On Mon, 04 Apr 2016, Martin Babinsky wrote:
On 04/01/2016 08:53 PM, Martin (Lists) wrote:

I have a question regarding enabling/disabling separate ipa parts in
systemd. Is it necessarry or required to have httpd, directory server,
named memcache and all the other ipa services to be enabled in systemd?
Or is it recomended to have only the main ipa service enabled (and all
the other disabled)?


Hi Martin,

ipa.service actually calls `ipactl` command which starts/stops all individual components at once (dirsrv, http, kdc, kpasswd, memcache, pki-tomcat etc.). All of these services (which are listed in `ipactl status`) must be up and running for IPA server to work correctly in all aspects.

So in this sense 'ipa.service' is just an umbrella that groups all the components of FreeIPA installation.
I think Martin's question was more about those services being enabled in
systemd by themselves. The answer is 'no', because ipa.service takes
care of that based on the state of services we keep in LDAP.

Unfortunately, all init systems to date only care about a single host's
status. In IPA case we have multinode environment where different
services may be activated on the nodes depending on what was enabled.
You can have base IPA (dirsrv, KDC, httpd) running on majority of
masters but then some of them would be also running CAs and potentially
they can run Samba services for AD integration. The status of these
services is recorded in LDAP because this is what we have as a
replicated store that all IPA masters know about. This information is
needed for more uses than just init system on a specific host, though.
/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to