Re: [Freeipa-devel] [PATCH 0254] Server Upgrade: Wait until DS is ready after restart

2015-05-25 Thread Jan Cholasta

Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a):

On 05/21/2015 03:16 PM, Fraser Tweedale wrote:

On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote:

This patch should fix following traceback.

2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
   File
/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py,
line 304, in __upgrade
 ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
   File
/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py,
line 314, in __init__
 self.create_connection()
   File
/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py,
line 862, in create_connection
 autobind=self.ldapi)
   File /usr/lib/python2.7/site-packages/ipalib/backend.py, line
66, in connect
 conn = self.create_connection(*args, **kw)
   File
/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py, line
188, in create_connection
 client_controls=clientctrls)
   File /usr/lib/python2.7/site-packages/ipapython/ipaldap.py, line
1074, in external_bind
 '', auth_tokens, server_controls, client_controls)
   File /usr/lib64/python2.7/contextlib.py, line 35, in __exit__
 self.gen.throw(type, value, traceback)
   File /usr/lib/python2.7/site-packages/ipapython/ipaldap.py, line
976, in error_handler
 error=info)
NetworkError: cannot connect to
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':

2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
   File
/usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
388, in start_creation
 run_step(full_msg, method)
   File
/usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
378, in run_step
 method()
   File
/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py,
line 315, in __upgrade
 raise RuntimeError(e)
RuntimeError: cannot connect to
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':

Reason was the ipa-server-install tried to connect before DS was ready.

The patch adds waiting until DS is ready.

Patch attached.

Fraser can you please check if this fix works? I can't reproduce it.
Thank you, Martin^2.


ACK; fixes the issue for me.

One minor comment:


+def __start(self):
+super(IPAUpgrade, self).start()

  def __stop_instance(self):
  Stop only the main DS instance
@@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
  self.step(saving configuration, self.__save_config)
  self.step(disabling listeners, self.__disable_listeners)
  self.step(enabling DS global lock,
self.__enable_ds_global_write_lock)
-self.step(starting directory server, self.__start_nowait)
+self.step(starting directory server, self.__start)


I think you can just say `self.start' and remove `__start' function.

Cheers,
Fraser



Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23


This semi-breaks ipa-server-install for me:

Configuring directory server (dirsrv): Estimated time 1 minute
  [1/38]: creating directory server user
  [2/38]: creating directory server instance
ipa : CRITICAL Failed to restart the directory server ([Errno 2] 
No such file or directory). See the installation log for details.

  [3/38]: adding default schema
  [4/38]: enabling memberof plugin

It would be nice to check if the socket exists before waiting for it.

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code


Re: [Freeipa-devel] [PATCH 0254] Server Upgrade: Wait until DS is ready after restart

2015-05-25 Thread Fraser Tweedale
On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote:
 Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a):
 On 05/21/2015 03:16 PM, Fraser Tweedale wrote:
 On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote:
 This patch should fix following traceback.
 
 2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to
 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
 2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
File
 /usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py,
 line 304, in __upgrade
  ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
File
 /usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py,
 line 314, in __init__
  self.create_connection()
File
 /usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py,
 line 862, in create_connection
  autobind=self.ldapi)
File /usr/lib/python2.7/site-packages/ipalib/backend.py, line
 66, in connect
  conn = self.create_connection(*args, **kw)
File
 /usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py, line
 188, in create_connection
  client_controls=clientctrls)
File /usr/lib/python2.7/site-packages/ipapython/ipaldap.py, line
 1074, in external_bind
  '', auth_tokens, server_controls, client_controls)
File /usr/lib64/python2.7/contextlib.py, line 35, in __exit__
  self.gen.throw(type, value, traceback)
File /usr/lib/python2.7/site-packages/ipapython/ipaldap.py, line
 976, in error_handler
  error=info)
 NetworkError: cannot connect to
 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
 
 2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
File
 /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
 388, in start_creation
  run_step(full_msg, method)
File
 /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line
 378, in run_step
  method()
File
 /usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py,
 line 315, in __upgrade
  raise RuntimeError(e)
 RuntimeError: cannot connect to
 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
 
 Reason was the ipa-server-install tried to connect before DS was ready.
 
 The patch adds waiting until DS is ready.
 
 Patch attached.
 
 Fraser can you please check if this fix works? I can't reproduce it.
 Thank you, Martin^2.
 
 ACK; fixes the issue for me.
 
 One minor comment:
 
 +def __start(self):
 +super(IPAUpgrade, self).start()
 
   def __stop_instance(self):
   Stop only the main DS instance
 @@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
   self.step(saving configuration, self.__save_config)
   self.step(disabling listeners, self.__disable_listeners)
   self.step(enabling DS global lock,
 self.__enable_ds_global_write_lock)
 -self.step(starting directory server, self.__start_nowait)
 +self.step(starting directory server, self.__start)
 
 I think you can just say `self.start' and remove `__start' function.
 
 Cheers,
 Fraser
 
 
 Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23
 
 This semi-breaks ipa-server-install for me:
 
 Configuring directory server (dirsrv): Estimated time 1 minute
   [1/38]: creating directory server user
   [2/38]: creating directory server instance
 ipa : CRITICAL Failed to restart the directory server ([Errno 2] No
 such file or directory). See the installation log for details.
   [3/38]: adding default schema
   [4/38]: enabling memberof plugin
 
 It would be nice to check if the socket exists before waiting for it.
 
This (non-catastrophic but annoying) regression occurred for me too.
I wasn't paying enough attention to ipa-server-install before I
ACKed the patch :/

 -- 
 Jan Cholasta

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code


Re: [Freeipa-devel] [PATCH 0254] Server Upgrade: Wait until DS is ready after restart

2015-05-22 Thread Petr Vobornik

On 05/21/2015 03:16 PM, Fraser Tweedale wrote:

On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote:

This patch should fix following traceback.

2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to 
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
   File 
/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py, line 
304, in __upgrade
 ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
   File /usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py, 
line 314, in __init__
 self.create_connection()
   File /usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py, 
line 862, in create_connection
 autobind=self.ldapi)
   File /usr/lib/python2.7/site-packages/ipalib/backend.py, line 66, in 
connect
 conn = self.create_connection(*args, **kw)
   File /usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py, line 
188, in create_connection
 client_controls=clientctrls)
   File /usr/lib/python2.7/site-packages/ipapython/ipaldap.py, line 1074, in 
external_bind
 '', auth_tokens, server_controls, client_controls)
   File /usr/lib64/python2.7/contextlib.py, line 35, in __exit__
 self.gen.throw(type, value, traceback)
   File /usr/lib/python2.7/site-packages/ipapython/ipaldap.py, line 976, in 
error_handler
 error=info)
NetworkError: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':

2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
   File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line 
388, in start_creation
 run_step(full_msg, method)
   File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line 
378, in run_step
 method()
   File 
/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py, line 
315, in __upgrade
 raise RuntimeError(e)
RuntimeError: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':

Reason was the ipa-server-install tried to connect before DS was ready.

The patch adds waiting until DS is ready.

Patch attached.

Fraser can you please check if this fix works? I can't reproduce it.
Thank you, Martin^2.


ACK; fixes the issue for me.

One minor comment:


+def __start(self):
+super(IPAUpgrade, self).start()

  def __stop_instance(self):
  Stop only the main DS instance
@@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
  self.step(saving configuration, self.__save_config)
  self.step(disabling listeners, self.__disable_listeners)
  self.step(enabling DS global lock, 
self.__enable_ds_global_write_lock)
-self.step(starting directory server, self.__start_nowait)
+self.step(starting directory server, self.__start)


I think you can just say `self.start' and remove `__start' function.

Cheers,
Fraser



Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23
--
Petr Vobornik

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code


[Freeipa-devel] [PATCH 0254] Server Upgrade: Wait until DS is ready after restart

2015-05-21 Thread Martin Basti

This patch should fix following traceback.

2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to 
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
  File /usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py, 
line 304, in __upgrade
ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
  File /usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py, line 
314, in __init__
self.create_connection()
  File /usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py, line 
862, in create_connection
autobind=self.ldapi)
  File /usr/lib/python2.7/site-packages/ipalib/backend.py, line 66, in connect
conn = self.create_connection(*args, **kw)
  File /usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py, line 188, 
in create_connection
client_controls=clientctrls)
  File /usr/lib/python2.7/site-packages/ipapython/ipaldap.py, line 1074, in 
external_bind
'', auth_tokens, server_controls, client_controls)
  File /usr/lib64/python2.7/contextlib.py, line 35, in __exit__
self.gen.throw(type, value, traceback)
  File /usr/lib/python2.7/site-packages/ipapython/ipaldap.py, line 976, in 
error_handler
error=info)
NetworkError: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':

2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
  File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line 
388, in start_creation
run_step(full_msg, method)
  File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line 
378, in run_step
method()
  File /usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py, 
line 315, in __upgrade
raise RuntimeError(e)
RuntimeError: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':

Reason was the ipa-server-install tried to connect before DS was ready.

The patch adds waiting until DS is ready.

Patch attached.

Fraser can you please check if this fix works? I can't reproduce it.
Thank you, Martin^2.

From 3183fc490d9615fada1dcc9069eb1303e9e61be8 Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Thu, 21 May 2015 13:25:10 +0200
Subject: [PATCH] Server Upgrade: wait until DS is ready

During server upgrade we should wait until DS is ready after restart, otherwise
connection error is raised.

Instead of 389 port, the DS socket is checked.

https://fedorahosted.org/freeipa/ticket/4904
---
 ipaplatform/redhat/services.py   | 14 ++
 ipaserver/install/upgradeinstance.py |  8 +++-
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
index d6fa080add35cb5aafb2b347dc5fb6e84cc3e4e8..565bf1fdef27e9a780ad2e2638b5051a95782bd2 100644
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@@ -153,6 +153,20 @@ class RedHatDirectoryService(RedHatService):
 super(RedHatDirectoryService, self).restart(instance_name,
 capture_output=capture_output, wait=wait)
 
+def wait_for_open_ports(self, instance_name=):
+if instance_name.endswith('.service'):
+instance_name = instance_name[:-8]
+if instance_name.startswith('dirsrv@'):
+instance_name = instance_name[7:]
+
+if instance_name:
+
+ipautil.wait_for_open_socket(
+paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % instance_name,
+self.api.env.startup_timeout)
+else:
+super(RedHatDirectoryService, self).wait_for_open_ports()
+
 
 class RedHatIPAService(RedHatService):
 # Enforce restart of IPA services when we do enable it
diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py
index 2540df60f1c14b99dbd5b9cdd12d7590edc1bd32..d58c934bc1bd926c0c0c068086c746ac28e8c737 100644
--- a/ipaserver/install/upgradeinstance.py
+++ b/ipaserver/install/upgradeinstance.py
@@ -171,10 +171,8 @@ class IPAUpgrade(service.Service):
 self.schema_files = schema_files
 self.realm = realm_name
 
-def __start_nowait(self):
-# Don't wait here because we've turned off port 389. The connection
-# we make will wait for the socket.
-super(IPAUpgrade, self).start(wait=False)
+def __start(self):
+super(IPAUpgrade, self).start()
 
 def __stop_instance(self):
 Stop only the main DS instance
@@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
 self.step(saving configuration, self.__save_config)
 self.step(disabling listeners, self.__disable_listeners)
 self.step(enabling DS global lock, self.__enable_ds_global_write_lock)
-self.step(starting directory server, self.__start_nowait)
+self.step(starting directory server, self.__start)
 if self.schema_files:
 self.step(updating schema, self.__update_schema)
 self.step(upgrading server, self.__upgrade)
-- 
2.1.0


Re: [Freeipa-devel] [PATCH 0254] Server Upgrade: Wait until DS is ready after restart

2015-05-21 Thread Fraser Tweedale
On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote:
 This patch should fix following traceback.
 
 2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to 
 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
 2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
   File 
 /usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py, line 
 304, in __upgrade
 ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
   File /usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py, 
 line 314, in __init__
 self.create_connection()
   File /usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py, 
 line 862, in create_connection
 autobind=self.ldapi)
   File /usr/lib/python2.7/site-packages/ipalib/backend.py, line 66, in 
 connect
 conn = self.create_connection(*args, **kw)
   File /usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py, line 
 188, in create_connection
 client_controls=clientctrls)
   File /usr/lib/python2.7/site-packages/ipapython/ipaldap.py, line 1074, in 
 external_bind
 '', auth_tokens, server_controls, client_controls)
   File /usr/lib64/python2.7/contextlib.py, line 35, in __exit__
 self.gen.throw(type, value, traceback)
   File /usr/lib/python2.7/site-packages/ipapython/ipaldap.py, line 976, in 
 error_handler
 error=info)
 NetworkError: cannot connect to 
 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
 
 2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
   File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line 
 388, in start_creation
 run_step(full_msg, method)
   File /usr/lib/python2.7/site-packages/ipaserver/install/service.py, line 
 378, in run_step
 method()
   File 
 /usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py, line 
 315, in __upgrade
 raise RuntimeError(e)
 RuntimeError: cannot connect to 
 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
 
 Reason was the ipa-server-install tried to connect before DS was ready.
 
 The patch adds waiting until DS is ready.
 
 Patch attached.
 
 Fraser can you please check if this fix works? I can't reproduce it.
 Thank you, Martin^2.
 
ACK; fixes the issue for me.

One minor comment:

 +def __start(self):
 +super(IPAUpgrade, self).start()
  
  def __stop_instance(self):
  Stop only the main DS instance
 @@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
  self.step(saving configuration, self.__save_config)
  self.step(disabling listeners, self.__disable_listeners)
  self.step(enabling DS global lock, 
 self.__enable_ds_global_write_lock)
 -self.step(starting directory server, self.__start_nowait)
 +self.step(starting directory server, self.__start)

I think you can just say `self.start' and remove `__start' function.

Cheers,
Fraser

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code