[Freeipa-devel] [PATCH] 0025 Restructure startup code for IPA servers
Simo Sorce
ssorce at redhat.com
Fri Dec 10 14:09:30 UTC 2010
On Fri, 10 Dec 2010 12:43:59 +0100
Jakub Hrozek <jhrozek at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 12/09/2010 03:54 PM, Simo Sorce wrote:
> > On Thu, 09 Dec 2010 15:00:21 +0100
> > Jakub Hrozek <jhrozek at redhat.com> wrote:
> >
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> On 12/07/2010 05:53 PM, Simo Sorce wrote:
> >>>
> >>> With this patch we stop relying on the system to init single ipa
> >>> components and instead introduce a "ipa" init script that takes
> >>> care of properly starting/stopping all relevant components.
> >>>
> >>> Components are listed with a generic label in LDAP, per server.
> >>> At startup the ipa init script will always start drisrv, then use
> >>> the local socket to query it anonymously[*] and get the list of
> >>> service to start with a ordering paramater.
> >>>
> >>> And it will then proceed to start each single service.
> >>> On failure it will shut them all down.
> >>>
> >>> On stoppping ti shuts them down in inverse order.
> >>>
> >>> Only the ipa service is enabled with chkconfig, all other handled
> >>> services are off in chkconfig and started by the ipa service
> >>> instead.
> >>>
> >>> [*] We can create an account if we think this is not good enough,
> >>> but I would ask to have a separate ticket and handle this change
> >>> as an additional patch if we feel the need to do that.
> >>>
> >>> Simo.
> >>
> >> The patch seems to work fine, I just have one question: the script
> >> uses #!/usr/bin/env python as the interpreter. While this is
> >> generally used in python scripts to allow multiple interpreters, I
> >> recall it was discouraged in Fedora (and I'm pretty sure[1] it is
> >> discouraged in RHEL, although that could be solved by a
> >> RHEL-specific patch)
> >>
> >> So do we prefer /usr/bin/python or /usr/bin/env python ?
> >>
> >> Jakub
> >>
> >> [1] https://bugzilla.redhat.com/show_bug.cgi?id=521940
> >
> > I just copied that part from another of our scripts.
> > If you think we should change this, I would open a generic ticket
> > and go through all the python script and make a consistent change
> > to all of them.
>
> OK:
> https://fedorahosted.org/freeipa/ticket/608
Thank you
> I think we should at least discuss it -- we would need to change the
> interpreter for RHEL anyway..in Fedora/upstream, I don't have a strong
> opinion.
I agree, but need to be discussed in another thread :)
> Other comments:
> Since the ipactl script is written in Python and /sbin/service ipa
> $action is called in %preun and %postun we also need to add
> Requires(preun): python and Requires(postun): python.
Ok, I'll add that.
> Also, I noticed (unrelated to this patch) that we are missing the
> pre/post Requires on chkconfig and initscripts.
I'll add that too, seem in context with the patch enough.
> Why do we still use chkconfig --add and --del for ipa_kpasswd instead
> of using enabling it in KrbInstance.__enable()?
Good q. I don't know :)
> What are the second elements in the SERVICE_LIST[service_name] tuples?
It is the default ordering, used at install time by the instances to
create the LDAP entry.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list