Dne 25.5.2015 v 16:07 Fraser Tweedale napsal(a):
On Mon, May 25, 2015 at 03:38:39PM +0200, Martin Basti wrote:
On 25/05/15 13:57, Martin Basti wrote:
On 25/05/15 09:20, Fraser Tweedale wrote:
On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote:
Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a):
On 05/21/2015 03:16 PM, Fraser Tweedale wrote:
On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote:
This patch should fix following traceback.

2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to
2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):

line 304, in __upgrade
     ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
line 314, in __init__
line 862, in create_connection
   File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line
66, in connect
     conn = self.create_connection(*args, **kw)
"/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line
188, in create_connection
   File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
1074, in external_bind
     '', auth_tokens, server_controls, client_controls)
   File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
     self.gen.throw(type, value, traceback)
   File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
976, in error_handler
NetworkError: cannot connect to

2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
388, in start_creation
     run_step(full_msg, method)
378, in run_step

line 315, in __upgrade
     raise RuntimeError(e)
RuntimeError: cannot connect to

Reason was the ipa-server-install tried to connect before DS was

The patch adds waiting until DS is ready.

Patch attached.

Fraser can you please check if this fix works? I can't reproduce it.
Thank you, Martin^2.

ACK; fixes the issue for me.

One minor comment:

+    def __start(self):
+        super(IPAUpgrade, self).start()

      def __stop_instance(self):
          """Stop only the main DS instance"""
@@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
          self.step("saving configuration", self.__save_config)
          self.step("disabling listeners", self.__disable_listeners)
          self.step("enabling DS global lock",
-        self.step("starting directory server", self.__start_nowait)
+        self.step("starting directory server", self.__start)
I think you can just say `self.start' and remove `__start' function.


Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23
This semi-breaks ipa-server-install for me:

Configuring directory server (dirsrv): Estimated time 1 minute
   [1/38]: creating directory server user
   [2/38]: creating directory server instance
ipa         : CRITICAL Failed to restart the directory server ([Errno
2] No
such file or directory). See the installation log for details.
   [3/38]: adding default schema
   [4/38]: enabling memberof plugin

It would be nice to check if the socket exists before waiting for it.

This (non-catastrophic but annoying) regression occurred for me too.
I wasn't paying enough attention to ipa-server-install before I
ACKed the patch :/

Jan Cholasta

this patch fixes the issue.

Updated patch attached

Martin Basti

 From 25c90638f02d36f3d992b6b20dbb66afb09e74f2 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Mon, 25 May 2015 09:01:42 +0200
Subject: [PATCH] Fix: use DS socket check only for upgrade

To detect if DS server is running, use the slapd socket for upgrade, and the 
LDAP port
for installation.

Without enabled LDAPi socket checking doesnt work.

  ipaplatform/redhat/services.py       | 43 ++++++++++++++++++++++++------------
  ipaserver/install/upgradeinstance.py |  3 ++-
  2 files changed, 31 insertions(+), 15 deletions(-)

diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@@ -25,6 +25,7 @@ Contains Red Hat OS family-specific service class 
  import os
  import time
  import xml.dom.minidom
+import contextlib

  from ipaplatform.tasks import tasks
  from ipaplatform.base import services as base_services
@@ -124,7 +125,8 @@ class RedHatDirectoryService(RedHatService):

          return True

-    def restart(self, instance_name="", capture_output=True, wait=True):
+    def restart(self, instance_name="", capture_output=True, wait=True,
+                ldapi=False):
      # We need to explicitly enable instances to install proper symlinks as
      # dirsrv.target.wants/ dependencies. Standard systemd service class does 
      # on enable() method call. Unfortunately, ipa-server-install does not do
@@ -150,22 +152,35 @@ class RedHatDirectoryService(RedHatService):
                  os.symlink(srv_etc, srv_lnk)

-        super(RedHatDirectoryService, self).restart(instance_name,
-            capture_output=capture_output, wait=wait)
+        with self.__wait(instance_name, wait, ldapi) as wait:
+            super(RedHatDirectoryService, self).restart(
+                instance_name, capture_output=capture_output, wait=wait)

-    def wait_for_open_ports(self, instance_name=""):
-        if instance_name.endswith('.service'):
-            instance_name = instance_name[:-8]
-        if instance_name.startswith('dirsrv@'):
-            instance_name = instance_name[7:]
+    def start(self, instance_name="", capture_output=True, wait=True,
+              ldapi=False):
+        with self.__wait(instance_name, wait, ldapi) as wait:
+            super(RedHatDirectoryService, self).start(
+                instance_name, capture_output=capture_output, wait=wait)

-        if instance_name:
-            ipautil.wait_for_open_socket(
-                paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % instance_name,
-                self.api.env.startup_timeout)
+    @contextlib.contextmanager
+    def __wait(self, instance_name, wait, ldapi):
+        if ldapi:
+            instance_name = self.service_instance(instance_name)
+            if instance_name.endswith('.service'):
+                instance_name = instance_name[:-8]
+            if instance_name.startswith('dirsrv'):
+                # this is intentional, return the empty string if the instance
+                # name is 'dirsrv'
+                instance_name = instance_name[7:]
+            if not instance_name:
+                ldapi = False
+        if ldapi:
+            yield False
+            socket_name = paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % instance_name
+            ipautil.wait_for_open_socket(socket_name,
+                                         self.api.env.startup_timeout)
-            super(RedHatDirectoryService, self).wait_for_open_ports()
+            yield wait

  class RedHatIPAService(RedHatService):
diff --git a/ipaserver/install/upgradeinstance.py 
--- a/ipaserver/install/upgradeinstance.py
+++ b/ipaserver/install/upgradeinstance.py
@@ -24,6 +24,7 @@ import shutil
  import random
  import traceback
  from ipaplatform.paths import paths
+from ipaplatform import services
  from ipapython.ipa_log_manager import *
  from ipapython import ipaldap

@@ -172,7 +173,7 @@ class IPAUpgrade(service.Service):
          self.realm = realm_name

      def __start(self):
-        super(IPAUpgrade, self).start()
+        services.service(self.service_name).start(self.serverid, ldapi=True)

      def __stop_instance(self):
          """Stop only the main DS instance"""

I tested 0259.1 (it worked for install and update) but not 0259.2
yet.  0259.2 looks OK though; ACK if tested for install and update.

The new patch has only one additional minor fix for a potential problem that currently does not appear anywhere in install and update (see interdiff below), so I consider the ACK transitive.

-            if instance_name.startswith('dirsrv@'):
+            if instance_name.startswith('dirsrv'):
+ # this is intentional, return the empty string if the instance
+                # name is 'dirsrv'

Pushed to master: f903c2d5bff3e420519f7bbf026b9bfcc5460fb0

Jan Cholasta

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to