On Wed, Oct 24, 2012 at 01:07:03PM +0200, Martin Kosek wrote: > On 10/24/2012 12:48 PM, Sumit Bose wrote: > > On Wed, Oct 24, 2012 at 12:31:57PM +0200, Martin Kosek wrote: > >> On 10/24/2012 12:19 PM, Sumit Bose wrote: > >>> Hi, > >>> > >>> this patches fixes https://fedorahosted.org/freeipa/ticket/3185 by > >>> restarting httpd as one of the last steps of ipa-adtrust-install. > >>> > >>> bye, > >>> Sumit > >>> > >> > >> This patch is targeted to pick up trust plugins (adtrustinstance, dcerpc) > >> installed during freeipa-server-trust-ad RPM install? I am still not sure > >> if we > >> should not rather reload httpd server during freeipa-server update %post, > >> because this way, httpd will be restarted every time that someone runs > >> ipa-adtrust-install even though the plugins were already picked up long > >> time ago... > > > > yes, I think you are right. A restart during the package installation > > might be better. Also the the case of updates we might want to restart > > httpd in the %post section. > > Exactly. I think simple reload would be enough to force httpd load all new > Python bits, we do not need to do a full blown restart, IMO. > > We will just need to find out if IPA is actually configured so that we do not > reload httpd in that case. Checking that > /var/lib/ipa/sysrestore/sysrestore.index > exists and has at least two lines should be enough for the check. We do it > similarly in is_ipa_configured() function. > > I am thinking that we will need the check+reload for both freeipa-server + > freeipa-server-trust-ad, right? Because someone can install freeipa-server at > once and then install freeipa-server-trust-ad after that.
The new version of the patch add a conditional restart to the freeipa-server-trust-ad package. So far I do not see the reason why it must be done for freeipa-server. Maybe freeipa-python? bye, Sumit > > > > > I can create a new patch for the upstream spec file. How is this > > propagated to the spec files for RHEL and Fedora? Shall I clone the > > RHEL-6 ticket https://bugzilla.redhat.com/show_bug.cgi?id=866966 for Fedora? > > The ticket 3185 is already the clone, i.e. I don't think there is anything we > need to do with ticket or BZ. RHEL spec will be updated when Rob processes the > Bugzilla :-) > > Martin
From af6c5433386f7de253b9262c5c6c7d2f050fcbd9 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Fri, 26 Oct 2012 13:12:17 +0200 Subject: [PATCH] Restart httpd if ipa-server-trust-ad is installed or updated If ipa-server-trust-ad is installed after the ipa server is installed and configured, httpd needs a restart for additional python modules to be loaded into httpd on IPA initialization. Fixes https://fedorahosted.org/freeipa/ticket/3185 --- freeipa.spec.in | 13 +++++++++++++ 1 Datei geändert, 13 Zeilen hinzugefügt(+) diff --git a/freeipa.spec.in b/freeipa.spec.in index af76118fd0294fa4d8934b747c254b891ae7f2cb..3813dbb4d883cf06bc2c3fb5e14024f602bd58fd 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -592,6 +592,16 @@ fi %post server-trust-ad %{_sbindir}/update-alternatives --install %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so \ winbind_krb5_locator.so /dev/null 90 +SYSRESTORE_FILE=/var/lib/ipa/sysrestore/sysrestore.index +if [ -f ${SYSRESTORE_FILE} -a `cat ${SYSRESTORE_FILE} | wc -l` -ge 2 ]; then +%if 0%{?fedora} >= 16 +# Use systemd scheme + /bin/systemctl try-restart httpd.service >/dev/null 2>&1 || : +%else +# Use SystemV scheme only before F16 + /sbin/service httpd condrestart >/dev/null 2>&1 || : +%endif +fi %preun server-trust-ad if [ $1 -eq 0 ]; then @@ -816,6 +826,9 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt %changelog +* Fri Oct 26 2012 Sumit Bose <sb...@redhat.com> - 3.0.99-2 +- Restart httpd in post install of server-trust-ad + * Wed Oct 24 2012 Martin Kosek <mko...@redhat.com> - 3.0.99-1 - Add strict Requires for 389-ds-base and policycoreutils to avoid user removing them during package lifetime -- 1.7.11.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
