On 25/05/15 09:20, Fraser Tweedale wrote:
On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote:
Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a):
On 05/21/2015 03:16 PM, Fraser Tweedale wrote:
On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote:
This patch should fix following traceback.

2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to
2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
line 304, in __upgrade
     ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
line 314, in __init__
line 862, in create_connection
   File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line
66, in connect
     conn = self.create_connection(*args, **kw)
"/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line
188, in create_connection
   File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1074, in external_bind
     '', auth_tokens, server_controls, client_controls)
   File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
     self.gen.throw(type, value, traceback)
   File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
976, in error_handler
NetworkError: cannot connect to

2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
388, in start_creation
     run_step(full_msg, method)
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
378, in run_step
line 315, in __upgrade
     raise RuntimeError(e)
RuntimeError: cannot connect to

Reason was the ipa-server-install tried to connect before DS was ready.

The patch adds waiting until DS is ready.

Patch attached.

Fraser can you please check if this fix works? I can't reproduce it.
Thank you, Martin^2.

ACK; fixes the issue for me.

One minor comment:

+    def __start(self):
+        super(IPAUpgrade, self).start()

      def __stop_instance(self):
          """Stop only the main DS instance"""
@@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
          self.step("saving configuration", self.__save_config)
          self.step("disabling listeners", self.__disable_listeners)
          self.step("enabling DS global lock",
-        self.step("starting directory server", self.__start_nowait)
+        self.step("starting directory server", self.__start)
I think you can just say `self.start' and remove `__start' function.


Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23
This semi-breaks ipa-server-install for me:

Configuring directory server (dirsrv): Estimated time 1 minute
   [1/38]: creating directory server user
   [2/38]: creating directory server instance
ipa         : CRITICAL Failed to restart the directory server ([Errno 2] No
such file or directory). See the installation log for details.
   [3/38]: adding default schema
   [4/38]: enabling memberof plugin

It would be nice to check if the socket exists before waiting for it.

This (non-catastrophic but annoying) regression occurred for me too.
I wasn't paying enough attention to ipa-server-install before I
ACKed the patch :/

Jan Cholasta

this patch fixes the issue.

Martin Basti

From 12df8e64ca2c63eec6bb3267b0377e6cb420b3e6 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Mon, 25 May 2015 09:01:42 +0200
Subject: [PATCH] Fix: use DS socket check only for upgrade

To detect if DS server is running, use the slapd socket for upgrade, and the LDAP port
for installation.

Without enabled LDAPi socket checking doesnt work.

 ipaplatform/redhat/services.py       | 41 ++++++++++++++++++++++++------------
 ipaserver/install/upgradeinstance.py |  3 ++-
 2 files changed, 29 insertions(+), 15 deletions(-)

diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
index 565bf1fdef27e9a780ad2e2638b5051a95782bd2..4df353fabe6d9e7b9fdd97a314b4f3a0c64a5c21 100644
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@@ -25,6 +25,7 @@ Contains Red Hat OS family-specific service class implementations.
 import os
 import time
 import xml.dom.minidom
+import contextlib
 from ipaplatform.tasks import tasks
 from ipaplatform.base import services as base_services
@@ -124,7 +125,8 @@ class RedHatDirectoryService(RedHatService):
         return True
-    def restart(self, instance_name="", capture_output=True, wait=True):
+    def restart(self, instance_name="", capture_output=True, wait=True,
+                ldapi=False):
     # We need to explicitly enable instances to install proper symlinks as
     # dirsrv.target.wants/ dependencies. Standard systemd service class does it
     # on enable() method call. Unfortunately, ipa-server-install does not do
@@ -150,22 +152,33 @@ class RedHatDirectoryService(RedHatService):
                 os.symlink(srv_etc, srv_lnk)
-        super(RedHatDirectoryService, self).restart(instance_name,
-            capture_output=capture_output, wait=wait)
+        with self.__wait(instance_name, wait, ldapi) as wait:
+            super(RedHatDirectoryService, self).restart(
+                instance_name, capture_output=capture_output, wait=wait)
-    def wait_for_open_ports(self, instance_name=""):
-        if instance_name.endswith('.service'):
-            instance_name = instance_name[:-8]
-        if instance_name.startswith('dirsrv@'):
-            instance_name = instance_name[7:]
+    def start(self, instance_name="", capture_output=True, wait=True,
+              ldapi=False):
+        with self.__wait(instance_name, wait, ldapi) as wait:
+            super(RedHatDirectoryService, self).start(
+                instance_name, capture_output=capture_output, wait=wait)
-        if instance_name:
-            ipautil.wait_for_open_socket(
-                paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % instance_name,
-                self.api.env.startup_timeout)
+    @contextlib.contextmanager
+    def __wait(self, instance_name, wait, ldapi):
+        if ldapi:
+            instance_name = self.service_instance(instance_name)
+            if instance_name.endswith('.service'):
+                instance_name = instance_name[:-8]
+            if instance_name.startswith('dirsrv@'):
+                instance_name = instance_name[7:]
+            if not instance_name:
+                ldapi = False
+        if ldapi:
+            yield False
+            socket_name = paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % instance_name
+            ipautil.wait_for_open_socket(socket_name,
+                                         self.api.env.startup_timeout)
-            super(RedHatDirectoryService, self).wait_for_open_ports()
+            yield wait
 class RedHatIPAService(RedHatService):
diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py
index d58c934bc1bd926c0c0c068086c746ac28e8c737..10f7c2ce0c25e733fb572502add82eedadf73d05 100644
--- a/ipaserver/install/upgradeinstance.py
+++ b/ipaserver/install/upgradeinstance.py
@@ -24,6 +24,7 @@ import shutil
 import random
 import traceback
 from ipaplatform.paths import paths
+from ipaplatform import services
 from ipapython.ipa_log_manager import *
 from ipapython import ipaldap
@@ -172,7 +173,7 @@ class IPAUpgrade(service.Service):
         self.realm = realm_name
     def __start(self):
-        super(IPAUpgrade, self).start()
+        services.service(self.service_name).start(self.serverid, ldapi=True)
     def __stop_instance(self):
         """Stop only the main DS instance"""

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to