Re: [Freeipa-devel] [PATCH 3/3] Get list of service from LDAP only at startup
Simo Sorce wrote: On Mon, 2012-10-29 at 15:41 -0400, Rob Crittenden wrote: Simo Sorce wrote: On Fri, 2012-10-26 at 16:30 -0400, Rob Crittenden wrote: Simo Sorce wrote: From: Simo Sorce We check (possibly different) data from LDAP only at (re)start. This way we always shutdown exactly the services we started even if the list changed in the meanwhile (we avoid leaving a service running even if it was removed from LDAP as the admin decided it should not be started in future). This should also fix a problematic deadlock with systemd when we try to read the list of service from LDAP at shutdown. I'm thinking that in patch 2 we need to be sure the name is unique, for whatever reason, when starting a service. I'm not sure if it is related to this or not: ... Done configuring the web interface (httpd). Applying LDAP updates Restarting the directory server Restarting the KDC Sample zone file for bind has been created in /tmp/sample.zone.t1LC7e.db Restarting the web server Unexpected error - see /var/log/ipaserver-install.log for details: CalledProcessError: Command '/bin/systemctl restart ipa.service' returned non-zero exit status 1 [root@rawhide2 freeipa]# cat /var/run/ipa/services.list ["messagebus", "certmonger", "ntpd", "messagebus", "certmonger", "messagebus", "certmonger", "certmonger", "messagebus", "certmonger", "certmonger", "krb5kdc", "messagebus", "certmonger", "certmonger"] Maybe I should add code to remove entries on stop() ? I haven't considered the case where our own code stop instances outside of ipactl stop Now having duplicate instances shouldn't be fatal but maybe systemd is returning an error to signal the instance was already started ? Maybe converting the list to a set before starting would be enough. I can easily weed out duplicates, but I am relying on the order in this list in the code by using reverse() so that services are stopped in reverse order. However the fact you can restart single services will make this sorta break I guess. I am going to think about ordering and propose a solution that properly handles that, the main issue is that SERVICE_LIST cannot be used because it uses the original 'abstract' names, while the service class now uses this wellknown service name. I don't see any smoking gun in the install log: 2012-10-26T20:27:40Z DEBUG Starting external process 2012-10-26T20:27:40Z DEBUG args=/bin/systemctl restart ipa.service 2012-10-26T20:27:42Z DEBUG Process finished, return code=1 2012-10-26T20:27:42Z DEBUG stdout= 2012-10-26T20:27:42Z DEBUG stderr=Job for ipa.service failed. See 'systemctl status ipa.service' and 'journalctl' for details. 2012-10-26T20:27:42Z INFO File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 614, in run_script return_value = main_function() File "/usr/sbin/ipa-server-install", line 1100, in main ipaservices.knownservices.ipa.enable() File "/usr/lib/python2.7/site-packages/ipapython/platform/fedora16.py", line 129, in enable self.restart(instance_name) File "/usr/lib/python2.7/site-packages/ipapython/platform/systemd.py", line 104, in restart ipautil.run(["/bin/systemctl", "restart", self.service_instance(instance_name)], capture_output=capture_output) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 323, in run raise CalledProcessError(p.returncode, arg_string) 2012-10-26T20:27:42Z INFO The ipa-server-install command failed, exception: CalledProcessError: Command '/bin/systemctl restart ipa.service' returned non-zero exit status 1 So it returned just 1 without any error message ? Simo. # /bin/systemctl status ipa.service ipa.service - Identity, Policy, Audit Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled) Active: failed (Result: exit-code) since Fri, 26 Oct 2012 16:27:42 -0400; 2 days ago Process: 17543 ExecStart=/usr/sbin/ipactl start (code=exited, status=1/FAILURE) CGroup: name=systemd:/system/ipa.service Oct 26 16:27:40 rawhide2.greyoak.com systemd[1]: Starting Identity, Policy, Audit... Oct 26 16:27:41 rawhide2.greyoak.com ipactl[17543]: IPA service already started! Oct 26 16:27:42 rawhide2.greyoak.com systemd[1]: Failed to start Identity, Policy, Audit. I don't think this depends on my patch. Simo. It seems to be. I can't install in F-18 at all with your 3 patches applied. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH 3/3] Get list of service from LDAP only at startup
From: Simo Sorce
We check (possibly different) data from LDAP only at (re)start.
This way we always shutdown exactly the services we started even if the list
changed in the meanwhile (we avoid leaving a service running even if it was
removed from LDAP as the admin decided it should not be started in future).
This should also fix a problematic deadlock with systemd when we try to read
the list of service from LDAP at shutdown.
---
freeipa.spec.in|2 +
init/systemd/ipa.conf.tmpfiles |1 +
install/tools/ipactl | 218 +---
3 files changed, 160 insertions(+), 61 deletions(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index
af76118fd0294fa4d8934b747c254b891ae7f2cb..397d60b1d2a22b1d1eb26b8f567f381da526f282
100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -447,6 +447,7 @@ install -m 0644 init/systemd/ipa.conf.tmpfiles
%{buildroot}%{_sysconfdir}/tmpfil
mkdir -p %{buildroot}%{_localstatedir}/run/
install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa_memcached/
+install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa/
mkdir -p %{buildroot}%{_libdir}/krb5/plugins/libkrb5
touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
@@ -624,6 +625,7 @@ fi
%{_sysconfdir}/cron.d/ipa-compliance
%config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached
%dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/
+%dir %attr(0700,root,root) %{_localstatedir}/run/ipa/
%if 0%{?fedora} >= 15
%config %{_sysconfdir}/tmpfiles.d/ipa.conf
%endif
diff --git a/init/systemd/ipa.conf.tmpfiles b/init/systemd/ipa.conf.tmpfiles
index
e4b679a55d68a6b83991ac72dd520c32b2a0de50..1e7a896ed8df00c97f2d092504e2a65960bb341d
100644
--- a/init/systemd/ipa.conf.tmpfiles
+++ b/init/systemd/ipa.conf.tmpfiles
@@ -1 +1,2 @@
d /var/run/ipa_memcached 0700 apache apache
+d /var/run/ipa 0700 root root
diff --git a/install/tools/ipactl b/install/tools/ipactl
index
d4b2c0878f2b62fd12198f76bef01ef70e9f3de1..24e1df150566ee391798dc03043963ddc55545d5
100755
--- a/install/tools/ipactl
+++ b/install/tools/ipactl
@@ -34,6 +34,7 @@ try:
import ldap.sasl
import ldapurl
import socket
+import json
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
@@ -162,11 +163,45 @@ def get_config(dirsrv):
for p in entry[1]['ipaConfigString']:
if p.startswith('startOrder '):
order = p.split()[1]
-svc_list.append((order, name))
+svc_list.append([order, name])
-return svc_list
+ordered_list = []
+for (order, svc) in sorted(svc_list):
+if svc in service.SERVICE_LIST:
+ordered_list.append(service.SERVICE_LIST[svc][0])
+return ordered_list
+
+def get_config_from_file():
+
+svc_list = []
+
+try:
+f = open(ipaservices.get_svc_list_file(), 'r')
+svc_list = json.load(f)
+except Exception, e:
+raise IpactlError("Unknown error when retrieving list of services from
file: " + str(e))
+
+# the framework can start/stop a number of related services we are not
+# authoritative for, so filter the list through SERVICES_LIST and order it
+# accordingly too.
+
+def_svc_list = []
+for svc in service.SERVICE_LIST:
+s = service.SERVICE_LIST[svc]
+def_svc_list.append([s[1], s[0]])
+
+ordered_list = []
+for (order, svc) in sorted(def_svc_list):
+if svc in svc_list:
+ordered_list.append(svc)
+
+return ordered_list
def ipa_start(options):
+
+if os.path.isfile(ipaservices.get_svc_list_file()):
+raise IpactlError("IPA service already started!")
+
dirsrv = ipaservices.knownservices.dirsrv
try:
print "Starting Directory Service"
@@ -174,11 +209,11 @@ def ipa_start(options):
except Exception, e:
raise IpactlError("Failed to start Directory Service: " + str(e))
-svc_list = []
+ldap_list = []
try:
svc_list = get_config(dirsrv)
except Exception, e:
-emit_err("Failed to read data from Directory Service: " + str(e))
+emit_err("Failed to data from service file: " + str(e))
emit_err("Shutting down")
try:
dirsrv.stop(capture_output=False)
@@ -191,21 +226,19 @@ def ipa_start(options):
raise IpactlError()
if len(svc_list) == 0:
-# no service to stop
+# no service to start
return
-for (order, svc) in sorted(svc_list):
-svc_name = service.SERVICE_LIST[svc][0]
-svchandle = ipaservices.service(svc_name)
+for svc in svc_list:
+svchandle = ipaservices.service(svc)
try:
print "Starting %s Service" % svc
-svchandle.start(capture_output=get_capture_output(svc_name,
options.debug))
+svchandle.start(capture_output=get_capture_output(svc,
options.debug))
except:
[Freeipa-devel] [PATCH 3/3] Get list of service from LDAP only at startup
From: Simo Sorce
We check (possibly different) data from LDAP only at (re)start.
This way we always shutdown exactly the services we started even if the list
changed in the meanwhile (we avoid leaving a service running even if it was
removed from LDAP as the admin decided it should not be started in future).
This should also fix a problematic deadlock with systemd when we try to read
the list of service from LDAP at shutdown.
---
freeipa.spec.in|2 +
init/systemd/ipa.conf.tmpfiles |1 +
install/tools/ipactl | 199
3 files changed, 143 insertions(+), 59 deletions(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index
af76118fd0294fa4d8934b747c254b891ae7f2cb..397d60b1d2a22b1d1eb26b8f567f381da526f282
100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -447,6 +447,7 @@ install -m 0644 init/systemd/ipa.conf.tmpfiles
%{buildroot}%{_sysconfdir}/tmpfil
mkdir -p %{buildroot}%{_localstatedir}/run/
install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa_memcached/
+install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa/
mkdir -p %{buildroot}%{_libdir}/krb5/plugins/libkrb5
touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
@@ -624,6 +625,7 @@ fi
%{_sysconfdir}/cron.d/ipa-compliance
%config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached
%dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/
+%dir %attr(0700,root,root) %{_localstatedir}/run/ipa/
%if 0%{?fedora} >= 15
%config %{_sysconfdir}/tmpfiles.d/ipa.conf
%endif
diff --git a/init/systemd/ipa.conf.tmpfiles b/init/systemd/ipa.conf.tmpfiles
index
e4b679a55d68a6b83991ac72dd520c32b2a0de50..1e7a896ed8df00c97f2d092504e2a65960bb341d
100644
--- a/init/systemd/ipa.conf.tmpfiles
+++ b/init/systemd/ipa.conf.tmpfiles
@@ -1 +1,2 @@
d /var/run/ipa_memcached 0700 apache apache
+d /var/run/ipa 0700 root root
diff --git a/install/tools/ipactl b/install/tools/ipactl
index
d4b2c0878f2b62fd12198f76bef01ef70e9f3de1..9b151ab9f9bd10423d5145a1fcf028b6ddb65096
100755
--- a/install/tools/ipactl
+++ b/install/tools/ipactl
@@ -34,6 +34,7 @@ try:
import ldap.sasl
import ldapurl
import socket
+import json
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
@@ -162,11 +163,30 @@ def get_config(dirsrv):
for p in entry[1]['ipaConfigString']:
if p.startswith('startOrder '):
order = p.split()[1]
-svc_list.append((order, name))
+svc_list.append([order, name])
+
+ordered_list = []
+for (order, svc) in sorted(svc_list):
+ordered_list.append(service.SERVICE_LIST[svc][0])
+return ordered_list
+
+def get_config_from_file():
+
+svc_list = []
+
+try:
+f = open(ipaservices.get_svc_list_file(), 'r')
+svc_list = json.load(f)
+except Exception, e:
+raise IpactlError("Unknown error when retrieving list of services from
file: " + str(e))
return svc_list
def ipa_start(options):
+
+if os.path.isfile(ipaservices.get_svc_list_file()):
+raise IpactlError("IPA service already started!")
+
dirsrv = ipaservices.knownservices.dirsrv
try:
print "Starting Directory Service"
@@ -174,7 +194,7 @@ def ipa_start(options):
except Exception, e:
raise IpactlError("Failed to start Directory Service: " + str(e))
-svc_list = []
+ldap_list = []
try:
svc_list = get_config(dirsrv)
except Exception, e:
@@ -191,21 +211,19 @@ def ipa_start(options):
raise IpactlError()
if len(svc_list) == 0:
-# no service to stop
+# no service to start
return
-for (order, svc) in sorted(svc_list):
-svc_name = service.SERVICE_LIST[svc][0]
-svchandle = ipaservices.service(svc_name)
+for svc in svc_list:
+svchandle = ipaservices.service(svc)
try:
print "Starting %s Service" % svc
-svchandle.start(capture_output=get_capture_output(svc_name,
options.debug))
+svchandle.start(capture_output=get_capture_output(svc,
options.debug))
except:
emit_err("Failed to start %s Service" % svc)
emit_err("Shutting down")
-for (order, svc) in sorted(svc_list):
-svc_name = service.SERVICE_LIST[svc][0]
-svc_off = ipaservices.service(svc_name)
+for svc in svc_list:
+svc_off = ipaservices.service(svc)
try:
svc_off.stop(capture_output=False)
except:
@@ -220,11 +238,10 @@ def ipa_stop(options):
dirsrv = ipaservices.knownservices.dirsrv
svc_list = []
try:
-svc_list = get_config(dirsrv)
+svc_list = get_config_from_file()
except Exception, e:
-# ok if dirsrv died this may fail, so let's try to quickly restart it
-# and see if we
Re: [Freeipa-devel] [PATCH 3/3] Get list of service from LDAP only at startup
On Mon, 2012-10-29 at 15:41 -0400, Rob Crittenden wrote: > Simo Sorce wrote: > > On Fri, 2012-10-26 at 16:30 -0400, Rob Crittenden wrote: > >> Simo Sorce wrote: > >>> From: Simo Sorce > >>> > >>> We check (possibly different) data from LDAP only at (re)start. > >>> This way we always shutdown exactly the services we started even if the > >>> list > >>> changed in the meanwhile (we avoid leaving a service running even if it > >>> was > >>> removed from LDAP as the admin decided it should not be started in > >>> future). > >>> > >>> This should also fix a problematic deadlock with systemd when we try to > >>> read > >>> the list of service from LDAP at shutdown. > >> > >> I'm thinking that in patch 2 we need to be sure the name is unique, for > >> whatever reason, when starting a service. I'm not sure if it is related > >> to this or not: > >> > >> ... > >> Done configuring the web interface (httpd). > >> Applying LDAP updates > >> Restarting the directory server > >> Restarting the KDC > >> Sample zone file for bind has been created in /tmp/sample.zone.t1LC7e.db > >> Restarting the web server > >> Unexpected error - see /var/log/ipaserver-install.log for details: > >> CalledProcessError: Command '/bin/systemctl restart ipa.service' > >> returned non-zero exit status 1 > >> [root@rawhide2 freeipa]# cat /var/run/ipa/services.list > >> ["messagebus", "certmonger", "ntpd", "messagebus", "certmonger", > >> "messagebus", "certmonger", "certmonger", "messagebus", "certmonger", > >> "certmonger", "krb5kdc", "messagebus", "certmonger", "certmonger"] > > > > Maybe I should add code to remove entries on stop() ? > > I haven't considered the case where our own code stop instances outside > > of ipactl stop > > > > Now having duplicate instances shouldn't be fatal but maybe systemd is > > returning an error to signal the instance was already started ? > > Maybe converting the list to a set before starting would be enough. I can easily weed out duplicates, but I am relying on the order in this list in the code by using reverse() so that services are stopped in reverse order. However the fact you can restart single services will make this sorta break I guess. I am going to think about ordering and propose a solution that properly handles that, the main issue is that SERVICE_LIST cannot be used because it uses the original 'abstract' names, while the service class now uses this wellknown service name. > > > >> I don't see any smoking gun in the install log: > >> > >> 2012-10-26T20:27:40Z DEBUG Starting external process > >> 2012-10-26T20:27:40Z DEBUG args=/bin/systemctl restart ipa.service > >> 2012-10-26T20:27:42Z DEBUG Process finished, return code=1 > >> 2012-10-26T20:27:42Z DEBUG stdout= > >> 2012-10-26T20:27:42Z DEBUG stderr=Job for ipa.service failed. See > >> 'systemctl status ipa.service' and 'journalctl' for details. > >> > >> 2012-10-26T20:27:42Z INFO File > >> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", > >> line 614, in run_script > >> return_value = main_function() > >> > >> File "/usr/sbin/ipa-server-install", line 1100, in main > >> ipaservices.knownservices.ipa.enable() > >> > >> File > >> "/usr/lib/python2.7/site-packages/ipapython/platform/fedora16.py", line > >> 129, in enable > >> self.restart(instance_name) > >> > >> File > >> "/usr/lib/python2.7/site-packages/ipapython/platform/systemd.py", line > >> 104, in restart > >> ipautil.run(["/bin/systemctl", "restart", > >> self.service_instance(instance_name)], capture_output=capture_output) > >> > >> File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line > >> 323, in run > >> raise CalledProcessError(p.returncode, arg_string) > >> > >> 2012-10-26T20:27:42Z INFO The ipa-server-install command failed, > >> exception: CalledProcessError: Command '/bin/systemctl restart > >> ipa.service' returned non-zero exit status 1 > > > > So it returned just 1 without any error message ? > > > > Simo. > > > > > > # /bin/systemctl status ipa.service > ipa.service - Identity, Policy, Audit >Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled) >Active: failed (Result: exit-code) since Fri, 26 Oct 2012 > 16:27:42 -0400; 2 days ago > Process: 17543 ExecStart=/usr/sbin/ipactl start (code=exited, > status=1/FAILURE) >CGroup: name=systemd:/system/ipa.service > > Oct 26 16:27:40 rawhide2.greyoak.com systemd[1]: Starting Identity, > Policy, Audit... > Oct 26 16:27:41 rawhide2.greyoak.com ipactl[17543]: IPA service already > started! > Oct 26 16:27:42 rawhide2.greyoak.com systemd[1]: Failed to start > Identity, Policy, Audit. I don't think this depends on my patch. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 3/3] Get list of service from LDAP only at startup
Simo Sorce wrote: On Fri, 2012-10-26 at 16:30 -0400, Rob Crittenden wrote: Simo Sorce wrote: From: Simo Sorce We check (possibly different) data from LDAP only at (re)start. This way we always shutdown exactly the services we started even if the list changed in the meanwhile (we avoid leaving a service running even if it was removed from LDAP as the admin decided it should not be started in future). This should also fix a problematic deadlock with systemd when we try to read the list of service from LDAP at shutdown. I'm thinking that in patch 2 we need to be sure the name is unique, for whatever reason, when starting a service. I'm not sure if it is related to this or not: ... Done configuring the web interface (httpd). Applying LDAP updates Restarting the directory server Restarting the KDC Sample zone file for bind has been created in /tmp/sample.zone.t1LC7e.db Restarting the web server Unexpected error - see /var/log/ipaserver-install.log for details: CalledProcessError: Command '/bin/systemctl restart ipa.service' returned non-zero exit status 1 [root@rawhide2 freeipa]# cat /var/run/ipa/services.list ["messagebus", "certmonger", "ntpd", "messagebus", "certmonger", "messagebus", "certmonger", "certmonger", "messagebus", "certmonger", "certmonger", "krb5kdc", "messagebus", "certmonger", "certmonger"] Maybe I should add code to remove entries on stop() ? I haven't considered the case where our own code stop instances outside of ipactl stop Now having duplicate instances shouldn't be fatal but maybe systemd is returning an error to signal the instance was already started ? Maybe converting the list to a set before starting would be enough. I don't see any smoking gun in the install log: 2012-10-26T20:27:40Z DEBUG Starting external process 2012-10-26T20:27:40Z DEBUG args=/bin/systemctl restart ipa.service 2012-10-26T20:27:42Z DEBUG Process finished, return code=1 2012-10-26T20:27:42Z DEBUG stdout= 2012-10-26T20:27:42Z DEBUG stderr=Job for ipa.service failed. See 'systemctl status ipa.service' and 'journalctl' for details. 2012-10-26T20:27:42Z INFO File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 614, in run_script return_value = main_function() File "/usr/sbin/ipa-server-install", line 1100, in main ipaservices.knownservices.ipa.enable() File "/usr/lib/python2.7/site-packages/ipapython/platform/fedora16.py", line 129, in enable self.restart(instance_name) File "/usr/lib/python2.7/site-packages/ipapython/platform/systemd.py", line 104, in restart ipautil.run(["/bin/systemctl", "restart", self.service_instance(instance_name)], capture_output=capture_output) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 323, in run raise CalledProcessError(p.returncode, arg_string) 2012-10-26T20:27:42Z INFO The ipa-server-install command failed, exception: CalledProcessError: Command '/bin/systemctl restart ipa.service' returned non-zero exit status 1 So it returned just 1 without any error message ? Simo. # /bin/systemctl status ipa.service ipa.service - Identity, Policy, Audit Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled) Active: failed (Result: exit-code) since Fri, 26 Oct 2012 16:27:42 -0400; 2 days ago Process: 17543 ExecStart=/usr/sbin/ipactl start (code=exited, status=1/FAILURE) CGroup: name=systemd:/system/ipa.service Oct 26 16:27:40 rawhide2.greyoak.com systemd[1]: Starting Identity, Policy, Audit... Oct 26 16:27:41 rawhide2.greyoak.com ipactl[17543]: IPA service already started! Oct 26 16:27:42 rawhide2.greyoak.com systemd[1]: Failed to start Identity, Policy, Audit. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 3/3] Get list of service from LDAP only at startup
On Fri, 2012-10-26 at 16:30 -0400, Rob Crittenden wrote: > Simo Sorce wrote: > > From: Simo Sorce > > > > We check (possibly different) data from LDAP only at (re)start. > > This way we always shutdown exactly the services we started even if the list > > changed in the meanwhile (we avoid leaving a service running even if it was > > removed from LDAP as the admin decided it should not be started in future). > > > > This should also fix a problematic deadlock with systemd when we try to read > > the list of service from LDAP at shutdown. > > I'm thinking that in patch 2 we need to be sure the name is unique, for > whatever reason, when starting a service. I'm not sure if it is related > to this or not: > > ... > Done configuring the web interface (httpd). > Applying LDAP updates > Restarting the directory server > Restarting the KDC > Sample zone file for bind has been created in /tmp/sample.zone.t1LC7e.db > Restarting the web server > Unexpected error - see /var/log/ipaserver-install.log for details: > CalledProcessError: Command '/bin/systemctl restart ipa.service' > returned non-zero exit status 1 > [root@rawhide2 freeipa]# cat /var/run/ipa/services.list > ["messagebus", "certmonger", "ntpd", "messagebus", "certmonger", > "messagebus", "certmonger", "certmonger", "messagebus", "certmonger", > "certmonger", "krb5kdc", "messagebus", "certmonger", "certmonger"] Maybe I should add code to remove entries on stop() ? I haven't considered the case where our own code stop instances outside of ipactl stop Now having duplicate instances shouldn't be fatal but maybe systemd is returning an error to signal the instance was already started ? > I don't see any smoking gun in the install log: > > 2012-10-26T20:27:40Z DEBUG Starting external process > 2012-10-26T20:27:40Z DEBUG args=/bin/systemctl restart ipa.service > 2012-10-26T20:27:42Z DEBUG Process finished, return code=1 > 2012-10-26T20:27:42Z DEBUG stdout= > 2012-10-26T20:27:42Z DEBUG stderr=Job for ipa.service failed. See > 'systemctl status ipa.service' and 'journalctl' for details. > > 2012-10-26T20:27:42Z INFO File > "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", > line 614, in run_script > return_value = main_function() > >File "/usr/sbin/ipa-server-install", line 1100, in main > ipaservices.knownservices.ipa.enable() > >File > "/usr/lib/python2.7/site-packages/ipapython/platform/fedora16.py", line > 129, in enable > self.restart(instance_name) > >File > "/usr/lib/python2.7/site-packages/ipapython/platform/systemd.py", line > 104, in restart > ipautil.run(["/bin/systemctl", "restart", > self.service_instance(instance_name)], capture_output=capture_output) > >File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line > 323, in run > raise CalledProcessError(p.returncode, arg_string) > > 2012-10-26T20:27:42Z INFO The ipa-server-install command failed, > exception: CalledProcessError: Command '/bin/systemctl restart > ipa.service' returned non-zero exit status 1 So it returned just 1 without any error message ? Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 3/3] Get list of service from LDAP only at startup
Simo Sorce wrote: From: Simo Sorce We check (possibly different) data from LDAP only at (re)start. This way we always shutdown exactly the services we started even if the list changed in the meanwhile (we avoid leaving a service running even if it was removed from LDAP as the admin decided it should not be started in future). This should also fix a problematic deadlock with systemd when we try to read the list of service from LDAP at shutdown. I'm thinking that in patch 2 we need to be sure the name is unique, for whatever reason, when starting a service. I'm not sure if it is related to this or not: ... Done configuring the web interface (httpd). Applying LDAP updates Restarting the directory server Restarting the KDC Sample zone file for bind has been created in /tmp/sample.zone.t1LC7e.db Restarting the web server Unexpected error - see /var/log/ipaserver-install.log for details: CalledProcessError: Command '/bin/systemctl restart ipa.service' returned non-zero exit status 1 [root@rawhide2 freeipa]# cat /var/run/ipa/services.list ["messagebus", "certmonger", "ntpd", "messagebus", "certmonger", "messagebus", "certmonger", "certmonger", "messagebus", "certmonger", "certmonger", "krb5kdc", "messagebus", "certmonger", "certmonger"] I don't see any smoking gun in the install log: 2012-10-26T20:27:40Z DEBUG Starting external process 2012-10-26T20:27:40Z DEBUG args=/bin/systemctl restart ipa.service 2012-10-26T20:27:42Z DEBUG Process finished, return code=1 2012-10-26T20:27:42Z DEBUG stdout= 2012-10-26T20:27:42Z DEBUG stderr=Job for ipa.service failed. See 'systemctl status ipa.service' and 'journalctl' for details. 2012-10-26T20:27:42Z INFO File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 614, in run_script return_value = main_function() File "/usr/sbin/ipa-server-install", line 1100, in main ipaservices.knownservices.ipa.enable() File "/usr/lib/python2.7/site-packages/ipapython/platform/fedora16.py", line 129, in enable self.restart(instance_name) File "/usr/lib/python2.7/site-packages/ipapython/platform/systemd.py", line 104, in restart ipautil.run(["/bin/systemctl", "restart", self.service_instance(instance_name)], capture_output=capture_output) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 323, in run raise CalledProcessError(p.returncode, arg_string) 2012-10-26T20:27:42Z INFO The ipa-server-install command failed, exception: CalledProcessError: Command '/bin/systemctl restart ipa.service' returned non-zero exit status 1 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH 3/3] Get list of service from LDAP only at startup
From: Simo Sorce
We check (possibly different) data from LDAP only at (re)start.
This way we always shutdown exactly the services we started even if the list
changed in the meanwhile (we avoid leaving a service running even if it was
removed from LDAP as the admin decided it should not be started in future).
This should also fix a problematic deadlock with systemd when we try to read
the list of service from LDAP at shutdown.
---
freeipa.spec.in|2 +
init/systemd/ipa.conf.tmpfiles |1 +
install/tools/ipactl | 199
3 files changed, 143 insertions(+), 59 deletions(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index
916630029f6dfac8ef32dabb00f338052cbbf08e..41745c318655fa3eb37a512aaf253016f1620581
100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -446,6 +446,7 @@ install -m 0644 init/systemd/ipa.conf.tmpfiles
%{buildroot}%{_sysconfdir}/tmpfil
mkdir -p %{buildroot}%{_localstatedir}/run/
install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa_memcached/
+install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa/
mkdir -p %{buildroot}%{_libdir}/krb5/plugins/libkrb5
touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
@@ -623,6 +624,7 @@ fi
%{_sysconfdir}/cron.d/ipa-compliance
%config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached
%dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/
+%dir %attr(0700,root,root) %{_localstatedir}/run/ipa/
%if 0%{?fedora} >= 15
%config %{_sysconfdir}/tmpfiles.d/ipa.conf
%endif
diff --git a/init/systemd/ipa.conf.tmpfiles b/init/systemd/ipa.conf.tmpfiles
index
e4b679a55d68a6b83991ac72dd520c32b2a0de50..1e7a896ed8df00c97f2d092504e2a65960bb341d
100644
--- a/init/systemd/ipa.conf.tmpfiles
+++ b/init/systemd/ipa.conf.tmpfiles
@@ -1 +1,2 @@
d /var/run/ipa_memcached 0700 apache apache
+d /var/run/ipa 0700 root root
diff --git a/install/tools/ipactl b/install/tools/ipactl
index
d4b2c0878f2b62fd12198f76bef01ef70e9f3de1..9b151ab9f9bd10423d5145a1fcf028b6ddb65096
100755
--- a/install/tools/ipactl
+++ b/install/tools/ipactl
@@ -34,6 +34,7 @@ try:
import ldap.sasl
import ldapurl
import socket
+import json
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
@@ -162,11 +163,30 @@ def get_config(dirsrv):
for p in entry[1]['ipaConfigString']:
if p.startswith('startOrder '):
order = p.split()[1]
-svc_list.append((order, name))
+svc_list.append([order, name])
+
+ordered_list = []
+for (order, svc) in sorted(svc_list):
+ordered_list.append(service.SERVICE_LIST[svc][0])
+return ordered_list
+
+def get_config_from_file():
+
+svc_list = []
+
+try:
+f = open(ipaservices.get_svc_list_file(), 'r')
+svc_list = json.load(f)
+except Exception, e:
+raise IpactlError("Unknown error when retrieving list of services from
file: " + str(e))
return svc_list
def ipa_start(options):
+
+if os.path.isfile(ipaservices.get_svc_list_file()):
+raise IpactlError("IPA service already started!")
+
dirsrv = ipaservices.knownservices.dirsrv
try:
print "Starting Directory Service"
@@ -174,7 +194,7 @@ def ipa_start(options):
except Exception, e:
raise IpactlError("Failed to start Directory Service: " + str(e))
-svc_list = []
+ldap_list = []
try:
svc_list = get_config(dirsrv)
except Exception, e:
@@ -191,21 +211,19 @@ def ipa_start(options):
raise IpactlError()
if len(svc_list) == 0:
-# no service to stop
+# no service to start
return
-for (order, svc) in sorted(svc_list):
-svc_name = service.SERVICE_LIST[svc][0]
-svchandle = ipaservices.service(svc_name)
+for svc in svc_list:
+svchandle = ipaservices.service(svc)
try:
print "Starting %s Service" % svc
-svchandle.start(capture_output=get_capture_output(svc_name,
options.debug))
+svchandle.start(capture_output=get_capture_output(svc,
options.debug))
except:
emit_err("Failed to start %s Service" % svc)
emit_err("Shutting down")
-for (order, svc) in sorted(svc_list):
-svc_name = service.SERVICE_LIST[svc][0]
-svc_off = ipaservices.service(svc_name)
+for svc in svc_list:
+svc_off = ipaservices.service(svc)
try:
svc_off.stop(capture_output=False)
except:
@@ -220,11 +238,10 @@ def ipa_stop(options):
dirsrv = ipaservices.knownservices.dirsrv
svc_list = []
try:
-svc_list = get_config(dirsrv)
+svc_list = get_config_from_file()
except Exception, e:
-# ok if dirsrv died this may fail, so let's try to quickly restart it
-# and see if we
