On Tue, 2011-10-18 at 15:29 +0200, Martin Kosek wrote: > On Tue, 2011-10-18 at 15:48 +0300, Alexander Bokovoy wrote: > > On Tue, 18 Oct 2011, Alexander Bokovoy wrote: > > > > ipa.init was removed from the git, but it was never moved to > > > > init/SystemV/. > > > It should have been moved (rm+new file). I'll check what's happening > > > there, maybe Simo's patch omitted that one? > > > > > > http://koji.fedoraproject.org/koji/taskinfo?taskID=3437275 is current > > > scratch build of 2.1 for F-16. It is 2.1.2+diff up to current ipa-2-1 > > > git tree + systemd patch. > > I did another rebase and current version of systemd support for > > ipa-2-1 is in systemd-ipa-2-1 branch of my tree: > > http://fedorapeople.org/gitweb?p=abbra/public_git/freeipa.git;a=shortlog;h=refs/heads/systemd-ipa-2-1 > > > > Yep, ipa.init is now correctly moved and I was able to compile ipa on > both F-15 and F-16. I still have few question/issues: > > 1) When ipa is not configured, it is ok that ipa.service status returns > error. However, I still got ipa.service status error after the ipa was > configured: > > # systemctl status ipa.service > ipa.service - Identity, Policy, Audit > Loaded: loaded (/lib/systemd/system/ipa.service; disabled) > Active: failed since Tue, 18 Oct 2011 09:04:41 -0400; 1min 50s ago > Main PID: 18499 (code=exited, status=6) > CGroup: name=systemd:/system/ipa.service > # /usr/sbin/ipactl status > IPA is not configured (see man pages of ipa-server-install for help) > > # ipa-server-install > ... > Applying LDAP updates > Restarting IPA to initialize updates before performing deletes: > [1/2]: stopping directory server > [2/2]: starting directory server > done configuring dirsrv. > Restarting the directory server > Restarting the KDC > Restarting the web server > Sample zone file for bind has been created in /tmp/sample.zone.teFbNR.db > ============================================================================== > Setup complete > > Next steps: > 1. You must make sure these network ports are open: > TCP Ports: > * 80, 443: HTTP/HTTPS > * 389, 636: LDAP/LDAPS > * 88, 464: kerberos > UDP Ports: > * 88, 464: kerberos > * 123: ntp > > 2. You can now obtain a kerberos ticket using the command: 'kinit admin' > This ticket will allow you to use the IPA tools (e.g., ipa user-add) > and the web user interface. > > Be sure to back up the CA certificate stored in /root/cacert.p12 > This file is required to create replicas. The password for this > file is the Directory Manager password > > # systemctl status ipa.service > ipa.service - Identity, Policy, Audit > Loaded: loaded (/lib/systemd/system/ipa.service; enabled) > Active: failed since Tue, 18 Oct 2011 09:04:41 -0400; 6min ago > Main PID: 18499 (code=exited, status=6) > CGroup: name=systemd:/system/ipa.service > > > > 2) ipactl shows stopped dirsrv and CA service even though they should be > up (cert-show command worked): > > # ipactl status > Directory Service: RUNNING > KDC Service: RUNNING > KPASSWD Service: STOPPED > HTTP Service: RUNNING > CA Service: STOPPED > > When I restarted the ipa service, everything was OK including the status > I mentioned in my previous mail: > > # systemctl restart ipa.service > # ipactl status > Directory Service: RUNNING > KDC Service: RUNNING > KPASSWD Service: RUNNING > HTTP Service: RUNNING > CA Service: RUNNING > > # systemctl status ipa.service > ipa.service - Identity, Policy, Audit > Loaded: loaded (/lib/systemd/system/ipa.service; enabled) > Active: active (exited) since Tue, 18 Oct 2011 09:18:32 -0400; 2min > 41s ago > Process: 20069 ExecStart=/usr/sbin/ipactl start (code=exited, > status=0/SUCCESS) > CGroup: name=systemd:/system/ipa.service > > > Martin >
Ok, final ACK :-) On Friday and today I did a final set of sanity tests for both branches on F-15 and F-16. Minor issues found during the review were fixed by Alexander and integrated to the patches. There is just one pending issue I found - name server cannot talk to dirsrv on F-16 due to changes in SElinux policy. It is being be tracked here: https://bugzilla.redhat.com/show_bug.cgi?id=748366 SELinux guys accepted the issue and it is being worked on. Pushed to master, ipa-2-1. Good job! Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
