Re: [Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes
On 07/15/2013 03:27 PM, Alexander Bokovoy wrote: > On Mon, 15 Jul 2013, Martin Kosek wrote: >> On 07/11/2013 05:03 PM, Alexander Bokovoy wrote: >>> On Thu, 11 Jul 2013, Ana Krivokapic wrote: On 07/11/2013 11:38 AM, Alexander Bokovoy wrote: > On Thu, 11 Jul 2013, Alexander Bokovoy wrote: >> On Wed, 10 Jul 2013, Ana Krivokapic wrote: >>> On 07/08/2013 08:32 AM, Alexander Bokovoy wrote: On Thu, 20 Jun 2013, Ana Krivokapic wrote: > Hello, > > Attached patches fix systemd and ipactl related bugs: > > https://fedorahosted.org/freeipa/ticket/3730 > https://fedorahosted.org/freeipa/ticket/3729 NACK. For me upgrade case fails (rpm -Uhv), dirsrv didn't restart on upgrade properly and everything else has failed afterwards. >>> >>> This was caused due to 'systemctl is-active' returning exit status 3 >>> ('activating'), and our code treating the non-zero exit status as a >>> failure. I >>> handled this case in the updated patch. >>> >>> As for the ipa.service and dependency ordering, I have done some further >>> testing >>> and found out the adding the '--ignore-dependencies' switch alone solves >>> the >>> shutdown issue. So I think that no modification of ipa.service file is >>> necessary. >>> >>> Updated patches are attached. >> This is much better. However, 'ipactl stop' doesn't stop ns-slapd and >> dogtag: > What's important is the fact that now I can issue reboot and VM > restarts, not hangs, and then IPA starts properly on boot -- this is > because when ns-slapd gets a signal from systemd, it automatically shuts > itself down properly and the same happens to dogtag. This is good > enough so that I push current patches to master but please proceed on > fixing 'ipactl stop' issue. > > Thanks for catching that. I am attaching a patch which should solve this issue. >>> Works now, I tried stop/start/restart, all processes were properly >>> addressed. >>> >>> Thanks! >>> >> >> Is that an ACK? If yes, please push the patches :-) > It is already in master, I only forgot to respond on the list: > af7807aacc6cf1beb25e53483b54bd599bd6421d Pushed to ipa-3-2 as well. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes
On Mon, 15 Jul 2013, Martin Kosek wrote: On 07/11/2013 05:03 PM, Alexander Bokovoy wrote: On Thu, 11 Jul 2013, Ana Krivokapic wrote: On 07/11/2013 11:38 AM, Alexander Bokovoy wrote: On Thu, 11 Jul 2013, Alexander Bokovoy wrote: On Wed, 10 Jul 2013, Ana Krivokapic wrote: On 07/08/2013 08:32 AM, Alexander Bokovoy wrote: On Thu, 20 Jun 2013, Ana Krivokapic wrote: Hello, Attached patches fix systemd and ipactl related bugs: https://fedorahosted.org/freeipa/ticket/3730 https://fedorahosted.org/freeipa/ticket/3729 NACK. For me upgrade case fails (rpm -Uhv), dirsrv didn't restart on upgrade properly and everything else has failed afterwards. This was caused due to 'systemctl is-active' returning exit status 3 ('activating'), and our code treating the non-zero exit status as a failure. I handled this case in the updated patch. As for the ipa.service and dependency ordering, I have done some further testing and found out the adding the '--ignore-dependencies' switch alone solves the shutdown issue. So I think that no modification of ipa.service file is necessary. Updated patches are attached. This is much better. However, 'ipactl stop' doesn't stop ns-slapd and dogtag: What's important is the fact that now I can issue reboot and VM restarts, not hangs, and then IPA starts properly on boot -- this is because when ns-slapd gets a signal from systemd, it automatically shuts itself down properly and the same happens to dogtag. This is good enough so that I push current patches to master but please proceed on fixing 'ipactl stop' issue. Thanks for catching that. I am attaching a patch which should solve this issue. Works now, I tried stop/start/restart, all processes were properly addressed. Thanks! Is that an ACK? If yes, please push the patches :-) It is already in master, I only forgot to respond on the list: af7807aacc6cf1beb25e53483b54bd599bd6421d -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes
On 07/11/2013 05:03 PM, Alexander Bokovoy wrote: > On Thu, 11 Jul 2013, Ana Krivokapic wrote: >> On 07/11/2013 11:38 AM, Alexander Bokovoy wrote: >>> On Thu, 11 Jul 2013, Alexander Bokovoy wrote: On Wed, 10 Jul 2013, Ana Krivokapic wrote: > On 07/08/2013 08:32 AM, Alexander Bokovoy wrote: >> On Thu, 20 Jun 2013, Ana Krivokapic wrote: >>> Hello, >>> >>> Attached patches fix systemd and ipactl related bugs: >>> >>> https://fedorahosted.org/freeipa/ticket/3730 >>> https://fedorahosted.org/freeipa/ticket/3729 >> NACK. For me upgrade case fails (rpm -Uhv), dirsrv didn't restart on >> upgrade properly and everything else has failed afterwards. >> > > This was caused due to 'systemctl is-active' returning exit status 3 > ('activating'), and our code treating the non-zero exit status as a > failure. I > handled this case in the updated patch. > > As for the ipa.service and dependency ordering, I have done some further > testing > and found out the adding the '--ignore-dependencies' switch alone solves > the > shutdown issue. So I think that no modification of ipa.service file is > necessary. > > Updated patches are attached. This is much better. However, 'ipactl stop' doesn't stop ns-slapd and dogtag: >>> What's important is the fact that now I can issue reboot and VM >>> restarts, not hangs, and then IPA starts properly on boot -- this is >>> because when ns-slapd gets a signal from systemd, it automatically shuts >>> itself down properly and the same happens to dogtag. This is good >>> enough so that I push current patches to master but please proceed on >>> fixing 'ipactl stop' issue. >>> >>> >> >> Thanks for catching that. I am attaching a patch which should solve this >> issue. > Works now, I tried stop/start/restart, all processes were properly addressed. > > Thanks! > Is that an ACK? If yes, please push the patches :-) Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes
On Thu, 11 Jul 2013, Ana Krivokapic wrote: On 07/11/2013 11:38 AM, Alexander Bokovoy wrote: On Thu, 11 Jul 2013, Alexander Bokovoy wrote: On Wed, 10 Jul 2013, Ana Krivokapic wrote: On 07/08/2013 08:32 AM, Alexander Bokovoy wrote: On Thu, 20 Jun 2013, Ana Krivokapic wrote: Hello, Attached patches fix systemd and ipactl related bugs: https://fedorahosted.org/freeipa/ticket/3730 https://fedorahosted.org/freeipa/ticket/3729 NACK. For me upgrade case fails (rpm -Uhv), dirsrv didn't restart on upgrade properly and everything else has failed afterwards. This was caused due to 'systemctl is-active' returning exit status 3 ('activating'), and our code treating the non-zero exit status as a failure. I handled this case in the updated patch. As for the ipa.service and dependency ordering, I have done some further testing and found out the adding the '--ignore-dependencies' switch alone solves the shutdown issue. So I think that no modification of ipa.service file is necessary. Updated patches are attached. This is much better. However, 'ipactl stop' doesn't stop ns-slapd and dogtag: What's important is the fact that now I can issue reboot and VM restarts, not hangs, and then IPA starts properly on boot -- this is because when ns-slapd gets a signal from systemd, it automatically shuts itself down properly and the same happens to dogtag. This is good enough so that I push current patches to master but please proceed on fixing 'ipactl stop' issue. Thanks for catching that. I am attaching a patch which should solve this issue. Works now, I tried stop/start/restart, all processes were properly addressed. Thanks! -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes
On 07/11/2013 11:38 AM, Alexander Bokovoy wrote: > On Thu, 11 Jul 2013, Alexander Bokovoy wrote: >> On Wed, 10 Jul 2013, Ana Krivokapic wrote: >>> On 07/08/2013 08:32 AM, Alexander Bokovoy wrote: On Thu, 20 Jun 2013, Ana Krivokapic wrote: > Hello, > > Attached patches fix systemd and ipactl related bugs: > > https://fedorahosted.org/freeipa/ticket/3730 > https://fedorahosted.org/freeipa/ticket/3729 NACK. For me upgrade case fails (rpm -Uhv), dirsrv didn't restart on upgrade properly and everything else has failed afterwards. >>> >>> This was caused due to 'systemctl is-active' returning exit status 3 >>> ('activating'), and our code treating the non-zero exit status as a >>> failure. I >>> handled this case in the updated patch. >>> >>> As for the ipa.service and dependency ordering, I have done some further >>> testing >>> and found out the adding the '--ignore-dependencies' switch alone solves the >>> shutdown issue. So I think that no modification of ipa.service file is >>> necessary. >>> >>> Updated patches are attached. >> This is much better. However, 'ipactl stop' doesn't stop ns-slapd and >> dogtag: > What's important is the fact that now I can issue reboot and VM > restarts, not hangs, and then IPA starts properly on boot -- this is > because when ns-slapd gets a signal from systemd, it automatically shuts > itself down properly and the same happens to dogtag. This is good > enough so that I push current patches to master but please proceed on > fixing 'ipactl stop' issue. > > Thanks for catching that. I am attaching a patch which should solve this issue. -- Regards, Ana Krivokapic Associate Software Engineer FreeIPA team Red Hat Inc. From b79e839154d09fd1fadd35eb689fb9daba8ec88b Mon Sep 17 00:00:00 2001 From: Ana Krivokapic Date: Thu, 11 Jul 2013 14:23:05 +0200 Subject: [PATCH] Use --ignore-dependencies only when necessary Using the --ignore-dependencies switch was causing the ipactl stop command not to stop all instances of dirsrv and dogtag. Make sure the switch is used only when necessary, i.e. to prevent ipa-otpd.socket from getting stuck during the shutdown transaction. https://fedorahosted.org/freeipa/ticket/3730 https://fedorahosted.org/freeipa/ticket/3729 --- ipapython/platform/base/systemd.py | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/ipapython/platform/base/systemd.py b/ipapython/platform/base/systemd.py index 84287e388f5ddeaf503f1a20579183716a75e677..f1220186840ffe62d9b0ded985532e7d0f8931ee 100644 --- a/ipapython/platform/base/systemd.py +++ b/ipapython/platform/base/systemd.py @@ -98,15 +98,16 @@ def __wait_for_open_ports(self, instance_name=""): def stop(self, instance_name="", capture_output=True): instance = self.service_instance(instance_name) +args = ["/bin/systemctl", "stop", instance] # The --ignore-dependencies switch is used to avoid possible # deadlock during the shutdown transaction. For more details, see # https://fedorahosted.org/freeipa/ticket/3729#comment:1 and # https://bugzilla.redhat.com/show_bug.cgi?id=973331#c11 -ipautil.run( -["/bin/systemctl", "stop", instance, "--ignore-dependencies"], -capture_output=capture_output -) +if instance == "ipa-otpd.socket": +args.append("--ignore-dependencies") + +ipautil.run(args, capture_output=capture_output) if 'context' in api.env and api.env.context in ['ipactl', 'installer']: update_service_list = True -- 1.8.1.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes
On Thu, 11 Jul 2013, Alexander Bokovoy wrote: On Thu, 11 Jul 2013, Alexander Bokovoy wrote: On Wed, 10 Jul 2013, Ana Krivokapic wrote: On 07/08/2013 08:32 AM, Alexander Bokovoy wrote: On Thu, 20 Jun 2013, Ana Krivokapic wrote: Hello, Attached patches fix systemd and ipactl related bugs: https://fedorahosted.org/freeipa/ticket/3730 https://fedorahosted.org/freeipa/ticket/3729 NACK. For me upgrade case fails (rpm -Uhv), dirsrv didn't restart on upgrade properly and everything else has failed afterwards. This was caused due to 'systemctl is-active' returning exit status 3 ('activating'), and our code treating the non-zero exit status as a failure. I handled this case in the updated patch. As for the ipa.service and dependency ordering, I have done some further testing and found out the adding the '--ignore-dependencies' switch alone solves the shutdown issue. So I think that no modification of ipa.service file is necessary. Updated patches are attached. This is much better. However, 'ipactl stop' doesn't stop ns-slapd and dogtag: What's important is the fact that now I can issue reboot and VM restarts, not hangs, and then IPA starts properly on boot -- this is because when ns-slapd gets a signal from systemd, it automatically shuts itself down properly and the same happens to dogtag. This is good enough so that I push current patches to master but please proceed on fixing 'ipactl stop' issue. Also pushed to ipa-3-2 and updated the tickets 3729 and 3730. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes
On Thu, 11 Jul 2013, Alexander Bokovoy wrote: On Wed, 10 Jul 2013, Ana Krivokapic wrote: On 07/08/2013 08:32 AM, Alexander Bokovoy wrote: On Thu, 20 Jun 2013, Ana Krivokapic wrote: Hello, Attached patches fix systemd and ipactl related bugs: https://fedorahosted.org/freeipa/ticket/3730 https://fedorahosted.org/freeipa/ticket/3729 NACK. For me upgrade case fails (rpm -Uhv), dirsrv didn't restart on upgrade properly and everything else has failed afterwards. This was caused due to 'systemctl is-active' returning exit status 3 ('activating'), and our code treating the non-zero exit status as a failure. I handled this case in the updated patch. As for the ipa.service and dependency ordering, I have done some further testing and found out the adding the '--ignore-dependencies' switch alone solves the shutdown issue. So I think that no modification of ipa.service file is necessary. Updated patches are attached. This is much better. However, 'ipactl stop' doesn't stop ns-slapd and dogtag: What's important is the fact that now I can issue reboot and VM restarts, not hangs, and then IPA starts properly on boot -- this is because when ns-slapd gets a signal from systemd, it automatically shuts itself down properly and the same happens to dogtag. This is good enough so that I push current patches to master but please proceed on fixing 'ipactl stop' issue. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes
On Wed, 10 Jul 2013, Ana Krivokapic wrote: On 07/08/2013 08:32 AM, Alexander Bokovoy wrote: On Thu, 20 Jun 2013, Ana Krivokapic wrote: Hello, Attached patches fix systemd and ipactl related bugs: https://fedorahosted.org/freeipa/ticket/3730 https://fedorahosted.org/freeipa/ticket/3729 NACK. For me upgrade case fails (rpm -Uhv), dirsrv didn't restart on upgrade properly and everything else has failed afterwards. This was caused due to 'systemctl is-active' returning exit status 3 ('activating'), and our code treating the non-zero exit status as a failure. I handled this case in the updated patch. As for the ipa.service and dependency ordering, I have done some further testing and found out the adding the '--ignore-dependencies' switch alone solves the shutdown issue. So I think that no modification of ipa.service file is necessary. Updated patches are attached. This is much better. However, 'ipactl stop' doesn't stop ns-slapd and dogtag: 1155 ?Sl 0:00 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-EXAMPLE-COM -i /var/run/dirsrv/slapd-EXAMPLE-COM.pid -w /var/run/dirsrv/slapd-EXAMPLE-COM.startpid 1485 ?Sl 0:11 /usr/lib/jvm/jre/bin/java -DRESTEASY_LIB=/usr/share/java/resteasy -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.security.manager -Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start # systemctl status dirsrv.target dirsrv.target - 389 Directory Server Loaded: loaded (/usr/lib/systemd/system/dirsrv.target; disabled) Active: inactive (dead) since Чт 2013-07-11 12:32:19 EEST; 1min 52s ago июл 11 12:31:31 ipa.example.com systemd[1]: Stopping 389 Directory Server. июл 11 12:31:31 ipa.example.com systemd[1]: Starting 389 Directory Server. июл 11 12:31:31 ipa.example.com systemd[1]: Reached target 389 Directory Server. июл 11 12:32:19 ipa.example.com systemd[1]: Stopping 389 Directory Server. июл 11 12:32:19 ipa.example.com systemd[1]: Stopped target 389 Directory Server. # systemctl status dirsrv@EXAMPLE-COM dirsrv@EXAMPLE-COM.service - 389 Directory Server EXAMPLE-COM. Loaded: loaded (/lib/systemd/system/dirsrv@.service; enabled) Active: active (running) since Чт 2013-07-11 12:31:32 EEST; 2min 59s ago Process: 1121 ExecStopPost=/bin/rm -f /var/run/dirsrv/slapd-%i.pid (code=exited, status=0/SUCCESS) Process: 1123 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i /var/run/dirsrv/slapd-%i.pid -w /var/run/dirsrv/slapd-%i.startpid (code=exited, status=0/SUCCESS) Main PID: 1155 (ns-slapd) CGroup: name=systemd:/system/dirsrv@.service/dirsrv@EXAMPLE-COM.service └─1155 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-EXAMPLE-COM -i /var/run/dirsrv/slapd-EXAMPLE-COM.pid -w /var/run/dirsrv/slapd-EXAMPLE-COM.startpi... июл 11 12:31:34 ipa.example.com ns-slapd[1155]: GSSAPI server step 2 июл 11 12:31:34 ipa.example.com ns-slapd[1155]: GSSAPI server step 3 июл 11 12:31:34 ipa.example.com ns-slapd[1155]: GSSAPI server step 2 июл 11 12:31:34 ipa.example.com ns-slapd[1155]: GSSAPI server step 3 июл 11 12:31:56 ipa.example.com ns-slapd[1155]: GSSAPI server step 1 июл 11 12:31:56 ipa.example.com ns-slapd[1155]: GSSAPI server step 2 июл 11 12:31:56 ipa.example.com ns-slapd[1155]: GSSAPI server step 3 июл 11 12:31:56 ipa.example.com ns-slapd[1155]: GSSAPI server step 1 июл 11 12:31:56 ipa.example.com ns-slapd[1155]: GSSAPI server step 2 июл 11 12:31:56 ipa.example.com ns-slapd[1155]: GSSAPI server step 3 When I issue 'ipactl restart' all processes are restarted properly. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes
On 07/08/2013 08:32 AM, Alexander Bokovoy wrote: > On Thu, 20 Jun 2013, Ana Krivokapic wrote: >> Hello, >> >> Attached patches fix systemd and ipactl related bugs: >> >> https://fedorahosted.org/freeipa/ticket/3730 >> https://fedorahosted.org/freeipa/ticket/3729 > NACK. For me upgrade case fails (rpm -Uhv), dirsrv didn't restart on > upgrade properly and everything else has failed afterwards. > This was caused due to 'systemctl is-active' returning exit status 3 ('activating'), and our code treating the non-zero exit status as a failure. I handled this case in the updated patch. As for the ipa.service and dependency ordering, I have done some further testing and found out the adding the '--ignore-dependencies' switch alone solves the shutdown issue. So I think that no modification of ipa.service file is necessary. Updated patches are attached. -- Regards, Ana Krivokapic Associate Software Engineer FreeIPA team Red Hat Inc. From c8d6d367f686d9477f66984e6b18de419cb28242 Mon Sep 17 00:00:00 2001 From: Ana Krivokapic Date: Thu, 20 Jun 2013 11:53:29 +0200 Subject: [PATCH] Use correct DS instance in ipactl status Make sure ipactl status check for correct DS instance. It should check for 'dirsrv@IPA-REALM' and not 'dirsrv.target'. https://fedorahosted.org/freeipa/ticket/3730 --- ipapython/ipautil.py | 5 +++-- ipapython/platform/base/systemd.py | 39 +++--- 2 files changed, 31 insertions(+), 13 deletions(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 3d174ed021bdad7fef52061ecbb2470ee02ebe19..f2ca9d6a907a4a5fddc8e79b8c07a9d52c1b370e 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -58,9 +58,10 @@ class CalledProcessError(Exception): """This exception is raised when a process run by check_call() returns a non-zero exit status. The exit status will be stored in the returncode attribute.""" -def __init__(self, returncode, cmd): +def __init__(self, returncode, cmd, output=None): self.returncode = returncode self.cmd = cmd +self.output = output def __str__(self): return "Command '%s' returned non-zero exit status %d" % (self.cmd, self.returncode) @@ -319,7 +320,7 @@ def run(args, stdin=None, raiseonerr=True, root_logger.debug('stderr=%s' % stderr) if p.returncode != 0 and raiseonerr: -raise CalledProcessError(p.returncode, arg_string) +raise CalledProcessError(p.returncode, arg_string, stdout) return (stdout, stderr, p.returncode) diff --git a/ipapython/platform/base/systemd.py b/ipapython/platform/base/systemd.py index a9c1ec03261ae8694b1a308b2e86f342f27e9e62..9721ac1a92077048d8dd0248014ed7cb11bb61a8 100644 --- a/ipapython/platform/base/systemd.py +++ b/ipapython/platform/base/systemd.py @@ -18,8 +18,6 @@ # import os -import shutil -import sys from ipapython import ipautil from ipapython.platform import base @@ -36,12 +34,18 @@ def __init__(self, service_name, systemd_name): self.lib_path = os.path.join(self.SYSTEMD_LIB_PATH, self.systemd_name) self.lib_path_exists = None -def service_instance(self, instance_name): +def service_instance(self, instance_name, operation=None): if self.lib_path_exists is None: self.lib_path_exists = os.path.exists(self.lib_path) elements = self.systemd_name.split("@") +# Make sure the correct DS instance is returned +if (elements[0] == 'dirsrv' and +not instance_name and +operation == 'is-active'): +return 'dirsrv@%s.service' % str(api.env.realm.replace('.', '-')) + # Short-cut: if there is already exact service name, return it if self.lib_path_exists and len(instance_name) == 0: if len(elements) == 1: @@ -118,14 +122,27 @@ def restart(self, instance_name="", capture_output=True, wait=True): self.__wait_for_open_ports(self.service_instance(instance_name)) def is_running(self, instance_name=""): -ret = True -try: -(sout, serr, rcode) = ipautil.run(["/bin/systemctl", "is-active", self.service_instance(instance_name)],capture_output=True) -if rcode != 0: -ret = False -except ipautil.CalledProcessError: -ret = False -return ret +instance = self.service_instance(instance_name, 'is-active') + +while True: +try: +(sout, serr, rcode) = ipautil.run( +["/bin/systemctl", "is-active", instance], +capture_output=True +) +except ipautil.CalledProcessError as e: +if e.returncode == 3 and 'activating' in str(e.output): +continue +return False +else: +# activating +if rcode == 3 and 'activating' in st
Re: [Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes
On Mon, 2013-07-08 at 16:18 +0300, Alexander Bokovoy wrote: > On Mon, 08 Jul 2013, Simo Sorce wrote: > >On Thu, 2013-06-20 at 17:13 +0200, Ana Krivokapic wrote: > >> -After=network.target > >> +After=network.target dirsrv.target > >> pki-tomcatd@pki-tomcat.service pki-cad.target certmonger.service > >> httpd.service krb5kdc.service messagebus.service nslcd.service > >> nscd.service ntpd.service portmap.service rpcbind.service > >> kadmin.service sshd.service autofs.service rpcgssd.service > >> rpcidmapd.service chronyd.service > >> > >Won't this cause ipa.service to try to restart things twice ? > >Also this will unconditionally try to start the CA even if not > >installed. > No, this is for dependency ordering only, not for actual start/stop > dependency action. > > From systemd.unit(5): > > Note that this setting is independent of and orthogonal to the > requirement dependencies as configured by Requires=. It is a common > pattern to include a unit name in both the After= and Requires= option > in which case the unit listed will be started before the unit that is > configured with these options. This option may be specified more than > once, in which case ordering dependencies for all listed names are > created. Yes but what is the point of "starting" ipa.service "after" its own components ? I can understand putting there the following: * network.target * certmonger.service * messagebus.service I do not understand putting there these: * dirsrv.target * pki-tomcatd@pki-tomcat.service * pki-cad.target * httpd.service * krb5kdc.service * kadmin.service * ntpd.service As these are started by ipa.service itself I am not sure why these are put there either: * nslcd.service * nscd.service * portmap.service * rpcbind.service * sshd.service * autofs.service * rpcgssd.service * rpcidmapd.service * chronyd.service Why do we need to be started after these ? We have no direct dependency. Besides we do not use nslcd, nscd, chronyd at all when installing freeipa as we replace all of them with sssd (actually not listed at all) and ntpd Also why nfs and the rpc stuff should be started earlier ? rpcgssd in particular may try to kinit with the nfs keytab, so starting it before the kdc wouldn't work well. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes
On Mon, 08 Jul 2013, Simo Sorce wrote: On Thu, 2013-06-20 at 17:13 +0200, Ana Krivokapic wrote: -After=network.target +After=network.target dirsrv.target pki-tomcatd@pki-tomcat.service pki-cad.target certmonger.service httpd.service krb5kdc.service messagebus.service nslcd.service nscd.service ntpd.service portmap.service rpcbind.service kadmin.service sshd.service autofs.service rpcgssd.service rpcidmapd.service chronyd.service Won't this cause ipa.service to try to restart things twice ? Also this will unconditionally try to start the CA even if not installed. No, this is for dependency ordering only, not for actual start/stop dependency action. From systemd.unit(5): Note that this setting is independent of and orthogonal to the requirement dependencies as configured by Requires=. It is a common pattern to include a unit name in both the After= and Requires= option in which case the unit listed will be started before the unit that is configured with these options. This option may be specified more than once, in which case ordering dependencies for all listed names are created. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes
On Thu, 2013-06-20 at 17:13 +0200, Ana Krivokapic wrote: > -After=network.target > +After=network.target dirsrv.target > pki-tomcatd@pki-tomcat.service pki-cad.target certmonger.service > httpd.service krb5kdc.service messagebus.service nslcd.service > nscd.service ntpd.service portmap.service rpcbind.service > kadmin.service sshd.service autofs.service rpcgssd.service > rpcidmapd.service chronyd.service > Won't this cause ipa.service to try to restart things twice ? Also this will unconditionally try to start the CA even if not installed. NACK, please let ipa.service handle starting and stopping daemons. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes
On Thu, 20 Jun 2013, Ana Krivokapic wrote: Hello, Attached patches fix systemd and ipactl related bugs: https://fedorahosted.org/freeipa/ticket/3730 https://fedorahosted.org/freeipa/ticket/3729 NACK. For me upgrade case fails (rpm -Uhv), dirsrv didn't restart on upgrade properly and everything else has failed afterwards. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel