On Mon, 2011-10-17 at 14:21 +0300, Alexander Bokovoy wrote:
> On Fri, 14 Oct 2011, Simo Sorce wrote:
> > > > Attached a rebased patch with the modifications needed to apply it on
> > > > master.
> > > >
> > > > Everything seem to work on master but I haven't tested ipa-2-1 so this
> > > > is a partial ACK of the original patch as well.
> > >
> > > A bit of bad news, I restarted the machine and I am having issue
> > > properly restarting services.
> > > This patch is still better than nothing as otherwise nothing works at
> > > all on f16, but we need to work out why starting services is unreliable.
> >
> > Ok found the issue and it is a bug in the conversion to systemd.
> > I opened ticket #1990 for this.
> >
> > Attached find a rebased patch that fixes enough of the bug to let the
> > server work (they keytab part), but it doesn't address the ulimit part.
> KRB5_KTNAME was missing but LimitNOFile is available -- it is now
> modified in dirsrv@.service file directly. The code in
> ipapython/platform/fedora16.py goes to a great length to enable that
> by copying file to /etc/systemd/system, modifying the config, and
> relinking all dirsrv instances to it. That's how systemd is organized.
>
> Now, I think I found actual issue preventing proper restarts.
> wait_for_socket() only considered 'connection refused' as valid error
> when unable to connect and waiting up until timeout is gone.
> Unfortunately, directory services start a bit slower than we had hoped
> and by the time we attempt to connect to local AF_UNIX socket, there
> is no actual socket on file system yet so we get:
>
> Oct 17 06:48:36 vm-114 ipactl[954]: Failed to read data from Directory
> Service: Unknown error when retrieving list of services from LDAP:
> [Errno 2] No such file or directory
> Oct 17 06:48:36 vm-114 ipactl[954]: Shutting down
> Oct 17 06:48:36 vm-114 ipactl[954]: Starting Directory Service
>
> After applying attached patch I now have fully working FreeIPA 2.1 git
> on Fedora 16.
>
Hi Alexander,
I tested our most recent master with simo's rebased patch and your patch
0004-Spin-for-connection-success-also-when-socket-is-not-.patch. It
looks very good, I hit just few issues:
1) ipa service reports inactive (dead) status even though LDAP server is
running:
systemctl status ipa.service
ipa.service - Identity, Policy, Audit
Loaded: loaded (/lib/systemd/system/ipa.service; enabled)
Active: inactive (dead) since Mon, 17 Oct 2011 10:21:30 -0400; 15s ago
Process: 25194 ExecStop=/usr/sbin/ipactl stop (code=exited,
status=0/SUCCESS)
Process: 25173 ExecStart=/usr/sbin/ipactl start (code=exited,
status=0/SUCCESS)
CGroup: name=systemd:/system/ipa.service
Maybe we should return "active" status when dirsrv is running?
2) I wasn't able to build IPA on F-15 after the patches were applied:
$ make rpms
...
+ install -m755
init/SystemV/ipa.init
/home/mkosek/freeipa/rpmbuild/BUILDROOT/freeipa-2.99.0GITb607c5c-0.fc15.x86_64/etc/rc.d/init.d/ipa
install: cannot stat `init/SystemV/ipa.init': No such file or directory
error: Bad exit status from /var/tmp/rpm-tmp.nwbRUX (%install)
ipa.init was removed from the git, but it was never moved to
init/SystemV/.
Martin
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
