Re: [Freeipa-devel] [PATCH 0259] Server Upgrade: Wait until DS is ready after restart
On 26/05/15 13:44, Alexander Bokovoy wrote: On Tue, 26 May 2015, Jan Cholasta wrote: I tested 0259.1 (it worked for install and update) but not 0259.2 yet. 0259.2 looks OK though; ACK if tested for install and update. The new patch has only one additional minor fix for a potential problem that currently does not appear anywhere in install and update (see interdiff below), so I consider the ACK transitive. -if instance_name.startswith('dirsrv@'): +if instance_name.startswith('dirsrv'): +# this is intentional, return the empty string if the instance +# name is 'dirsrv' This one is actually pretty bad. If you only check for dirsrv, then dirsrv.service would get in it and you'd get instance_name[7:] returning empty string, not a service name at all: >>> s='dirsrv.service' >>> s[:-8] 'dirsrv' >>> s[:-8][7:] '' >>> s='dirsrv@foobar.service' >>> s[:-8] 'dirsrv@foobar' >>> s[:-8][7:] 'foobar' >>> Empty string is expected. Emptry string means the instance has not been specified, and check will be skipped. Because 'dirsrv.service' doest not contain instance name, so empty string should be returned. -- Martin Basti -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0259] Server Upgrade: Wait until DS is ready after restart
On Tue, 26 May 2015, Jan Cholasta wrote: I tested 0259.1 (it worked for install and update) but not 0259.2 yet. 0259.2 looks OK though; ACK if tested for install and update. The new patch has only one additional minor fix for a potential problem that currently does not appear anywhere in install and update (see interdiff below), so I consider the ACK transitive. -if instance_name.startswith('dirsrv@'): +if instance_name.startswith('dirsrv'): +# this is intentional, return the empty string if the instance +# name is 'dirsrv' This one is actually pretty bad. If you only check for dirsrv, then dirsrv.service would get in it and you'd get instance_name[7:] returning empty string, not a service name at all: >>> s='dirsrv.service' >>> s[:-8] 'dirsrv' >>> s[:-8][7:] '' >>> s='dirsrv@foobar.service' >>> s[:-8] 'dirsrv@foobar' >>> s[:-8][7:] 'foobar' >>> -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0259] Server Upgrade: Wait until DS is ready after restart
Dne 25.5.2015 v 16:07 Fraser Tweedale napsal(a): On Mon, May 25, 2015 at 03:38:39PM +0200, Martin Basti wrote: On 25/05/15 13:57, Martin Basti wrote: On 25/05/15 09:20, Fraser Tweedale wrote: On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote: Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a): On 05/21/2015 03:16 PM, Fraser Tweedale wrote: On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote: This patch should fix following traceback. 2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket': 2015-05-20T03:50:41Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", line 304, in __upgrade ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True) File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 314, in __init__ self.create_connection() File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 862, in create_connection autobind=self.ldapi) File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 66, in connect conn = self.create_connection(*args, **kw) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 188, in create_connection client_controls=clientctrls) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1074, in external_bind '', auth_tokens, server_controls, client_controls) File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ self.gen.throw(type, value, traceback) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 976, in error_handler error=info) NetworkError: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket': 2015-05-20T03:50:41Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 388, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 378, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", line 315, in __upgrade raise RuntimeError(e) RuntimeError: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket': Reason was the ipa-server-install tried to connect before DS was ready. The patch adds waiting until DS is ready. Patch attached. Fraser can you please check if this fix works? I can't reproduce it. Thank you, Martin^2. ACK; fixes the issue for me. One minor comment: +def __start(self): +super(IPAUpgrade, self).start() def __stop_instance(self): """Stop only the main DS instance""" @@ -187,7 +185,7 @@ class IPAUpgrade(service.Service): self.step("saving configuration", self.__save_config) self.step("disabling listeners", self.__disable_listeners) self.step("enabling DS global lock", self.__enable_ds_global_write_lock) -self.step("starting directory server", self.__start_nowait) +self.step("starting directory server", self.__start) I think you can just say `self.start' and remove `__start' function. Cheers, Fraser Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23 This semi-breaks ipa-server-install for me: Configuring directory server (dirsrv): Estimated time 1 minute [1/38]: creating directory server user [2/38]: creating directory server instance ipa : CRITICAL Failed to restart the directory server ([Errno 2] No such file or directory). See the installation log for details. [3/38]: adding default schema [4/38]: enabling memberof plugin It would be nice to check if the socket exists before waiting for it. This (non-catastrophic but annoying) regression occurred for me too. I wasn't paying enough attention to ipa-server-install before I ACKed the patch :/ -- Jan Cholasta Hello, this patch fixes the issue. Updated patch attached -- Martin Basti From 25c90638f02d36f3d992b6b20dbb66afb09e74f2 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 25 May 2015 09:01:42 +0200 Subject: [PATCH] Fix: use DS socket check only for upgrade To detect if DS server is running, use the slapd socket for upgrade, and the LDAP port for installation. Without enabled LDAPi socket checking doesnt work. https://fedorahosted.org/freeipa/ticket/4904 --- ipaplatform/redhat/services.py | 43 ipaserver/install/upgradeinstance.py | 3 ++- 2 files changed, 31 insertions(+), 15 deletions(-) diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py index 565bf1fdef27e9a780ad2e2638b5051a95782bd2..757908f9581d5f04176dd5243fc64bec4c074c7f 100644 --- a/ipaplatform/redhat/services.py +++ b/ipaplatform/redhat/services.py @@ -25,6 +25,7 @@ Contains Red Hat OS family-specific service class implementations. import os import time import xml.dom.minidom +import contextlib from
Re: [Freeipa-devel] [PATCH 0259] Server Upgrade: Wait until DS is ready after restart
On Mon, May 25, 2015 at 03:38:39PM +0200, Martin Basti wrote: > On 25/05/15 13:57, Martin Basti wrote: > >On 25/05/15 09:20, Fraser Tweedale wrote: > >>On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote: > >>>Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a): > On 05/21/2015 03:16 PM, Fraser Tweedale wrote: > >On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote: > >>This patch should fix following traceback. > >> > >>2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to > >>'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket': > >>2015-05-20T03:50:41Z DEBUG Traceback (most recent call last): > >> File > >>"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", > >> > >>line 304, in __upgrade > >> ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True) > >> File > >>"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", > >>line 314, in __init__ > >> self.create_connection() > >> File > >>"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", > >>line 862, in create_connection > >> autobind=self.ldapi) > >> File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line > >>66, in connect > >> conn = self.create_connection(*args, **kw) > >> File > >>"/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line > >>188, in create_connection > >> client_controls=clientctrls) > >> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", > >>line > >>1074, in external_bind > >> '', auth_tokens, server_controls, client_controls) > >> File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ > >> self.gen.throw(type, value, traceback) > >> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", > >>line > >>976, in error_handler > >> error=info) > >>NetworkError: cannot connect to > >>'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket': > >> > >>2015-05-20T03:50:41Z DEBUG Traceback (most recent call last): > >> File > >>"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > >>line > >>388, in start_creation > >> run_step(full_msg, method) > >> File > >>"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > >>line > >>378, in run_step > >> method() > >> File > >>"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", > >> > >>line 315, in __upgrade > >> raise RuntimeError(e) > >>RuntimeError: cannot connect to > >>'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket': > >> > >>Reason was the ipa-server-install tried to connect before DS was > >>ready. > >> > >>The patch adds waiting until DS is ready. > >> > >>Patch attached. > >> > >>Fraser can you please check if this fix works? I can't reproduce it. > >>Thank you, Martin^2. > >> > >ACK; fixes the issue for me. > > > >One minor comment: > > > >>+def __start(self): > >>+super(IPAUpgrade, self).start() > >> > >> def __stop_instance(self): > >> """Stop only the main DS instance""" > >>@@ -187,7 +185,7 @@ class IPAUpgrade(service.Service): > >> self.step("saving configuration", self.__save_config) > >> self.step("disabling listeners", self.__disable_listeners) > >> self.step("enabling DS global lock", > >>self.__enable_ds_global_write_lock) > >>-self.step("starting directory server", self.__start_nowait) > >>+self.step("starting directory server", self.__start) > >I think you can just say `self.start' and remove `__start' function. > > > >Cheers, > >Fraser > > > Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23 > >>>This semi-breaks ipa-server-install for me: > >>> > >>>Configuring directory server (dirsrv): Estimated time 1 minute > >>> [1/38]: creating directory server user > >>> [2/38]: creating directory server instance > >>>ipa : CRITICAL Failed to restart the directory server ([Errno > >>>2] No > >>>such file or directory). See the installation log for details. > >>> [3/38]: adding default schema > >>> [4/38]: enabling memberof plugin > >>> > >>>It would be nice to check if the socket exists before waiting for it. > >>> > >>This (non-catastrophic but annoying) regression occurred for me too. > >>I wasn't paying enough attention to ipa-server-install before I > >>ACKed the patch :/ > >> > >>>-- > >>>Jan Cholasta > >Hello, > > > >this patch fixes the issue. > > > > > > > > > > > Updated patch attached > > -- > Martin Basti > > From 25c90638f02d36f3d992b6b20dbb66afb09e74f2 Mon Sep 17 00:00:00 2001 > From: Martin Basti > Date: Mon, 25 May 2015 09:01:42 +0200 > Subject: [PATCH] Fix: use DS socket check only for upgrade > > To det
Re: [Freeipa-devel] [PATCH 0259] Server Upgrade: Wait until DS is ready after restart
On 25/05/15 13:57, Martin Basti wrote: On 25/05/15 09:20, Fraser Tweedale wrote: On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote: Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a): On 05/21/2015 03:16 PM, Fraser Tweedale wrote: On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote: This patch should fix following traceback. 2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket': 2015-05-20T03:50:41Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", line 304, in __upgrade ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True) File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 314, in __init__ self.create_connection() File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 862, in create_connection autobind=self.ldapi) File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 66, in connect conn = self.create_connection(*args, **kw) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 188, in create_connection client_controls=clientctrls) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1074, in external_bind '', auth_tokens, server_controls, client_controls) File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ self.gen.throw(type, value, traceback) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 976, in error_handler error=info) NetworkError: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket': 2015-05-20T03:50:41Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 388, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 378, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", line 315, in __upgrade raise RuntimeError(e) RuntimeError: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket': Reason was the ipa-server-install tried to connect before DS was ready. The patch adds waiting until DS is ready. Patch attached. Fraser can you please check if this fix works? I can't reproduce it. Thank you, Martin^2. ACK; fixes the issue for me. One minor comment: +def __start(self): +super(IPAUpgrade, self).start() def __stop_instance(self): """Stop only the main DS instance""" @@ -187,7 +185,7 @@ class IPAUpgrade(service.Service): self.step("saving configuration", self.__save_config) self.step("disabling listeners", self.__disable_listeners) self.step("enabling DS global lock", self.__enable_ds_global_write_lock) -self.step("starting directory server", self.__start_nowait) +self.step("starting directory server", self.__start) I think you can just say `self.start' and remove `__start' function. Cheers, Fraser Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23 This semi-breaks ipa-server-install for me: Configuring directory server (dirsrv): Estimated time 1 minute [1/38]: creating directory server user [2/38]: creating directory server instance ipa : CRITICAL Failed to restart the directory server ([Errno 2] No such file or directory). See the installation log for details. [3/38]: adding default schema [4/38]: enabling memberof plugin It would be nice to check if the socket exists before waiting for it. This (non-catastrophic but annoying) regression occurred for me too. I wasn't paying enough attention to ipa-server-install before I ACKed the patch :/ -- Jan Cholasta Hello, this patch fixes the issue. Updated patch attached -- Martin Basti From 25c90638f02d36f3d992b6b20dbb66afb09e74f2 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 25 May 2015 09:01:42 +0200 Subject: [PATCH] Fix: use DS socket check only for upgrade To detect if DS server is running, use the slapd socket for upgrade, and the LDAP port for installation. Without enabled LDAPi socket checking doesnt work. https://fedorahosted.org/freeipa/ticket/4904 --- ipaplatform/redhat/services.py | 43 ipaserver/install/upgradeinstance.py | 3 ++- 2 files changed, 31 insertions(+), 15 deletions(-) diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py index 565bf1fdef27e9a780ad2e2638b5051a95782bd2..757908f9581d5f04176dd5243fc64bec4c074c7f 100644 --- a/ipaplatform/redhat/services.py +++ b/ipaplatform/redhat/services.py @@ -25,6 +25,7 @@ Contains Red Hat OS family-specific service class implementations. import os import time import xml.dom.minidom +import contextlib from ipaplatform.tasks import tasks from ipaplatform.base import services as base_services @@ -124,7 +125,8 @@ cla
Re: [Freeipa-devel] [PATCH 0259] Server Upgrade: Wait until DS is ready after restart
On 25/05/15 09:20, Fraser Tweedale wrote: On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote: Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a): On 05/21/2015 03:16 PM, Fraser Tweedale wrote: On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote: This patch should fix following traceback. 2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket': 2015-05-20T03:50:41Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", line 304, in __upgrade ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True) File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 314, in __init__ self.create_connection() File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 862, in create_connection autobind=self.ldapi) File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 66, in connect conn = self.create_connection(*args, **kw) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 188, in create_connection client_controls=clientctrls) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1074, in external_bind '', auth_tokens, server_controls, client_controls) File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ self.gen.throw(type, value, traceback) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 976, in error_handler error=info) NetworkError: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket': 2015-05-20T03:50:41Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 388, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 378, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", line 315, in __upgrade raise RuntimeError(e) RuntimeError: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket': Reason was the ipa-server-install tried to connect before DS was ready. The patch adds waiting until DS is ready. Patch attached. Fraser can you please check if this fix works? I can't reproduce it. Thank you, Martin^2. ACK; fixes the issue for me. One minor comment: +def __start(self): +super(IPAUpgrade, self).start() def __stop_instance(self): """Stop only the main DS instance""" @@ -187,7 +185,7 @@ class IPAUpgrade(service.Service): self.step("saving configuration", self.__save_config) self.step("disabling listeners", self.__disable_listeners) self.step("enabling DS global lock", self.__enable_ds_global_write_lock) -self.step("starting directory server", self.__start_nowait) +self.step("starting directory server", self.__start) I think you can just say `self.start' and remove `__start' function. Cheers, Fraser Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23 This semi-breaks ipa-server-install for me: Configuring directory server (dirsrv): Estimated time 1 minute [1/38]: creating directory server user [2/38]: creating directory server instance ipa : CRITICAL Failed to restart the directory server ([Errno 2] No such file or directory). See the installation log for details. [3/38]: adding default schema [4/38]: enabling memberof plugin It would be nice to check if the socket exists before waiting for it. This (non-catastrophic but annoying) regression occurred for me too. I wasn't paying enough attention to ipa-server-install before I ACKed the patch :/ -- Jan Cholasta Hello, this patch fixes the issue. -- Martin Basti From 12df8e64ca2c63eec6bb3267b0377e6cb420b3e6 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 25 May 2015 09:01:42 +0200 Subject: [PATCH] Fix: use DS socket check only for upgrade To detect if DS server is running, use the slapd socket for upgrade, and the LDAP port for installation. Without enabled LDAPi socket checking doesnt work. https://fedorahosted.org/freeipa/ticket/4904 --- ipaplatform/redhat/services.py | 41 ipaserver/install/upgradeinstance.py | 3 ++- 2 files changed, 29 insertions(+), 15 deletions(-) diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py index 565bf1fdef27e9a780ad2e2638b5051a95782bd2..4df353fabe6d9e7b9fdd97a314b4f3a0c64a5c21 100644 --- a/ipaplatform/redhat/services.py +++ b/ipaplatform/redhat/services.py @@ -25,6 +25,7 @@ Contains Red Hat OS family-specific service class implementations. import os import time import xml.dom.minidom +import contextlib from ipaplatform.tasks import tasks from ipaplatform.base import services as base_services @@ -124,7 +125,8 @@ class RedHatDirectoryService(RedHatService): return True -def restart(s