On Fri, 10 Dec 2010 12:43:59 +0100
Jakub Hrozek <jhro...@redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 12/09/2010 03:54 PM, Simo Sorce wrote:
> > On Thu, 09 Dec 2010 15:00:21 +0100
> > Jakub Hrozek <jhro...@redhat.com> wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >> On 12/07/2010 05:53 PM, Simo Sorce wrote:
> >>> With this patch we stop relying on the system to init single ipa
> >>> components and instead introduce a "ipa" init script that takes
> >>> care of properly starting/stopping all relevant components.
> >>> Components are listed with a generic label in LDAP, per server.
> >>> At startup the ipa init script will always start drisrv, then use
> >>> the local socket to query it anonymously[*] and get the list of
> >>> service to start with a ordering paramater.
> >>> And it will then proceed to start each single service.
> >>> On failure it will shut them all down.
> >>> On stoppping ti shuts them down in inverse order.
> >>> Only the ipa service is enabled with chkconfig, all other handled
> >>> services are off in chkconfig and started by the ipa service
> >>> instead.
> >>> [*] We can create an account if we think this is not good enough,
> >>> but I would ask to have a separate ticket and handle this change
> >>> as an additional patch if we feel the need to do that.
> >>> Simo.
> >> The patch seems to work fine, I just have one question: the script
> >> uses #!/usr/bin/env python as the interpreter. While this is
> >> generally used in python scripts to allow multiple interpreters, I
> >> recall it was discouraged in Fedora (and I'm pretty sure it is
> >> discouraged in RHEL, although that could be solved by a
> >> RHEL-specific patch)
> >> So do we prefer /usr/bin/python or /usr/bin/env python ?
> >> Jakub
> >>  https://bugzilla.redhat.com/show_bug.cgi?id=521940
> > I just copied that part from another of our scripts.
> > If you think we should change this, I would open a generic ticket
> > and go through all the python script and make a consistent change
> > to all of them.
> I think we should at least discuss it -- we would need to change the
> interpreter for RHEL anyway..in Fedora/upstream, I don't have a strong
I agree, but need to be discussed in another thread :)
> Other comments:
> Since the ipactl script is written in Python and /sbin/service ipa
> $action is called in %preun and %postun we also need to add
> Requires(preun): python and Requires(postun): python.
Ok, I'll add that.
> Also, I noticed (unrelated to this patch) that we are missing the
> pre/post Requires on chkconfig and initscripts.
I'll add that too, seem in context with the patch enough.
> Why do we still use chkconfig --add and --del for ipa_kpasswd instead
> of using enabling it in KrbInstance.__enable()?
Good q. I don't know :)
> What are the second elements in the SERVICE_LIST[service_name] tuples?
It is the default ordering, used at install time by the instances to
create the LDAP entry.
Simo Sorce * Red Hat, Inc * New York
Freeipa-devel mailing list