Installer: httpd fails for KDC proxy (CentOS 7)

I’m installing The Foreman alongside with other components (such as FreeIPA and libvirt) in a single virtual machine.

Problem:

The default installation with foreman-installer -v works fine; I can access and log in to The Foreman via the web front-end just fine. Unfortunately, FreeIPA refuses to install when ports 80 and 443 are already taken.

Hence, I’m installing the FreeIPA server first, and then run The Forman installer like this:

foreman-installer -v --foreman-server-port=9080 --foreman-server-ssl-port=9443 --foreman-admin-password={{ ADMIN_PASSWORD }}

Expected Outcome:

According to my understanding this will make The Forman available at ports 9080 and 9443 (instead of 80 and 443 for HTTP and HTTPS).

Unfortunately, the installer fails with these command line parameters after configuring KDC proxy with HTTPd:

Syntax error on line 18 of /etc/httpd/conf.d/ipa-kdc-proxy.conf

Invalid command ‘WSGIDaemonProcess’, perhaps misspelled or defined by a module not included in the server configuration

Analysis:

The file /etc/httpd/conf.d/ipa-kdc-proxy.conf looks like follows, and on line 18 there is the WSGIDaemonProcess directive.

WSGIDaemonProcess kdcproxy processes=2 threads=15 maximum-requests=5000 \
  user=kdcproxy group=kdcproxy display-name=%{GROUP}
WSGIImportScript /usr/lib/python2.7/site-packages/kdcproxy/__init__.py \
  process-group=kdcproxy application-group=kdcproxy
WSGIScriptAlias /KdcProxy /usr/lib/python2.7/site-packages/kdcproxy/__init__.py
WSGIScriptReloading Off

<Location "/KdcProxy">
  Satisfy Any
  Order Deny,Allow
  Allow from all
  WSGIProcessGroup kdcproxy
  WSGIApplicationGroup kdcproxy
</Location>

The mod_wsgi module seems to be installed, but still httpd fails to (re)start. Note that it all installs just perfectly with the default command line parameters.

Foreman and Proxy versions:

Foreman 1.17 (latest), installed from repos configured via https://yum.theforeman.org/releases/1.17/el7/x86_64/foreman-release.rpm

.
Any idea what could be wrong? Is there an additional command line parameter I need to use?

I suspect that the installer is wiping the configuration that loads mod_wsgi because the apache module expects to fully manage the loaded apache modules. I’m surprised it doesn’t purge the conf.d directory because https://github.com/puppetlabs/puppetlabs-apache#purge_configs implies it should.

The question now is, why does this happen? Is it by design or by error?

I’ve tried running the installer without the port parameters again, and it succeeds just normally. (To make this story come to an end, I will modify the webserver ports “manually” (using Ansible) after the foreman-installer has completed.)

To me this behavior looks like a bug. Should I submit a bug report somewhere? At the Redmine project tracker?

I’ve created issue #23070 in the project tracker.

1 Like