Highlighted
Micro Focus Expert
Micro Focus Expert
197 views

(SP/Propel) Support Tip: SMSP fails to start successfully because /opt/hp/propel/security/propel_hos

Error Message:
Starting SMSP and the service fails to start with the following message:

[root@xxxxxxxxx run]# propel start
--- gmond ---
--- gmetad ---
--- httpd ---
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
[…]

Issue the following command to find out more information about the httpd service:
[root@xxxxxxxxx run]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2017-05-17 10:56:55 CEST; 1min 20s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 795 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 783 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 783 (code=exited, status=1/FAILURE)
May 17 10:56:54 xxxxxxxxx systemd[1]: Starting The Apache HTTP Server...
May 17 10:56:55 xxxxxxxxx httpd[783]: AH00526: Syntax error on line 100 of /etc/httpd/conf.d/ssl.conf:
May 17 10:56:55 xxxxxxxxx httpd[783]: SSLCertificateFile: file '/opt/hp/propel/security/propel_host.crt' does not exist or is empty
May 17 10:56:55 xxxxxxxxx systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
May 17 10:56:55 xxxxxxxxx kill[795]: kill: cannot find process ""
May 17 10:56:55 xxxxxxxxx systemd[1]: httpd.service: control process exited, code=exited status=1
May 17 10:56:55 xxxxxxxxx systemd[1]: Failed to start The Apache HTTP Server.
May 17 10:56:55 xxxxxxxxx systemd[1]: Unit httpd.service entered failed state.
May 17 10:56:55 xxxxxxxxx systemd[1]: httpd.service failed.

However the SSL certificate file /opt/hp/propel/security/propel_host.crt does exist and it is not empty and this can be confirmed by executing the following command:

[root@xxxxxxxxx run]# ls -l /opt/hp/propel/security/propel_host.crt
-r--r-----. 1 propel propel 1005 May 11 13:06 /opt/hp/propel/security/propel_host.crt

Cause:
The cause of the problem is that the files in the /opt/hp/propel/security directory do not have any security context and this can be confirmed by executing the following command:

[root@xxxxxxxxx ~]# ls -Z /opt/hp/propel/security
-r--r-----. propel propel unconfined_u:object_r:unlabeled_t:s0 CA.crt
-r--r-----. propel propel unconfined_u:object_r:unlabeled_t:s0 propel_host.chain.crt
-r--r-----. propel propel unconfined_u:object_r:unlabeled_t:s0 propel_host.crt
-r--r-----. propel propel unconfined_u:object_r:unlabeled_t:s0 propel_host.key.rsa
-r--r-----. propel propel unconfined_u:object_r:unlabeled_t:s0 propel_host.pfx
-r--r-----. propel propel unconfined_u:object_r:unlabeled_t:s0 propel.truststore

Fix:
To fix the problem please execute this command:

[root@xxxxxxxxx ~]# sudo restorecon -Rv /opt/hp/propel/security

The output of ls -Z /opt/hp/propel/security command will now be:

-r--r-----. propel propel unconfined_u:object_r:usr_t:s0 CA.crt
-r--r-----. propel propel unconfined_u:object_r:usr_t:s0 propel_host.chain.crt
-r--r-----. propel propel unconfined_u:object_r:usr_t:s0 propel_host.crt
-r--r-----. propel propel unconfined_u:object_r:usr_t:s0 propel_host.key.rsa
-r--r-----. propel propel unconfined_u:object_r:usr_t:s0 propel_host.pfx
-r--r-----. propel propel unconfined_u:object_r:usr_t:s0 propel.truststore

Labels (1)
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.