On Tue, 2011-10-18 at 15:29 +0200, Martin Kosek wrote:
> On Tue, 2011-10-18 at 15:48 +0300, Alexander Bokovoy wrote:
> > On Tue, 18 Oct 2011, Alexander Bokovoy wrote:
> > > > ipa.init was removed from the git, but it was never moved to
> > > > init/SystemV/.
> > > It should have been moved (rm+new file). I'll check what's happening 
> > > there, maybe Simo's patch omitted that one?
> > > 
> > > http://koji.fedoraproject.org/koji/taskinfo?taskID=3437275 is current 
> > > scratch build of 2.1 for F-16. It is 2.1.2+diff up to current ipa-2-1 
> > > git tree + systemd patch.
> > I did another rebase and current version of systemd support for 
> > ipa-2-1 is in systemd-ipa-2-1 branch of my tree:
> > http://fedorapeople.org/gitweb?p=abbra/public_git/freeipa.git;a=shortlog;h=refs/heads/systemd-ipa-2-1
> > 
> 
> Yep, ipa.init is now correctly moved and I was able to compile ipa on
> both F-15 and F-16. I still have few question/issues:
> 
> 1) When ipa is not configured, it is ok that ipa.service status returns
> error. However, I still got ipa.service status error after the ipa was
> configured:
> 
> # systemctl status ipa.service
> ipa.service - Identity, Policy, Audit
>         Loaded: loaded (/lib/systemd/system/ipa.service; disabled)
>         Active: failed since Tue, 18 Oct 2011 09:04:41 -0400; 1min 50s ago
>       Main PID: 18499 (code=exited, status=6)
>         CGroup: name=systemd:/system/ipa.service
> # /usr/sbin/ipactl status
> IPA is not configured (see man pages of ipa-server-install for help)
> 
> # ipa-server-install
> ...
> Applying LDAP updates
> Restarting IPA to initialize updates before performing deletes:
>   [1/2]: stopping directory server
>   [2/2]: starting directory server
> done configuring dirsrv.
> Restarting the directory server
> Restarting the KDC
> Restarting the web server
> Sample zone file for bind has been created in /tmp/sample.zone.teFbNR.db
> ==============================================================================
> Setup complete
> 
> Next steps:
>       1. You must make sure these network ports are open:
>               TCP Ports:
>                 * 80, 443: HTTP/HTTPS
>                 * 389, 636: LDAP/LDAPS
>                 * 88, 464: kerberos
>               UDP Ports:
>                 * 88, 464: kerberos
>                 * 123: ntp
> 
>       2. You can now obtain a kerberos ticket using the command: 'kinit admin'
>          This ticket will allow you to use the IPA tools (e.g., ipa user-add)
>          and the web user interface.
> 
> Be sure to back up the CA certificate stored in /root/cacert.p12
> This file is required to create replicas. The password for this
> file is the Directory Manager password
> 
> # systemctl status ipa.service
> ipa.service - Identity, Policy, Audit
>         Loaded: loaded (/lib/systemd/system/ipa.service; enabled)
>         Active: failed since Tue, 18 Oct 2011 09:04:41 -0400; 6min ago
>       Main PID: 18499 (code=exited, status=6)
>         CGroup: name=systemd:/system/ipa.service
> 
> 
> 
> 2) ipactl shows stopped dirsrv and CA service even though they should be
> up (cert-show command worked):
> 
> # ipactl status
> Directory Service: RUNNING
> KDC Service: RUNNING
> KPASSWD Service: STOPPED
> HTTP Service: RUNNING
> CA Service: STOPPED
> 
> When I restarted the ipa service, everything was OK including the status
> I mentioned in my previous mail:
> 
> # systemctl restart ipa.service
> # ipactl status
> Directory Service: RUNNING
> KDC Service: RUNNING
> KPASSWD Service: RUNNING
> HTTP Service: RUNNING
> CA Service: RUNNING
> 
> # systemctl status ipa.service
> ipa.service - Identity, Policy, Audit
>         Loaded: loaded (/lib/systemd/system/ipa.service; enabled)
>         Active: active (exited) since Tue, 18 Oct 2011 09:18:32 -0400; 2min 
> 41s ago
>        Process: 20069 ExecStart=/usr/sbin/ipactl start (code=exited, 
> status=0/SUCCESS)
>         CGroup: name=systemd:/system/ipa.service
> 
> 
> Martin
> 

Ok, final ACK :-) On Friday and today I did a final set of sanity tests
for both branches on F-15 and F-16. Minor issues found during the review
were fixed by Alexander and integrated to the patches.

There is just one pending issue I found - name server cannot talk to
dirsrv on F-16 due to changes in SElinux policy. It is being be tracked
here:

https://bugzilla.redhat.com/show_bug.cgi?id=748366

SELinux guys accepted the issue and it is being worked on.

Pushed to master, ipa-2-1. Good job!

Martin

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to