Re: [Freeipa-devel] [PATCH 0254] Server Upgrade: Wait until DS is ready after restart
On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote:
> Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a):
> >On 05/21/2015 03:16 PM, Fraser Tweedale wrote:
> >>On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote:
> >>>This patch should fix following traceback.
> >>>
> >>>2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to
> >>>'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
> >>>2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
> >>> File
> >>>"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
> >>>line 304, in __upgrade
> >>> ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
> >>> File
> >>>"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
> >>>line 314, in __init__
> >>> self.create_connection()
> >>> File
> >>>"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
> >>>line 862, in create_connection
> >>> autobind=self.ldapi)
> >>> File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line
> >>>66, in connect
> >>> conn = self.create_connection(*args, **kw)
> >>> File
> >>>"/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line
> >>>188, in create_connection
> >>> client_controls=clientctrls)
> >>> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> >>>1074, in external_bind
> >>> '', auth_tokens, server_controls, client_controls)
> >>> File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
> >>> self.gen.throw(type, value, traceback)
> >>> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> >>>976, in error_handler
> >>> error=info)
> >>>NetworkError: cannot connect to
> >>>'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
> >>>
> >>>2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
> >>> File
> >>>"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
> >>>388, in start_creation
> >>> run_step(full_msg, method)
> >>> File
> >>>"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
> >>>378, in run_step
> >>> method()
> >>> File
> >>>"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
> >>>line 315, in __upgrade
> >>> raise RuntimeError(e)
> >>>RuntimeError: cannot connect to
> >>>'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
> >>>
> >>>Reason was the ipa-server-install tried to connect before DS was ready.
> >>>
> >>>The patch adds waiting until DS is ready.
> >>>
> >>>Patch attached.
> >>>
> >>>Fraser can you please check if this fix works? I can't reproduce it.
> >>>Thank you, Martin^2.
> >>>
> >>ACK; fixes the issue for me.
> >>
> >>One minor comment:
> >>
> >>>+def __start(self):
> >>>+super(IPAUpgrade, self).start()
> >>>
> >>> def __stop_instance(self):
> >>> """Stop only the main DS instance"""
> >>>@@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
> >>> self.step("saving configuration", self.__save_config)
> >>> self.step("disabling listeners", self.__disable_listeners)
> >>> self.step("enabling DS global lock",
> >>>self.__enable_ds_global_write_lock)
> >>>-self.step("starting directory server", self.__start_nowait)
> >>>+self.step("starting directory server", self.__start)
> >>
> >>I think you can just say `self.start' and remove `__start' function.
> >>
> >>Cheers,
> >>Fraser
> >>
> >
> >Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23
>
> This semi-breaks ipa-server-install for me:
>
> Configuring directory server (dirsrv): Estimated time 1 minute
> [1/38]: creating directory server user
> [2/38]: creating directory server instance
> ipa : CRITICAL Failed to restart the directory server ([Errno 2] No
> such file or directory). See the installation log for details.
> [3/38]: adding default schema
> [4/38]: enabling memberof plugin
>
> It would be nice to check if the socket exists before waiting for it.
>
This (non-catastrophic but annoying) regression occurred for me too.
I wasn't paying enough attention to ipa-server-install before I
ACKed the patch :/
> --
> Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0254] Server Upgrade: Wait until DS is ready after restart
Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a):
On 05/21/2015 03:16 PM, Fraser Tweedale wrote:
On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote:
This patch should fix following traceback.
2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
line 304, in __upgrade
ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 314, in __init__
self.create_connection()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 862, in create_connection
autobind=self.ldapi)
File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line
66, in connect
conn = self.create_connection(*args, **kw)
File
"/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line
188, in create_connection
client_controls=clientctrls)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1074, in external_bind
'', auth_tokens, server_controls, client_controls)
File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
976, in error_handler
error=info)
NetworkError: cannot connect to
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
388, in start_creation
run_step(full_msg, method)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
378, in run_step
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
line 315, in __upgrade
raise RuntimeError(e)
RuntimeError: cannot connect to
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
Reason was the ipa-server-install tried to connect before DS was ready.
The patch adds waiting until DS is ready.
Patch attached.
Fraser can you please check if this fix works? I can't reproduce it.
Thank you, Martin^2.
ACK; fixes the issue for me.
One minor comment:
+def __start(self):
+super(IPAUpgrade, self).start()
def __stop_instance(self):
"""Stop only the main DS instance"""
@@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
self.step("saving configuration", self.__save_config)
self.step("disabling listeners", self.__disable_listeners)
self.step("enabling DS global lock",
self.__enable_ds_global_write_lock)
-self.step("starting directory server", self.__start_nowait)
+self.step("starting directory server", self.__start)
I think you can just say `self.start' and remove `__start' function.
Cheers,
Fraser
Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23
This semi-breaks ipa-server-install for me:
Configuring directory server (dirsrv): Estimated time 1 minute
[1/38]: creating directory server user
[2/38]: creating directory server instance
ipa : CRITICAL Failed to restart the directory server ([Errno 2]
No such file or directory). See the installation log for details.
[3/38]: adding default schema
[4/38]: enabling memberof plugin
It would be nice to check if the socket exists before waiting for it.
--
Jan Cholasta
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0254] Server Upgrade: Wait until DS is ready after restart
On 05/21/2015 03:16 PM, Fraser Tweedale wrote:
On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote:
This patch should fix following traceback.
2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", line
304, in __upgrade
ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 314, in __init__
self.create_connection()
File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 862, in create_connection
autobind=self.ldapi)
File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 66, in
connect
conn = self.create_connection(*args, **kw)
File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line
188, in create_connection
client_controls=clientctrls)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1074, in
external_bind
'', auth_tokens, server_controls, client_controls)
File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 976, in
error_handler
error=info)
NetworkError: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
388, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
378, in run_step
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", line
315, in __upgrade
raise RuntimeError(e)
RuntimeError: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
Reason was the ipa-server-install tried to connect before DS was ready.
The patch adds waiting until DS is ready.
Patch attached.
Fraser can you please check if this fix works? I can't reproduce it.
Thank you, Martin^2.
ACK; fixes the issue for me.
One minor comment:
+def __start(self):
+super(IPAUpgrade, self).start()
def __stop_instance(self):
"""Stop only the main DS instance"""
@@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
self.step("saving configuration", self.__save_config)
self.step("disabling listeners", self.__disable_listeners)
self.step("enabling DS global lock",
self.__enable_ds_global_write_lock)
-self.step("starting directory server", self.__start_nowait)
+self.step("starting directory server", self.__start)
I think you can just say `self.start' and remove `__start' function.
Cheers,
Fraser
Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23
--
Petr Vobornik
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0254] Server Upgrade: Wait until DS is ready after restart
On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote:
> This patch should fix following traceback.
>
> 2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to
> 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
> 2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", line
> 304, in __upgrade
> ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
> File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
> line 314, in __init__
> self.create_connection()
> File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
> line 862, in create_connection
> autobind=self.ldapi)
> File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 66, in
> connect
> conn = self.create_connection(*args, **kw)
> File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line
> 188, in create_connection
> client_controls=clientctrls)
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1074, in
> external_bind
> '', auth_tokens, server_controls, client_controls)
> File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
> self.gen.throw(type, value, traceback)
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 976, in
> error_handler
> error=info)
> NetworkError: cannot connect to
> 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
>
> 2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
> 388, in start_creation
> run_step(full_msg, method)
> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
> 378, in run_step
> method()
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", line
> 315, in __upgrade
> raise RuntimeError(e)
> RuntimeError: cannot connect to
> 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
>
> Reason was the ipa-server-install tried to connect before DS was ready.
>
> The patch adds waiting until DS is ready.
>
> Patch attached.
>
> Fraser can you please check if this fix works? I can't reproduce it.
> Thank you, Martin^2.
>
ACK; fixes the issue for me.
One minor comment:
> +def __start(self):
> +super(IPAUpgrade, self).start()
>
> def __stop_instance(self):
> """Stop only the main DS instance"""
> @@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
> self.step("saving configuration", self.__save_config)
> self.step("disabling listeners", self.__disable_listeners)
> self.step("enabling DS global lock",
> self.__enable_ds_global_write_lock)
> -self.step("starting directory server", self.__start_nowait)
> +self.step("starting directory server", self.__start)
I think you can just say `self.start' and remove `__start' function.
Cheers,
Fraser
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCH 0254] Server Upgrade: Wait until DS is ready after restart
This patch should fix following traceback.
2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
line 304, in __upgrade
ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line
314, in __init__
self.create_connection()
File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line
862, in create_connection
autobind=self.ldapi)
File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 66, in connect
conn = self.create_connection(*args, **kw)
File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 188,
in create_connection
client_controls=clientctrls)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1074, in
external_bind
'', auth_tokens, server_controls, client_controls)
File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 976, in
error_handler
error=info)
NetworkError: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
388, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
378, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
line 315, in __upgrade
raise RuntimeError(e)
RuntimeError: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
Reason was the ipa-server-install tried to connect before DS was ready.
The patch adds waiting until DS is ready.
Patch attached.
Fraser can you please check if this fix works? I can't reproduce it.
Thank you, Martin^2.
From 3183fc490d9615fada1dcc9069eb1303e9e61be8 Mon Sep 17 00:00:00 2001
From: Martin Basti
Date: Thu, 21 May 2015 13:25:10 +0200
Subject: [PATCH] Server Upgrade: wait until DS is ready
During server upgrade we should wait until DS is ready after restart, otherwise
connection error is raised.
Instead of 389 port, the DS socket is checked.
https://fedorahosted.org/freeipa/ticket/4904
---
ipaplatform/redhat/services.py | 14 ++
ipaserver/install/upgradeinstance.py | 8 +++-
2 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
index d6fa080add35cb5aafb2b347dc5fb6e84cc3e4e8..565bf1fdef27e9a780ad2e2638b5051a95782bd2 100644
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@@ -153,6 +153,20 @@ class RedHatDirectoryService(RedHatService):
super(RedHatDirectoryService, self).restart(instance_name,
capture_output=capture_output, wait=wait)
+def wait_for_open_ports(self, instance_name=""):
+if instance_name.endswith('.service'):
+instance_name = instance_name[:-8]
+if instance_name.startswith('dirsrv@'):
+instance_name = instance_name[7:]
+
+if instance_name:
+
+ipautil.wait_for_open_socket(
+paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % instance_name,
+self.api.env.startup_timeout)
+else:
+super(RedHatDirectoryService, self).wait_for_open_ports()
+
class RedHatIPAService(RedHatService):
# Enforce restart of IPA services when we do enable it
diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py
index 2540df60f1c14b99dbd5b9cdd12d7590edc1bd32..d58c934bc1bd926c0c0c068086c746ac28e8c737 100644
--- a/ipaserver/install/upgradeinstance.py
+++ b/ipaserver/install/upgradeinstance.py
@@ -171,10 +171,8 @@ class IPAUpgrade(service.Service):
self.schema_files = schema_files
self.realm = realm_name
-def __start_nowait(self):
-# Don't wait here because we've turned off port 389. The connection
-# we make will wait for the socket.
-super(IPAUpgrade, self).start(wait=False)
+def __start(self):
+super(IPAUpgrade, self).start()
def __stop_instance(self):
"""Stop only the main DS instance"""
@@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
self.step("saving configuration", self.__save_config)
self.step("disabling listeners", self.__disable_listeners)
self.step("enabling DS global lock", self.__enable_ds_global_write_lock)
-self.step("starting directory server", self.__start_nowait)
+self.step("starting directory server", self.__start)
if self.schema_files:
self.step("updating schema", self.__update_schema)
self.step("upgrading server", s
