On Fri, 14 Oct 2011, Simo Sorce wrote: > > > Attached a rebased patch with the modifications needed to apply it on > > > master. > > > > > > Everything seem to work on master but I haven't tested ipa-2-1 so this > > > is a partial ACK of the original patch as well. > > > > A bit of bad news, I restarted the machine and I am having issue > > properly restarting services. > > This patch is still better than nothing as otherwise nothing works at > > all on f16, but we need to work out why starting services is unreliable. > > Ok found the issue and it is a bug in the conversion to systemd. > I opened ticket #1990 for this. > > Attached find a rebased patch that fixes enough of the bug to let the > server work (they keytab part), but it doesn't address the ulimit part. KRB5_KTNAME was missing but LimitNOFile is available -- it is now modified in dirsrv@.service file directly. The code in ipapython/platform/fedora16.py goes to a great length to enable that by copying file to /etc/systemd/system, modifying the config, and relinking all dirsrv instances to it. That's how systemd is organized.
Now, I think I found actual issue preventing proper restarts. wait_for_socket() only considered 'connection refused' as valid error when unable to connect and waiting up until timeout is gone. Unfortunately, directory services start a bit slower than we had hoped and by the time we attempt to connect to local AF_UNIX socket, there is no actual socket on file system yet so we get: Oct 17 06:48:36 vm-114 ipactl[954]: Failed to read data from Directory Service: Unknown error when retrieving list of services from LDAP: [Errno 2] No such file or directory Oct 17 06:48:36 vm-114 ipactl[954]: Shutting down Oct 17 06:48:36 vm-114 ipactl[954]: Starting Directory Service After applying attached patch I now have fully working FreeIPA 2.1 git on Fedora 16. -- / Alexander Bokovoy
>From cb5583ad8023d87fdbf863cd65032d0f11108bc0 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <aboko...@redhat.com> Date: Mon, 17 Oct 2011 14:17:07 +0300 Subject: [PATCH 4/4] Spin for connection success also when socket is not (yet) available We were spinning for socket connection if attempt to connect returned errno 111 (connection refused). However, it is not enough for local AF_UNIX sockets as heavy applications might not be able to start yet and therefore the whole path might be missing. So spin for errno 2 (no such file or directory) as well. Partial fix for https://fedorahosted.org/freeipa/ticket/1990 --- ipaserver/install/installutils.py | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 5cfc8f0376e25d9eb25206d54ac5bbea47aca9b2..0a36c354e1d2f901bfdef51c151d035ba8ee64ca 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -507,7 +507,7 @@ def wait_for_open_socket(socket_name, timeout=0): s.close() break; except socket.error, e: - if e.errno == 111: # 111: Connection refused + if e.errno in (2,111): # 111: Connection refused, 2: File not found if timeout and time.time() > op_timeout: # timeout exceeded raise e time.sleep(1) -- 1.7.6.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
