[Freeipa-devel] [PATCH, 2.1] 0021 Fedora 16 and systemd support

Martin Kosek mkosek at redhat.com
Tue Oct 18 10:56:16 UTC 2011 

On Mon, 2011-10-17 at 14:21 +0300, Alexander Bokovoy wrote:
> On Fri, 14 Oct 2011, Simo Sorce wrote:
> > > > Attached a rebased patch with the modifications needed to apply it on
> > > > master.
> > > > 
> > > > Everything seem to work on master but I haven't tested ipa-2-1 so this
> > > > is a partial ACK of the original patch as well.
> > > 
> > > A bit of bad news, I restarted the machine and I am having issue
> > > properly restarting services.
> > > This patch is still better than nothing as otherwise nothing works at
> > > all on f16, but we need to work out why starting services is unreliable.
> > 
> > Ok found the issue and it is a bug in the conversion to systemd.
> > I opened ticket #1990 for this.
> > 
> > Attached find a rebased patch that fixes enough of the bug to let the
> > server work (they keytab part), but it doesn't address the ulimit part.
> KRB5_KTNAME was missing but LimitNOFile is available -- it is now 
> modified in dirsrv at .service file directly. The code in 
> ipapython/platform/fedora16.py goes to a great length to enable that 
> by copying file to /etc/systemd/system, modifying the config, and 
> relinking all dirsrv instances to it. That's how systemd is organized.
> 
> Now, I think I found actual issue preventing proper restarts. 
> wait_for_socket() only considered 'connection refused' as valid error 
> when unable to connect and waiting up until timeout is gone. 
> Unfortunately, directory services start a bit slower than we had hoped 
> and by the time we attempt to connect to local AF_UNIX socket, there 
> is no actual socket on file system yet so we get:
> 
> Oct 17 06:48:36 vm-114 ipactl[954]: Failed to read data from Directory 
> Service: Unknown error when retrieving list of services from LDAP: 
> [Errno 2] No such file or directory
> Oct 17 06:48:36 vm-114 ipactl[954]: Shutting down
> Oct 17 06:48:36 vm-114 ipactl[954]: Starting Directory Service
> 
> After applying attached patch I now have fully working FreeIPA 2.1 git 
> on Fedora 16.
> 

Hi Alexander,

I tested our most recent master with simo's rebased patch and your patch
0004-Spin-for-connection-success-also-when-socket-is-not-.patch. It
looks very good, I hit just few issues:

1) ipa service reports inactive (dead) status even though LDAP server is
running:

systemctl status ipa.service
ipa.service - Identity, Policy, Audit
	  Loaded: loaded (/lib/systemd/system/ipa.service; enabled)
	  Active: inactive (dead) since Mon, 17 Oct 2011 10:21:30 -0400; 15s ago
	 Process: 25194 ExecStop=/usr/sbin/ipactl stop (code=exited, status=0/SUCCESS)
	 Process: 25173 ExecStart=/usr/sbin/ipactl start (code=exited, status=0/SUCCESS)
	  CGroup: name=systemd:/system/ipa.service

Maybe we should return "active" status when dirsrv is running?

2) I wasn't able to build IPA on F-15 after the patches were applied:
$ make rpms
...
+ install -m755
init/SystemV/ipa.init /home/mkosek/freeipa/rpmbuild/BUILDROOT/freeipa-2.99.0GITb607c5c-0.fc15.x86_64/etc/rc.d/init.d/ipa
install: cannot stat `init/SystemV/ipa.init': No such file or directory
error: Bad exit status from /var/tmp/rpm-tmp.nwbRUX (%install)

ipa.init was removed from the git, but it was never moved to
init/SystemV/.

Martin

More information about the Freeipa-devel mailing list