On Wed, Jul 17, 2013 at 08:21:21AM -0400, Simo Sorce wrote:
> That is why we read the startup list from LDAP in ipactl (called by
> ipa.service) and do not store it as targets in systemd.

Can't the list in systemd be static and each service would
identify (based on its own LDAP lookup or a lookup done by the first
"service" in the row) whether it is actually configured to be
running or not?

> Once we definitively abandon sysv we could kill ipactl and in it's stead
> dynamically change the list of targets in the ipa.service file directly.
> and enable/disable the scripts in the systemd units directory. However
> we would still need some sort of plugin/helper system that monitors the
> LDAP tree and applies the appropriate changes to the system when
> something is changed in LDAP.

Upon the system/services startup or even during its general lifetime?

> We have expressed the need for acting on the system upon changes in LDAP
> for other reasons too (rotating some keytabs, and manipulating other
> configuration files), I think we opened a ticket to handle monitoring
> the configuration subtree with the ability to cause changes in the local
> cn=config based on plugin configuration but I can't find the ticket
> right now.
> We could add the ability to launch a helper (via dbus or similar).
> Once we have that we could move to a native systemd configuration, until
> then ...


Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat

Freeipa-devel mailing list

Reply via email to