Re: [Freeipa-devel] [PATCH 0259] Server Upgrade: Wait until DS is ready after restart
On 26/05/15 13:44, Alexander Bokovoy wrote:
On Tue, 26 May 2015, Jan Cholasta wrote:
I tested 0259.1 (it worked for install and update) but not 0259.2
yet. 0259.2 looks OK though; ACK if tested for install and update.
The new patch has only one additional minor fix for a potential
problem that currently does not appear anywhere in install and update
(see interdiff below), so I consider the ACK transitive.
-if instance_name.startswith('dirsrv@'):
+if instance_name.startswith('dirsrv'):
+# this is intentional, return the empty string if
the instance
+# name is 'dirsrv'
This one is actually pretty bad. If you only check for dirsrv, then
dirsrv.service would get in it and you'd get instance_name[7:] returning
empty string, not a service name at all:
>>> s='dirsrv.service'
>>> s[:-8]
'dirsrv'
>>> s[:-8][7:]
''
>>> s='dirsrv@foobar.service'
>>> s[:-8]
'dirsrv@foobar'
>>> s[:-8][7:]
'foobar'
>>>
Empty string is expected.
Emptry string means the instance has not been specified, and check will
be skipped.
Because 'dirsrv.service' doest not contain instance name, so empty
string should be returned.
--
Martin Basti
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0259] Server Upgrade: Wait until DS is ready after restart
On Tue, 26 May 2015, Jan Cholasta wrote:
I tested 0259.1 (it worked for install and update) but not 0259.2
yet. 0259.2 looks OK though; ACK if tested for install and update.
The new patch has only one additional minor fix for a potential
problem that currently does not appear anywhere in install and update
(see interdiff below), so I consider the ACK transitive.
-if instance_name.startswith('dirsrv@'):
+if instance_name.startswith('dirsrv'):
+# this is intentional, return the empty string if the
instance
+# name is 'dirsrv'
This one is actually pretty bad. If you only check for dirsrv, then
dirsrv.service would get in it and you'd get instance_name[7:] returning
empty string, not a service name at all:
>>> s='dirsrv.service'
>>> s[:-8]
'dirsrv'
>>> s[:-8][7:]
''
>>> s='dirsrv@foobar.service'
>>> s[:-8]
'dirsrv@foobar'
>>> s[:-8][7:]
'foobar'
>>>
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0259] Server Upgrade: Wait until DS is ready after restart
Dne 25.5.2015 v 16:07 Fraser Tweedale napsal(a):
On Mon, May 25, 2015 at 03:38:39PM +0200, Martin Basti wrote:
On 25/05/15 13:57, Martin Basti wrote:
On 25/05/15 09:20, Fraser Tweedale wrote:
On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote:
Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a):
On 05/21/2015 03:16 PM, Fraser Tweedale wrote:
On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote:
This patch should fix following traceback.
2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
line 304, in __upgrade
ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 314, in __init__
self.create_connection()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 862, in create_connection
autobind=self.ldapi)
File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line
66, in connect
conn = self.create_connection(*args, **kw)
File
"/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line
188, in create_connection
client_controls=clientctrls)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
line
1074, in external_bind
'', auth_tokens, server_controls, client_controls)
File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
line
976, in error_handler
error=info)
NetworkError: cannot connect to
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line
388, in start_creation
run_step(full_msg, method)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line
378, in run_step
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
line 315, in __upgrade
raise RuntimeError(e)
RuntimeError: cannot connect to
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
Reason was the ipa-server-install tried to connect before DS was
ready.
The patch adds waiting until DS is ready.
Patch attached.
Fraser can you please check if this fix works? I can't reproduce it.
Thank you, Martin^2.
ACK; fixes the issue for me.
One minor comment:
+def __start(self):
+super(IPAUpgrade, self).start()
def __stop_instance(self):
"""Stop only the main DS instance"""
@@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
self.step("saving configuration", self.__save_config)
self.step("disabling listeners", self.__disable_listeners)
self.step("enabling DS global lock",
self.__enable_ds_global_write_lock)
-self.step("starting directory server", self.__start_nowait)
+self.step("starting directory server", self.__start)
I think you can just say `self.start' and remove `__start' function.
Cheers,
Fraser
Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23
This semi-breaks ipa-server-install for me:
Configuring directory server (dirsrv): Estimated time 1 minute
[1/38]: creating directory server user
[2/38]: creating directory server instance
ipa : CRITICAL Failed to restart the directory server ([Errno
2] No
such file or directory). See the installation log for details.
[3/38]: adding default schema
[4/38]: enabling memberof plugin
It would be nice to check if the socket exists before waiting for it.
This (non-catastrophic but annoying) regression occurred for me too.
I wasn't paying enough attention to ipa-server-install before I
ACKed the patch :/
--
Jan Cholasta
Hello,
this patch fixes the issue.
Updated patch attached
--
Martin Basti
From 25c90638f02d36f3d992b6b20dbb66afb09e74f2 Mon Sep 17 00:00:00 2001
From: Martin Basti
Date: Mon, 25 May 2015 09:01:42 +0200
Subject: [PATCH] Fix: use DS socket check only for upgrade
To detect if DS server is running, use the slapd socket for upgrade, and the
LDAP port
for installation.
Without enabled LDAPi socket checking doesnt work.
https://fedorahosted.org/freeipa/ticket/4904
---
ipaplatform/redhat/services.py | 43
ipaserver/install/upgradeinstance.py | 3 ++-
2 files changed, 31 insertions(+), 15 deletions(-)
diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
index
565bf1fdef27e9a780ad2e2638b5051a95782bd2..757908f9581d5f04176dd5243fc64bec4c074c7f
100644
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@@ -25,6 +25,7 @@ Contains Red Hat OS family-specific service class
implementations.
import os
import time
import xml.dom.minidom
+import contextlib
from
Re: [Freeipa-devel] [PATCH 0259] Server Upgrade: Wait until DS is ready after restart
On Mon, May 25, 2015 at 03:38:39PM +0200, Martin Basti wrote:
> On 25/05/15 13:57, Martin Basti wrote:
> >On 25/05/15 09:20, Fraser Tweedale wrote:
> >>On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote:
> >>>Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a):
> On 05/21/2015 03:16 PM, Fraser Tweedale wrote:
> >On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote:
> >>This patch should fix following traceback.
> >>
> >>2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to
> >>'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
> >>2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
> >> File
> >>"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
> >>
> >>line 304, in __upgrade
> >> ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
> >> File
> >>"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
> >>line 314, in __init__
> >> self.create_connection()
> >> File
> >>"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
> >>line 862, in create_connection
> >> autobind=self.ldapi)
> >> File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line
> >>66, in connect
> >> conn = self.create_connection(*args, **kw)
> >> File
> >>"/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line
> >>188, in create_connection
> >> client_controls=clientctrls)
> >> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
> >>line
> >>1074, in external_bind
> >> '', auth_tokens, server_controls, client_controls)
> >> File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
> >> self.gen.throw(type, value, traceback)
> >> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
> >>line
> >>976, in error_handler
> >> error=info)
> >>NetworkError: cannot connect to
> >>'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
> >>
> >>2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
> >> File
> >>"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> >>line
> >>388, in start_creation
> >> run_step(full_msg, method)
> >> File
> >>"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> >>line
> >>378, in run_step
> >> method()
> >> File
> >>"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
> >>
> >>line 315, in __upgrade
> >> raise RuntimeError(e)
> >>RuntimeError: cannot connect to
> >>'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
> >>
> >>Reason was the ipa-server-install tried to connect before DS was
> >>ready.
> >>
> >>The patch adds waiting until DS is ready.
> >>
> >>Patch attached.
> >>
> >>Fraser can you please check if this fix works? I can't reproduce it.
> >>Thank you, Martin^2.
> >>
> >ACK; fixes the issue for me.
> >
> >One minor comment:
> >
> >>+def __start(self):
> >>+super(IPAUpgrade, self).start()
> >>
> >> def __stop_instance(self):
> >> """Stop only the main DS instance"""
> >>@@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
> >> self.step("saving configuration", self.__save_config)
> >> self.step("disabling listeners", self.__disable_listeners)
> >> self.step("enabling DS global lock",
> >>self.__enable_ds_global_write_lock)
> >>-self.step("starting directory server", self.__start_nowait)
> >>+self.step("starting directory server", self.__start)
> >I think you can just say `self.start' and remove `__start' function.
> >
> >Cheers,
> >Fraser
> >
> Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23
> >>>This semi-breaks ipa-server-install for me:
> >>>
> >>>Configuring directory server (dirsrv): Estimated time 1 minute
> >>> [1/38]: creating directory server user
> >>> [2/38]: creating directory server instance
> >>>ipa : CRITICAL Failed to restart the directory server ([Errno
> >>>2] No
> >>>such file or directory). See the installation log for details.
> >>> [3/38]: adding default schema
> >>> [4/38]: enabling memberof plugin
> >>>
> >>>It would be nice to check if the socket exists before waiting for it.
> >>>
> >>This (non-catastrophic but annoying) regression occurred for me too.
> >>I wasn't paying enough attention to ipa-server-install before I
> >>ACKed the patch :/
> >>
> >>>--
> >>>Jan Cholasta
> >Hello,
> >
> >this patch fixes the issue.
> >
> >
> >
> >
> >
> Updated patch attached
>
> --
> Martin Basti
>
> From 25c90638f02d36f3d992b6b20dbb66afb09e74f2 Mon Sep 17 00:00:00 2001
> From: Martin Basti
> Date: Mon, 25 May 2015 09:01:42 +0200
> Subject: [PATCH] Fix: use DS socket check only for upgrade
>
> To det
Re: [Freeipa-devel] [PATCH 0259] Server Upgrade: Wait until DS is ready after restart
On 25/05/15 13:57, Martin Basti wrote:
On 25/05/15 09:20, Fraser Tweedale wrote:
On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote:
Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a):
On 05/21/2015 03:16 PM, Fraser Tweedale wrote:
On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote:
This patch should fix following traceback.
2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
line 304, in __upgrade
ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 314, in __init__
self.create_connection()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 862, in create_connection
autobind=self.ldapi)
File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line
66, in connect
conn = self.create_connection(*args, **kw)
File
"/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line
188, in create_connection
client_controls=clientctrls)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
line
1074, in external_bind
'', auth_tokens, server_controls, client_controls)
File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
line
976, in error_handler
error=info)
NetworkError: cannot connect to
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line
388, in start_creation
run_step(full_msg, method)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line
378, in run_step
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
line 315, in __upgrade
raise RuntimeError(e)
RuntimeError: cannot connect to
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
Reason was the ipa-server-install tried to connect before DS was
ready.
The patch adds waiting until DS is ready.
Patch attached.
Fraser can you please check if this fix works? I can't reproduce it.
Thank you, Martin^2.
ACK; fixes the issue for me.
One minor comment:
+def __start(self):
+super(IPAUpgrade, self).start()
def __stop_instance(self):
"""Stop only the main DS instance"""
@@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
self.step("saving configuration", self.__save_config)
self.step("disabling listeners", self.__disable_listeners)
self.step("enabling DS global lock",
self.__enable_ds_global_write_lock)
-self.step("starting directory server", self.__start_nowait)
+self.step("starting directory server", self.__start)
I think you can just say `self.start' and remove `__start' function.
Cheers,
Fraser
Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23
This semi-breaks ipa-server-install for me:
Configuring directory server (dirsrv): Estimated time 1 minute
[1/38]: creating directory server user
[2/38]: creating directory server instance
ipa : CRITICAL Failed to restart the directory server
([Errno 2] No
such file or directory). See the installation log for details.
[3/38]: adding default schema
[4/38]: enabling memberof plugin
It would be nice to check if the socket exists before waiting for it.
This (non-catastrophic but annoying) regression occurred for me too.
I wasn't paying enough attention to ipa-server-install before I
ACKed the patch :/
--
Jan Cholasta
Hello,
this patch fixes the issue.
Updated patch attached
--
Martin Basti
From 25c90638f02d36f3d992b6b20dbb66afb09e74f2 Mon Sep 17 00:00:00 2001
From: Martin Basti
Date: Mon, 25 May 2015 09:01:42 +0200
Subject: [PATCH] Fix: use DS socket check only for upgrade
To detect if DS server is running, use the slapd socket for upgrade, and the LDAP port
for installation.
Without enabled LDAPi socket checking doesnt work.
https://fedorahosted.org/freeipa/ticket/4904
---
ipaplatform/redhat/services.py | 43
ipaserver/install/upgradeinstance.py | 3 ++-
2 files changed, 31 insertions(+), 15 deletions(-)
diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
index 565bf1fdef27e9a780ad2e2638b5051a95782bd2..757908f9581d5f04176dd5243fc64bec4c074c7f 100644
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@@ -25,6 +25,7 @@ Contains Red Hat OS family-specific service class implementations.
import os
import time
import xml.dom.minidom
+import contextlib
from ipaplatform.tasks import tasks
from ipaplatform.base import services as base_services
@@ -124,7 +125,8 @@ cla
Re: [Freeipa-devel] [PATCH 0259] Server Upgrade: Wait until DS is ready after restart
On 25/05/15 09:20, Fraser Tweedale wrote:
On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote:
Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a):
On 05/21/2015 03:16 PM, Fraser Tweedale wrote:
On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote:
This patch should fix following traceback.
2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
line 304, in __upgrade
ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 314, in __init__
self.create_connection()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 862, in create_connection
autobind=self.ldapi)
File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line
66, in connect
conn = self.create_connection(*args, **kw)
File
"/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line
188, in create_connection
client_controls=clientctrls)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1074, in external_bind
'', auth_tokens, server_controls, client_controls)
File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
976, in error_handler
error=info)
NetworkError: cannot connect to
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
388, in start_creation
run_step(full_msg, method)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
378, in run_step
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
line 315, in __upgrade
raise RuntimeError(e)
RuntimeError: cannot connect to
'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
Reason was the ipa-server-install tried to connect before DS was ready.
The patch adds waiting until DS is ready.
Patch attached.
Fraser can you please check if this fix works? I can't reproduce it.
Thank you, Martin^2.
ACK; fixes the issue for me.
One minor comment:
+def __start(self):
+super(IPAUpgrade, self).start()
def __stop_instance(self):
"""Stop only the main DS instance"""
@@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
self.step("saving configuration", self.__save_config)
self.step("disabling listeners", self.__disable_listeners)
self.step("enabling DS global lock",
self.__enable_ds_global_write_lock)
-self.step("starting directory server", self.__start_nowait)
+self.step("starting directory server", self.__start)
I think you can just say `self.start' and remove `__start' function.
Cheers,
Fraser
Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23
This semi-breaks ipa-server-install for me:
Configuring directory server (dirsrv): Estimated time 1 minute
[1/38]: creating directory server user
[2/38]: creating directory server instance
ipa : CRITICAL Failed to restart the directory server ([Errno 2] No
such file or directory). See the installation log for details.
[3/38]: adding default schema
[4/38]: enabling memberof plugin
It would be nice to check if the socket exists before waiting for it.
This (non-catastrophic but annoying) regression occurred for me too.
I wasn't paying enough attention to ipa-server-install before I
ACKed the patch :/
--
Jan Cholasta
Hello,
this patch fixes the issue.
--
Martin Basti
From 12df8e64ca2c63eec6bb3267b0377e6cb420b3e6 Mon Sep 17 00:00:00 2001
From: Martin Basti
Date: Mon, 25 May 2015 09:01:42 +0200
Subject: [PATCH] Fix: use DS socket check only for upgrade
To detect if DS server is running, use the slapd socket for upgrade, and the LDAP port
for installation.
Without enabled LDAPi socket checking doesnt work.
https://fedorahosted.org/freeipa/ticket/4904
---
ipaplatform/redhat/services.py | 41
ipaserver/install/upgradeinstance.py | 3 ++-
2 files changed, 29 insertions(+), 15 deletions(-)
diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
index 565bf1fdef27e9a780ad2e2638b5051a95782bd2..4df353fabe6d9e7b9fdd97a314b4f3a0c64a5c21 100644
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@@ -25,6 +25,7 @@ Contains Red Hat OS family-specific service class implementations.
import os
import time
import xml.dom.minidom
+import contextlib
from ipaplatform.tasks import tasks
from ipaplatform.base import services as base_services
@@ -124,7 +125,8 @@ class RedHatDirectoryService(RedHatService):
return True
-def restart(s
