 -newkey rsa:2048 -keyout packstack_cacert.key -out packstack_cacert.crt -days 1024 -nodes" and moving the files to the proper locales still did not work.

Ah, it is a CA file. Changing the entry in /etc/httpd/conf.d/15-horizon_ssl_vhost.conf to:

   SSLCACertificateFile "/etc/pki/tls/certs/ca-bundle.crt"

Allowed Apache to run.

The problem seems to be that packstack is not creating /etc/pki/tls/certs/packstack_cacert.crt

Hi Father,

I have just tested this with the latest code, and couldn't reproduce the error. Can you upload a sanitized answer file, and let us know which version of the openstack-packstack package you used?

Hello Javier,

Thank you for testing!

Attached is the packstack answer file. I had made several attempts to run this deployment and I am now thinking perhaps there were some leftover files that confused things.

Would you like me to try again after running the packstack remover script?
(https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/3/html/Getting_Started_Guide/appe-Getting_Started_Guide-Removing_PackStack_Deployments.html)

packstack --version
11.0.1

Gratefully,

Father Vlasie

St. Photios Orthodox Theological Seminary
510 Collier Way, Etna, CA 96027, U.S.A.

Website: www.spots.school

> On 2 Feb 2018, at 09:24, Javier Peña <email address hidden> wrote:
>
> Hi Father,
>
> I have just tested this with the latest code, and couldn't reproduce the
> error. Can you upload a sanitized answer file, and let us know which
> version of the openstack-packstack package you used?
>
> ** Changed in: packstack
> Status: New => Incomplete
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1746317
>
> Title:
> httpd fails to start on Controller
>
> Status in Packstack:
> Incomplete
>
> Bug description:
> Running packstack on CentOS 7, the controller node
> httpd start fails with the error, seems to be related to asking horizon to use SSL:
>
> httpd[11445]: AH00526: Syntax error on line 40 of /etc/httpd/conf.d/15-horizon_ssl_vhost.conf:
> httpd[11445]: SSLCACertificateFile: file '/etc/pki/tls/certs/packstack_cacert.crt' does not exist or is empty
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/packstack/+bug/1746317/+subscriptions

The answer file looks ok, I have retested with the same SSL parameters and everything worked fine for me, so maybe the issue is in those leftover files you mentioned.

That link to the Packstack remover script is quite old, and probably will fail with the current version. For now, let's try the following:

- Remove the ~packstackca directory.
- Remove the Packstack-generated SSL files under /etc/pki/tls/certs and /etc/pki/tls/private (in my test setup I see localhost.*, packstack_cacert.*, ssl_dashboard.* and ssl_vnc.*)
- Try running Packstack again

If that fails, I would suggest to retry the installation from scratch, with a freshly installed system. Otherwise we could still find leftovers getting in our way.

Yes, that worked. I think deleting the ~/packstackca directory really did it. I did not think to delete that one since it is on the system running the packstack script rather than the conroller node.

Thank you very much Javier!

Now on the next issue...