I've been doing some research on how we could implement a proper systemd
unit file for slapd, and came up with interesting results.
There are a number of options that we can pass to the slapd service that will
give us lots of troubles on an "idiomatic" service file. To give some examples:
- The PID file can be directly obtained from /etc/default/slapd if set, or it
has to be parsed from /etc/ldap/slapd.d or /etc/ldap/slapd.conf. The /etc/ldap
files don't follow the /etc/default syntax, so we can't just pass them with
"EnvironmentFile=" in the systemd service. We would have to parse those files
as is currently done by the init script.
- slapd has the "-f" and "-F" flags that can be used to specify a config file or
directory, respectively. It does not accept both at the same time, but
SLAPD_CONF in /etc/default/slapd allows either a file or directory. The init
script will figure out which of those is set, and pass the correct flag
accordingly. I don't see a simple way of doing this in systemd without either
polluting the SLAPD_CONF option with the necessary flag, or delegating it to a
helper script which would check whether the option meant a file or a
directory.
- The slapd.conf file is used by other related tools (see slapd.conf(5)), which
prevents us from pulling some of the options to another centralized file
without also updating these tools
I hoped that the upstream package would have some insight on the proper
way of writing the service file, but unfortunately it seems that
upstream Openldap devs are very much against the idea of shipping them
(be they sysv-init or systemd files). There are some discussions on the
openldap lists, one of which deals specifically with adding systemd
support for slapd [0]. From that discussion, it's clear that upstream
openldap is not ready to provide the necessary systemd files out-of-the-
box, even when approached with relevant patches.
I also checked how CentOS implement their slapd.service file since they don't
seem to run into these problems. They don't use an autogenerated unit file, and
have a proper one instead [1]. From what I've checked, this is easier for them
for two reasons:
1) The CentOS configs for slapd are much simpler than what we have in
Debian/Ubuntu (their defaults don't include most of the options that we do)
2) They use helper scripts for the funky parsing we have in the sysv-init
script ("ExecStartPre=/usr/libexec/openldap/check-config.sh", which also
invokes some other helper scripts)
On Debian/Ubuntu, the autogenerated unit file for slapd uses the sysv-init
script as a "shim" to manage the service, which makes it possible to keep the
whole config-parsing insanity consistent between sysv-init and systemd.
It's not the most elegant solution, but for now I believe it makes sense to
include an override file for the "RemainAfterExit=" option until we have a
native systemd unit file for slapd (similar to what was done for apache2 in bug
1488962 mentioned by Ryan Tandy).
[0] https://www.openldap.org/its/index.cgi/Incoming?id=8707
[1] https://git.centos.org/blob/rpms!openldap.git/c7/SOURCES!slapd.service
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1821343
Title:
slapd process failure is not detected by systemd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1821343/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
