[Freeipa-devel] [PATCH, 2.1] 0021 Fedora 16 and systemd support

[Alexander Bokovoy]

On Fri, 14 Oct 2011, Simo Sorce wrote:
> > > Attached a rebased patch with the modifications needed to apply it on
> > > master.
> > > 
> > > Everything seem to work on master but I haven't tested ipa-2-1 so this
> > > is a partial ACK of the original patch as well.
> > 
> > A bit of bad news, I restarted the machine and I am having issue
> > properly restarting services.
> > This patch is still better than nothing as otherwise nothing works at
> > all on f16, but we need to work out why starting services is unreliable.
> 
> Ok found the issue and it is a bug in the conversion to systemd.
> I opened ticket #1990 for this.
> 
> Attached find a rebased patch that fixes enough of the bug to let the
> server work (they keytab part), but it doesn't address the ulimit part.
KRB5_KTNAME was missing but LimitNOFile is available -- it is now 
modified in dirsrv at .service file directly. The code in 
ipapython/platform/fedora16.py goes to a great length to enable that 
by copying file to /etc/systemd/system, modifying the config, and 
relinking all dirsrv instances to it. That's how systemd is organized.

Now, I think I found actual issue preventing proper restarts. 
wait_for_socket() only considered 'connection refused' as valid error 
when unable to connect and waiting up until timeout is gone. 
Unfortunately, directory services start a bit slower than we had hoped 
and by the time we attempt to connect to local AF_UNIX socket, there 
is no actual socket on file system yet so we get:

Oct 17 06:48:36 vm-114 ipactl[954]: Failed to read data from Directory 
Service: Unknown error when retrieving list of services from LDAP: 
[Errno 2] No such file or directory
Oct 17 06:48:36 vm-114 ipactl[954]: Shutting down
Oct 17 06:48:36 vm-114 ipactl[954]: Starting Directory Service

After applying attached patch I now have fully working FreeIPA 2.1 git 
on Fedora 16.

-- 
/ Alexander Bokovoy
-------------- next part --------------
>From cb5583ad8023d87fdbf863cd65032d0f11108bc0 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy at redhat.com>
Date: Mon, 17 Oct 2011 14:17:07 +0300
Subject: [PATCH 4/4] Spin for connection success also when socket is not
 (yet) available

We were spinning for socket connection if attempt to connect returned errno 111
(connection refused). However, it is not enough for local AF_UNIX sockets as
heavy applications might not be able to start yet and therefore the whole path
might be missing. So spin for errno 2 (no such file or directory) as well.

Partial fix for
  https://fedorahosted.org/freeipa/ticket/1990
---
 ipaserver/install/installutils.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 5cfc8f0376e25d9eb25206d54ac5bbea47aca9b2..0a36c354e1d2f901bfdef51c151d035ba8ee64ca 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -507,7 +507,7 @@ def wait_for_open_socket(socket_name, timeout=0):
             s.close()
             break;
         except socket.error, e:
-            if e.errno == 111:  # 111: Connection refused
+            if e.errno in (2,111):  # 111: Connection refused, 2: File not found
                 if timeout and time.time() > op_timeout: # timeout exceeded
                     raise e
                 time.sleep(1)
-- 
1.7.6.4