On Tue, 2011-10-18 at 15:48 +0300, Alexander Bokovoy wrote:
> On Tue, 18 Oct 2011, Alexander Bokovoy wrote:
> > > ipa.init was removed from the git, but it was never moved to
> > > init/SystemV/.
> > It should have been moved (rm+new file). I'll check what's happening 
> > there, maybe Simo's patch omitted that one?
> > 
> > http://koji.fedoraproject.org/koji/taskinfo?taskID=3437275 is current 
> > scratch build of 2.1 for F-16. It is 2.1.2+diff up to current ipa-2-1 
> > git tree + systemd patch.
> I did another rebase and current version of systemd support for 
> ipa-2-1 is in systemd-ipa-2-1 branch of my tree:
> http://fedorapeople.org/gitweb?p=abbra/public_git/freeipa.git;a=shortlog;h=refs/heads/systemd-ipa-2-1
> 

Yep, ipa.init is now correctly moved and I was able to compile ipa on
both F-15 and F-16. I still have few question/issues:

1) When ipa is not configured, it is ok that ipa.service status returns
error. However, I still got ipa.service status error after the ipa was
configured:

# systemctl status ipa.service
ipa.service - Identity, Policy, Audit
          Loaded: loaded (/lib/systemd/system/ipa.service; disabled)
          Active: failed since Tue, 18 Oct 2011 09:04:41 -0400; 1min 50s ago
        Main PID: 18499 (code=exited, status=6)
          CGroup: name=systemd:/system/ipa.service
# /usr/sbin/ipactl status
IPA is not configured (see man pages of ipa-server-install for help)

# ipa-server-install
...
Applying LDAP updates
Restarting IPA to initialize updates before performing deletes:
  [1/2]: stopping directory server
  [2/2]: starting directory server
done configuring dirsrv.
Restarting the directory server
Restarting the KDC
Restarting the web server
Sample zone file for bind has been created in /tmp/sample.zone.teFbNR.db
==============================================================================
Setup complete

Next steps:
        1. You must make sure these network ports are open:
                TCP Ports:
                  * 80, 443: HTTP/HTTPS
                  * 389, 636: LDAP/LDAPS
                  * 88, 464: kerberos
                UDP Ports:
                  * 88, 464: kerberos
                  * 123: ntp

        2. You can now obtain a kerberos ticket using the command: 'kinit admin'
           This ticket will allow you to use the IPA tools (e.g., ipa user-add)
           and the web user interface.

Be sure to back up the CA certificate stored in /root/cacert.p12
This file is required to create replicas. The password for this
file is the Directory Manager password

# systemctl status ipa.service
ipa.service - Identity, Policy, Audit
          Loaded: loaded (/lib/systemd/system/ipa.service; enabled)
          Active: failed since Tue, 18 Oct 2011 09:04:41 -0400; 6min ago
        Main PID: 18499 (code=exited, status=6)
          CGroup: name=systemd:/system/ipa.service



2) ipactl shows stopped dirsrv and CA service even though they should be
up (cert-show command worked):

# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: STOPPED
HTTP Service: RUNNING
CA Service: STOPPED

When I restarted the ipa service, everything was OK including the status
I mentioned in my previous mail:

# systemctl restart ipa.service
# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING

# systemctl status ipa.service
ipa.service - Identity, Policy, Audit
          Loaded: loaded (/lib/systemd/system/ipa.service; enabled)
          Active: active (exited) since Tue, 18 Oct 2011 09:18:32 -0400; 2min 
41s ago
         Process: 20069 ExecStart=/usr/sbin/ipactl start (code=exited, 
status=0/SUCCESS)
          CGroup: name=systemd:/system/ipa.service


Martin

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to