[Freeipa-devel] [PATCH 3/3] Get list of service from LDAP only at startup

Simo Sorce simo at redhat.com
Mon Oct 29 20:00:20 UTC 2012 

On Mon, 2012-10-29 at 15:41 -0400, Rob Crittenden wrote:
> Simo Sorce wrote:
> > On Fri, 2012-10-26 at 16:30 -0400, Rob Crittenden wrote:
> >> Simo Sorce wrote:
> >>> From: Simo Sorce <ssorce at redhat.com>
> >>>
> >>> We check (possibly different) data from LDAP only at (re)start.
> >>> This way we always shutdown exactly the services we started even if the list
> >>> changed in the meanwhile (we avoid leaving a service running even if it was
> >>> removed from LDAP as the admin decided it should not be started in future).
> >>>
> >>> This should also fix a problematic deadlock with systemd when we try to read
> >>> the list of service from LDAP at shutdown.
> >>
> >> I'm thinking that in patch 2 we need to be sure the name is unique, for
> >> whatever reason, when starting a service. I'm not sure if it is related
> >> to this or not:
> >>
> >> ...
> >> Done configuring the web interface (httpd).
> >> Applying LDAP updates
> >> Restarting the directory server
> >> Restarting the KDC
> >> Sample zone file for bind has been created in /tmp/sample.zone.t1LC7e.db
> >> Restarting the web server
> >> Unexpected error - see /var/log/ipaserver-install.log for details:
> >> CalledProcessError: Command '/bin/systemctl restart ipa.service'
> >> returned non-zero exit status 1
> >> [root at rawhide2 freeipa]# cat /var/run/ipa/services.list
> >> ["messagebus", "certmonger", "ntpd", "messagebus", "certmonger",
> >> "messagebus", "certmonger", "certmonger", "messagebus", "certmonger",
> >> "certmonger", "krb5kdc", "messagebus", "certmonger", "certmonger"]
> >
> > Maybe I should add code to remove entries on stop() ?
> > I haven't considered the case where our own code stop instances outside
> > of ipactl stop
> >
> > Now having duplicate instances shouldn't be fatal but maybe systemd is
> > returning an error to signal the instance was already started ?
> 
> Maybe converting the list to a set before starting would be enough.

I can easily weed out duplicates, but I am relying on the order in this
list in the code by using reverse() so that services are stopped in
reverse order. However the fact you can restart single services will
make this sorta break I guess.

I am going to think about ordering and propose a solution that properly
handles that, the main issue is that SERVICE_LIST cannot be used because
it uses the original 'abstract' names, while the service class now uses
this wellknown service name.

> >
> >> I don't see any smoking gun in the install log:
> >>
> >> 2012-10-26T20:27:40Z DEBUG Starting external process
> >> 2012-10-26T20:27:40Z DEBUG args=/bin/systemctl restart ipa.service
> >> 2012-10-26T20:27:42Z DEBUG Process finished, return code=1
> >> 2012-10-26T20:27:42Z DEBUG stdout=
> >> 2012-10-26T20:27:42Z DEBUG stderr=Job for ipa.service failed. See
> >> 'systemctl status ipa.service' and 'journalctl' for details.
> >>
> >> 2012-10-26T20:27:42Z INFO   File
> >> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
> >> line 614, in run_script
> >>       return_value = main_function()
> >>
> >>     File "/usr/sbin/ipa-server-install", line 1100, in main
> >>       ipaservices.knownservices.ipa.enable()
> >>
> >>     File
> >> "/usr/lib/python2.7/site-packages/ipapython/platform/fedora16.py", line
> >> 129, in enable
> >>       self.restart(instance_name)
> >>
> >>     File
> >> "/usr/lib/python2.7/site-packages/ipapython/platform/systemd.py", line
> >> 104, in restart
> >>       ipautil.run(["/bin/systemctl", "restart",
> >> self.service_instance(instance_name)], capture_output=capture_output)
> >>
> >>     File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
> >> 323, in run
> >>       raise CalledProcessError(p.returncode, arg_string)
> >>
> >> 2012-10-26T20:27:42Z INFO The ipa-server-install command failed,
> >> exception: CalledProcessError: Command '/bin/systemctl restart
> >> ipa.service' returned non-zero exit status 1
> >
> > So it returned just 1 without any error message ?
> >
> > Simo.
> >
> >
> 
> # /bin/systemctl status ipa.service
> ipa.service - Identity, Policy, Audit
>            Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled)
>            Active: failed (Result: exit-code) since Fri, 26 Oct 2012 
> 16:27:42 -0400; 2 days ago
>           Process: 17543 ExecStart=/usr/sbin/ipactl start (code=exited, 
> status=1/FAILURE)
>            CGroup: name=systemd:/system/ipa.service
> 
> Oct 26 16:27:40 rawhide2.greyoak.com systemd[1]: Starting Identity, 
> Policy, Audit...
> Oct 26 16:27:41 rawhide2.greyoak.com ipactl[17543]: IPA service already 
> started!
> Oct 26 16:27:42 rawhide2.greyoak.com systemd[1]: Failed to start 
> Identity, Policy, Audit.

I don't think this depends on my patch.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

More information about the Freeipa-devel mailing list